chore(deps): update returntocorp/semgrep docker digest to 875ea8c - abandoned

.deepsource.toml

@@ -0,0 +1,10 @@
+version = 1
+
+[[analyzers]]
+name = "javascript"
+
+  [analyzers.meta]
+  environment = [
+    "nodejs",
+    "vitest"
+  ]

.editorconfig

@@ -9,4 +9,4 @@ indent_size = 4
 end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = false
-insert_final_newline = false
+insert_final_newline = false

.env.example

@@ -0,0 +1,4 @@
+EXTERNAL_HOST=
+CERTIFICATE_FILE=
+PRIVATE_KEY_FILE=
+PUBLIC_KEY_FILE=

.gitattributes

@@ -0,0 +1,14 @@
+# Don't allow people to merge changes to these generated files, because the result
+# may be invalid.  You need to run "rush update" again.
+pnpm-lock.yaml               merge=text
+shrinkwrap.yaml              merge=binary
+npm-shrinkwrap.json          merge=binary
+yarn.lock                    merge=binary
+
+# Rush's JSON config files use JavaScript-style code comments.  The rule below prevents pedantic
+# syntax highlighters such as GitHub's from highlighting these comments as errors.  Your text editor
+# may also require a special configuration to allow comments in JSON.
+#
+# For more information, see this issue: https://github.com/microsoft/rushstack/issues/1088
+#
+*.json                       linguist-language=JSON-with-Comments

.github/CODEOWNERS

@@ -1 +0,0 @@
-

.github/codecov.yml

@@ -1,10 +1,21 @@
 codecov:
     require_ci_to_pass: false
 
+ai_pr_review:
+    enabled: true
+
 comment:
     show_carryforward_flags: true
 
 flags:
+    cli:
+        paths:
+            - packages/cli/**
+        carryforward: true
+    connection:
+        paths:
+            - packages/connection/**
+        carryforward: true
     database:
         paths:
             - packages/database/**
@@ -13,22 +24,18 @@ flags:
         paths:
             - packages/gateway/**
         carryforward: true
-    lobby:
+    mcots:
         paths:
-            - packages/lobby/**
+            - packages/mcots/**
         carryforward: true
-    login:
+    nps:
         paths:
-            - packages/login/**
+            - packages/nps/**
         carryforward: true
     patch:
         paths:
             - packages/patch/**
         carryforward: true
-    persona:
-        paths:
-            - packages/persona/**
-        carryforward: true
     shard:
         paths:
             - packages/shard/**
@@ -37,30 +44,36 @@ flags:
         paths:
             - packages/shared/**
         carryforward: true
-    transactions:
-        paths:
-            - packages/transactions/**
-        carryforward: true
-    interfaces:
+    shared-packets:
         paths:
-            - packages/interfaces/**
-        carryforward: false
-    core:
-        paths:
-            - packages/core/**
+            - packages/shared-packets/**
         carryforward: true
 
 component_management:
     individual_components:
-        - component_id: components_team1
-          name: Team 1
+        - component_id: components_nps
+          name: NPS
+          paths:
+              - packages/cli/**
+              - packages/connection/**
+              - packages/database/**
+              - packages/gateway/**
+              - packages/lobby/**
+              - packages/login/**
+              - packages/nps/**
+              - packages/patch/**
+              - packages/persona/**
+              - packages/shard/**
+              - packages/shared-packets/**
+        - component_id: components_mcots
+          name: MCOTS
           paths:
-              - packages/core/**
+              - packages/cli/**
+              - packages/connection/**
+              - packages/database/**
               - packages/gateway/**
-              - packages/shared/**
+              - packages/mcots/**
+              - packages/shared-packets/**
 
-coverage:
-    status:
-        project:
-            default:
-                removed_code_behavior: adjust_base
+ignore:
+    - "**/__generated__/**"

.github/renovate.json5

@@ -0,0 +1,17 @@
+{
+    extends: ["config:best-practices", ":automergeStableNonMajor"],
+    packageRules: [
+        {
+            allowedVersions: "1.9.8",
+            matchDatasources: ["docker"],
+            matchPackageNames: [
+                // Prevent automatic updates from nginx:1.9.8
+                // While this image can still be found on DockerHub,
+                // it is also archived at https://archive.org/details/nginx_1.9.8.tar
+                // This is required to serve as a proxy to the [SChannel](https://web.archive.org/web/20230402130420/https://learn.microsoft.com/en-us/windows/win32/com/schannel) that Windows XP uses.
+                // Windows XP is required support since the legacy client can not be upgraded or modified.
+                "nginx",
+            ],
+        },
+    ],
+}

.github/workflows/codeql-analysis.yml

@@ -39,11 +39,11 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v3
+              uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
 
             # Initializes the CodeQL tools for scanning.
             - name: Initialize CodeQL
-              uses: github/codeql-action/init@v2
+              uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3
               with:
                   languages: ${{ matrix.language }}
                   # If you wish to specify custom queries, you can do so here or in a config file.
@@ -54,7 +54,7 @@ jobs:
             # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
             # If this step fails, then you should remove it and run the build manually (see below)
             - name: Autobuild
-              uses: github/codeql-action/autobuild@v2
+              uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3
 
             # ℹ️ Command-line programs to run using the OS shell.
             # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
             #   make release
 
             - name: Perform CodeQL Analysis
-              uses: github/codeql-action/analyze@v2
+              uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3

