zizmor 1.16.1__tar.gz → 1.16.2__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Potentially problematic release.
This version of zizmor might be problematic. Click here for more details.
- {zizmor-1.16.1 → zizmor-1.16.2}/Cargo.lock +5 -5
- {zizmor-1.16.1 → zizmor-1.16.2}/Cargo.toml +5 -4
- {zizmor-1.16.1 → zizmor-1.16.2}/PKG-INFO +1 -6
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-expressions/Cargo.toml +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-expressions/src/call.rs +2 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-expressions/src/lib.rs +1 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/src/dependabot/v2.rs +4 -5
- zizmor-1.16.2/crates/github-actions-models/tests/sample-dependabot/v2/issue-1305.yml +13 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/test_dependabot_v2.rs +0 -9
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/subfeature/Cargo.toml +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/subfeature/src/lib.rs +5 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpatch/Cargo.toml +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpatch/src/lib.rs +5 -2
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/Cargo.toml +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/src/lib.rs +36 -14
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/Cargo.toml +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/README.md +0 -5
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/build.rs +2 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/artipacked.rs +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/bot_conditions.rs +3 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/cache_poisoning.rs +3 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/concurrency_limits.rs +6 -24
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/dependabot_cooldown.rs +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/dependabot_execution.rs +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/github_env.rs +34 -21
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/impostor_commit.rs +2 -2
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/insecure_commands.rs +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/known_vulnerable_actions.rs +9 -11
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/obfuscation.rs +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/ref_version_mismatch.rs +3 -4
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/template_injection.rs +2 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/unpinned_images.rs +6 -2
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/unsound_condition.rs +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/use_trusted_publishing.rs +20 -6
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/finding/location.rs +9 -8
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/finding.rs +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/github/lineref.rs +19 -18
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/github/pktline.rs +8 -3
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/github.rs +46 -48
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/lsp.rs +6 -6
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/main.rs +21 -2
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/models/coordinate.rs +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/models/uses.rs +11 -12
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/models/version.rs +7 -11
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/models/workflow.rs +1 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/output/sarif.rs +2 -1
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/registry/input.rs +32 -54
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/utils.rs +39 -13
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshot.rs +2 -13
- zizmor-1.16.1/crates/github-actions-models/tests/sample-dependabot/v2/day-on-daily.invalid.yml +0 -7
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-expressions/README.md +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-expressions/src/context.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-expressions/src/expr.pest +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-expressions/src/identifier.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-expressions/src/literal.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-expressions/src/op.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/Cargo.toml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/LICENSE +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/README.md +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/src/action.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/src/common/expr.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/src/common.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/src/dependabot/mod.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/src/lib.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/src/workflow/event.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/src/workflow/job.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/src/workflow/mod.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-actions/gh-action-pip-audit.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-actions/gh-action-pypi-publish.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-actions/gh-action-sigstore-python.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-actions/no-input-output-descriptions.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-actions/setup-python.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/homebrew-core.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/cooldown.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/cron-missing-cronjob.invalid.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/cronjob-on-daily.invalid.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/devcontainers.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/grafana.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/pip-audit.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/sigstore-python.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-dependabot/v2/weekly-with-day.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/adafruit-circuitpython-run-tests.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/false-condition.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/gh-action-sigstore-python-selftest.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/git-annex-built-windows.yaml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/guacsec-guac-ci.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/homebrew-core-automerge-triggers.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/homebrew-core-dispatch-rebottle.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/intel-llvm-sycl-linux-run-tests.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/issue-35.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/jazzband-tablib-docs-lint.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/letsencrypt-boulder-boulder-ci.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/mhils-workflows-python-deploy.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/openbao-openbao-test-go.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/pip-api-test.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/pip-audit-ci.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/pip-audit-scorecards.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/pwn-requests.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/pyca-cryptography-ci.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/pypi-attestations-release.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/reusable-workflow-unpinned.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/rnpgp-rnp-centos-and-fedora.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/runs-on-expr.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/runs-on-group-only.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/scalar-trigger-type.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/vil02-puzzle_generator-check_examples.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/zizmor-issue-646.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/sample-workflows/zizmor-issue-650.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/test_action.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/github-actions-models/tests/test_workflow.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/subfeature/.gitignore +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/subfeature/LICENSE +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/subfeature/README.md +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/tree-sitter-iter/Cargo.toml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/tree-sitter-iter/README.md +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/tree-sitter-iter/src/lib.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpatch/LICENSE +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpatch/README.md +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpatch/tests/unit_tests.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/LICENSE +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/README.md +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/tests/integration_test.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/anchors-basic.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/anchors-list.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/anchors-nested.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/basic.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/comments.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/directives.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/exact-features.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/flow.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/interceding-comment.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/key-only-features.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/yamlpath/tests/testcases/quoted-key.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/data/codeql-injection-sinks.json +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/data/context-capabilities.csv +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/anonymous_definition.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/dangerous_triggers.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/excessive_permissions.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/forbidden_uses.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/hardcoded_container_credentials.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/mod.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/overprovisioned_secrets.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/ref_confusion.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/secrets_inherit.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/self_hosted_runner.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/stale_action_refs.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/undocumented_permissions.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/unpinned_uses.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/unredacted_secrets.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/audit/unsound_contains.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/config.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/data/dependabot-2.0.json +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/data/github-action.json +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/data/github-workflow.json +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/models/action.