zizmor 1.14.1__tar.gz → 1.14.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of zizmor might be problematic. Click here for more details.

Files changed (460) hide show
  1. {zizmor-1.14.1 → zizmor-1.14.2}/Cargo.lock +1 -1
  2. {zizmor-1.14.1 → zizmor-1.14.2}/PKG-INFO +1 -1
  3. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/Cargo.toml +1 -1
  4. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/use_trusted_publishing.rs +14 -16
  5. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshot.rs +9 -0
  6. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__gha_hazmat.snap +1 -1
  7. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-3.snap +8 -8
  8. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-4.snap +10 -60
  9. zizmor-1.14.2/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-5.snap +5 -0
  10. zizmor-1.14.2/crates/zizmor/tests/integration/test-data/use-trusted-publishing/issue-1191-repro.yml +24 -0
  11. {zizmor-1.14.1 → zizmor-1.14.2}/Cargo.toml +0 -0
  12. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-expressions/Cargo.toml +0 -0
  13. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-expressions/README.md +0 -0
  14. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-expressions/src/call.rs +0 -0
  15. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-expressions/src/context.rs +0 -0
  16. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-expressions/src/expr.pest +0 -0
  17. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-expressions/src/identifier.rs +0 -0
  18. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-expressions/src/lib.rs +0 -0
  19. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-expressions/src/literal.rs +0 -0
  20. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-expressions/src/op.rs +0 -0
  21. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/Cargo.toml +0 -0
  22. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/LICENSE +0 -0
  23. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/README.md +0 -0
  24. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/src/action.rs +0 -0
  25. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/src/common/expr.rs +0 -0
  26. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/src/common.rs +0 -0
  27. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/src/dependabot/mod.rs +0 -0
  28. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/src/dependabot/v2.rs +0 -0
  29. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/src/lib.rs +0 -0
  30. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/src/workflow/event.rs +0 -0
  31. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/src/workflow/job.rs +0 -0
  32. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/src/workflow/mod.rs +0 -0
  33. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-actions/gh-action-pip-audit.yml +0 -0
  34. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-actions/gh-action-pypi-publish.yml +0 -0
  35. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-actions/gh-action-sigstore-python.yml +0 -0
  36. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-actions/no-input-output-descriptions.yml +0 -0
  37. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-actions/setup-python.yml +0 -0
  38. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-dependabot/v2/pip-audit.yml +0 -0
  39. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-dependabot/v2/sigstore-python.yml +0 -0
  40. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/adafruit-circuitpython-run-tests.yml +0 -0
  41. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/false-condition.yml +0 -0
  42. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/gh-action-sigstore-python-selftest.yml +0 -0
  43. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/git-annex-built-windows.yaml +0 -0
  44. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/guacsec-guac-ci.yml +0 -0
  45. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/homebrew-core-automerge-triggers.yml +0 -0
  46. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/homebrew-core-dispatch-rebottle.yml +0 -0
  47. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/intel-llvm-sycl-linux-run-tests.yml +0 -0
  48. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/issue-35.yml +0 -0
  49. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/jazzband-tablib-docs-lint.yml +0 -0
  50. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/letsencrypt-boulder-boulder-ci.yml +0 -0
  51. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/mhils-workflows-python-deploy.yml +0 -0
  52. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/openbao-openbao-test-go.yml +0 -0
  53. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/pip-api-test.yml +0 -0
  54. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/pip-audit-ci.yml +0 -0
  55. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/pip-audit-scorecards.yml +0 -0
  56. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/pwn-requests.yml +0 -0
  57. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/pyca-cryptography-ci.yml +0 -0
  58. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/pypi-attestations-release.yml +0 -0
  59. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/reusable-workflow-unpinned.yml +0 -0
  60. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/rnpgp-rnp-centos-and-fedora.yml +0 -0
  61. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/runs-on-expr.yml +0 -0
  62. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/runs-on-group-only.yml +0 -0
  63. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/scalar-trigger-type.yml +0 -0
  64. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/vil02-puzzle_generator-check_examples.yml +0 -0
  65. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/zizmor-issue-646.yml +0 -0
  66. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/sample-workflows/zizmor-issue-650.yml +0 -0
  67. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/test_action.rs +0 -0
  68. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/test_dependabot_v2.rs +0 -0
  69. {zizmor-1.14.1 → zizmor-1.14.2}/crates/github-actions-models/tests/test_workflow.rs +0 -0
  70. {zizmor-1.14.1 → zizmor-1.14.2}/crates/subfeature/.gitignore +0 -0
  71. {zizmor-1.14.1 → zizmor-1.14.2}/crates/subfeature/Cargo.toml +0 -0
  72. {zizmor-1.14.1 → zizmor-1.14.2}/crates/subfeature/LICENSE +0 -0
  73. {zizmor-1.14.1 → zizmor-1.14.2}/crates/subfeature/README.md +0 -0
  74. {zizmor-1.14.1 → zizmor-1.14.2}/crates/subfeature/src/lib.rs +0 -0
  75. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpatch/Cargo.toml +0 -0
  76. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpatch/LICENSE +0 -0
  77. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpatch/README.md +0 -0
  78. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpatch/src/lib.rs +0 -0
  79. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpatch/tests/unit_tests.rs +0 -0
  80. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/Cargo.toml +0 -0
  81. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/LICENSE +0 -0
  82. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/README.md +0 -0
  83. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/src/lib.rs +0 -0
  84. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/tests/integration_test.rs +0 -0
  85. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/basic.yml +0 -0
  86. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/comments.yml +0 -0
  87. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/directives.yml +0 -0
  88. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/exact-features.yml +0 -0
  89. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/flow.yml +0 -0
  90. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/interceding-comment.yml +0 -0
  91. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/key-only-features.yml +0 -0
  92. {zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/tests/testcases/quoted-key.yml +0 -0
  93. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/README.md +0 -0
  94. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/build.rs +0 -0
  95. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/data/codeql-injection-sinks.json +0 -0
  96. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/data/context-capabilities.csv +0 -0
  97. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/anonymous_definition.rs +0 -0
  98. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/artipacked.rs +0 -0
  99. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/bot_conditions.rs +0 -0
  100. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/cache_poisoning.rs +0 -0
  101. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/dangerous_triggers.rs +0 -0
  102. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/excessive_permissions.rs +0 -0
  103. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/forbidden_uses.rs +0 -0
  104. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/github_env.rs +0 -0
  105. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/hardcoded_container_credentials.rs +0 -0
  106. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/impostor_commit.rs +0 -0
  107. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/insecure_commands.rs +0 -0
  108. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/known_vulnerable_actions.rs +0 -0
  109. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/mod.rs +0 -0
