Release (#2)

* initial changes

renovate json removed

yarn build goes thorugh

yarn build goes thorugh

yarn build goes thorugh

ran yarn package

temp changes

temp changes

base sha and sha updated

deleted test folder to make it work

deleted test folder to make it work

sha and base sha removed

sha and base sha removed

* file added to test/test3

* file added to test/test3

* test/test3 deleted

* test.yml updated

* file added to test/test3

* test/test3 deleted

* test/test3 deleted

* test/test3 deleted

* test/test3 deleted

* test/test3 deleted

* test/test3 deleted

* file name renamed

* test rename -> test-rename

* base sha and sha corrected for file renaminhg tests

* Renamed test/test rename 2.txt -> test/test rename-2.txt

* base sha and sha corrected for file renaminhg tests

* Added deleted file

* Removed test file

* sha added to test

* submodule added to be deleted for test cases

* submodule deleted

* commits updated for sub module deletion test case

* submodule added back to test/demo

* submodule deleted

* commits updated for sub module deletion test case

* test/demo/test/test.txt deleted

* test/demo/test/test.txt added

* sha added to include added file change

* funding.yml added again

* test added

* temp changes

* temp changes

* sha added to run for submodule

* Revert "temp changes"

This reverts commit d1b35b0.

Revert "temp changes"

This reverts commit 0ac81c0.

code beautified

security.md reverted back

* comments addressed and removed steps  dependent on tj-actions in test

* commit ids corrected

* commit ids corrected

* commit ids corrected

* commit ids corrected

* commit ids corrected

* test case corrected

* test case corrected

* commit ids corrected

* correcting commit id

* test cases corrected

* readme updated

* author name corrected

---------

Co-authored-by: Abhinav Kumar <[email protected]>

Author: Raj-StepSecurity

.codacy.yml

@@ -0,0 +1,4 @@
+---
+exclude_paths:
+  - "*.md"
+  - "dist/**"

.eslintignore

@@ -0,0 +1,5 @@
+dist/
+lib/
+node_modules/
+jest.config.js
+coverage/

.eslintrc.json

@@ -0,0 +1,85 @@
+{
+  "plugins": [
+    "jest",
+    "@typescript-eslint",
+    "github"
+  ],
+  "extends": [
+    "plugin:github/recommended",
+    "plugin:prettier/recommended"
+  ],
+  "parser": "@typescript-eslint/parser",
+  "parserOptions": {
+    "ecmaVersion": 9,
+    "sourceType": "module",
+    "project": "./tsconfig.json"
+  },
+  "rules": {
+    "i18n-text/no-en": "off",
+    "eslint-comments/no-use": "off",
+    "import/no-namespace": "off",
+    "no-unused-vars": "off",
+    "@typescript-eslint/no-unused-vars": "error",
+    "@typescript-eslint/explicit-member-accessibility": [
+      "error",
+      {
+        "accessibility": "no-public"
+      }
+    ],
+    "@typescript-eslint/no-require-imports": "error",
+    "@typescript-eslint/array-type": "error",
+    "@typescript-eslint/await-thenable": "error",
+    "@typescript-eslint/ban-ts-comment": "off",
+    "camelcase": "off",
+    "@typescript-eslint/consistent-type-assertions": "error",
+    "@typescript-eslint/explicit-function-return-type": [
+      "error",
+      {
+        "allowExpressions": true
+      }
+    ],
+    "@typescript-eslint/func-call-spacing": [
+      "error",
+      "never"
+    ],
+    "@typescript-eslint/no-array-constructor": "error",
+    "@typescript-eslint/no-empty-interface": "error",
+    "@typescript-eslint/no-explicit-any": "error",
+    "@typescript-eslint/no-extraneous-class": "error",
+    "@typescript-eslint/no-for-in-array": "error",
+    "@typescript-eslint/no-inferrable-types": "error",
+    "@typescript-eslint/no-misused-new": "error",
+    "@typescript-eslint/no-namespace": "error",
+    "@typescript-eslint/no-non-null-assertion": "warn",
+    "@typescript-eslint/no-unnecessary-qualifier": "error",
+    "@typescript-eslint/no-unnecessary-type-assertion": "error",
+    "@typescript-eslint/no-useless-constructor": "error",
+    "@typescript-eslint/no-var-requires": "error",
+    "@typescript-eslint/prefer-for-of": "warn",
+    "@typescript-eslint/prefer-function-type": "warn",
+    "@typescript-eslint/prefer-includes": "error",
+    "@typescript-eslint/prefer-string-starts-ends-with": "error",
+    "@typescript-eslint/promise-function-async": "error",
+    "@typescript-eslint/require-array-sort-compare": "error",
+    "@typescript-eslint/restrict-plus-operands": "error",
+    "no-shadow": "off",
+    "@typescript-eslint/no-shadow": "error",
+    "semi": "off",
+    "filenames/match-regex": [
+      "error",
+      "^[a-zA-Z0-9\\-.]+$",
+      true
+    ],
+    "@typescript-eslint/semi": [
+      "error",
+      "never"
+    ],
+    "@typescript-eslint/type-annotation-spacing": "error",
+    "@typescript-eslint/unbound-method": "error"
+  },
+  "env": {
+    "node": true,
+    "es6": true,
+    "jest/globals": true
+  }
+}