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/models/dependabot.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/models/inputs.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/models.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/output/fix.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/output/github.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/output/json/mod.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/output/json/v1.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/output/mod.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/output/plain.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/registry.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/src/state.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/acceptance.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/common.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/config.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/e2e/anchors.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/e2e/collect.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/e2e/json_v1.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/e2e/snapshots/integration__e2e__json_v1__json_v1.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/e2e.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/main.rs +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__disablement.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_dotgithub.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_dotgithub_from_file_input.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_root.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_root_from_child_dir.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__discovers_config_in_root_from_file_input.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_dotgithub.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_dotgithub_from_file_input.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_root.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_root_from_child_dir.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__ignores_config_in_root_from_file_input.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__invalid_configs-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__invalid_configs-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__config__invalid_configs.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__gha_hazmat.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_config_file.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_input_not_strict-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_input_not_strict.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-10.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-4.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-5.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-6.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-7.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-8.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs-9.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__invalid_inputs.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1065.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1116_strict_collection_remote_input-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1116_strict_collection_remote_input.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_1207.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_569.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_612_repro.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__issue_726.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__menagerie.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__pr_960_backstop.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__warn_on_min_confidence_unknown.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__e2e__warn_on_min_severity_unknown.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__anonymous_definition.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-4.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked-5.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__artipacked.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__bot_conditions.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-10.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-11.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-12.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-13.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-14.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-15.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-16.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-17.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-4.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-5.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-6.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-7.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-8.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning-9.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cache_poisoning.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve_no_gh_token.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__cant_retrieve_offline.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-10.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-11.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-12.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-4.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-5.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-6.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-7.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-8.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions-9.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__excessive_permissions.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-4.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-5.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses-6.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__forbidden_uses.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_env.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__github_output.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands-4.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__insecure_commands.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__obfuscation.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__overprovisioned_secrets.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_confusion.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__ref_version_mismatch.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__secrets_inherit.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-4.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-5.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-6.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-7.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted-8.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__self_hosted.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__stale_action_refs.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-10.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-11.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-12.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-13.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-14.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-15.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-4.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-5.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-6.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-7.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-8.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection-9.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__template_injection.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-4.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-5.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-6.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions-7.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__undocumented_permissions.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-composite-config.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-default-config.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-empty-config.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-hash-pin-everything-config.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned-uses-ref-pin-everything-config.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_images.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-10.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-11.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-12.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-4.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-5.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-6.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-7.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-8.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses-9.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unpinned_uses.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unredacted_secrets.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unsound_condition.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__unsound_contains.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-2.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-3.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-4.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing-5.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/snapshots/integration__snapshot__use_trusted_publishing.snap +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/anchors/basic.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/anonymous-definition.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/artipacked/demo-action/action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/artipacked/issue-447-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/artipacked.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/bot-conditions.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-disabled-by-default.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-enabled-by-default.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-not-configurable.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolean-toggle.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-boolish-toggle.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-expression.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-in-multi-value-toggle.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/caching-opt-out.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-1081-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-1152-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-343-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-378-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/issue-642-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/no-cache-aware-steps.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/publisher-step.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-release-branch-trigger.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning/workflow-tag-trigger.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/cache-poisoning.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/concurrency-limits/cancel-expr.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/concurrency-limits/cancel-false.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/concurrency-limits/cancel-true.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/concurrency-limits/missing.