zizmor 1.14.0__tar.gz → 1.14.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of zizmor might be problematic. Click here for more details.

Files changed (460) hide show
  1. {zizmor-1.14.0 → zizmor-1.14.2}/Cargo.lock +1 -1
  2. {zizmor-1.14.0 → zizmor-1.14.2}/PKG-INFO +1 -1
  3. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/Cargo.toml +1 -1
  4. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/ref_version_mismatch.rs +3 -1
  5. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/use_trusted_publishing.rs +14 -16
  6. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshot.rs +9 -0
  7. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__gha_hazmat.snap +1 -1
  8. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_version_mismatch.snap +1 -1
  9. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-3.snap +8 -8
  10. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-4.snap +10 -60
  11. zizmor-1.14.2/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-5.snap +5 -0
  12. zizmor-1.14.2/crates/zizmor/tests/integration/test-data/use-trusted-publishing/issue-1191-repro.yml +24 -0
  13. {zizmor-1.14.0 → zizmor-1.14.2}/Cargo.toml +0 -0
  14. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-expressions/Cargo.toml +0 -0
  15. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-expressions/README.md +0 -0
  16. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-expressions/src/call.rs +0 -0
  17. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-expressions/src/context.rs +0 -0
  18. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-expressions/src/expr.pest +0 -0
  19. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-expressions/src/identifier.rs +0 -0
  20. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-expressions/src/lib.rs +0 -0
  21. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-expressions/src/literal.rs +0 -0
  22. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-expressions/src/op.rs +0 -0
  23. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/Cargo.toml +0 -0
  24. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/LICENSE +0 -0
  25. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/README.md +0 -0
  26. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/src/action.rs +0 -0
  27. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/src/common/expr.rs +0 -0
  28. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/src/common.rs +0 -0
  29. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/src/dependabot/mod.rs +0 -0
  30. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/src/dependabot/v2.rs +0 -0
  31. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/src/lib.rs +0 -0
  32. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/src/workflow/event.rs +0 -0
  33. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/src/workflow/job.rs +0 -0
  34. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/src/workflow/mod.rs +0 -0
  35. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-actions/gh-action-pip-audit.yml +0 -0
  36. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-actions/gh-action-pypi-publish.yml +0 -0
  37. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-actions/gh-action-sigstore-python.yml +0 -0
  38. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-actions/no-input-output-descriptions.yml +0 -0
  39. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-actions/setup-python.yml +0 -0
  40. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-dependabot/v2/pip-audit.yml +0 -0
  41. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-dependabot/v2/sigstore-python.yml +0 -0
  42. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/adafruit-circuitpython-run-tests.yml +0 -0
  43. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/false-condition.yml +0 -0
  44. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/gh-action-sigstore-python-selftest.yml +0 -0
  45. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/git-annex-built-windows.yaml +0 -0
  46. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/guacsec-guac-ci.yml +0 -0
  47. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/homebrew-core-automerge-triggers.yml +0 -0
  48. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/homebrew-core-dispatch-rebottle.yml +0 -0
  49. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/intel-llvm-sycl-linux-run-tests.yml +0 -0
  50. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/issue-35.yml +0 -0
  51. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/jazzband-tablib-docs-lint.yml +0 -0
  52. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/letsencrypt-boulder-boulder-ci.yml +0 -0
  53. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/mhils-workflows-python-deploy.yml +0 -0
  54. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/openbao-openbao-test-go.yml +0 -0
  55. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/pip-api-test.yml +0 -0
  56. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/pip-audit-ci.yml +0 -0
  57. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/pip-audit-scorecards.yml +0 -0
  58. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/pwn-requests.yml +0 -0
  59. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/pyca-cryptography-ci.yml +0 -0
  60. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/pypi-attestations-release.yml +0 -0
  61. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/reusable-workflow-unpinned.yml +0 -0
  62. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/rnpgp-rnp-centos-and-fedora.yml +0 -0
  63. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/runs-on-expr.yml +0 -0
  64. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/runs-on-group-only.yml +0 -0
  65. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/scalar-trigger-type.yml +0 -0
  66. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/vil02-puzzle_generator-check_examples.yml +0 -0
  67. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/zizmor-issue-646.yml +0 -0
  68. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/zizmor-issue-650.yml +0 -0
  69. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/test_action.rs +0 -0
  70. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/test_dependabot_v2.rs +0 -0
  71. {zizmor-1.14.0 → zizmor-1.14.2}/crates/github-actions-models/tests/test_workflow.rs +0 -0
  72. {zizmor-1.14.0 → zizmor-1.14.2}/crates/subfeature/.gitignore +0 -0
  73. {zizmor-1.14.0 → zizmor-1.14.2}/crates/subfeature/Cargo.toml +0 -0
  74. {zizmor-1.14.0 → zizmor-1.14.2}/crates/subfeature/LICENSE +0 -0
  75. {zizmor-1.14.0 → zizmor-1.14.2}/crates/subfeature/README.md +0 -0
  76. {zizmor-1.14.0 → zizmor-1.14.2}/crates/subfeature/src/lib.rs +0 -0
  77. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpatch/Cargo.toml +0 -0
  78. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpatch/LICENSE +0 -0
  79. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpatch/README.md +0 -0
  80. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpatch/src/lib.rs +0 -0
  81. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpatch/tests/unit_tests.rs +0 -0
  82. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/Cargo.toml +0 -0
  83. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/LICENSE +0 -0
  84. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/README.md +0 -0
  85. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/src/lib.rs +0 -0
  86. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/tests/integration_test.rs +0 -0
  87. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/basic.yml +0 -0
  88. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/comments.yml +0 -0
  89. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/directives.yml +0 -0
  90. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/exact-features.yml +0 -0
  91. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/flow.yml +0 -0
  92. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/interceding-comment.yml +0 -0
  93. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/key-only-features.yml +0 -0
  94. {zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/quoted-key.yml +0 -0
  95. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/README.md +0 -0
  96. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/build.rs +0 -0
  97. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/data/codeql-injection-sinks.json +0 -0
  98. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/data/context-capabilities.csv +0 -0
  99. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/anonymous_definition.rs +0 -0
  100. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/artipacked.rs +0 -0
  101. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/bot_conditions.rs +0 -0
  102. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/cache_poisoning.rs +0 -0
  103. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/dangerous_triggers.rs +0 -0
  104. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/excessive_permissions.rs +0 -0
  105. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/forbidden_uses.rs +0 -0
  106. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/github_env.rs +0 -0
  107. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/hardcoded_container_credentials.rs +0 -0
  108. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/impostor_commit.rs +0 -0
  109. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/insecure_commands.rs +0 -0
