zizmor 1.16.0__tar.gz → 1.16.2__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of zizmor might be problematic. Click here for more details.

Files changed (498) hide show
  1. {zizmor-1.16.0 → zizmor-1.16.2}/Cargo.lock +5 -5
  2. {zizmor-1.16.0 → zizmor-1.16.2}/Cargo.toml +5 -4
  3. {zizmor-1.16.0 → zizmor-1.16.2}/PKG-INFO +6 -6
  4. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-expressions/Cargo.toml +1 -1
  5. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-expressions/src/call.rs +2 -0
  6. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-expressions/src/lib.rs +1 -0
  7. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/src/dependabot/v2.rs +4 -5
  8. zizmor-1.16.2/crates/github-actions-models/tests/sample-dependabot/v2/issue-1305.yml +13 -0
  9. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/test_dependabot_v2.rs +0 -9
  10. {zizmor-1.16.0 → zizmor-1.16.2}/crates/subfeature/Cargo.toml +1 -1
  11. {zizmor-1.16.0 → zizmor-1.16.2}/crates/subfeature/src/lib.rs +5 -1
  12. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpatch/Cargo.toml +1 -1
  13. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpatch/src/lib.rs +5 -2
  14. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/Cargo.toml +1 -1
  15. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/src/lib.rs +36 -14
  16. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/Cargo.toml +1 -1
  17. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/README.md +0 -5
  18. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/build.rs +2 -0
  19. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/artipacked.rs +1 -1
  20. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/bot_conditions.rs +3 -1
  21. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/cache_poisoning.rs +3 -1
  22. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/concurrency_limits.rs +6 -24
  23. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/dependabot_cooldown.rs +1 -1
  24. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/dependabot_execution.rs +1 -1
  25. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/github_env.rs +34 -21
  26. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/impostor_commit.rs +2 -2
  27. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/insecure_commands.rs +1 -1
  28. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/known_vulnerable_actions.rs +9 -11
  29. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/obfuscation.rs +1 -1
  30. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/ref_version_mismatch.rs +3 -4
  31. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/template_injection.rs +2 -1
  32. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/unpinned_images.rs +6 -2
  33. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/unsound_condition.rs +1 -1
  34. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/use_trusted_publishing.rs +20 -6
  35. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/finding/location.rs +9 -8
  36. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/finding.rs +1 -1
  37. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/github/lineref.rs +19 -18
  38. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/github/pktline.rs +8 -3
  39. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/github.rs +56 -43
  40. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/lsp.rs +6 -6
  41. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/main.rs +67 -46
  42. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/models/coordinate.rs +1 -1
  43. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/models/uses.rs +11 -12
  44. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/models/version.rs +7 -11
  45. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/models/workflow.rs +1 -1
  46. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/output/sarif.rs +2 -1
  47. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/registry/input.rs +45 -54
  48. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/utils.rs +39 -13
  49. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/e2e.rs +29 -1
  50. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshot.rs +2 -13
  51. zizmor-1.16.2/crates/zizmor/tests/integration/test-data/issue-1286.yml +19 -0
  52. {zizmor-1.16.0 → zizmor-1.16.2}/pyproject.toml +1 -1
  53. zizmor-1.16.0/crates/github-actions-models/tests/sample-dependabot/v2/day-on-daily.invalid.yml +0 -7
  54. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-expressions/README.md +0 -0
  55. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-expressions/src/context.rs +0 -0
  56. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-expressions/src/expr.pest +0 -0
  57. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-expressions/src/identifier.rs +0 -0
  58. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-expressions/src/literal.rs +0 -0
  59. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-expressions/src/op.rs +0 -0
  60. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/Cargo.toml +0 -0
  61. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/LICENSE +0 -0
  62. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/README.md +0 -0
  63. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/src/action.rs +0 -0
  64. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/src/common/expr.rs +0 -0
  65. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/src/common.rs +0 -0
  66. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/src/dependabot/mod.rs +0 -0
  67. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/src/lib.rs +0 -0
  68. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/src/workflow/event.rs +0 -0
  69. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/src/workflow/job.rs +0 -0
  70. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/src/workflow/mod.rs +0 -0
  71. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-actions/gh-action-pip-audit.yml +0 -0
  72. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-actions/gh-action-pypi-publish.yml +0 -0
  73. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-actions/gh-action-sigstore-python.yml +0 -0
  74. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-actions/no-input-output-descriptions.yml +0 -0
  75. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-actions/setup-python.yml +0 -0
  76. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/homebrew-core.yml +0 -0
  77. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/cooldown.yml +0 -0
  78. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/cron-missing-cronjob.invalid.yml +0 -0
  79. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/cronjob-on-daily.invalid.yml +0 -0
  80. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/devcontainers.yml +0 -0
  81. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/grafana.yml +0 -0
  82. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/pip-audit.yml +0 -0
  83. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/sigstore-python.yml +0 -0
  84. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/weekly-with-day.yml +0 -0
  85. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/adafruit-circuitpython-run-tests.yml +0 -0
  86. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/false-condition.yml +0 -0
  87. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/gh-action-sigstore-python-selftest.yml +0 -0
  88. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/git-annex-built-windows.yaml +0 -0
  89. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/guacsec-guac-ci.yml +0 -0
  90. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/homebrew-core-automerge-triggers.yml +0 -0
  91. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/homebrew-core-dispatch-rebottle.yml +0 -0
  92. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/intel-llvm-sycl-linux-run-tests.yml +0 -0
  93. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/issue-35.yml +0 -0
  94. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/jazzband-tablib-docs-lint.yml +0 -0
  95. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/letsencrypt-boulder-boulder-ci.yml +0 -0
  96. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/mhils-workflows-python-deploy.yml +0 -0
  97. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/openbao-openbao-test-go.yml +0 -0
  98. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/pip-api-test.yml +0 -0
  99. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/pip-audit-ci.yml +0 -0
  100. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/pip-audit-scorecards.yml +0 -0
  101. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/pwn-requests.yml +0 -0
  102. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/pyca-cryptography-ci.yml +0 -0
  103. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/pypi-attestations-release.yml +0 -0
  104. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/reusable-workflow-unpinned.yml +0 -0
  105. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/rnpgp-rnp-centos-and-fedora.yml +0 -0
  106. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/runs-on-expr.yml +0 -0
  107. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/runs-on-group-only.yml +0 -0
  108. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/scalar-trigger-type.yml +0 -0
  109. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/vil02-puzzle_generator-check_examples.yml +0 -0
  110. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/zizmor-issue-646.yml +0 -0
  111. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/zizmor-issue-650.yml +0 -0
  112. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/test_action.rs +0 -0
  113. {zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/test_workflow.rs +0 -0
  114. {zizmor-1.16.0 → zizmor-1.16.2}/crates/subfeature/.gitignore +0 -0
  115. {zizmor-1.16.0 → zizmor-1.16.2}/crates/subfeature/LICENSE +0 -0
  116. {zizmor-1.16.0 → zizmor-1.16.2}/crates/subfeature/README.md +0 -0
  117. {zizmor-1.16.0 → zizmor-1.16.2}/crates/tree-sitter-iter/Cargo.toml +0 -0
  118. {zizmor-1.16.0 → zizmor-1.16.2}/crates/tree-sitter-iter/README.md +0 -0
  119. {zizmor-1.16.0 → zizmor-1.16.2}/crates/tree-sitter-iter/src/lib.rs +0 -0
  120. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpatch/LICENSE +0 -0
  121. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpatch/README.md +0 -0
  122. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpatch/tests/unit_tests.rs +0 -0
  123. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/LICENSE +0 -0
  124. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/README.md +0 -0
  125. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/tests/integration_test.rs +0 -0
  126. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/anchors-basic.yml +0 -0
  127. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/anchors-list.yml +0 -0
  128. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/anchors-nested.yml +0 -0
  129. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/basic.yml +0 -0
  130. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/comments.yml +0 -0
  131. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/directives.yml +0 -0
  132. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/exact-features.yml +0 -0
  133. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/flow.yml +0 -0
  134. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/interceding-comment.yml +0 -0
  135. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/key-only-features.yml +0 -0
  136. {zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/quoted-key.yml +0 -0
  137. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/data/codeql-injection-sinks.json +0 -0
  138. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/data/context-capabilities.csv +0 -0
  139. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/anonymous_definition.rs +0 -0
  140. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/dangerous_triggers.rs +0 -0
  141. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/excessive_permissions.rs +0 -0
  142. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/forbidden_uses.rs +0 -0
  143. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/hardcoded_container_credentials.rs +0 -0
  144. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/mod.rs +0 -0
  145. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/overprovisioned_secrets.rs +0 -0
  146. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/ref_confusion.rs +0 -0
  147. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/secrets_inherit.rs +0 -0
  148. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/self_hosted_runner.rs +0 -0
  149. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/stale_action_refs.rs +0 -0
  150. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/undocumented_permissions.rs +0 -0
  151. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/unpinned_uses.rs +0 -0
  152. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/unredacted_secrets.rs +0 -0
  153. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/unsound_contains.rs +0 -0
  154. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/config.rs +0 -0
  155. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/data/dependabot-2.0.json +0 -0
  156. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/data/github-action.json +0 -0
  157. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/data/github-workflow.json +0 -0
  158. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/models/action.rs +0 -0
  159. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/models/dependabot.rs +0 -0
  160. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/models/inputs.rs +0 -0
  161. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/models.rs +0 -0