  110. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/obfuscation.rs +0 -0
  111. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/overprovisioned_secrets.rs +0 -0
  112. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/ref_confusion.rs +0 -0
  113. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/ref_version_mismatch.rs +0 -0
  114. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/secrets_inherit.rs +0 -0
  115. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/self_hosted_runner.rs +0 -0
  116. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/stale_action_refs.rs +0 -0
  117. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/template_injection.rs +0 -0
  118. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/undocumented_permissions.rs +0 -0
  119. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/unpinned_images.rs +0 -0
  120. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/unpinned_uses.rs +0 -0
  121. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/unredacted_secrets.rs +0 -0
  122. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/unsound_condition.rs +0 -0
  123. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/unsound_contains.rs +0 -0
  124. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/config.rs +0 -0
  125. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/data/github-action.json +0 -0
  126. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/data/github-workflow.json +0 -0
  127. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/finding/location.rs +0 -0
  128. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/finding.rs +0 -0
  129. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/github_api.rs +0 -0
  130. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/lsp.rs +0 -0
  131. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/main.rs +0 -0
  132. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/models/action.rs +0 -0
  133. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/models/coordinate.rs +0 -0
  134. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/models/inputs.rs +0 -0
  135. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/models/uses.rs +0 -0
  136. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/models/workflow.rs +0 -0
  137. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/models.rs +0 -0
  138. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/output/fix.rs +0 -0
  139. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/output/github.rs +0 -0
  140. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/output/json/mod.rs +0 -0
  141. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/output/json/v1.rs +0 -0
  142. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/output/mod.rs +0 -0
  143. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/output/plain.rs +0 -0
  144. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/output/sarif.rs +0 -0
  145. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/registry/input.rs +0 -0
  146. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/registry.rs +0 -0
  147. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/state.rs +0 -0
  148. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/utils.rs +0 -0
  149. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/acceptance.rs +0 -0
  150. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/common.rs +0 -0
  151. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/config.rs +0 -0
  152. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/e2e/json_v1.rs +0 -0
  153. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/e2e/snapshots/integration__e2e__json_v1__json_v1.snap +0 -0
  154. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/e2e.rs +0 -0
  155. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/main.rs +0 -0
  156. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__disablement.snap +0 -0
  157. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_dotgithub.snap +0 -0
  158. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_dotgithub_from_file_input.snap +0 -0
  159. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_root.snap +0 -0
  160. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_root_from_child_dir.snap +0 -0
  161. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_root_from_file_input.snap +0 -0
  162. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_dotgithub.snap +0 -0
  163. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_dotgithub_from_file_input.snap +0 -0
  164. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_root.snap +0 -0
  165. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_root_from_child_dir.snap +0 -0
  166. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_root_from_file_input.snap +0 -0
  167. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__invalid_configs-2.snap +0 -0
  168. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__invalid_configs-3.snap +0 -0
  169. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__config__invalid_configs.snap +0 -0
  170. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_config_file.snap +0 -0
  171. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_input_not_strict-2.snap +0 -0
  172. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_input_not_strict.snap +0 -0
  173. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-10.snap +0 -0
  174. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-2.snap +0 -0
  175. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-3.snap +0 -0
  176. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-4.snap +0 -0
  177. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-5.snap +0 -0
  178. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-6.snap +0 -0
  179. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-7.snap +0 -0
  180. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-8.snap +0 -0
  181. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-9.snap +0 -0
  182. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs.snap +0 -0
  183. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1065.snap +0 -0
  184. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1116_strict_collection_remote_input-2.snap +0 -0
  185. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1116_strict_collection_remote_input.snap +0 -0
  186. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_569.snap +0 -0
  187. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_612_repro.snap +0 -0
  188. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_726.snap +0 -0
  189. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie-2.snap +0 -0
  190. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie.snap +0 -0
  191. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__pr_960_backstop.snap +0 -0
  192. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__warn_on_min_confidence_unknown.snap +0 -0
  193. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__warn_on_min_severity_unknown.snap +0 -0
  194. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__anonymous_definition.snap +0 -0
  195. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-2.snap +0 -0
  196. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-3.snap +0 -0
  197. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-4.snap +0 -0
  198. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-5.snap +0 -0
  199. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked.snap +0 -0
  200. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__bot_conditions.snap +0 -0
  201. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-10.snap +0 -0
  202. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-11.snap +0 -0
  203. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-12.snap +0 -0
  204. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-13.snap +0 -0
  205. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-14.snap +0 -0
  206. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-15.snap +0 -0
  207. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-16.snap +0 -0
  208. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-17.snap +0 -0
  209. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-2.snap +0 -0
  210. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-3.snap +0 -0
  211. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-4.snap +0 -0
  212. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-5.snap +0 -0
  213. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-6.snap +0 -0
  214. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-7.snap +0 -0
  215. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-8.snap +0 -0
  216. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-9.snap +0 -0
  217. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning.snap +0 -0
  218. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve-2.snap +0 -0
  219. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve.snap +0 -0
  220. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve_no_gh_token.snap +0 -0
  221. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve_offline.snap +0 -0
  222. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-10.snap +0 -0
  223. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-11.snap +0 -0
  224. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-12.snap +0 -0
  225. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-2.snap +0 -0
  226. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-3.snap +0 -0
  227. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-4.snap +0 -0