  110. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/known_vulnerable_actions.rs +0 -0
  111. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/mod.rs +0 -0
  112. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/obfuscation.rs +0 -0
  113. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/overprovisioned_secrets.rs +0 -0
  114. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/ref_confusion.rs +0 -0
  115. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/secrets_inherit.rs +0 -0
  116. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/self_hosted_runner.rs +0 -0
  117. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/stale_action_refs.rs +0 -0
  118. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/template_injection.rs +0 -0
  119. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/undocumented_permissions.rs +0 -0
  120. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/unpinned_images.rs +0 -0
  121. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/unpinned_uses.rs +0 -0
  122. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/unredacted_secrets.rs +0 -0
  123. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/unsound_condition.rs +0 -0
  124. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/unsound_contains.rs +0 -0
  125. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/config.rs +0 -0
  126. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/data/github-action.json +0 -0
  127. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/data/github-workflow.json +0 -0
  128. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/finding/location.rs +0 -0
  129. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/finding.rs +0 -0
  130. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/github_api.rs +0 -0
  131. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/lsp.rs +0 -0
  132. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/main.rs +0 -0
  133. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/models/action.rs +0 -0
  134. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/models/coordinate.rs +0 -0
  135. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/models/inputs.rs +0 -0
  136. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/models/uses.rs +0 -0
  137. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/models/workflow.rs +0 -0
  138. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/models.rs +0 -0
  139. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/output/fix.rs +0 -0
  140. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/output/github.rs +0 -0
  141. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/output/json/mod.rs +0 -0
  142. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/output/json/v1.rs +0 -0
  143. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/output/mod.rs +0 -0
  144. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/output/plain.rs +0 -0
  145. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/output/sarif.rs +0 -0
  146. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/registry/input.rs +0 -0
  147. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/registry.rs +0 -0
  148. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/state.rs +0 -0
  149. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/utils.rs +0 -0
  150. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/acceptance.rs +0 -0
  151. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/common.rs +0 -0
  152. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/config.rs +0 -0
  153. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/e2e/json_v1.rs +0 -0
  154. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/e2e/snapshots/integration__e2e__json_v1__json_v1.snap +0 -0
  155. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/e2e.rs +0 -0
  156. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/main.rs +0 -0
  157. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__disablement.snap +0 -0
  158. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_dotgithub.snap +0 -0
  159. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_dotgithub_from_file_input.snap +0 -0
  160. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_root.snap +0 -0
  161. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_root_from_child_dir.snap +0 -0
  162. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_root_from_file_input.snap +0 -0
  163. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_dotgithub.snap +0 -0
  164. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_dotgithub_from_file_input.snap +0 -0
  165. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_root.snap +0 -0
  166. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_root_from_child_dir.snap +0 -0
  167. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_root_from_file_input.snap +0 -0
  168. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__invalid_configs-2.snap +0 -0
  169. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__invalid_configs-3.snap +0 -0
  170. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__invalid_configs.snap +0 -0
  171. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_config_file.snap +0 -0
  172. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_input_not_strict-2.snap +0 -0
  173. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_input_not_strict.snap +0 -0
  174. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-10.snap +0 -0
  175. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-2.snap +0 -0
  176. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-3.snap +0 -0
  177. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-4.snap +0 -0
  178. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-5.snap +0 -0
  179. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-6.snap +0 -0
  180. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-7.snap +0 -0
  181. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-8.snap +0 -0
  182. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-9.snap +0 -0
  183. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs.snap +0 -0
  184. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1065.snap +0 -0
  185. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1116_strict_collection_remote_input-2.snap +0 -0
  186. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1116_strict_collection_remote_input.snap +0 -0
  187. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_569.snap +0 -0
  188. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_612_repro.snap +0 -0
  189. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_726.snap +0 -0
  190. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie-2.snap +0 -0
  191. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie.snap +0 -0
  192. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__pr_960_backstop.snap +0 -0
  193. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__warn_on_min_confidence_unknown.snap +0 -0
  194. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__warn_on_min_severity_unknown.snap +0 -0
  195. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__anonymous_definition.snap +0 -0
  196. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-2.snap +0 -0
  197. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-3.snap +0 -0
  198. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-4.snap +0 -0
  199. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-5.snap +0 -0
  200. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked.snap +0 -0
  201. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__bot_conditions.snap +0 -0
  202. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-10.snap +0 -0
  203. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-11.snap +0 -0
  204. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-12.snap +0 -0
  205. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-13.snap +0 -0
  206. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-14.snap +0 -0
  207. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-15.snap +0 -0
  208. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-16.snap +0 -0
  209. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-17.snap +0 -0
  210. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-2.snap +0 -0
  211. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-3.snap +0 -0
  212. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-4.snap +0 -0
  213. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-5.snap +0 -0
  214. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-6.snap +0 -0
  215. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-7.snap +0 -0
  216. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-8.snap +0 -0
  217. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-9.snap +0 -0
  218. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning.snap +0 -0
  219. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve-2.snap +0 -0
  220. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve.snap +0 -0
  221. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve_no_gh_token.snap +0 -0
  222. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve_offline.snap +0 -0
  223. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-10.snap +0 -0
  224. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-11.snap +0 -0
  225. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-12.snap +0 -0
  226. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-2.snap +0 -0
  227. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-3.snap +0 -0