  162. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/output/fix.rs +0 -0
  163. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/output/github.rs +0 -0
  164. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/output/json/mod.rs +0 -0
  165. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/output/json/v1.rs +0 -0
  166. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/output/mod.rs +0 -0
  167. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/output/plain.rs +0 -0
  168. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/registry.rs +0 -0
  169. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/state.rs +0 -0
  170. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/acceptance.rs +0 -0
  171. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/common.rs +0 -0
  172. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/config.rs +0 -0
  173. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/e2e/anchors.rs +0 -0
  174. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/e2e/collect.rs +0 -0
  175. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/e2e/json_v1.rs +0 -0
  176. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/e2e/snapshots/integration__e2e__json_v1__json_v1.snap +0 -0
  177. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/main.rs +0 -0
  178. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__disablement.snap +0 -0
  179. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_dotgithub.snap +0 -0
  180. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_dotgithub_from_file_input.snap +0 -0
  181. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_root.snap +0 -0
  182. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_root_from_child_dir.snap +0 -0
  183. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_root_from_file_input.snap +0 -0
  184. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_dotgithub.snap +0 -0
  185. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_dotgithub_from_file_input.snap +0 -0
  186. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_root.snap +0 -0
  187. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_root_from_child_dir.snap +0 -0
  188. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_root_from_file_input.snap +0 -0
  189. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__invalid_configs-2.snap +0 -0
  190. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__invalid_configs-3.snap +0 -0
  191. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__invalid_configs.snap +0 -0
  192. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__gha_hazmat.snap +0 -0
  193. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_config_file.snap +0 -0
  194. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_input_not_strict-2.snap +0 -0
  195. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_input_not_strict.snap +0 -0
  196. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-10.snap +0 -0
  197. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-2.snap +0 -0
  198. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-3.snap +0 -0
  199. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-4.snap +0 -0
  200. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-5.snap +0 -0
  201. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-6.snap +0 -0
  202. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-7.snap +0 -0
  203. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-8.snap +0 -0
  204. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-9.snap +0 -0
  205. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs.snap +0 -0
  206. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1065.snap +0 -0
  207. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1116_strict_collection_remote_input-2.snap +0 -0
  208. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1116_strict_collection_remote_input.snap +0 -0
  209. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1207.snap +0 -0
  210. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_569.snap +0 -0
  211. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_612_repro.snap +0 -0
  212. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_726.snap +0 -0
  213. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie-2.snap +0 -0
  214. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie.snap +0 -0
  215. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__pr_960_backstop.snap +0 -0
  216. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__warn_on_min_confidence_unknown.snap +0 -0
  217. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__warn_on_min_severity_unknown.snap +0 -0
  218. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__anonymous_definition.snap +0 -0
  219. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-2.snap +0 -0
  220. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-3.snap +0 -0
  221. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-4.snap +0 -0
  222. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-5.snap +0 -0
  223. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked.snap +0 -0
  224. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__bot_conditions.snap +0 -0
  225. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-10.snap +0 -0
  226. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-11.snap +0 -0
  227. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-12.snap +0 -0
  228. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-13.snap +0 -0
  229. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-14.snap +0 -0
  230. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-15.snap +0 -0
  231. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-16.snap +0 -0
  232. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-17.snap +0 -0
  233. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-2.snap +0 -0
  234. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-3.snap +0 -0
  235. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-4.snap +0 -0
  236. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-5.snap +0 -0
  237. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-6.snap +0 -0
  238. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-7.snap +0 -0
  239. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-8.snap +0 -0
  240. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-9.snap +0 -0
  241. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning.snap +0 -0
  242. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve-2.snap +0 -0
  243. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve.snap +0 -0
  244. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve_no_gh_token.snap +0 -0
  245. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve_offline.snap +0 -0
  246. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-10.snap +0 -0
  247. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-11.snap +0 -0
  248. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-12.snap +0 -0
  249. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-2.snap +0 -0
  250. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-3.snap +0 -0
  251. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-4.snap +0 -0
  252. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-5.snap +0 -0
  253. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-6.snap +0 -0
  254. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-7.snap +0 -0
  255. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-8.snap +0 -0
  256. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-9.snap +0 -0
  257. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions.snap +0 -0
  258. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-2.snap +0 -0
  259. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-3.snap +0 -0
  260. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-4.snap +0 -0
  261. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-5.snap +0 -0
  262. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-6.snap +0 -0
  263. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses.snap +0 -0
  264. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-2.snap +0 -0
  265. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-3.snap +0 -0
  266. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env.snap +0 -0
  267. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_output.snap +0 -0
  268. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-2.snap +0 -0
  269. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-3.snap +0 -0
  270. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-4.snap +0 -0
  271. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands.snap +0 -0
  272. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation-2.snap +0 -0
  273. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation-3.snap +0 -0
  274. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation.snap +0 -0
  275. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__overprovisioned_secrets.snap +0 -0
  276. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion-2.snap +0 -0
  277. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion.snap +0 -0
  278. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_version_mismatch.snap +0 -0
  279. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__secrets_inherit.snap +0 -0
  280. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-2.snap +0 -0
  281. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-3.snap +0 -0
  282. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-4.snap +0 -0
  283. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-5.snap +0 -0
  284. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-6.snap +0 -0
  285. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-7.snap +0 -0
  286. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-8.snap +0 -0
  287. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted.snap +0 -0
  288. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__stale_action_refs.snap +0 -0
  289. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-10.snap +0 -0
  290. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-11.snap +0 -0
  291. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-12.snap +0 -0
  292. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-13.snap +0 -0
  293. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-14.snap +0 -0
  294. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-15.snap +0 -0
  295. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-2.snap +0 -0
  296. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-3.snap +0 -0
  297. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-4.snap +0 -0
  298. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-5.snap +0 -0
  299. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-6.snap +0 -0
  300. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-7.snap +0 -0
  301. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-8.snap +0 -0
  302. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-9.snap +0 -0
  303. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection.snap +0 -0
  304. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-2.snap +0 -0
  305. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-3.snap +0 -0
  306. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-4.snap +0 -0
  307. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-5.snap +0 -0
  308. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-6.snap +0 -0
  309. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-7.snap +0 -0
  310. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions.snap +0 -0
  311. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config-2.snap +0 -0
  312. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config.snap +0 -0
  313. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-default-config.snap +0 -0
  314. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-empty-config.snap +0 -0
  315. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-hash-pin-everything-config.snap +0 -0
  316. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-ref-pin-everything-config.snap +0 -0
  317. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_images.snap +0 -0
  318. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-10.snap +0 -0
  319. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-11.snap +0 -0
  320. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-12.snap +0 -0
  321. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-2.snap +0 -0
  322. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-3.snap +0 -0
  323. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-4.snap +0 -0
  324. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-5.snap +0 -0
  325. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-6.snap +0 -0
  326. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-7.snap +0 -0
  327. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-8.snap +0 -0
  328. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-9.snap +0 -0
  329. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses.snap +0 -0
  330. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unredacted_secrets.snap +0 -0
  331. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unsound_condition.snap +0 -0
  332. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unsound_contains.snap +0 -0
  333. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-2.snap +0 -0
  334. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-3.snap +0 -0
  335. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-4.snap +0 -0
  336. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-5.snap +0 -0
  337. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing.snap +0 -0
  338. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/anchors/basic.yml +0 -0