  228. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-5.snap +0 -0
  229. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-6.snap +0 -0
  230. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-7.snap +0 -0
  231. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-8.snap +0 -0
  232. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-9.snap +0 -0
  233. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions.snap +0 -0
  234. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-2.snap +0 -0
  235. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-3.snap +0 -0
  236. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-4.snap +0 -0
  237. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-5.snap +0 -0
  238. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-6.snap +0 -0
  239. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses.snap +0 -0
  240. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-2.snap +0 -0
  241. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-3.snap +0 -0
  242. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env.snap +0 -0
  243. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_output.snap +0 -0
  244. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-2.snap +0 -0
  245. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-3.snap +0 -0
  246. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-4.snap +0 -0
  247. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands.snap +0 -0
  248. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation-2.snap +0 -0
  249. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation-3.snap +0 -0
  250. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation.snap +0 -0
  251. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__overprovisioned_secrets.snap +0 -0
  252. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion-2.snap +0 -0
  253. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion.snap +0 -0
  254. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_version_mismatch.snap +0 -0
  255. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__secrets_inherit.snap +0 -0
  256. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-2.snap +0 -0
  257. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-3.snap +0 -0
  258. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-4.snap +0 -0
  259. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-5.snap +0 -0
  260. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-6.snap +0 -0
  261. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-7.snap +0 -0
  262. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-8.snap +0 -0
  263. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted.snap +0 -0
  264. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__stale_action_refs.snap +0 -0
  265. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-10.snap +0 -0
  266. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-11.snap +0 -0
  267. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-12.snap +0 -0
  268. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-13.snap +0 -0
  269. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-14.snap +0 -0
  270. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-15.snap +0 -0
  271. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-2.snap +0 -0
  272. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-3.snap +0 -0
  273. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-4.snap +0 -0
  274. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-5.snap +0 -0
  275. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-6.snap +0 -0
  276. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-7.snap +0 -0
  277. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-8.snap +0 -0
  278. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-9.snap +0 -0
  279. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection.snap +0 -0
  280. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-2.snap +0 -0
  281. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-3.snap +0 -0
  282. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-4.snap +0 -0
  283. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-5.snap +0 -0
  284. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-6.snap +0 -0
  285. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-7.snap +0 -0
  286. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions.snap +0 -0
  287. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config-2.snap +0 -0
  288. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config.snap +0 -0
  289. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-default-config.snap +0 -0
  290. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-empty-config.snap +0 -0
  291. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-hash-pin-everything-config.snap +0 -0
  292. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-ref-pin-everything-config.snap +0 -0
  293. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_images.snap +0 -0
  294. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-10.snap +0 -0
  295. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-11.snap +0 -0
  296. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-12.snap +0 -0
  297. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-2.snap +0 -0
  298. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-3.snap +0 -0
  299. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-4.snap +0 -0
  300. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-5.snap +0 -0
  301. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-6.snap +0 -0
  302. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-7.snap +0 -0
  303. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-8.snap +0 -0
  304. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-9.snap +0 -0
  305. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses.snap +0 -0
  306. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unredacted_secrets.snap +0 -0
  307. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unsound_condition.snap +0 -0
  308. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unsound_contains.snap +0 -0
  309. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-2.snap +0 -0
  310. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing.snap +0 -0
  311. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/anonymous-definition.yml +0 -0
  312. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/artipacked/demo-action/action.yml +0 -0
  313. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/artipacked/issue-447-repro.yml +0 -0
  314. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/artipacked.yml +0 -0
  315. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/bot-conditions.yml +0 -0
  316. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-disabled-by-default.yml +0 -0
  317. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-enabled-by-default.yml +0 -0
  318. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-not-configurable.yml +0 -0
  319. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolean-toggle.yml +0 -0
  320. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolish-toggle.yml +0 -0
  321. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-expression.yml +0 -0
  322. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-multi-value-toggle.yml +0 -0
  323. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-out.yml +0 -0
  324. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-1081-repro.yml +0 -0
  325. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-1152-repro.yml +0 -0
  326. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-343-repro.yml +0 -0
  327. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-378-repro.yml +0 -0
  328. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-642-repro.yml +0 -0
  329. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/no-cache-aware-steps.yml +0 -0
  330. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/publisher-step.yml +0 -0
  331. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-release-branch-trigger.yml +0 -0
  332. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-tag-trigger.yml +0 -0
  333. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/cache-poisoning.yml +0 -0
  334. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-dotgithub/.github/workflows/hackme.yml +0 -0
  335. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-dotgithub/.github/zizmor.yml +0 -0
  336. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-root/.github/workflows/hackme.yml +0 -0
  337. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-root/zizmor.yml +0 -0
  338. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/disablement/.github/workflows/hackme.yml +0 -0
  339. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/disablement/zizmor.yml +0 -0
  340. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/zizmor.invalid-schema-1.yml +0 -0
  341. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/zizmor.invalid-schema-2.yml +0 -0
  342. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/config-scenarios/zizmor.invalid-schema-3.yml +0 -0
  343. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/dummy-action-2/action.yml +0 -0
  344. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/another-dummy.yml +0 -0
  345. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/dummy.yml +0 -0
  346. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/ignored.yaml +0 -0
  347. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.gitignore +0 -0