.gitattributes

@@ -0,0 +1 @@
+dist/** -diff linguist-generated=true 

.github/dependabot.yml

@@ -0,0 +1,24 @@
+version: 2
+updates:
+- package-ecosystem: npm
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  versioning-strategy: widen
+  labels:
+    - "merge when passing"
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  labels:
+    - "merge when passing"
+- package-ecosystem: gitsubmodule
+  directory: /
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 10
+  labels:
+    - "merge when passing"

.github/workflows/actions_release.yml

@@ -0,0 +1,21 @@
+name: Release GitHub Actions
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Tag for the release"
+        required: true
+
+permissions:
+  contents: read
+
+jobs:
+  release:
+    permissions:
+      actions: read
+      id-token: write
+      contents: write
+    uses: step-security/reusable-workflows/.github/workflows/actions_release.yaml@v1
+    with:
+      tag: "${{ github.event.inputs.tag }}"

.github/workflows/codacy-analysis.yml

@@ -0,0 +1,56 @@
+# This workflow checks out code, performs a Codacy security scan
+# and integrates the results with the
+# GitHub Advanced Security code scanning feature.  For more information on
+# the Codacy security scan action usage and parameters, see
+# https://github.com/codacy/codacy-analysis-cli-action.
+# For more information on Codacy Analysis CLI in general, see
+# https://github.com/codacy/codacy-analysis-cli.
+
+name: Codacy Security Scan
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '15 16 * * 2'
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  codacy-security-scan:
+    name: Codacy Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      # Checkout the repository to the GitHub Actions runner
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
+      - name: Run Codacy Analysis CLI
+        continue-on-error: true
+        uses: codacy/[email protected]
+        with:
+          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
+          # You can also omit the token and run the tools that support default configurations
+          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
+          verbose: true
+          output: results.sarif
+          format: sarif
+          # Adjust severity of non-security issues
+          gh-code-scanning-compat: true
+          # Force 0 exit code to allow SARIF file generation
+          # This will hand over control about PR rejection to the GitHub side
+          max-allowed-issues: 2147483647
+
+      # Upload the SARIF file generated in the previous step
+      - name: Upload SARIF results file
+        continue-on-error: true
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

.github/workflows/codeql.yml

@@ -0,0 +1,79 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
+  schedule:
+    - cron: '44 20 * * 0'
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        
+        # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+        
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v3
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines. 
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #   echo "Run, Build Application using script"
+    #   ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

.github/workflows/greetings.yml

@@ -0,0 +1,18 @@
+name: Greetings
+
+on: [pull_request_target, issues]
+
+permissions:
+  pull-requests: write
+  issues: write
+
+jobs:
+  greeting:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/first-interaction@v1
+        continue-on-error: true
+        with:
+          repo-token: ${{ secrets.PAT_TOKEN }}
+          issue-message: "Thanks for reporting this issue, don't forget to star this project if you haven't already to help us reach a wider audience."
+          pr-message: "Thanks for implementing a fix, could you ensure that the test covers your changes if applicable."