  228. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-4.snap +0 -0
  229. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-5.snap +0 -0
  230. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-6.snap +0 -0
  231. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-7.snap +0 -0
  232. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-8.snap +0 -0
  233. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-9.snap +0 -0
  234. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions.snap +0 -0
  235. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-2.snap +0 -0
  236. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-3.snap +0 -0
  237. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-4.snap +0 -0
  238. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-5.snap +0 -0
  239. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-6.snap +0 -0
  240. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses.snap +0 -0
  241. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-2.snap +0 -0
  242. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-3.snap +0 -0
  243. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env.snap +0 -0
  244. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_output.snap +0 -0
  245. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-2.snap +0 -0
  246. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-3.snap +0 -0
  247. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-4.snap +0 -0
  248. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands.snap +0 -0
  249. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation-2.snap +0 -0
  250. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation-3.snap +0 -0
  251. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation.snap +0 -0
  252. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__overprovisioned_secrets.snap +0 -0
  253. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion-2.snap +0 -0
  254. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion.snap +0 -0
  255. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__secrets_inherit.snap +0 -0
  256. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-2.snap +0 -0
  257. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-3.snap +0 -0
  258. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-4.snap +0 -0
  259. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-5.snap +0 -0
  260. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-6.snap +0 -0
  261. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-7.snap +0 -0
  262. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-8.snap +0 -0
  263. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted.snap +0 -0
  264. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__stale_action_refs.snap +0 -0
  265. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-10.snap +0 -0
  266. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-11.snap +0 -0
  267. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-12.snap +0 -0
  268. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-13.snap +0 -0
  269. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-14.snap +0 -0
  270. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-15.snap +0 -0
  271. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-2.snap +0 -0
  272. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-3.snap +0 -0
  273. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-4.snap +0 -0
  274. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-5.snap +0 -0
  275. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-6.snap +0 -0
  276. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-7.snap +0 -0
  277. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-8.snap +0 -0
  278. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-9.snap +0 -0
  279. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection.snap +0 -0
  280. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-2.snap +0 -0
  281. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-3.snap +0 -0
  282. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-4.snap +0 -0
  283. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-5.snap +0 -0
  284. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-6.snap +0 -0
  285. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-7.snap +0 -0
  286. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions.snap +0 -0
  287. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config-2.snap +0 -0
  288. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config.snap +0 -0
  289. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-default-config.snap +0 -0
  290. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-empty-config.snap +0 -0
  291. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-hash-pin-everything-config.snap +0 -0
  292. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-ref-pin-everything-config.snap +0 -0
  293. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_images.snap +0 -0
  294. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-10.snap +0 -0
  295. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-11.snap +0 -0
  296. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-12.snap +0 -0
  297. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-2.snap +0 -0
  298. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-3.snap +0 -0
  299. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-4.snap +0 -0
  300. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-5.snap +0 -0
  301. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-6.snap +0 -0
  302. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-7.snap +0 -0
  303. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-8.snap +0 -0
  304. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-9.snap +0 -0
  305. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses.snap +0 -0
  306. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unredacted_secrets.snap +0 -0
  307. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unsound_condition.snap +0 -0
  308. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unsound_contains.snap +0 -0
  309. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-2.snap +0 -0
  310. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing.snap +0 -0
  311. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/anonymous-definition.yml +0 -0
  312. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/artipacked/demo-action/action.yml +0 -0
  313. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/artipacked/issue-447-repro.yml +0 -0
  314. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/artipacked.yml +0 -0
  315. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/bot-conditions.yml +0 -0
  316. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-disabled-by-default.yml +0 -0
  317. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-enabled-by-default.yml +0 -0
  318. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-not-configurable.yml +0 -0
  319. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolean-toggle.yml +0 -0
  320. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolish-toggle.yml +0 -0
  321. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-expression.yml +0 -0
  322. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-multi-value-toggle.yml +0 -0
  323. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-out.yml +0 -0
  324. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-1081-repro.yml +0 -0
  325. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-1152-repro.yml +0 -0
  326. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-343-repro.yml +0 -0
  327. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-378-repro.yml +0 -0
  328. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-642-repro.yml +0 -0
  329. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/no-cache-aware-steps.yml +0 -0
  330. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/publisher-step.yml +0 -0
  331. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-release-branch-trigger.yml +0 -0
  332. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-tag-trigger.yml +0 -0
  333. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning.yml +0 -0
  334. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-dotgithub/.github/workflows/hackme.yml +0 -0
  335. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-dotgithub/.github/zizmor.yml +0 -0
  336. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-root/.github/workflows/hackme.yml +0 -0
  337. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-root/zizmor.yml +0 -0
  338. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/disablement/.github/workflows/hackme.yml +0 -0
  339. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/disablement/zizmor.yml +0 -0
  340. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/zizmor.invalid-schema-1.yml +0 -0
  341. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/zizmor.invalid-schema-2.yml +0 -0
  342. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/zizmor.invalid-schema-3.yml +0 -0
  343. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/dummy-action-2/action.yml +0 -0
  344. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/another-dummy.yml +0 -0
  345. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/dummy.yml +0 -0
  346. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/ignored.yaml +0 -0
  347. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.gitignore +0 -0