  348. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/README.md +0 -0
  349. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/dummy-action-1/action.yaml +0 -0
  350. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-336-repro.yml +0 -0
  351. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-472-repro.yml +0 -0
  352. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/jobs-broaden-permissions.yml +0 -0
  353. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-call.yml +0 -0
  354. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-other-triggers.yml +0 -0
  355. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms-all-jobs-explicit.yml +0 -0
  356. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms.yml +0 -0
  357. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-empty-perms.yml +0 -0
  358. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-read-all.yml +0 -0
  359. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-all.yml +0 -0
  360. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-explicit.yml +0 -0
  361. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/excessive-permissions.yml +0 -0
  362. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-all.yml +0 -0
  363. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some-refs.yml +0 -0
  364. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some.yml +0 -0
  365. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-all.yml +0 -0
  366. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some-refs.yml +0 -0
  367. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some.yml +0 -0
  368. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/forbidden-uses-menagerie.yml +0 -0
  369. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/github-env/action.yml +0 -0
  370. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/github-env/github-path.yml +0 -0
  371. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/github-env/issue-397-repro.yml +0 -0
  372. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/github_env.yml +0 -0
  373. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/hardcoded-credentials.yml +0 -0
  374. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/inlined-ignores.yml +0 -0
  375. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/insecure-commands/action.yml +0 -0
  376. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/insecure-commands/issue-839-repro.yml +0 -0
  377. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/insecure-commands.yml +0 -0
  378. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-1.yml +0 -0
  379. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-2.yml +0 -0
  380. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/blank.yml +0 -0
  381. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/comment-only.yml +0 -0
  382. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/empty-action/action.yml +0 -0
  383. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/empty.yml +0 -0
  384. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-action-1/action.yml +0 -0
  385. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-action-2/action.yml +0 -0
  386. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow-2.yml +0 -0
  387. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow.yml +0 -0
  388. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/issue-1065.yml +0 -0
  389. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/issue-612-repro/action.yml +0 -0
  390. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/neutral.yml +0 -0
  391. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/obfuscation/computed-indices.yml +0 -0
  392. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/obfuscation/issue-1177-repro.yml +0 -0
  393. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/obfuscation.yml +0 -0
  394. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/overprovisioned-secrets.yml +0 -0
  395. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/pr-960-backstop/action.yml +0 -0
  396. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/ref-confusion/issue-518-repro.yml +0 -0
  397. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/ref-confusion.yml +0 -0
  398. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/ref-version-mismatch.yml +0 -0
  399. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/secrets-inherit.yml +0 -0
  400. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted/issue-283-repro.yml +0 -0
  401. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-dimension.yml +0 -0
  402. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-exclusion.yml +0 -0
  403. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-inclusion.yml +0 -0
  404. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-group.yml +0 -0
  405. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-label.yml +0 -0
  406. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/self-hosted.yml +0 -0
  407. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/several-vulnerabilities.yml +0 -0
  408. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/stale-action-refs.yml +0 -0
  409. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/addnab-docker-run-action.yml +0 -0
  410. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/codeql-sinks.yml +0 -0
  411. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/dataflow.yml +0 -0
  412. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/false-positive-menagerie.yml +0 -0
  413. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/input-caps.yml +0 -0
  414. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-22-repro.yml +0 -0
  415. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-339-repro.yml +0 -0
  416. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-418-repro.yml +0 -0
  417. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-749-repro.yml +0 -0
  418. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-883-repro/action.yml +0 -0
  419. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-988-repro.yml +0 -0
  420. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/multiline-expression.yml +0 -0
  421. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/patterns.yml +0 -0
  422. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/pr-317-repro.yml +0 -0
  423. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/pr-425-backstop/action.yml +0 -0
  424. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/pwsh-script.yml +0 -0
  425. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/static-env.yml +0 -0
  426. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/template-injection-dynamic-matrix.yml +0 -0
  427. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection/template-injection-static-matrix.yml +0 -0
  428. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/template-injection.yml +0 -0
  429. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/contents-read-only.yml +0 -0
  430. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/contents-read-with-other.yml +0 -0
  431. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/documented.yml +0 -0
  432. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/empty-permissions.yml +0 -0
  433. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/partially-documented.yml +0 -0
  434. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions.yml +0 -0
  435. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-images.yml +0 -0
  436. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/action.yml +0 -0
  437. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite-2.yml +0 -0
  438. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite.yml +0 -0
  439. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/empty.yml +0 -0
  440. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/hash-pin-everything.yml +0 -0
  441. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-1.yml +0 -0
  442. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-2.yml +0 -0
  443. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-3.yml +0 -0
  444. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-4.yml +0 -0
  445. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-5.yml +0 -0
  446. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-6.yml +0 -0
  447. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-wrong-policy-object.yml +0 -0
  448. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/ref-pin-everything.yml +0 -0
  449. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-433-repro.yml +0 -0
  450. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-659-repro.yml +0 -0
  451. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/menagerie-of-uses.yml +0 -0
  452. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unpinned-uses.yml +0 -0
  453. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unredacted-secrets.yml +0 -0
  454. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unsound-condition.yml +0 -0
  455. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/unsound-contains.yml +0 -0
  456. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/cargo-publish.yml +0 -0
  457. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/demo-action/action.yml +0 -0
  458. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/npm-publish.yml +0 -0
  459. {zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing.yml +0 -0
  460. {zizmor-1.14.1 → zizmor-1.14.2}/pyproject.toml +0 -0
{zizmor-1.14.1 → zizmor-1.14.2}/Cargo.lock RENAMED
@@ -3801,7 +3801,7 @@ dependencies = [
3801
3801
 