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/concurrency-limits/no-cancel.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-dotgithub/.github/workflows/hackme.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-dotgithub/.github/zizmor.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-root/.github/workflows/hackme.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/config-in-root/zizmor.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/disablement/.github/workflows/hackme.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/disablement/zizmor.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/zizmor.invalid-schema-1.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/zizmor.invalid-schema-2.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/config-scenarios/zizmor.invalid-schema-3.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/dependabot-cooldown/default-days-too-short/dependabot.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/dependabot-cooldown/missing/dependabot.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/dependabot-cooldown/no-default-days/dependabot.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/dependabot-execution/basic/dependabot.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/dummy-action-2/action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/another-dummy.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/dummy.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.github/workflows/ignored.yaml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/.gitignore +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/README.md +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/e2e-menagerie/dummy-action-1/action.yaml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-336-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/issue-472-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/jobs-broaden-permissions.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-call.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/reusable-workflow-other-triggers.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms-all-jobs-explicit.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-default-perms.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-empty-perms.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-read-all.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-all.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions/workflow-write-explicit.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/excessive-permissions.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-all.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some-refs.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/allow-some.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-all.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some-refs.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/configs/deny-some.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/forbidden-uses/forbidden-uses-menagerie.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/github-env/action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/github-env/github-path.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/github-env/issue-397-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/github_env.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/hardcoded-credentials.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/inlined-ignores.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/insecure-commands/action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/insecure-commands/issue-839-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/insecure-commands.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-1.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/bad-yaml-2.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/blank.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/comment-only.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/empty-action/action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/empty.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-action-1/action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-action-2/action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow-2.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/invalid/invalid-workflow.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/issue-1065.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/issue-1286.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/issue-612-repro/action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/neutral.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/obfuscation/computed-indices.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/obfuscation/issue-1177-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/obfuscation.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/overprovisioned-secrets.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/pr-960-backstop/action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/ref-confusion/issue-518-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/ref-confusion.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/ref-version-mismatch/nested-annotated-tags.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/ref-version-mismatch.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/secrets-inherit.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted/issue-283-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-dimension.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-exclusion.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-matrix-inclusion.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-group.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted/self-hosted-runner-label.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/self-hosted.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/several-vulnerabilities.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/stale-action-refs.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/addnab-docker-run-action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/codeql-sinks.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/dataflow.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/false-positive-menagerie.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/input-caps.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-22-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-339-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-418-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-749-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-883-repro/action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/issue-988-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/multiline-expression.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/patterns.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/pr-317-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/pr-425-backstop/action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/pwsh-script.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/static-env.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/template-injection-dynamic-matrix.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection/template-injection-static-matrix.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/template-injection.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/contents-read-only.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/contents-read-with-other.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/documented.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/empty-permissions.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions/partially-documented.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/undocumented-permissions.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-images.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite-2.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/composite.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/empty.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/hash-pin-everything.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-1.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-2.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-3.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-4.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-5.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-policy-syntax-6.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/invalid-wrong-policy-object.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/configs/ref-pin-everything.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-433-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/issue-659-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses/menagerie-of-uses.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unpinned-uses.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unredacted-secrets.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unsound-condition.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/unsound-contains.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/cargo-publish.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/demo-action/action.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/issue-1191-repro.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing/npm-publish.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/crates/zizmor/tests/integration/test-data/use-trusted-publishing.yml +0 -0
- {zizmor-1.16.1 → zizmor-1.16.2}/pyproject.toml +0 -0
|
@@ -890,7 +890,7 @@ checksum = "e629b9b98ef3dd8afe6ca2bd0f89306cec16d43d907889945bc5d6687f2f13c7"
|
|
|
890
890
|
|
|
891
891
|
[[package]]
|
|
892
892
|
name = "github-actions-expressions"
|
|
893
|
-
version = "0.0.
|
|
893
|
+
version = "0.0.11"
|
|
894
894
|
dependencies = [
|
|
895
895
|
"anyhow",
|
|
896
896
|
"itertools",
|
|
@@ -2600,7 +2600,7 @@ dependencies = [
|
|
|
2600
2600
|
|
|
2601
2601
|
[[package]]
|
|
2602
2602
|
name = "subfeature"
|
|
2603
|
-
version = "0.0.
|
|
2603
|
+
version = "0.0.4"
|
|
2604
2604
|
dependencies = [
|
|
2605
2605
|
"memchr",
|
|
2606
2606
|
"regex",
|
|
@@ -3739,7 +3739,7 @@ checksum = "fdd20c5420375476fbd4394763288da7eb0cc0b8c11deed431a91562af7335d3"
|
|
|
3739
3739
|
|
|
3740
3740
|
[[package]]
|
|
3741
3741
|
name = "yamlpatch"
|
|
3742
|
-
version = "0.
|
|
3742
|
+
version = "0.5.0"
|
|
3743
3743
|
dependencies = [
|
|
3744
3744
|
"indexmap",
|
|
3745
3745
|
"insta",
|
|
@@ -3755,7 +3755,7 @@ dependencies = [
|
|
|
3755
3755
|
|
|
3756
3756
|
[[package]]
|
|
3757
3757
|
name = "yamlpath"
|
|
3758
|
-
version = "0.
|
|
3758
|
+
version = "0.28.0"
|
|
3759
3759
|
dependencies = [
|
|
3760
3760
|
"line-index",
|
|
3761
3761
|
"self_cell",
|
|
@@ -3879,7 +3879,7 @@ dependencies = [
|
|
|
3879
3879
|
|
|
3880
3880
|
[[package]]
|
|
3881
3881
|
name = "zizmor"
|
|
3882
|
-
version = "1.16.
|
|
3882
|
+
version = "1.16.2"
|
|
3883
3883
|
dependencies = [
|
|
3884
3884
|
"annotate-snippets",
|
|
3885
3885
|
"anstream",
|
|
@@ -12,7 +12,7 @@ rust-version = "1.88.0"
|
|
|
12
12
|
|
|
13
13
|
[workspace.dependencies]
|
|
14
14
|
anyhow = "1.0.100"
|
|
15
|
-
github-actions-expressions = { path = "crates/github-actions-expressions", version = "0.0.
|
|
15
|
+
github-actions-expressions = { path = "crates/github-actions-expressions", version = "0.0.11" }
|
|
16
16
|
github-actions-models = { path = "crates/github-actions-models", version = "0.38.0" }
|
|
17
17
|
itertools = "0.14.0"
|
|
18
18
|
pest = "2.8.3"
|
|
@@ -51,7 +51,7 @@ serde-sarif = "0.8.0"
|
|
|
51
51
|
serde_json = "1.0.145"
|
|
52
52
|
serde_json_path = "0.7.2"
|
|
53
53
|
serde_yaml = "0.9.34"
|
|
54
|
-
subfeature = { path = "crates/subfeature", version = "0.0.