  348. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/README.md +0 -0
  349. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/dummy-action-1/action.yaml +0 -0
  350. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-336-repro.yml +0 -0
  351. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-472-repro.yml +0 -0
  352. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/jobs-broaden-permissions.yml +0 -0
  353. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-call.yml +0 -0
  354. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-other-triggers.yml +0 -0
  355. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms-all-jobs-explicit.yml +0 -0
  356. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms.yml +0 -0
  357. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-empty-perms.yml +0 -0
  358. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-read-all.yml +0 -0
  359. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-all.yml +0 -0
  360. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-explicit.yml +0 -0
  361. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions.yml +0 -0
  362. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-all.yml +0 -0
  363. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some-refs.yml +0 -0
  364. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some.yml +0 -0
  365. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-all.yml +0 -0
  366. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some-refs.yml +0 -0
  367. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some.yml +0 -0
  368. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/forbidden-uses-menagerie.yml +0 -0
  369. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/github-env/action.yml +0 -0
  370. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/github-env/github-path.yml +0 -0
  371. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/github-env/issue-397-repro.yml +0 -0
  372. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/github_env.yml +0 -0
  373. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/hardcoded-credentials.yml +0 -0
  374. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/inlined-ignores.yml +0 -0
  375. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/insecure-commands/action.yml +0 -0
  376. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/insecure-commands/issue-839-repro.yml +0 -0
  377. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/insecure-commands.yml +0 -0
  378. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-1.yml +0 -0
  379. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-2.yml +0 -0
  380. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/blank.yml +0 -0
  381. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/comment-only.yml +0 -0
  382. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/empty-action/action.yml +0 -0
  383. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/empty.yml +0 -0
  384. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-action-1/action.yml +0 -0
  385. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-action-2/action.yml +0 -0
  386. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow-2.yml +0 -0
  387. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow.yml +0 -0
  388. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/issue-1065.yml +0 -0
  389. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/issue-612-repro/action.yml +0 -0
  390. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/neutral.yml +0 -0
  391. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/obfuscation/computed-indices.yml +0 -0
  392. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/obfuscation/issue-1177-repro.yml +0 -0
  393. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/obfuscation.yml +0 -0
  394. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/overprovisioned-secrets.yml +0 -0
  395. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/pr-960-backstop/action.yml +0 -0
  396. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/ref-confusion/issue-518-repro.yml +0 -0
  397. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/ref-confusion.yml +0 -0
  398. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/ref-version-mismatch.yml +0 -0
  399. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/secrets-inherit.yml +0 -0
  400. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted/issue-283-repro.yml +0 -0
  401. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-dimension.yml +0 -0
  402. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-exclusion.yml +0 -0
  403. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-inclusion.yml +0 -0
  404. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-group.yml +0 -0
  405. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-label.yml +0 -0
  406. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted.yml +0 -0
  407. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/several-vulnerabilities.yml +0 -0
  408. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/stale-action-refs.yml +0 -0
  409. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/addnab-docker-run-action.yml +0 -0
  410. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/codeql-sinks.yml +0 -0
  411. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/dataflow.yml +0 -0
  412. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/false-positive-menagerie.yml +0 -0
  413. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/input-caps.yml +0 -0
  414. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-22-repro.yml +0 -0
  415. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-339-repro.yml +0 -0
  416. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-418-repro.yml +0 -0
  417. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-749-repro.yml +0 -0
  418. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-883-repro/action.yml +0 -0
  419. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-988-repro.yml +0 -0
  420. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/multiline-expression.yml +0 -0
  421. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/patterns.yml +0 -0
  422. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/pr-317-repro.yml +0 -0
  423. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/pr-425-backstop/action.yml +0 -0
  424. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/pwsh-script.yml +0 -0
  425. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/static-env.yml +0 -0
  426. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/template-injection-dynamic-matrix.yml +0 -0
  427. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/template-injection-static-matrix.yml +0 -0
  428. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection.yml +0 -0
  429. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/contents-read-only.yml +0 -0
  430. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/contents-read-with-other.yml +0 -0
  431. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/documented.yml +0 -0
  432. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/empty-permissions.yml +0 -0
  433. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/partially-documented.yml +0 -0
  434. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions.yml +0 -0
  435. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-images.yml +0 -0
  436. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/action.yml +0 -0
  437. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite-2.yml +0 -0
  438. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite.yml +0 -0
  439. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/empty.yml +0 -0
  440. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/hash-pin-everything.yml +0 -0
  441. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-1.yml +0 -0
  442. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-2.yml +0 -0
  443. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-3.yml +0 -0
  444. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-4.yml +0 -0
  445. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-5.yml +0 -0
  446. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-6.yml +0 -0
  447. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-wrong-policy-object.yml +0 -0
  448. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/ref-pin-everything.yml +0 -0
  449. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-433-repro.yml +0 -0
  450. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-659-repro.yml +0 -0
  451. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/menagerie-of-uses.yml +0 -0
  452. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses.yml +0 -0
  453. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unredacted-secrets.yml +0 -0
  454. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unsound-condition.yml +0 -0
  455. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unsound-contains.yml +0 -0
  456. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/cargo-publish.yml +0 -0
  457. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/demo-action/action.yml +0 -0
  458. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/npm-publish.yml +0 -0
  459. {zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing.yml +0 -0
  460. {zizmor-1.14.0 → zizmor-1.14.2}/pyproject.toml +0 -0
{zizmor-1.14.0 → zizmor-1.14.2}/Cargo.lock RENAMED
@@ -3801,7 +3801,7 @@ dependencies = [
3801
3801
 