3802
3802
  [[package]]
3803
3803
  name = "zizmor"
3804
- version = "1.14.1"
3804
+ version = "1.14.2"
3805
3805
  dependencies = [
3806
3806
  "annotate-snippets",
3807
3807
  "anstream",
{zizmor-1.14.1 → zizmor-1.14.2}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: zizmor
3
- Version: 1.14.1
3
+ Version: 1.14.2
4
4
  License-File: LICENSE
5
5
  Home-Page: https://docs.zizmor.sh
6
6
  Requires-Python: >=3.9
{zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/Cargo.toml RENAMED
@@ -1,7 +1,7 @@
1
1
  [package]
2
2
  name = "zizmor"
3
3
  description = "Static analysis for GitHub Actions"
4
- version = "1.14.1"
4
+ version = "1.14.2"
5
5
  repository = "https://github.com/zizmorcore/zizmor"
6
6
  documentation = "https://docs.zizmor.sh"
7
7
  keywords = ["cli", "github-actions", "static-analysis", "security"]
{zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/src/audit/use_trusted_publishing.rs RENAMED
@@ -340,10 +340,19 @@ impl Audit for UseTrustedPublishing {
340
340
  // In addition to the shared action matching above, we can
341
341
  // also check for some `run:` patterns that indicate publishing
342
342
  // without Trusted Publishing.
343
- // We check this regardless of id-token permission state because:
344
- // 1. If no id-token: indicates missing trusted publishing setup
345
- // 2. If has id-token but uses manual tokens: indicates hybrid/incomplete migration
346
- if let StepBodyCommon::Run { run, .. } = step.body() {
343
+
344
+ // We can only check these reliably on workflows and not actions,
345
+ // since we need to be able to see the `id-token` permission's
346
+ // state to filter out any false positives.
347
+ //
348
+ // NOTE(ww): With #1161 we loosened this check and turned the
349
+ // "has ID token" check into a confidence modifier rather than
350
+ // a strict filter. This ended up being overly imprecise, since a lot
351
+ // of publishing commands use trusted publishing implicitly if
352
+ // the environment supports it. We reverted this with #1191.
353
+ if let StepBodyCommon::Run { run, .. } = step.body()
354
+ && !step.parent.has_id_token()
355
+ {
347
356
  let shell = step.shell().unwrap_or_else(|| {
348
357
  tracing::debug!(
349
358
  "use-trusted-publishing: couldn't determine shell type for {workflow}:{job} step {stepno}",
@@ -356,21 +365,10 @@ impl Audit for UseTrustedPublishing {
356
365
  });
357
366
 