  339. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/anonymous-definition.yml +0 -0
  340. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/artipacked/demo-action/action.yml +0 -0
  341. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/artipacked/issue-447-repro.yml +0 -0
  342. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/artipacked.yml +0 -0
  343. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/bot-conditions.yml +0 -0
  344. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-disabled-by-default.yml +0 -0
  345. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-enabled-by-default.yml +0 -0
  346. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-not-configurable.yml +0 -0
  347. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolean-toggle.yml +0 -0
  348. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolish-toggle.yml +0 -0
  349. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-expression.yml +0 -0
  350. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-multi-value-toggle.yml +0 -0
  351. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-out.yml +0 -0
  352. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-1081-repro.yml +0 -0
  353. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-1152-repro.yml +0 -0
  354. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-343-repro.yml +0 -0
  355. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-378-repro.yml +0 -0
  356. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-642-repro.yml +0 -0
  357. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/no-cache-aware-steps.yml +0 -0
  358. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/publisher-step.yml +0 -0
  359. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-release-branch-trigger.yml +0 -0
  360. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-tag-trigger.yml +0 -0
  361. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning.yml +0 -0
  362. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/concurrency-limits/cancel-expr.yml +0 -0
  363. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/concurrency-limits/cancel-false.yml +0 -0
  364. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/concurrency-limits/cancel-true.yml +0 -0
  365. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/concurrency-limits/missing.yml +0 -0
  366. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/concurrency-limits/no-cancel.yml +0 -0
  367. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-dotgithub/.github/workflows/hackme.yml +0 -0
  368. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-dotgithub/.github/zizmor.yml +0 -0
  369. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-root/.github/workflows/hackme.yml +0 -0
  370. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-root/zizmor.yml +0 -0
  371. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/disablement/.github/workflows/hackme.yml +0 -0
  372. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/disablement/zizmor.yml +0 -0
  373. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/zizmor.invalid-schema-1.yml +0 -0
  374. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/zizmor.invalid-schema-2.yml +0 -0
  375. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/zizmor.invalid-schema-3.yml +0 -0
  376. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/dependabot-cooldown/default-days-too-short/dependabot.yml +0 -0
  377. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/dependabot-cooldown/missing/dependabot.yml +0 -0
  378. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/dependabot-cooldown/no-default-days/dependabot.yml +0 -0
  379. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/dependabot-execution/basic/dependabot.yml +0 -0
  380. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/dummy-action-2/action.yml +0 -0
  381. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/another-dummy.yml +0 -0
  382. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/dummy.yml +0 -0
  383. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/ignored.yaml +0 -0
  384. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.gitignore +0 -0
  385. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/README.md +0 -0
  386. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/dummy-action-1/action.yaml +0 -0
  387. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-336-repro.yml +0 -0
  388. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-472-repro.yml +0 -0
  389. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/jobs-broaden-permissions.yml +0 -0
  390. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-call.yml +0 -0
  391. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-other-triggers.yml +0 -0
  392. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms-all-jobs-explicit.yml +0 -0
  393. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms.yml +0 -0
  394. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-empty-perms.yml +0 -0
  395. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-read-all.yml +0 -0
  396. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-all.yml +0 -0
  397. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-explicit.yml +0 -0
  398. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions.yml +0 -0
  399. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-all.yml +0 -0
  400. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some-refs.yml +0 -0
  401. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some.yml +0 -0
  402. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-all.yml +0 -0
  403. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some-refs.yml +0 -0
  404. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some.yml +0 -0
  405. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/forbidden-uses-menagerie.yml +0 -0
  406. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/github-env/action.yml +0 -0
  407. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/github-env/github-path.yml +0 -0
  408. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/github-env/issue-397-repro.yml +0 -0
  409. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/github_env.yml +0 -0
  410. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/hardcoded-credentials.yml +0 -0
  411. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/inlined-ignores.yml +0 -0
  412. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/insecure-commands/action.yml +0 -0
  413. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/insecure-commands/issue-839-repro.yml +0 -0
  414. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/insecure-commands.yml +0 -0
  415. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-1.yml +0 -0
  416. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-2.yml +0 -0
  417. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/blank.yml +0 -0
  418. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/comment-only.yml +0 -0
  419. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/empty-action/action.yml +0 -0
  420. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/empty.yml +0 -0
  421. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-action-1/action.yml +0 -0
  422. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-action-2/action.yml +0 -0
  423. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow-2.yml +0 -0
  424. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow.yml +0 -0
  425. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/issue-1065.yml +0 -0
  426. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/issue-612-repro/action.yml +0 -0
  427. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/neutral.yml +0 -0
  428. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/obfuscation/computed-indices.yml +0 -0
  429. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/obfuscation/issue-1177-repro.yml +0 -0
  430. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/obfuscation.yml +0 -0
  431. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/overprovisioned-secrets.yml +0 -0
  432. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/pr-960-backstop/action.yml +0 -0
  433. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/ref-confusion/issue-518-repro.yml +0 -0
  434. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/ref-confusion.yml +0 -0
  435. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/ref-version-mismatch/nested-annotated-tags.yml +0 -0
  436. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/ref-version-mismatch.yml +0 -0
  437. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/secrets-inherit.yml +0 -0
  438. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted/issue-283-repro.yml +0 -0
  439. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-dimension.yml +0 -0
  440. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-exclusion.yml +0 -0
  441. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-inclusion.yml +0 -0
  442. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-group.yml +0 -0
  443. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-label.yml +0 -0
  444. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted.yml +0 -0
  445. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/several-vulnerabilities.yml +0 -0
  446. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/stale-action-refs.yml +0 -0
  447. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/addnab-docker-run-action.yml +0 -0
  448. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/codeql-sinks.yml +0 -0
  449. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/dataflow.yml +0 -0
  450. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/false-positive-menagerie.yml +0 -0
  451. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/input-caps.yml +0 -0
  452. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-22-repro.yml +0 -0
  453. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-339-repro.yml +0 -0
  454. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-418-repro.yml +0 -0
  455. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-749-repro.yml +0 -0
  456. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-883-repro/action.yml +0 -0
  457. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-988-repro.yml +0 -0
  458. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/multiline-expression.yml +0 -0
  459. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/patterns.yml +0 -0
  460. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/pr-317-repro.yml +0 -0
  461. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/pr-425-backstop/action.yml +0 -0
  462. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/pwsh-script.yml +0 -0
  463. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/static-env.yml +0 -0
  464. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/template-injection-dynamic-matrix.yml +0 -0
  465. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/template-injection-static-matrix.yml +0 -0
  466. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection.yml +0 -0
  467. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/contents-read-only.yml +0 -0
  468. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/contents-read-with-other.yml +0 -0
  469. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/documented.yml +0 -0
  470. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/empty-permissions.yml +0 -0
  471. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/partially-documented.yml +0 -0
  472. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions.yml +0 -0
  473. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-images.yml +0 -0
  474. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/action.yml +0 -0
  475. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite-2.yml +0 -0
  476. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite.yml +0 -0
  477. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/empty.yml +0 -0
  478. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/hash-pin-everything.yml +0 -0
  479. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-1.yml +0 -0
  480. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-2.yml +0 -0
  481. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-3.yml +0 -0
  482. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-4.yml +0 -0
  483. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-5.yml +0 -0
  484. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-6.yml +0 -0
  485. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-wrong-policy-object.yml +0 -0
  486. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/ref-pin-everything.yml +0 -0
  487. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-433-repro.yml +0 -0
  488. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-659-repro.yml +0 -0
  489. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/menagerie-of-uses.yml +0 -0
  490. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses.yml +0 -0
  491. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unredacted-secrets.yml +0 -0
  492. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unsound-condition.yml +0 -0
  493. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unsound-contains.yml +0 -0
  494. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/cargo-publish.yml +0 -0
  495. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/demo-action/action.yml +0 -0
  496. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/issue-1191-repro.yml +0 -0
  497. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/npm-publish.yml +0 -0
  498. {zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing.yml +0 -0
{zizmor-1.16.0 → zizmor-1.16.2}/Cargo.lock RENAMED
@@ -890,7 +890,7 @@ checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7"
890
890
 