3802
3802
  [[package]]
3803
3803
  name = "zizmor"
3804
- version = "1.14.0"
3804
+ version = "1.14.2"
3805
3805
  dependencies = [
3806
3806
  "annotate-snippets",
3807
3807
  "anstream",
{zizmor-1.14.0 → zizmor-1.14.2}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: zizmor
3
- Version: 1.14.0
3
+ Version: 1.14.2
4
4
  License-File: LICENSE
5
5
  Home-Page: https://docs.zizmor.sh
6
6
  Requires-Python: >=3.9
{zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/Cargo.toml RENAMED
@@ -1,7 +1,7 @@
1
1
  [package]
2
2
  name = "zizmor"
3
3
  description = "Static analysis for GitHub Actions"
4
- version = "1.14.0"
4
+ version = "1.14.2"
5
5
  repository = "https://github.com/zizmorcore/zizmor"
6
6
  documentation = "https://docs.zizmor.sh"
7
7
  keywords = ["cli", "github-actions", "static-analysis", "security"]
{zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/ref_version_mismatch.rs RENAMED
@@ -93,6 +93,8 @@ impl RefVersionMismatch {
93
93
  };
94
94
 
95
95
  if commit_for_ref != commit_sha {
96
+ tracing::warn!("{commit_for_ref} != {commit_sha}");
97
+
96
98
  let subfeature = Subfeature::new(
97
99
  uses_location.concrete.location.offset_span.end,
98
100
  version_from_comment,
@@ -107,7 +109,7 @@ impl RefVersionMismatch {
107
109
  // that avoids collisions in Linux-sized repositories.
108
110
  uses_location.symbolic.clone().primary().annotated(format!(
109
111
  "points to commit {short_commit}",
110
- short_commit = &commit_sha[..12]
112
+ short_commit = &commit_for_ref[..12]
111
113
  )),
112
114
  Feature::from_subfeature(&subfeature, step),
113
115
  ));
{zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/src/audit/use_trusted_publishing.rs RENAMED
@@ -340,10 +340,19 @@ impl Audit for UseTrustedPublishing {
340
340
  // In addition to the shared action matching above, we can
341
341
  // also check for some `run:` patterns that indicate publishing
342
342
  // without Trusted Publishing.
343
- // We check this regardless of id-token permission state because:
344
- // 1. If no id-token: indicates missing trusted publishing setup
345
- // 2. If has id-token but uses manual tokens: indicates hybrid/incomplete migration
346
- if let StepBodyCommon::Run { run, .. } = step.body() {
343
+
344
+ // We can only check these reliably on workflows and not actions,
345
+ // since we need to be able to see the `id-token` permission's
346
+ // state to filter out any false positives.
347
+ //
348
+ // NOTE(ww): With #1161 we loosened this check and turned the
349
+ // "has ID token" check into a confidence modifier rather than
350
+ // a strict filter. This ended up being overly imprecise, since a lot
351
+ // of publishing commands use trusted publishing implicitly if
352
+ // the environment supports it. We reverted this with #1191.
353
+ if let StepBodyCommon::Run { run, .. } = step.body()
354
+ && !step.parent.has_id_token()
355
+ {
347
356
  let shell = step.shell().unwrap_or_else(|| {
348
357
  tracing::debug!(
349
358
  "use-trusted-publishing: couldn't determine shell type for {workflow}:{job} step {stepno}",
@@ -356,21 +365,10 @@ impl Audit for UseTrustedPublishing {
356
365
  });
357
366
 