358
367
  for subfeature in self.trusted_publishing_command_candidates(run, shell)? {
359
- // Adjust confidence based on whether id-token permission is present
360
- let confidence = if step.parent.has_id_token() {
361
- // Higher confidence when id-token is present but manual tokens are still used
362
- // This indicates a hybrid/incomplete migration that should be flagged
363
- Confidence::High
364
- } else {
365
- // Low confidence when no id-token - could be intentional for non-TP registries
366
- // or legitimate reasons not to use trusted publishing
367
- Confidence::Low
368
- };
369
-
370
368
  findings.push(
371
369
  Self::finding()
372
370
  .severity(Severity::Informational)
373
- .confidence(confidence)
371
+ .confidence(Confidence::High)
374
372
  .add_location(step.location().hidden())
375
373
  .add_location(
376
374
  step.location()
{zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshot.rs RENAMED
@@ -306,6 +306,15 @@ fn use_trusted_publishing() -> Result<()> {
306
306
  .run()?
307
307
  );
308
308
 
309
+ // No use-trusted-publishing findings expected here.
310
+ insta::assert_snapshot!(
311
+ zizmor()
312
+ .input(input_under_test(
313
+ "use-trusted-publishing/issue-1191-repro.yml"
314
+ ))
315
+ .run()?
316
+ );
317
+
309
318
  Ok(())
310
319
  }
311
320
 
{zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__gha_hazmat.snap RENAMED
@@ -265,7 +265,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
265
265
  | |
266
266
  | this step
267
267
  |
268
- = note: audit confidence → Low
268
+ = note: audit confidence → High
269
269
 
270
270
  error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
271
271
  --> .github/workflows/cache-poisoning.yml:36:9
{zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-3.snap RENAMED
@@ -10,7 +10,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
10
10
  | |
11
11
  | this step
12
12
  |
13
- = note: audit confidence → Low
13
+ = note: audit confidence → High
14
14
 
15
15
  info[use-trusted-publishing]: prefer trusted publishing for authentication
16
16
  --> @@INPUT@@:17:14
@@ -20,7 +20,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
20
20
  | |
21
21
  | this step
22
22
  |
23
- = note: audit confidence → Low
23
+ = note: audit confidence → High
24
24
 
25
25
  info[use-trusted-publishing]: prefer trusted publishing for authentication
26
26
  --> @@INPUT@@:24:11
@@ -33,7 +33,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
33
33
  27 | | --no-verify
34
34
  | |_______________________^ this command
35
35
  |
36
- = note: audit confidence → Low
36
+ = note: audit confidence → High
37
37
 
38
38
  info[use-trusted-publishing]: prefer trusted publishing for authentication
39
39
  --> @@INPUT@@:37:14
@@ -43,7 +43,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
43
43
  | |
44
44
  | this step
45
45
  |
46
- = note: audit confidence → Low
46
+ = note: audit confidence → High
47
47
 
48
48
  info[use-trusted-publishing]: prefer trusted publishing for authentication
49
49
  --> @@INPUT@@:42:14
@@ -53,7 +53,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
53
53
  | |
54
54
  | this step
55
55
  |
56
- = note: audit confidence → Low
56
+ = note: audit confidence → High
57
57
 
58
58
  info[use-trusted-publishing]: prefer trusted publishing for authentication
59
59
  --> @@INPUT@@:49:11
@@ -66,7 +66,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
66
66
  52 | | --no-verify
67
67
  | |_______________________^ this command
68
68
  |
69
- = note: audit confidence → Low
69
+ = note: audit confidence → High
70
70
 
71
71
  info[use-trusted-publishing]: prefer trusted publishing for authentication
72
72
  --> @@INPUT@@:56:14
@@ -76,7 +76,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
76
76
  | |
77
77
  | this step
78
78
  |
79
- = note: audit confidence → Low
79
+ = note: audit confidence → High
80
80
 
81
81
  info[use-trusted-publishing]: prefer trusted publishing for authentication
82
82
  --> @@INPUT@@:63:11
@@ -89,6 +89,6 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
89
89
  66 | | publish
90
90
  | |___________________^ this command
91
91
  |
92
- = note: audit confidence → Low
92
+ = note: audit confidence → High
93
93
 
94
94
  9 findings (1 suppressed): 8 informational, 0 low, 0 medium, 0 high
{zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-4.snap RENAMED
@@ -21,7 +21,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
21
21
  | |
22
22
  | this step
23
23
  |
24
- = note: audit confidence → Low
24
+ = note: audit confidence → High
25
25
 
26
26
  info[use-trusted-publishing]: prefer trusted publishing for authentication
27
27
  --> @@INPUT@@:26:9
@@ -42,7 +42,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
42
42
  | |
43
43
  | this step
44
44
  |
45
- = note: audit confidence → Low
45
+ = note: audit confidence → High
46
46
 
47
47
  info[use-trusted-publishing]: prefer trusted publishing for authentication
48
48
  --> @@INPUT@@:43:14
@@ -52,7 +52,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
52
52
  | |
53
53
  | this step
54
54
  |
55
- = note: audit confidence → Low
55
+ = note: audit confidence → High
56
56
 
57
57
  info[use-trusted-publishing]: prefer trusted publishing for authentication
58
58
  --> @@INPUT@@:49:14
@@ -62,7 +62,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
62
62
  | |
63
63
  | this step
64
64
  |
65
- = note: audit confidence → Low
65
+ = note: audit confidence → High
66
66
 
67
67
  info[use-trusted-publishing]: prefer trusted publishing for authentication
68
68
  --> @@INPUT@@:57:11
@@ -73,7 +73,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
73
73
  57 | npm publish --access public
74
74
  | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ this command
75
75
  |
76
- = note: audit confidence → Low
76
+ = note: audit confidence → High
77
77
 
78
78
  info[use-trusted-publishing]: prefer trusted publishing for authentication
79
79
  --> @@INPUT@@:63:14
@@ -83,7 +83,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
83
83
  | |
84
84
  | this step
85
85
  |
86
- = note: audit confidence → Low
86
+ = note: audit confidence → High
87
87
 
88
88
  info[use-trusted-publishing]: prefer trusted publishing for authentication
89
89
  --> @@INPUT@@:69:14
@@ -93,7 +93,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
93
93
  | |
94
94
  | this step
95
95
  |
96
- = note: audit confidence → Low
96
+ = note: audit confidence → High
97
97
 
