fix(security): resolve minimatch ReDoS vulnerability (GHSA-7r86-cg39-… #180
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| jobs: | |
| test-typescript: | |
| name: TypeScript Tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| id: checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| - name: Setup Node.js | |
| id: setup-node | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version-file: .node-version | |
| cache: npm | |
| - name: Install Dependencies | |
| id: npm-ci | |
| run: npm ci | |
| - name: Check Format | |
| id: npm-format-check | |
| run: npm run format:check | |
| - name: Lint | |
| id: npm-lint | |
| run: npm run lint | |
| - name: Test | |
| id: npm-ci-test | |
| run: npm run ci-test | |
| test-action: | |
| name: GitHub Actions Test | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| id: checkout | |
| uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| - name: Test Local Action with all versions | |
| id: all-versions | |
| uses: ./ | |
| with: | |
| working-directory: ./__tests__/testdata | |
| - name: Verify composer-php-version | |
| env: | |
| COMPOSER_PHP_VERSION: ${{ steps.all-versions.outputs.composer-php-version }} | |
| run: | | |
| expected=">=8.2 <=8.5" | |
| if [ "$COMPOSER_PHP_VERSION" != "$expected" ]; then | |
| echo "❌ composer-php-version mismatch: Expected '$expected', got '$COMPOSER_PHP_VERSION'" | |
| exit 1 | |
| fi | |
| echo "✅ composer-php-version matches expected: $COMPOSER_PHP_VERSION" | |
| - name: Verify minimal version | |
| env: | |
| MINIMAL: ${{ steps.all-versions.outputs.minimal }} | |
| run: | | |
| expected="8.2" | |
| if [ "$MINIMAL" != "$expected" ]; then | |
| echo "❌ minimal version mismatch: Expected '$expected', got '$MINIMAL'" | |
| exit 1 | |
| fi | |
| echo "✅ minimal version matches expected: $MINIMAL" | |
| - name: Verify latest version | |
| env: | |
| LATEST: ${{ steps.all-versions.outputs.latest }} | |
| run: | | |
| expected="8.5" | |
| if [ "$LATEST" != "$expected" ]; then | |
| echo "❌ latest version mismatch: Expected '$expected', got '$LATEST'" | |
| exit 1 | |
| fi | |
| echo "✅ latest version matches expected: $LATEST" | |
| - name: Verify matrix | |
| env: | |
| MATRIX: ${{ steps.all-versions.outputs.matrix }} | |
| run: | | |
| expected='["8.2","8.3","8.4","8.5"]' | |
| if [ "$MATRIX" != "$expected" ]; then | |
| echo "❌ matrix mismatch: Expected '$expected', got '$MATRIX'" | |
| exit 1 | |
| fi | |
| echo "✅ matrix matches expected: $MATRIX" |