358
367
  for subfeature in self.trusted_publishing_command_candidates(run, shell)? {
359
- // Adjust confidence based on whether id-token permission is present
360
- let confidence = if step.parent.has_id_token() {
361
- // Higher confidence when id-token is present but manual tokens are still used
362
- // This indicates a hybrid/incomplete migration that should be flagged
363
- Confidence::High
364
- } else {
365
- // Low confidence when no id-token - could be intentional for non-TP registries
366
- // or legitimate reasons not to use trusted publishing
367
- Confidence::Low
368
- };
369
-
370
368
  findings.push(
371
369
  Self::finding()
372
370
  .severity(Severity::Informational)
373
- .confidence(confidence)
371
+ .confidence(Confidence::High)
374
372
  .add_location(step.location().hidden())
375
373
  .add_location(
376
374
  step.location()
{zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshot.rs RENAMED
@@ -306,6 +306,15 @@ fn use_trusted_publishing() -> Result<()> {
306
306
  .run()?
307
307
  );
308
308
 
309
+ // No use-trusted-publishing findings expected here.
310
+ insta::assert_snapshot!(
311
+ zizmor()
312
+ .input(input_under_test(
313
+ "use-trusted-publishing/issue-1191-repro.yml"
314
+ ))
315
+ .run()?
316
+ );
317
+
309
318
  Ok(())
310
319
  }
311
320
 
{zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__gha_hazmat.snap RENAMED
@@ -265,7 +265,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
265
265
  | |
266
266
  | this step
267
267
  |
268
- = note: audit confidence → Low
268
+ = note: audit confidence → High
269
269
 
270
270
  error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
271
271
  --> .github/workflows/cache-poisoning.yml:36:9
{zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_version_mismatch.snap RENAMED
@@ -6,7 +6,7 @@ warning[ref-version-mismatch]: detects commit SHAs that don't match their versio
6
6
  --> @@INPUT@@:21:77
7
7
  |
8
8
  21 | - uses: actions/setup-node@1a4442cacd436585916779262731d5b162bc6ec7 # v3.8.1
9
- | ----------------------------------------------------------------- ^^^^^^ points to commit 1a4442cacd43
9
+ | ----------------------------------------------------------------- ^^^^^^ points to commit 5e21ff4d9bc1
10
10
  | |
11
11
  | is pointed to by tag v3.8.2
12
12
  |
{zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-3.snap RENAMED
@@ -10,7 +10,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
10
10
  | |
11
11
  | this step
12
12
  |
13
- = note: audit confidence → Low
13
+ = note: audit confidence → High
14
14
 