|
|
54
|
+
subfeature = { path = "crates/subfeature", version = "0.0.4" }
|
|
55
55
|
tar = "0.4.44"
|
|
56
56
|
terminal-link = "0.1.0"
|
|
57
57
|
thiserror = "2.0.17"
|
|
@@ -64,8 +64,8 @@ tree-sitter = "0.25.10"
|
|
|
64
64
|
tree-sitter-bash = "0.25.0"
|
|
65
65
|
tree-sitter-iter = { path = "crates/tree-sitter-iter", version = "0.0.2" }
|
|
66
66
|
tree-sitter-powershell = "0.25.9"
|
|
67
|
-
yamlpath = { path = "crates/yamlpath", version = "0.
|
|
68
|
-
yamlpatch = { path = "crates/yamlpatch", version = "0.
|
|
67
|
+
yamlpath = { path = "crates/yamlpath", version = "0.28.0" }
|
|
68
|
+
yamlpatch = { path = "crates/yamlpatch", version = "0.5.0" }
|
|
69
69
|
tree-sitter-yaml = "0.7.2"
|
|
70
70
|
tikv-jemallocator = "0.6"
|
|
71
71
|
|
|
@@ -77,6 +77,7 @@ use_debug = "warn"
|
|
|
77
77
|
needless_lifetimes = "warn"
|
|
78
78
|
print_stderr = "warn"
|
|
79
79
|
print_stdout = "warn"
|
|
80
|
+
unwrap_used = "warn"
|
|
80
81
|
|
|
81
82
|
[profile.dev.package]
|
|
82
83
|
insta.opt-level = 3
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: zizmor
|
|
3
|
-
Version: 1.16.
|
|
3
|
+
Version: 1.16.2
|
|
4
4
|
License-File: LICENSE
|
|
5
5
|
Summary: Static analysis for GitHub Actions
|
|
6
6
|
Home-Page: https://docs.zizmor.sh
|
|
@@ -100,11 +100,6 @@ Shipfox
|
|
|
100
100
|
<tbody>
|
|
101
101
|
<tr>
|
|
102
102
|
<td align="center" valign="top">
|
|
103
|
-
<a href="http://tenki.cloud/">
|
|
104
|
-
Tenki Cloud
|
|
105
|
-
</a>
|
|
106
|
-
</td>
|
|
107
|
-
<td align="center" valign="top">
|
|
108
103
|
<a href="https://github.com/ariccio">
|
|
109
104
|
Alexander Riccio
|
|
110
105
|
</a>
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
name = "github-actions-expressions"
|
|
3
3
|
description = "GitHub Actions expression parser and data types"
|
|
4
4
|
repository = "https://github.com/zizmorcore/zizmor/tree/main/crates/github-actions-expressions"
|
|
5
|
-
version = "0.0.
|
|
5
|
+
version = "0.0.11"
|
|
6
6
|
readme = "README.md"
|
|
7
7
|
|
|
8
8
|
homepage.workspace = true
|
|
@@ -67,6 +67,7 @@ impl<'src> Call<'src> {
|
|
|
67
67
|
let rbrace = template[index..].find('}').map(|pos| index + pos);
|
|
68
68
|
|
|
69
69
|
// Left brace
|
|
70
|
+
#[allow(clippy::unwrap_used)]
|
|
70
71
|
if let Some(lbrace_pos) = lbrace
|
|
71
72
|
&& (rbrace.is_none() || rbrace.unwrap() > lbrace_pos)
|
|
72
73
|
{
|
|
@@ -105,6 +106,7 @@ impl<'src> Call<'src> {
|
|
|
105
106
|
|
|
106
107
|
// Right brace
|
|
107
108
|
if let Some(rbrace_pos) = rbrace {
|
|
109
|
+
#[allow(clippy::unwrap_used)]
|
|
108
110
|
if lbrace.is_none() || lbrace.unwrap() > rbrace_pos {
|
|
109
111
|
// Escaped right brace
|
|
110
112
|
if template.as_bytes().get(rbrace_pos + 1) == Some(&b'}') {
|
|
@@ -321,6 +321,7 @@ impl<'src> Expr<'src> {
|
|
|
321
321
|
}
|
|
322
322
|
|
|
323
323
|
/// Parses the given string into an expression.
|
|
324
|
+
#[allow(clippy::unwrap_used)]
|
|
324
325
|
pub fn parse(expr: &'src str) -> Result<SpannedExpr<'src>> {
|
|
325
326
|
// Top level `expression` is a single `or_expr`.
|
|
326
327
|
let or_expr = ExprParser::parse(Rule::expression, expr)?
|
|
@@ -442,11 +442,10 @@ impl<'de> Deserialize<'de> for Schedule {
|
|
|
442
442
|
));
|
|
443
443
|
}
|
|
444
444
|
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
}
|
|
445
|
+
// NOTE(ww): `day` only makes sense with `interval: weekly`, but
|
|
446
|
+
// Dependabot appears to silently ignore it otherwise. Consequently,
|
|
447
|
+
// we don't check that for now.
|
|
448
|
+
// See https://github.com/zizmorcore/zizmor/issues/1305.