891
891
  [[package]]
892
892
  name = "github-actions-expressions"
893
- version = "0.0.10"
893
+ version = "0.0.11"
894
894
  dependencies = [
895
895
  "anyhow",
896
896
  "itertools",
@@ -2600,7 +2600,7 @@ dependencies = [
2600
2600
 
2601
2601
  [[package]]
2602
2602
  name = "subfeature"
2603
- version = "0.0.3"
2603
+ version = "0.0.4"
2604
2604
  dependencies = [
2605
2605
  "memchr",
2606
2606
  "regex",
@@ -3739,7 +3739,7 @@ checksum = "fdd20c5420375476fbd4394763288da7eb0cc0b8c11deed431a91562af7335d3"
3739
3739
 
3740
3740
  [[package]]
3741
3741
  name = "yamlpatch"
3742
- version = "0.3.1"
3742
+ version = "0.5.0"
3743
3743
  dependencies = [
3744
3744
  "indexmap",
3745
3745
  "insta",
@@ -3755,7 +3755,7 @@ dependencies = [
3755
3755
 
3756
3756
  [[package]]
3757
3757
  name = "yamlpath"
3758
- version = "0.27.0"
3758
+ version = "0.28.0"
3759
3759
  dependencies = [
3760
3760
  "line-index",
3761
3761
  "self_cell",
@@ -3879,7 +3879,7 @@ dependencies = [
3879
3879
 
3880
3880
  [[package]]
3881
3881
  name = "zizmor"
3882
- version = "1.16.0"
3882
+ version = "1.16.2"
3883
3883
  dependencies = [
3884
3884
  "annotate-snippets",
3885
3885
  "anstream",
{zizmor-1.16.0 → zizmor-1.16.2}/Cargo.toml RENAMED
@@ -12,7 +12,7 @@ rust-version = "1.88.0"
12
12
 