15
15
  info[use-trusted-publishing]: prefer trusted publishing for authentication
16
16
  --> @@INPUT@@:17:14
@@ -20,7 +20,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
20
20
  | |
21
21
  | this step
22
22
  |
23
- = note: audit confidence → Low
23
+ = note: audit confidence → High
24
24
 
25
25
  info[use-trusted-publishing]: prefer trusted publishing for authentication
26
26
  --> @@INPUT@@:24:11
@@ -33,7 +33,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
33
33
  27 | | --no-verify
34
34
  | |_______________________^ this command
35
35
  |
36
- = note: audit confidence → Low
36
+ = note: audit confidence → High
37
37
 
38
38
  info[use-trusted-publishing]: prefer trusted publishing for authentication
39
39
  --> @@INPUT@@:37:14
@@ -43,7 +43,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
43
43
  | |
44
44
  | this step
45
45
  |
46
- = note: audit confidence → Low
46
+ = note: audit confidence → High
47
47
 
48
48
  info[use-trusted-publishing]: prefer trusted publishing for authentication
49
49
  --> @@INPUT@@:42:14
@@ -53,7 +53,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
53
53
  | |
54
54
  | this step
55
55
  |
56
- = note: audit confidence → Low
56
+ = note: audit confidence → High
57
57
 
58
58
  info[use-trusted-publishing]: prefer trusted publishing for authentication
59
59
  --> @@INPUT@@:49:11
@@ -66,7 +66,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
66
66
  52 | | --no-verify
67
67
  | |_______________________^ this command
68
68
  |
69
- = note: audit confidence → Low
69
+ = note: audit confidence → High
70
70
 
71
71
  info[use-trusted-publishing]: prefer trusted publishing for authentication
72
72
  --> @@INPUT@@:56:14
@@ -76,7 +76,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
76
76
  | |
77
77
  | this step
78
78
  |
79
- = note: audit confidence → Low
79
+ = note: audit confidence → High
80
80
 
81
81
  info[use-trusted-publishing]: prefer trusted publishing for authentication
82
82
  --> @@INPUT@@:63:11
@@ -89,6 +89,6 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
89
89
  66 | | publish
90
90
  | |___________________^ this command
91
91
  |
92
- = note: audit confidence → Low
92
+ = note: audit confidence → High
93
93
 
94
94
  9 findings (1 suppressed): 8 informational, 0 low, 0 medium, 0 high
{zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-4.snap RENAMED
@@ -21,7 +21,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
21
21
  | |
22
22
  | this step
23
23
  |
24
- = note: audit confidence → Low
24
+ = note: audit confidence → High
25
25
 
26
26
  info[use-trusted-publishing]: prefer trusted publishing for authentication
27
27
  --> @@INPUT@@:26:9
@@ -42,7 +42,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
42
42
  | |
43
43
  | this step
44
44
  |
45
- = note: audit confidence → Low
45
+ = note: audit confidence → High
46
46
 
47
47
  info[use-trusted-publishing]: prefer trusted publishing for authentication
48
48
  --> @@INPUT@@:43:14
@@ -52,7 +52,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
52
52
  | |
53
53
  | this step
54
54
  |
55
- = note: audit confidence → Low
55
+ = note: audit confidence → High
56
56
 
57
57
  info[use-trusted-publishing]: prefer trusted publishing for authentication
58
58
  --> @@INPUT@@:49:14
@@ -62,7 +62,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
62
62
  | |
63
63
  | this step
64
64
  |
65
- = note: audit confidence → Low
65
+ = note: audit confidence → High
66
66
 
67
67
  info[use-trusted-publishing]: prefer trusted publishing for authentication
68
68
  --> @@INPUT@@:57:11
@@ -73,7 +73,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
73
73
  57 | npm publish --access public
74
74
  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ this command
75
75
  |
76
- = note: audit confidence → Low
76
+ = note: audit confidence → High
77
77
 
78
78
  info[use-trusted-publishing]: prefer trusted publishing for authentication
79
79
  --> @@INPUT@@:63:14
@@ -83,7 +83,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
83
83
  | |
84
84
  | this step
85
85
  |
86
- = note: audit confidence → Low
86
+ = note: audit confidence → High
87
87
 