|
|
450
449
|
|
|
451
450
|
Ok(schedule)
|
|
452
451
|
}
|
|
@@ -115,15 +115,6 @@ fn test_schedule_cronjob_rejected_for_non_cron() {
|
|
|
115
115
|
);
|
|
116
116
|
}
|
|
117
117
|
|
|
118
|
-
#[test]
|
|
119
|
-
fn test_schedule_day_only_for_weekly() {
|
|
120
|
-
let err = load_dependabot_result("day-on-daily.invalid.yml").unwrap_err();
|
|
121
|
-
assert!(
|
|
122
|
-
err.to_string()
|
|
123
|
-
.contains("`schedule.day` is only valid when `schedule.interval` is `weekly`")
|
|
124
|
-
);
|
|
125
|
-
}
|
|
126
|
-
|
|
127
118
|
#[test]
|
|
128
119
|
fn test_schedule_weekly_accepts_day() {
|
|
129
120
|
let dependabot = load_dependabot("weekly-with-day.yml");
|
|
@@ -68,11 +68,15 @@ impl<'a> Fragment<'a> {
|
|
|
68
68
|
// string literals.
|
|
69
69
|
let escaped = regex::escape(fragment);
|
|
70
70
|
|
|
71
|
+
#[allow(clippy::unwrap_used)]
|
|
71
72
|
static WHITESPACE: LazyLock<regex::Regex> =
|
|
72
73
|
LazyLock::new(|| regex::Regex::new(r"\s+").unwrap());
|
|
73
74
|
let regex = WHITESPACE.replace_all(&escaped, "\\s+");
|
|
74
75
|
|
|
75
|
-
Fragment::Regex(
|
|
76
|
+
Fragment::Regex(
|
|
77
|
+
regex::bytes::Regex::new(®ex)
|
|
78
|
+
.expect("internal error: failed to compile fragment regex"),
|
|
79
|
+
)
|
|
76
80
|
}
|
|
77
81
|
}
|
|
78
82
|
}
|
|
@@ -582,7 +582,10 @@ pub fn serialize_flow(value: &serde_yaml::Value) -> Result<String, Error> {
|
|
|
582
582
|
fn line_span(doc: &yamlpath::Document, pos: usize) -> core::ops::Range<usize> {
|
|
583
583
|
let pos = TextSize::new(pos as u32);
|
|
584
584
|
let LineCol { line, .. } = doc.line_index().line_col(pos);
|
|
585
|
-
doc.line_index()
|
|
585
|
+
doc.line_index()
|
|
586
|
+
.line(line)
|
|
587
|
+
.expect("impossible: line index gave us an invalid line")
|
|
588
|
+
.into()
|
|
586
589
|
}
|
|
587
590
|
|
|
588
591
|
/// Extract the number of leading spaces need to align a block item with
|
|
@@ -895,7 +898,7 @@ fn apply_value_replacement(
|
|
|
895
898
|
.join("\n");
|
|
896
899
|
|
|
897
900
|
// Find the position of | in the original content and include it
|
|
898
|
-
let pipe_pos = value_part.find('|').
|
|
901
|
+
let pipe_pos = value_part.find('|').expect("impossible");
|
|
899
902
|
let key_with_pipe = ¤t_content_with_ws
|
|
900
903
|
[..colon_pos + 1 + value_part[..pipe_pos].len() + 1];
|
|
901
904
|
return Ok(format!(
|
|
@@ -232,7 +232,10 @@ impl Feature<'_> {
|
|
|
232
232
|
// `block_node` or `flow_node`, which is a container
|
|
233
233
|
// for the real kind of node we're interested in.
|
|
234
234
|
let node = match self._node.kind() {
|
|
235
|
-
"block_node" | "flow_node" => self
|
|
235
|
+
"block_node" | "flow_node" => self
|
|
236
|
+
._node
|
|
237
|
+
.child(0)
|
|
238
|
+
.expect("internal error: expected child of block_node/flow_node"),
|
|
236
239
|
_ => self._node,
|
|
237
240
|
};
|
|
238
241
|
|
|
@@ -317,7 +320,9 @@ impl Tree {
|
|
|
317
320
|
for anchor in TreeIter::new(tree).filter(|n| n.kind() == "anchor") {
|
|
318
321
|
// NOTE(ww): We could poke into the `anchor_name` child
|
|
319
322
|
// instead of slicing, but this is simpler.
|
|
320
|
-
let anchor_name = &anchor
|
|
323
|
+
let anchor_name = &anchor
|
|
324
|
+
.utf8_text(tree.source.as_bytes())
|
|
325
|
+
.expect("impossible: anchor name should be UTF-8 by construction")[1..];
|
|
321
326
|
|
|
322
327
|
// Only insert if the anchor name is unique.
|
|
323
328
|
if anchor_map.contains_key(anchor_name) {
|
|
@@ -356,7 +361,8 @@ impl Clone for Tree {
|
|
|
356
361
|
// it borrows from the tree.
|
|
357
362
|
// TODO: Can we do better here?
|
|
358
363
|
// Unwrap safety: we're cloning from an existing valid owner.
|
|
359
|
-
Self::build(self.borrow_owner().clone())
|
|
364
|
+
Self::build(self.borrow_owner().clone())
|
|
365
|
+
.expect("impossible: cloning a Tree preserves invariants")
|
|
360
366
|
}
|
|
361
367
|
}
|
|
362
368
|
|
|
@@ -403,7 +409,9 @@ impl Document {
|
|
|
403
409
|
parser.set_language(&language)?;
|
|
404
410
|
|
|
405
411
|
// NOTE: Infallible, assuming `language` is correctly constructed above.