13
13
  [workspace.dependencies]
14
14
  anyhow = "1.0.100"
15
- github-actions-expressions = { path = "crates/github-actions-expressions", version = "0.0.10" }
15
+ github-actions-expressions = { path = "crates/github-actions-expressions", version = "0.0.11" }
16
16
  github-actions-models = { path = "crates/github-actions-models", version = "0.38.0" }
17
17
  itertools = "0.14.0"
18
18
  pest = "2.8.3"
@@ -51,7 +51,7 @@ serde-sarif = "0.8.0"
51
51
  serde_json = "1.0.145"
52
52
  serde_json_path = "0.7.2"
53
53
  serde_yaml = "0.9.34"
54
- subfeature = { path = "crates/subfeature", version = "0.0.3" }
54
+ subfeature = { path = "crates/subfeature", version = "0.0.4" }
55
55
  tar = "0.4.44"
56
56
  terminal-link = "0.1.0"
57
57
  thiserror = "2.0.17"
@@ -64,8 +64,8 @@ tree-sitter = "0.25.10"
64
64
  tree-sitter-bash = "0.25.0"
65
65
  tree-sitter-iter = { path = "crates/tree-sitter-iter", version = "0.0.2" }
66
66
  tree-sitter-powershell = "0.25.9"
67
- yamlpath = { path = "crates/yamlpath", version = "0.27.0" }
68
- yamlpatch = { path = "crates/yamlpatch", version = "0.3.1" }
67
+ yamlpath = { path = "crates/yamlpath", version = "0.28.0" }
68
+ yamlpatch = { path = "crates/yamlpatch", version = "0.5.0" }
69
69
  tree-sitter-yaml = "0.7.2"
70
70
  tikv-jemallocator = "0.6"
71
71
 
@@ -77,6 +77,7 @@ use_debug = "warn"
77
77
  needless_lifetimes = "warn"
78
78
  print_stderr = "warn"
79
79
  print_stdout = "warn"
80
+ unwrap_used = "warn"
80
81
 
81
82
  [profile.dev.package]
82
83
  insta.opt-level = 3
{zizmor-1.16.0 → zizmor-1.16.2}/PKG-INFO RENAMED
@@ -1,10 +1,15 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: zizmor
3
- Version: 1.16.0
3
+ Version: 1.16.2
4
4
  License-File: LICENSE
5
+ Summary: Static analysis for GitHub Actions
5
6
  Home-Page: https://docs.zizmor.sh
7
+ Author: William Woodruff <william@yossarian.net>
8
+ Author-email: William Woodruff <william@yossarian.net>
9
+ License: MIT
6
10
  Requires-Python: >=3.9
7
11
  Description-Content-Type: text/markdown; charset=UTF-8; variant=GFM
12
+ Project-URL: Source Code, https://github.com/zizmorcore/zizmor
8
13
 
9
14
  # 🌈 zizmor
10
15
 
@@ -95,11 +100,6 @@ Shipfox
95
100
  <tbody>
96
101
  <tr>
97
102
  <td align="center" valign="top">
98
- <a href="http://tenki.cloud/">
99
- Tenki Cloud
100
- </a>
101
- </td>
102
- <td align="center" valign="top">
103
103
  <a href="https://github.com/ariccio">
104
104
  Alexander Riccio
105
105
  </a>
{zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-expressions/Cargo.toml RENAMED
@@ -2,7 +2,7 @@
2
2
  name = "github-actions-expressions"
3
3
  description = "GitHub Actions expression parser and data types"
4
4
  repository = "https://github.com/zizmorcore/zizmor/tree/main/crates/github-actions-expressions"
5
- version = "0.0.10"
5
+ version = "0.0.11"
6
6
  readme = "README.md"
7
7
 
8
8
  homepage.workspace = true
{zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-expressions/src/call.rs RENAMED
@@ -67,6 +67,7 @@ impl<'src> Call<'src> {
67
67
  let rbrace = template[index..].find('}').map(|pos| index + pos);
68
68
 
69
69
  // Left brace
70
+ #[allow(clippy::unwrap_used)]
70
71
  if let Some(lbrace_pos) = lbrace
71
72
  && (rbrace.is_none() || rbrace.unwrap() > lbrace_pos)
72
73
  {
@@ -105,6 +106,7 @@ impl<'src> Call<'src> {
105
106
 
106
107
  // Right brace
107
108
  if let Some(rbrace_pos) = rbrace {
109
+ #[allow(clippy::unwrap_used)]
108
110
  if lbrace.is_none() || lbrace.unwrap() > rbrace_pos {
109
111
  // Escaped right brace
110
112
  if template.as_bytes().get(rbrace_pos + 1) == Some(&b'}') {
{zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-expressions/src/lib.rs RENAMED
@@ -321,6 +321,7 @@ impl<'src> Expr<'src> {
321
321
  }
322
322
 
323
323
  /// Parses the given string into an expression.
324
+ #[allow(clippy::unwrap_used)]
324
325
  pub fn parse(expr: &'src str) -> Result<SpannedExpr<'src>> {
325
326
  // Top level `expression` is a single `or_expr`.
326
327
  let or_expr = ExprParser::parse(Rule::expression, expr)?
{zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/src/dependabot/v2.rs RENAMED
@@ -442,11 +442,10 @@ impl<'de> Deserialize<'de> for Schedule {
442
442
  ));
443
443
  }
444
444
 
445
- if schedule.interval != Interval::Weekly && schedule.day.is_some() {
446
- return Err(custom_error::<D>(
447
- "`schedule.day` is only valid when `schedule.interval` is `weekly`",
448
- ));
449
- }
445
+ // NOTE(ww): `day` only makes sense with `interval: weekly`, but
446
+ // Dependabot appears to silently ignore it otherwise. Consequently,
447
+ // we don't check that for now.
448
+ // See https://github.com/zizmorcore/zizmor/issues/1305.
450
449
 
451
450
  Ok(schedule)
452
451
  }
zizmor-1.16.2/crates/github-actions-models/tests/sample-dependabot/v2/issue-1305.yml ADDED
@@ -0,0 +1,13 @@
1
+ # https://github.com/zizmorcore/zizmor/issues/1305
2
+
3
+ version: 2
4
+ updates:
5
+ - package-ecosystem: github-actions
6
+ directory: /
7
+ schedule:
8
+ interval: monthly
9
+ day: sunday
10
+ commit-message:
11
+ prefix: ci
12
+ labels:
13
+ - dependencies
{zizmor-1.16.0 → zizmor-1.16.2}/crates/github-actions-models/tests/test_dependabot_v2.rs RENAMED
@@ -115,15 +115,6 @@ fn test_schedule_cronjob_rejected_for_non_cron() {
115
115
  );
116
116
  }
117
117
 