88
88
  info[use-trusted-publishing]: prefer trusted publishing for authentication
89
89
  --> @@INPUT@@:69:14
@@ -93,7 +93,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
93
93
  | |
94
94
  | this step
95
95
  |
96
- = note: audit confidence → Low
96
+ = note: audit confidence → High
97
97
 
98
98
  info[use-trusted-publishing]: prefer trusted publishing for authentication
99
99
  --> @@INPUT@@:75:14
@@ -103,7 +103,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
103
103
  | |
104
104
  | this step
105
105
  |
106
- = note: audit confidence → Low
106
+ = note: audit confidence → High
107
107
 
108
108
  info[use-trusted-publishing]: prefer trusted publishing for authentication
109
109
  --> @@INPUT@@:81:14
@@ -113,47 +113,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
113
113
  | |
114
114
  | this step
115
115
  |
116
- = note: audit confidence → Low
117
-
118
- info[use-trusted-publishing]: prefer trusted publishing for authentication
119
- --> @@INPUT@@:100:14
120
- |
121
- 100 | run: npm publish --provenance
122
- | --- ^^^^^^^^^^^^^^^^^^^^^^^^ this command
123
- | |
124
- | this step
125
- |
126
- = note: audit confidence → High
127
-
128
- info[use-trusted-publishing]: prefer trusted publishing for authentication
129
- --> @@INPUT@@:109:14
130
- |
131
- 109 | run: npm publish --provenance
132
- | --- ^^^^^^^^^^^^^^^^^^^^^^^^ this command
133
- | |
134
- | this step
135
- |
136
- = note: audit confidence → High
137
-
138
- info[use-trusted-publishing]: prefer trusted publishing for authentication
139
- --> @@INPUT@@:113:14
140
- |
141
- 113 | run: npm publish --provenance
142
- | --- ^^^^^^^^^^^^^^^^^^^^^^^^ this command
143
- | |
144
- | this step
145
- |
146
- = note: audit confidence → High
147
-
148
- info[use-trusted-publishing]: prefer trusted publishing for authentication
149
- --> @@INPUT@@:123:14
150
- |
151
- 123 | run: npm publish
152
- | --- ^^^^^^^^^^^ this command
153
- | |
154
- | this step
155
- |
156
- = note: audit confidence → High
116
+ = note: audit confidence → High
157
117
 
158
118
  info[use-trusted-publishing]: prefer trusted publishing for authentication
159
119
  --> @@INPUT@@:129:9
@@ -166,14 +126,4 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
166
126
  |
167
127
  = note: audit confidence → High
168
128
 
169
- info[use-trusted-publishing]: prefer trusted publishing for authentication
170
- --> @@INPUT@@:134:14
171
- |
172
- 134 | run: npm publish
173
- | --- ^^^^^^^^^^^ this command
174
- | |
175
- | this step
176
- |
177
- = note: audit confidence → High
178
-
179
- 18 findings (1 suppressed): 17 informational, 0 low, 0 medium, 0 high
129
+ 13 findings (1 suppressed): 12 informational, 0 low, 0 medium, 0 high
zizmor-1.14.2/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-5.snap ADDED
@@ -0,0 +1,5 @@
1
+ ---
2
+ source: crates/zizmor/tests/integration/snapshot.rs
3
+ expression: "zizmor().input(input_under_test(\"use-trusted-publishing/issue-1191-repro.yml\")).run()?"
4
+ ---
5
+ No findings to report. Good job! (2 suppressed)
zizmor-1.14.2/crates/zizmor/tests/integration/test-data/use-trusted-publishing/issue-1191-repro.yml ADDED
@@ -0,0 +1,24 @@
1
+ # https://github.com/zizmorcore/zizmor/issues/1191
2
+ name: "Publish to PyPI"
3
+
4
+ on:
5
+ workflow_call:
6
+
7
+ jobs:
8
+ pypi-publish:
9
+ name: Upload to PyPI
10
+ runs-on: ubuntu-latest
11
+ environment:
12
+ name: release
13
+ permissions:
14
+ # For PyPI's trusted publishing.
15
+ id-token: write
16
+ steps:
17
+ - name: "Install uv"
18
+ uses: astral-sh/setup-uv@b75a909f75acd358c2196fb9a5f1299a9a8868a4 # v6.7.0
19
+ - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
20
+ with:
21
+ pattern: wheels-*
22
+ path: wheels
23
+ - name: Publish to PyPi
24
+ run: uv publish -v wheels/*
{zizmor-1.14.0 → zizmor-1.14.2}/Cargo.toml RENAMED
File without changes
{zizmor-1.14.0 → zizmor-1.14.2}/crates/yamlpath/LICENSE RENAMED
File without changes
{zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/README.md RENAMED
File without changes
{zizmor-1.14.0 → zizmor-1.14.2}/crates/zizmor/build.rs RENAMED
File without changes