|
|
406
|
-
let tree = parser
|
|
412
|
+
let tree = parser
|
|
413
|
+
.parse(&source, None)
|
|
414
|
+
.expect("impossible: tree-sitter parsing should never fail");
|
|
407
415
|
|
|
408
416
|
if tree.root_node().has_error() {
|
|
409
417
|
return Err(QueryError::InvalidInput);
|
|
@@ -691,7 +699,9 @@ impl Document {
|
|
|
691
699
|
// TODO(ww): What about nested aliases?
|
|
692
700
|
focus_node = match focus_node.child(0) {
|
|
693
701
|
Some(child) if child.kind_id() == self.alias_id => {
|
|
694
|
-
let alias_name = child
|
|
702
|
+
let alias_name = child
|
|
703
|
+
.utf8_text(self.source().as_bytes())
|
|
704
|
+
.expect("impossible: alias name should be UTF-8 by construction");
|
|
695
705
|
let anchor_map = self.tree.borrow_dependent();
|
|
696
706
|
*anchor_map
|
|
697
707
|
.get(&alias_name[1..])
|
|
@@ -713,7 +723,7 @@ impl Document {
|
|
|
713
723
|
&& focus_node.kind_id() != self.block_mapping_pair_id
|
|
714
724
|
&& focus_node.kind_id() != self.flow_pair_id
|
|
715
725
|
{
|
|
716
|
-
focus_node.parent().
|
|
726
|
+
focus_node.parent().expect("missing parent of focus node")
|
|
717
727
|
} else {
|
|
718
728
|
focus_node
|
|
719
729
|
}
|
|
@@ -733,11 +743,15 @@ impl Document {
|
|
|
733
743
|
// We might be on the internal `block_scalar` node, if
|
|
734
744
|
// we got here via an alias. We need to go up two levels
|
|
735
745
|
// to get to the mapping pair.
|
|
736
|
-
focus_node
|
|
746
|
+
focus_node
|
|
747
|
+
.parent()
|
|
748
|
+
.expect("missing parent of focus node")
|
|
749
|
+
.parent()
|
|
750
|
+
.expect("missing grandparent of focus node")
|
|
737
751
|
} else {
|
|
738
752
|
// Otherwise, we expect to be on the `block_node`
|
|
739
753
|
// or `flow_node`, so we go up one level.
|
|
740
|
-
focus_node.parent().
|
|
754
|
+
focus_node.parent().expect("missing parent of focus node")
|
|
741
755
|
};
|
|
742
756
|
|
|
743
757
|
if parent_node.kind_id() == self.flow_mapping_id {
|
|
@@ -773,7 +787,7 @@ impl Document {
|
|
|
773
787
|
&& matches!(route.route.last(), Some(Component::Key(_)))
|
|
774
788
|
&& focus_node.kind_id() != self.block_mapping_pair_id
|
|
775
789
|
{
|
|
776
|
-
focus_node = focus_node.parent().
|
|
790
|
+
focus_node = focus_node.parent().expect("missing parent of focus node")
|
|
777
791
|
}
|
|
778
792
|
|
|
779
793
|
Ok(focus_node)
|
|
@@ -821,7 +835,9 @@ impl Document {
|
|
|
821
835
|
// We might be on an alias node, in which case we need to
|
|
822
836
|
// jump to the alias's target via the anchor map.
|
|
823
837
|
if child.kind_id() == self.alias_id {
|
|
824
|
-
let alias_name = node
|
|
838
|
+
let alias_name = node
|
|
839
|
+
.utf8_text(self.source().as_bytes())
|
|
840
|
+
.expect("impossible: alias name should be UTF-8 by construction");
|
|
825
841
|
let anchor_map = self.tree.borrow_dependent();
|
|
826
842
|
|
|
827
843
|
child = *anchor_map
|
|
@@ -872,7 +888,9 @@ impl Document {
|
|
|
872
888
|
// NOTE: text unwraps are infallible, since our document is UTF-8.
|
|
873
889
|
let key_value = match key.named_child(0) {
|
|
874
890
|
Some(scalar) => {
|
|
875
|
-
let key_value = scalar
|
|
891
|
+
let key_value = scalar
|
|
892
|
+
.utf8_text(self.source().as_bytes())
|
|
893
|
+
.expect("impossible: value for key should be UTF-8 by construction");
|
|
876
894
|
|
|
877
895
|
match scalar.kind() {
|
|
878
896
|
"single_quote_scalar" | "double_quote_scalar" => {
|
|
@@ -884,7 +902,9 @@ impl Document {
|
|
|
884
902
|
_ => key_value,
|
|
885
903
|
}
|
|
886
904
|
}
|
|
887
|
-
None => key
|
|
905
|
+
None => key
|
|
906
|
+
.utf8_text(self.source().as_bytes())
|
|
907
|
+
.expect("impossible: key should be UTF-8 by construction"),
|
|
888
908
|
};
|
|
889
909
|
|
|
890
910
|
if key_value == expected {
|
|
@@ -939,8 +959,10 @@ impl Document {
|
|
|
939
959
|
// From here, we need to peek inside each and see if it's
|
|
940
960
|
// an alias. If it is, we expand the alias; otherwise, we
|
|
941
961
|
// just keep the child as-is.