118
- #[test]
119
- fn test_schedule_day_only_for_weekly() {
120
- let err = load_dependabot_result("day-on-daily.invalid.yml").unwrap_err();
121
- assert!(
122
- err.to_string()
123
- .contains("`schedule.day` is only valid when `schedule.interval` is `weekly`")
124
- );
125
- }
126
-
127
118
  #[test]
128
119
  fn test_schedule_weekly_accepts_day() {
129
120
  let dependabot = load_dependabot("weekly-with-day.yml");
{zizmor-1.16.0 → zizmor-1.16.2}/crates/subfeature/Cargo.toml RENAMED
@@ -2,7 +2,7 @@
2
2
  name = "subfeature"
3
3
  description = "Subfeature handling and manipulation APIs"
4
4
  repository = "https://github.com/zizmorcore/zizmor/tree/main/crates/subfeature"
5
- version = "0.0.3"
5
+ version = "0.0.4"
6
6
  readme = "README.md"
7
7
 
8
8
  authors.workspace = true
{zizmor-1.16.0 → zizmor-1.16.2}/crates/subfeature/src/lib.rs RENAMED
@@ -68,11 +68,15 @@ impl<'a> Fragment<'a> {
68
68
  // string literals.
69
69
  let escaped = regex::escape(fragment);
70
70
 
71
+ #[allow(clippy::unwrap_used)]
71
72
  static WHITESPACE: LazyLock<regex::Regex> =
72
73
  LazyLock::new(|| regex::Regex::new(r"\s+").unwrap());
73
74
  let regex = WHITESPACE.replace_all(&escaped, "\\s+");
74
75
 
75
- Fragment::Regex(regex::bytes::Regex::new(&regex).unwrap())
76
+ Fragment::Regex(
77
+ regex::bytes::Regex::new(&regex)
78
+ .expect("internal error: failed to compile fragment regex"),
79
+ )
76
80
  }
77
81
  }
78
82
  }
{zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpatch/Cargo.toml RENAMED
@@ -1,6 +1,6 @@
1
1
  [package]
2
2
  name = "yamlpatch"
3
- version = "0.3.1"
3
+ version = "0.5.0"
4
4
  description = "Comment and format-preserving YAML patch operations"
5
5
  repository = "https://github.com/zizmorcore/zizmor/tree/main/crates/yamlpatch"
6
6
  keywords = ["yaml", "patch"]
{zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpatch/src/lib.rs RENAMED
@@ -582,7 +582,10 @@ pub fn serialize_flow(value: &serde_yaml::Value) -> Result<String, Error> {
582
582
  fn line_span(doc: &yamlpath::Document, pos: usize) -> core::ops::Range<usize> {
583
583
  let pos = TextSize::new(pos as u32);
584
584
  let LineCol { line, .. } = doc.line_index().line_col(pos);
585
- doc.line_index().line(line).unwrap().into()
585
+ doc.line_index()
586
+ .line(line)
587
+ .expect("impossible: line index gave us an invalid line")
588
+ .into()
586
589
  }
587
590
 
588
591
  /// Extract the number of leading spaces need to align a block item with
@@ -895,7 +898,7 @@ fn apply_value_replacement(
895
898
  .join("\n");
896
899
 
897
900
  // Find the position of | in the original content and include it
898
- let pipe_pos = value_part.find('|').unwrap();
901
+ let pipe_pos = value_part.find('|').expect("impossible");
899
902
  let key_with_pipe = &current_content_with_ws
900
903
  [..colon_pos + 1 + value_part[..pipe_pos].len() + 1];
901
904
  return Ok(format!(
{zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/Cargo.toml RENAMED
@@ -1,6 +1,6 @@
1
1
  [package]
2
2
  name = "yamlpath"
3
- version = "0.27.0"
3
+ version = "0.28.0"
4
4
  description = "Format-preserving YAML feature extraction"
5
5
  repository = "https://github.com/zizmorcore/zizmor/tree/main/crates/yamlpath"
6
6
  readme = "README.md"
{zizmor-1.16.0 → zizmor-1.16.2}/crates/yamlpath/src/lib.rs RENAMED
@@ -232,7 +232,10 @@ impl Feature<'_> {
232
232
  // `block_node` or `flow_node`, which is a container
233
233
  // for the real kind of node we're interested in.
234
234
  let node = match self._node.kind() {
235
- "block_node" | "flow_node" => self._node.child(0).unwrap(),
235
+ "block_node" | "flow_node" => self
236
+ ._node
237
+ .child(0)
238
+ .expect("internal error: expected child of block_node/flow_node"),
236
239
  _ => self._node,
237
240
  };
238
241
 
@@ -317,7 +320,9 @@ impl Tree {
317
320
  for anchor in TreeIter::new(tree).filter(|n| n.kind() == "anchor") {
318
321
  // NOTE(ww): We could poke into the `anchor_name` child
319
322
  // instead of slicing, but this is simpler.
320
- let anchor_name = &anchor.utf8_text(tree.source.as_bytes()).unwrap()[1..];
323
+ let anchor_name = &anchor
324
+ .utf8_text(tree.source.as_bytes())
325
+ .expect("impossible: anchor name should be UTF-8 by construction")[1..];
321
326
 
322
327
  // Only insert if the anchor name is unique.
323
328
  if anchor_map.contains_key(anchor_name) {
@@ -356,7 +361,8 @@ impl Clone for Tree {
356
361
  // it borrows from the tree.
357
362
  // TODO: Can we do better here?
358
363
  // Unwrap safety: we're cloning from an existing valid owner.
359
- Self::build(self.borrow_owner().clone()).unwrap()
364
+ Self::build(self.borrow_owner().clone())
365
+ .expect("impossible: cloning a Tree preserves invariants")
360
366
  }
361
367
  }
362
368
 
@@ -403,7 +409,9 @@ impl Document {
403
409
  parser.set_language(&language)?;
404
410
 
405
411
  // NOTE: Infallible, assuming `language` is correctly constructed above.
406
- let tree = parser.parse(&source, None).unwrap();
412
+ let tree = parser
413
+ .parse(&source, None)
414
+ .expect("impossible: tree-sitter parsing should never fail");
407
415
 