98
98
  info[use-trusted-publishing]: prefer trusted publishing for authentication
99
99
  --> @@INPUT@@:75:14
@@ -103,7 +103,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
103
103
  | |
104
104
  | this step
105
105
  |
106
- = note: audit confidence → Low
106
+ = note: audit confidence → High
107
107
 
108
108
  info[use-trusted-publishing]: prefer trusted publishing for authentication
109
109
  --> @@INPUT@@:81:14
@@ -113,47 +113,7 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
113
113
  | |
114
114
  | this step
115
115
  |
116
- = note: audit confidence → Low
117
-
118
- info[use-trusted-publishing]: prefer trusted publishing for authentication
119
- --> @@INPUT@@:100:14
120
- |
121
- 100 | run: npm publish --provenance
122
- | --- ^^^^^^^^^^^^^^^^^^^^^^^^ this command
123
- | |
124
- | this step
125
- |
126
- = note: audit confidence → High
127
-
128
- info[use-trusted-publishing]: prefer trusted publishing for authentication
129
- --> @@INPUT@@:109:14
130
- |
131
- 109 | run: npm publish --provenance
132
- | --- ^^^^^^^^^^^^^^^^^^^^^^^^ this command
133
- | |
134
- | this step
135
- |
136
- = note: audit confidence → High
137
-
138
- info[use-trusted-publishing]: prefer trusted publishing for authentication
139
- --> @@INPUT@@:113:14
140
- |
141
- 113 | run: npm publish --provenance
142
- | --- ^^^^^^^^^^^^^^^^^^^^^^^^ this command
143
- | |
144
- | this step
145
- |
146
- = note: audit confidence → High
147
-
148
- info[use-trusted-publishing]: prefer trusted publishing for authentication
149
- --> @@INPUT@@:123:14
150
- |
151
- 123 | run: npm publish
152
- | --- ^^^^^^^^^^^ this command
153
- | |
154
- | this step
155
- |
156
- = note: audit confidence → High
116
+ = note: audit confidence → High
157
117
 
158
118
  info[use-trusted-publishing]: prefer trusted publishing for authentication
159
119
  --> @@INPUT@@:129:9
@@ -166,14 +126,4 @@ info[use-trusted-publishing]: prefer trusted publishing for authentication
166
126
  |
167
127
  = note: audit confidence → High
168
128
 
169
- info[use-trusted-publishing]: prefer trusted publishing for authentication
170
- --> @@INPUT@@:134:14
171
- |
172
- 134 | run: npm publish
173
- | --- ^^^^^^^^^^^ this command
174
- | |
175
- | this step
176
- |
177
- = note: audit confidence → High
178
-
179
- 18 findings (1 suppressed): 17 informational, 0 low, 0 medium, 0 high
129
+ 13 findings (1 suppressed): 12 informational, 0 low, 0 medium, 0 high
zizmor-1.14.2/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-5.snap ADDED
@@ -0,0 +1,5 @@
1
+ ---
2
+ source: crates/zizmor/tests/integration/snapshot.rs
3
+ expression: "zizmor().input(input_under_test(\"use-trusted-publishing/issue-1191-repro.yml\")).run()?"
4
+ ---
5
+ No findings to report. Good job! (2 suppressed)
zizmor-1.14.2/crates/zizmor/tests/integration/test-data/use-trusted-publishing/issue-1191-repro.yml ADDED
@@ -0,0 +1,24 @@
1
+ # https://github.com/zizmorcore/zizmor/issues/1191
2
+ name: "Publish to PyPI"
3
+
4
+ on:
5
+ workflow_call:
6
+
7
+ jobs:
8
+ pypi-publish:
9
+ name: Upload to PyPI
10
+ runs-on: ubuntu-latest
11
+ environment:
12
+ name: release
13
+ permissions:
14
+ # For PyPI's trusted publishing.
15
+ id-token: write
16
+ steps:
17
+ - name: "Install uv"
18
+ uses: astral-sh/setup-uv@b75a909f75acd358c2196fb9a5f1299a9a8868a4 # v6.7.0
19
+ - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
20
+ with:
21
+ pattern: wheels-*
22
+ path: wheels
23
+ - name: Publish to PyPi
24
+ run: uv publish -v wheels/*
{zizmor-1.14.1 → zizmor-1.14.2}/Cargo.toml RENAMED
File without changes
{zizmor-1.14.1 → zizmor-1.14.2}/crates/yamlpath/LICENSE RENAMED
File without changes
{zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/README.md RENAMED
File without changes
{zizmor-1.14.1 → zizmor-1.14.2}/crates/zizmor/build.rs RENAMED
File without changes