|
|
942
|
-
if child.named_child(0).
|
|
943
|
-
let alias_name = &child
|
|
962
|
+
if child.named_child(0).map(|c| c.kind()) == Some("alias") {
|
|
963
|
+
let alias_name = &child
|
|
964
|
+
.utf8_text(self.source().as_bytes())
|
|
965
|
+
.expect("impossible: alias name should be UTF-8 by construction")[1..];
|
|
944
966
|
let anchor_map = self.tree.borrow_dependent();
|
|
945
967
|
let aliased_node = anchor_map
|
|
946
968
|
.get(alias_name)
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
[package]
|
|
2
2
|
name = "zizmor"
|
|
3
3
|
description = "Static analysis for GitHub Actions"
|
|
4
|
-
version = "1.16.
|
|
4
|
+
version = "1.16.2"
|
|
5
5
|
repository = "https://github.com/zizmorcore/zizmor"
|
|
6
6
|
documentation = "https://docs.zizmor.sh"
|
|
7
7
|
keywords = ["cli", "github-actions", "static-analysis", "security"]
|
|
@@ -208,7 +208,7 @@ mod tests {
|
|
|
208
208
|
/// 4. Executes the provided test closure with the findings
|
|
209
209
|
macro_rules! test_workflow_audit {
|
|
210
210
|
($audit_type:ty, $filename:expr, $workflow_content:expr, $test_fn:expr) => {{
|
|
211
|
-
let key = InputKey::local("fakegroup".into(), $filename, None::<&str>)
|
|
211
|
+
let key = InputKey::local("fakegroup".into(), $filename, None::<&str>);
|
|
212
212
|
let workflow = Workflow::from_string($workflow_content.to_string(), key).unwrap();
|
|
213
213
|
let audit_state = AuditState::default();
|
|
214
214
|
let audit = <$audit_type>::new(&audit_state).unwrap();
|
|
@@ -24,6 +24,7 @@ pub(crate) struct BotConditions;
|
|
|
24
24
|
|
|
25
25
|
audit_meta!(BotConditions, "bot-conditions", "spoofable bot actor check");
|
|
26
26
|
|
|
27
|
+
#[allow(clippy::unwrap_used)]
|
|
27
28
|
static SPOOFABLE_ACTOR_NAME_CONTEXTS: LazyLock<Vec<ContextPattern>> = LazyLock::new(|| {
|
|
28
29
|
vec![
|
|
29
30
|
ContextPattern::try_new("github.actor").unwrap(),
|
|
@@ -32,6 +33,7 @@ static SPOOFABLE_ACTOR_NAME_CONTEXTS: LazyLock<Vec<ContextPattern>> = LazyLock::
|
|
|
32
33
|
]
|
|
33
34
|
});
|
|
34
35
|
|
|
36
|
+
#[allow(clippy::unwrap_used)]
|
|
35
37
|
static SPOOFABLE_ACTOR_ID_CONTEXTS: LazyLock<Vec<ContextPattern>> = LazyLock::new(|| {
|
|
36
38
|
vec![
|
|
37
39
|
ContextPattern::try_new("github.actor_id").unwrap(),
|
|
@@ -417,7 +419,7 @@ mod tests {
|
|
|
417
419
|
/// Macro for testing workflow audits with common boilerplate
|
|
418
420
|
macro_rules! test_workflow_audit {
|
|
419
421
|
($audit_type:ty, $filename:expr, $workflow_content:expr, $test_fn:expr) => {{
|
|
420
|
-
let key = InputKey::local("fakegroup".into(), $filename, None::<&str>)
|
|
422
|
+
let key = InputKey::local("fakegroup".into(), $filename, None::<&str>);
|
|
421
423
|
let workflow = Workflow::from_string($workflow_content.to_string(), key).unwrap();
|
|
422
424
|
let audit_state = AuditState::default();
|
|
423
425
|
let audit = <$audit_type>::new(&audit_state).unwrap();
|
|
@@ -20,6 +20,7 @@ use super::AuditLoadError;
|
|
|
20
20
|
/// The list of know cache-aware actions
|
|
21
21
|
/// In the future we can easily retrieve this list from the static API,
|
|
22
22
|
/// since it should be easily serializable
|
|
23
|
+
#[allow(clippy::unwrap_used)]
|
|
23
24
|
static KNOWN_CACHE_AWARE_ACTIONS: LazyLock<Vec<ActionCoordinate>> = LazyLock::new(|| {
|
|
24
25
|
vec![
|
|
25
26
|
// https://github.com/actions/cache/blob/main/action.yml
|
|
@@ -203,6 +204,7 @@ static KNOWN_CACHE_AWARE_ACTIONS: LazyLock<Vec<ActionCoordinate>> = LazyLock::ne
|
|
|
203
204
|
|
|
204
205
|
/// A list of well-know publisher actions
|
|
205
206
|
/// In the future we can retrieve this list from the static API
|
|
207
|
+
#[allow(clippy::unwrap_used)]
|
|
206
208
|
static KNOWN_PUBLISHER_ACTIONS: LazyLock<Vec<ActionCoordinate>> = LazyLock::new(|| {