408
416
  if tree.root_node().has_error() {
409
417
  return Err(QueryError::InvalidInput);
@@ -691,7 +699,9 @@ impl Document {
691
699
  // TODO(ww): What about nested aliases?
692
700
  focus_node = match focus_node.child(0) {
693
701
  Some(child) if child.kind_id() == self.alias_id => {
694
- let alias_name = child.utf8_text(self.source().as_bytes()).unwrap();
702
+ let alias_name = child
703
+ .utf8_text(self.source().as_bytes())
704
+ .expect("impossible: alias name should be UTF-8 by construction");
695
705
  let anchor_map = self.tree.borrow_dependent();
696
706
  *anchor_map
697
707
  .get(&alias_name[1..])
@@ -713,7 +723,7 @@ impl Document {
713
723
  && focus_node.kind_id() != self.block_mapping_pair_id
714
724
  && focus_node.kind_id() != self.flow_pair_id
715
725
  {
716
- focus_node.parent().unwrap()
726
+ focus_node.parent().expect("missing parent of focus node")
717
727
  } else {
718
728
  focus_node
719
729
  }
@@ -733,11 +743,15 @@ impl Document {
733
743
  // We might be on the internal `block_scalar` node, if
734
744
  // we got here via an alias. We need to go up two levels
735
745
  // to get to the mapping pair.
736
- focus_node.parent().unwrap().parent().unwrap()
746
+ focus_node
747
+ .parent()
748
+ .expect("missing parent of focus node")
749
+ .parent()
750
+ .expect("missing grandparent of focus node")
737
751
  } else {
738
752
  // Otherwise, we expect to be on the `block_node`
739
753
  // or `flow_node`, so we go up one level.
740
- focus_node.parent().unwrap()
754
+ focus_node.parent().expect("missing parent of focus node")
741
755
  };
742
756
 
743
757
  if parent_node.kind_id() == self.flow_mapping_id {
@@ -773,7 +787,7 @@ impl Document {
773
787
  && matches!(route.route.last(), Some(Component::Key(_)))
774
788
  && focus_node.kind_id() != self.block_mapping_pair_id
775
789
  {
776
- focus_node = focus_node.parent().unwrap()
790
+ focus_node = focus_node.parent().expect("missing parent of focus node")
777
791
  }
778
792
 
779
793
  Ok(focus_node)
@@ -821,7 +835,9 @@ impl Document {
821
835
  // We might be on an alias node, in which case we need to
822
836
  // jump to the alias's target via the anchor map.
823
837
  if child.kind_id() == self.alias_id {
824
- let alias_name = node.utf8_text(self.source().as_bytes()).unwrap();
838
+ let alias_name = node
839
+ .utf8_text(self.source().as_bytes())
840
+ .expect("impossible: alias name should be UTF-8 by construction");
825
841
  let anchor_map = self.tree.borrow_dependent();
826
842
 
827
843
  child = *anchor_map
@@ -872,7 +888,9 @@ impl Document {
872
888
  // NOTE: text unwraps are infallible, since our document is UTF-8.
873
889
  let key_value = match key.named_child(0) {
874
890
  Some(scalar) => {
875
- let key_value = scalar.utf8_text(self.source().as_bytes()).unwrap();
891
+ let key_value = scalar
892
+ .utf8_text(self.source().as_bytes())
893
+ .expect("impossible: value for key should be UTF-8 by construction");
876
894
 
877
895
  match scalar.kind() {
878
896
  "single_quote_scalar" | "double_quote_scalar" => {
@@ -884,7 +902,9 @@ impl Document {
884
902
  _ => key_value,
885
903
  }
886
904
  }
887
- None => key.utf8_text(self.source().as_bytes()).unwrap(),
905
+ None => key
906
+ .utf8_text(self.source().as_bytes())
907
+ .expect("impossible: key should be UTF-8 by construction"),
888
908
  };
889
909
 
890
910
  if key_value == expected {
@@ -939,8 +959,10 @@ impl Document {
939
959
  // From here, we need to peek inside each and see if it's
940
960
  // an alias. If it is, we expand the alias; otherwise, we
941
961
  // just keep the child as-is.
942
- if child.named_child(0).unwrap().kind() == "alias" {
943
- let alias_name = &child.utf8_text(self.source().as_bytes()).unwrap()[1..];
962
+ if child.named_child(0).map(|c| c.kind()) == Some("alias") {
963
+ let alias_name = &child
964
+ .utf8_text(self.source().as_bytes())
965
+ .expect("impossible: alias name should be UTF-8 by construction")[1..];
944
966
  let anchor_map = self.tree.borrow_dependent();
945
967
  let aliased_node = anchor_map
946
968
  .get(alias_name)
{zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/Cargo.toml RENAMED
@@ -1,7 +1,7 @@
1
1
  [package]
2
2
  name = "zizmor"
3
3
  description = "Static analysis for GitHub Actions"
4
- version = "1.16.0"
4
+ version = "1.16.2"
5
5
  repository = "https://github.com/zizmorcore/zizmor"
6
6
  documentation = "https://docs.zizmor.sh"
7
7
  keywords = ["cli", "github-actions", "static-analysis", "security"]
{zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/README.md RENAMED
@@ -87,11 +87,6 @@ Shipfox
87
87
  <tbody>
88
88
  <tr>
89
89
  <td align="center" valign="top">
90
- <a href="http://tenki.cloud/">
91
- Tenki Cloud
92
- </a>
93
- </td>
94
- <td align="center" valign="top">
95
90
  <a href="https://github.com/ariccio">
96
91
  Alexander Riccio
97
92
  </a>
{zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/build.rs RENAMED
@@ -1,3 +1,5 @@
1
+ #![allow(clippy::unwrap_used)]
2
+
1
3
  use std::fs::{self, File};
2
4
  use std::path::Path;
3
5
  use std::{env, io};
{zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/artipacked.rs RENAMED
@@ -208,7 +208,7 @@ mod tests {
208
208
  /// 4. Executes the provided test closure with the findings
209
209
  macro_rules! test_workflow_audit {
210
210
  ($audit_type:ty, $filename:expr, $workflow_content:expr, $test_fn:expr) => {{
211
- let key = InputKey::local("fakegroup".into(), $filename, None::<&str>).unwrap();
211
+ let key = InputKey::local("fakegroup".into(), $filename, None::<&str>);
212
212
  let workflow = Workflow::from_string($workflow_content.to_string(), key).unwrap();
213
213
  let audit_state = AuditState::default();
214
214
  let audit = <$audit_type>::new(&audit_state).unwrap();
{zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/bot_conditions.rs RENAMED
@@ -24,6 +24,7 @@ pub(crate) struct BotConditions;
24
24
 
25
25
  audit_meta!(BotConditions, "bot-conditions", "spoofable bot actor check");
26
26
 