|
|
207
209
|
vec![
|
|
208
210
|
// Public packages and/or binary distribution channels
|
|
@@ -495,7 +497,7 @@ mod tests {
|
|
|
495
497
|
/// 4. Executes the provided test closure with the findings
|
|
496
498
|
macro_rules! test_workflow_audit {
|
|
497
499
|
($audit_type:ty, $filename:expr, $workflow_content:expr, $test_fn:expr) => {{
|
|
498
|
-
let key = InputKey::local("fakegroup".into(), $filename, None::<&str>)
|
|
500
|
+
let key = InputKey::local("fakegroup".into(), $filename, None::<&str>);
|
|
499
501
|
let workflow = Workflow::from_string($workflow_content.to_string(), key).unwrap();
|
|
500
502
|
let audit_state = AuditState::default();
|
|
501
503
|
let audit = <$audit_type>::new(&audit_state).unwrap();
|
|
@@ -6,7 +6,7 @@ use crate::{
|
|
|
6
6
|
state::AuditState,
|
|
7
7
|
};
|
|
8
8
|
use anyhow::Result;
|
|
9
|
-
use github_actions_models::
|
|
9
|
+
use github_actions_models::workflow::Concurrency;
|
|
10
10
|
|
|
11
11
|
pub(crate) struct ConcurrencyLimits;
|
|
12
12
|
|
|
@@ -28,29 +28,6 @@ impl Audit for ConcurrencyLimits {
|
|
|
28
28
|
) -> Result<Vec<Finding<'doc>>> {
|
|
29
29
|
let mut findings = vec![];
|
|
30
30
|
match &workflow.concurrency {
|
|
31
|
-
Some(Concurrency::Rich {
|
|
32
|
-
group: _,
|
|
33
|
-
cancel_in_progress,
|
|
34
|
-
}) => {
|
|
35
|
-
if let BoE::Literal(cancel) = &cancel_in_progress
|
|
36
|
-
&& !cancel
|
|
37
|
-
{
|
|
38
|
-
findings.push(
|
|
39
|
-
Self::finding()
|
|
40
|
-
.confidence(Confidence::High)
|
|
41
|
-
.severity(Severity::Low)
|
|
42
|
-
.persona(Persona::Pedantic)
|
|
43
|
-
.add_location(
|
|
44
|
-
workflow
|
|
45
|
-
.location()
|
|
46
|
-
.primary()
|
|
47
|
-
.with_keys(["concurrency".into()])
|
|
48
|
-
.annotated("cancel-in-progress set to false"),
|
|
49
|
-
)
|
|
50
|
-
.build(workflow)?,
|
|
51
|
-
);
|
|
52
|
-
};
|
|
53
|
-
}
|
|
54
31
|
Some(Concurrency::Bare(_)) => {
|
|
55
32
|
findings.push(
|
|
56
33
|
Self::finding()
|
|
@@ -82,6 +59,11 @@ impl Audit for ConcurrencyLimits {
|
|
|
82
59
|
.build(workflow)?,
|
|
83
60
|
);
|
|
84
61
|
}
|
|
62
|
+
// NOTE: Per #1302, we don't nag the user if they've explicitly set
|
|
63
|
+
// `cancel-in-progress: false` or similar. This is like with the
|
|
64
|
+
// artipacked audit, where `persist-credentials: true` is seen as
|
|
65
|
+
// a positive signal of user intent.
|
|
66
|
+
_ => {}
|
|
85
67
|
}
|
|
86
68
|
|
|
87
69
|
Ok(findings)
|
|
@@ -164,7 +164,7 @@ mod tests {
|
|
|
164
164
|
/// Macro for testing dependabot audits with common boilerplate
|
|
165
165
|
macro_rules! test_dependabot_audit {
|
|
166
166
|
($audit_type:ty, $filename:expr, $dependabot_content:expr, $test_fn:expr) => {{
|
|
167
|
-
let key = InputKey::local("fakegroup".into(), $filename, None::<&str>)
|
|
167
|
+
let key = InputKey::local("fakegroup".into(), $filename, None::<&str>);
|
|
168
168
|
let dependabot = Dependabot::from_string($dependabot_content.to_string(), key).unwrap();
|
|
169
169
|
let audit_state = AuditState::default();
|
|
170
170
|
let audit = <$audit_type>::new(&audit_state).unwrap();
|
|
@@ -84,7 +84,7 @@ mod tests {
|
|
|
84
84
|
/// Macro for testing dependabot audits with common boilerplate
|
|
85
85
|
macro_rules! test_dependabot_audit {
|
|
86
86
|
($audit_type:ty, $filename:expr, $dependabot_content:expr, $test_fn:expr) => {{
|
|
87
|
-
let key = InputKey::local("fakegroup".into(), $filename, None::<&str>)
|
|
87
|
+
let key = InputKey::local("fakegroup".into(), $filename, None::<&str>);
|
|
88
88
|
let dependabot = Dependabot::from_string($dependabot_content.to_string(), key).unwrap();
|
|
89
89
|
let audit_state = AuditState::default();
|
|
90
90
|
let audit = <$audit_type>::new(&audit_state).unwrap();
|