27
+ #[allow(clippy::unwrap_used)]
27
28
  static SPOOFABLE_ACTOR_NAME_CONTEXTS: LazyLock<Vec<ContextPattern>> = LazyLock::new(|| {
28
29
  vec![
29
30
  ContextPattern::try_new("github.actor").unwrap(),
@@ -32,6 +33,7 @@ static SPOOFABLE_ACTOR_NAME_CONTEXTS: LazyLock<Vec<ContextPattern>> = LazyLock::
32
33
  ]
33
34
  });
34
35
 
36
+ #[allow(clippy::unwrap_used)]
35
37
  static SPOOFABLE_ACTOR_ID_CONTEXTS: LazyLock<Vec<ContextPattern>> = LazyLock::new(|| {
36
38
  vec![
37
39
  ContextPattern::try_new("github.actor_id").unwrap(),
@@ -417,7 +419,7 @@ mod tests {
417
419
  /// Macro for testing workflow audits with common boilerplate
418
420
  macro_rules! test_workflow_audit {
419
421
  ($audit_type:ty, $filename:expr, $workflow_content:expr, $test_fn:expr) => {{
420
- let key = InputKey::local("fakegroup".into(), $filename, None::<&str>).unwrap();
422
+ let key = InputKey::local("fakegroup".into(), $filename, None::<&str>);
421
423
  let workflow = Workflow::from_string($workflow_content.to_string(), key).unwrap();
422
424
  let audit_state = AuditState::default();
423
425
  let audit = <$audit_type>::new(&audit_state).unwrap();
{zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/cache_poisoning.rs RENAMED
@@ -20,6 +20,7 @@ use super::AuditLoadError;
20
20
  /// The list of know cache-aware actions
21
21
  /// In the future we can easily retrieve this list from the static API,
22
22
  /// since it should be easily serializable
23
+ #[allow(clippy::unwrap_used)]
23
24
  static KNOWN_CACHE_AWARE_ACTIONS: LazyLock<Vec<ActionCoordinate>> = LazyLock::new(|| {
24
25
  vec![
25
26
  // https://github.com/actions/cache/blob/main/action.yml
@@ -203,6 +204,7 @@ static KNOWN_CACHE_AWARE_ACTIONS: LazyLock<Vec<ActionCoordinate>> = LazyLock::ne
203
204
 
204
205
  /// A list of well-know publisher actions
205
206
  /// In the future we can retrieve this list from the static API
207
+ #[allow(clippy::unwrap_used)]
206
208
  static KNOWN_PUBLISHER_ACTIONS: LazyLock<Vec<ActionCoordinate>> = LazyLock::new(|| {
207
209
  vec![
208
210
  // Public packages and/or binary distribution channels
@@ -495,7 +497,7 @@ mod tests {
495
497
  /// 4. Executes the provided test closure with the findings
496
498
  macro_rules! test_workflow_audit {
497
499
  ($audit_type:ty, $filename:expr, $workflow_content:expr, $test_fn:expr) => {{
498
- let key = InputKey::local("fakegroup".into(), $filename, None::<&str>).unwrap();
500
+ let key = InputKey::local("fakegroup".into(), $filename, None::<&str>);
499
501
  let workflow = Workflow::from_string($workflow_content.to_string(), key).unwrap();
500
502
  let audit_state = AuditState::default();
501
503
  let audit = <$audit_type>::new(&audit_state).unwrap();
{zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/concurrency_limits.rs RENAMED
@@ -6,7 +6,7 @@ use crate::{
6
6
  state::AuditState,
7
7
  };
8
8
  use anyhow::Result;
9
- use github_actions_models::{common::expr::BoE, workflow::Concurrency};
9
+ use github_actions_models::workflow::Concurrency;
10
10
 
11
11
  pub(crate) struct ConcurrencyLimits;
12
12
 
@@ -28,29 +28,6 @@ impl Audit for ConcurrencyLimits {
28
28
  ) -> Result<Vec<Finding<'doc>>> {
29
29
  let mut findings = vec![];
30
30
  match &workflow.concurrency {
31
- Some(Concurrency::Rich {
32
- group: _,
33
- cancel_in_progress,
34
- }) => {
35
- if let BoE::Literal(cancel) = &cancel_in_progress
36
- && !cancel
37
- {
38
- findings.push(
39
- Self::finding()
40
- .confidence(Confidence::High)
41
- .severity(Severity::Low)
42
- .persona(Persona::Pedantic)
43
- .add_location(
44
- workflow
45
- .location()
46
- .primary()
47
- .with_keys(["concurrency".into()])
48
- .annotated("cancel-in-progress set to false"),
49
- )
50
- .build(workflow)?,
51
- );
52
- };
53
- }
54
31
  Some(Concurrency::Bare(_)) => {
55
32
  findings.push(
56
33
  Self::finding()
@@ -82,6 +59,11 @@ impl Audit for ConcurrencyLimits {
82
59
  .build(workflow)?,
83
60
  );
84
61
  }
62
+ // NOTE: Per #1302, we don't nag the user if they've explicitly set
63
+ // `cancel-in-progress: false` or similar. This is like with the
64
+ // artipacked audit, where `persist-credentials: true` is seen as
65
+ // a positive signal of user intent.
66
+ _ => {}
85
67
  }
86
68
 
87
69
  Ok(findings)
{zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/dependabot_cooldown.rs RENAMED
@@ -164,7 +164,7 @@ mod tests {
164
164
  /// Macro for testing dependabot audits with common boilerplate
165
165
  macro_rules! test_dependabot_audit {
166
166
  ($audit_type:ty, $filename:expr, $dependabot_content:expr, $test_fn:expr) => {{
167
- let key = InputKey::local("fakegroup".into(), $filename, None::<&str>).unwrap();
167
+ let key = InputKey::local("fakegroup".into(), $filename, None::<&str>);
168
168
  let dependabot = Dependabot::from_string($dependabot_content.to_string(), key).unwrap();
169
169
  let audit_state = AuditState::default();
170
170
  let audit = <$audit_type>::new(&audit_state).unwrap();
{zizmor-1.16.0 → zizmor-1.16.2}/crates/zizmor/src/audit/dependabot_execution.rs RENAMED
@@ -84,7 +84,7 @@ mod tests {
84
84
  /// Macro for testing dependabot audits with common boilerplate
85
85
  macro_rules! test_dependabot_audit {
86
86
  ($audit_type:ty, $filename:expr, $dependabot_content:expr, $test_fn:expr) => {{
87
- let key = InputKey::local("fakegroup".into(), $filename, None::<&str>).unwrap();
87
+ let key = InputKey::local("fakegroup".into(), $filename, None::<&str>);
88
88
  let dependabot = Dependabot::from_string($dependabot_content.to_string(), key).unwrap();
89
89
  let audit_state = AuditState::default();
90
90
  let audit = <$audit_type>::new(&audit_state).unwrap();