.github/workflows/main.yml

@@ -0,0 +1,32 @@
+name: Sentry Release
+
+on:
+    workflow_dispatch:
+    push:
+        branches:
+            - main
+
+jobs:
+    release-sentry:
+        runs-on: ubuntu-latest
+        steps:
+            - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+              with:
+                  fetch-depth: 0
+
+            - name: Install and test using npm
+              run: |
+                  npm install
+                  export DATABASE_URL=$(npx pg-test start)
+                  npm run test --workspaces --if-present
+                  npx pg-test stop
+
+            - name: Create Sentry release
+              uses: getsentry/action-release@586b62368d564f25d694ce05fcb9cf53de65ac4f # v1
+              env:
+                  SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+                  SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+                  SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+                  # SENTRY_URL: https://sentry.io/
+              with:
+                  environment: production

.github/workflows/node.yml

@@ -1,52 +1,58 @@
-name: Node.js CI
+name: Node.js
 
 on:
     push:
-        branches: [main]
     pull_request:
-        branches: [main]
 
 env:
     MCO_LOG_LEVEL: warn
+    EXTERNAL_HOST: mcouniverse.com
+    PRIVATE_KEY_FILE: thebeast/data/private_key.pem # These secrets are stored in the repository and are safe to "leak"
+    CERTIFICATE_FILE: thebeast/data/mcouniverse.crt # These secrets are stored in the repository and are safe to "leak"
+    PUBLIC_KEY_FILE: thebeast/data/pub.key # These secrets are stored in the repository and are safe to "leak"
 
 jobs:
-    build:
+    build-test:
         runs-on: ubuntu-latest
 
-        strategy:
-            matrix:
-                node-version: [18.x, 20.x, 21.x]
-
         steps:
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
               with:
                   fetch-depth: 0
-            - name: Use Node.js ${{ matrix.node-version }}
-              uses: actions/setup-node@v3
+            - name: Use Node.js 22.x
+              uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4
               with:
-                  node-version: ${{ matrix.node-version }}
-            - run: npm ci install
-            - name: Test
-              run: npm run test:only
+                  node-version: 22.x
+            - name: Install and test
+              run: |
+                  npm install
+                  export DATABASE_URL=$(npx pg-test start)
+                  npm test
+                  npx pg-test stop
+              env:
+                  CODECOV_UPLOAD_BUNDLE_TOKEN: ${{ secrets.CODECOV_UPLOAD_BUNDLE_TOKEN }}
             - name: Codecov
-              env: # Or as an environment variable
+              if: ${{ always() }} # using always() to always run this step because i am uploading test results and coverage in one step
+              env:
                   CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
               run: |
                   pip install --user pytest
                   pip install --user codecov-cli
-                  codecovcli --verbose create-commit --fail-on-error 
-                  codecovcli --verbose create-report --fail-on-error 
+                  codecovcli --verbose create-commit --fail-on-error
+                  codecovcli --verbose create-report --fail-on-error
+                  codecovcli do-upload --report-type test_results --file mcos.junit.xml
+                  codecovcli --verbose do-upload --fail-on-error --flag cli --name cli-${{ matrix.node-version }}
+                  codecovcli --verbose do-upload --fail-on-error --flag connection --name connection-${{ matrix.node-version }}
                   codecovcli --verbose do-upload --fail-on-error --flag database --name database-${{ matrix.node-version }}
                   codecovcli --verbose do-upload --fail-on-error --flag gateway --name gateway-${{ matrix.node-version }}
-                  codecovcli --verbose do-upload --fail-on-error --flag lobby --name lobby-${{ matrix.node-version }}
-                  codecovcli --verbose do-upload --fail-on-error --flag login --name login-${{ matrix.node-version }}
+                  codecovcli --verbose do-upload --fail-on-error --flag mcots --name mcots-${{ matrix.node-version }}
+                  codecovcli --verbose do-upload --fail-on-error --flag nps --name nps-${{ matrix.node-version }}
                   codecovcli --verbose do-upload --fail-on-error --flag patch --name patch-${{ matrix.node-version }}
-                  codecovcli --verbose do-upload --fail-on-error --flag persona --name persona-${{ matrix.node-version }}
                   codecovcli --verbose do-upload --fail-on-error --flag shard --name shard-${{ matrix.node-version }}
-                  codecovcli --verbose do-upload --fail-on-error --flag transactions --name transactions-${{ matrix.node-version }}
-                  codecovcli --verbose do-upload --fail-on-error --flag core --name core-${{ matrix.node-version }}
+                  codecovcli --verbose do-upload --fail-on-error --flag shared --name shared-${{ matrix.node-version }}
+                  codecovcli --verbose do-upload --fail-on-error --flag shared-packets --name shared-packets-${{ matrix.node-version }}
 
-            - uses: actions/upload-artifact@v3
+            - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4
               with:
                   name: coverage_${{ matrix.node-version }}
                   path: coverage

.github/workflows/release.yml

@@ -0,0 +1,37 @@
+name: Release
+on:
+    workflow_dispatch:
+    push:
+        branches:
+            - master
+
+permissions:
+    contents: read # for checkout
+
+jobs:
+    release:
+        name: Release
+        runs-on: ubuntu-latest
+        permissions:
+            contents: write # to be able to publish a GitHub release
+            issues: write # to be able to comment on released issues
+            pull-requests: write # to be able to comment on released pull requests
+            id-token: write # to enable use of OIDC for npm provenance
+        steps:
+            - name: Checkout
+              uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+              with:
+                  fetch-depth: 0
+            - name: Setup Node.js
+              uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4
+              with:
+                  node-version: 'lts/*'
+            - name: Install dependencies
+              run: npm install
+            - name: Verify the integrity of provenance attestations and registry signatures for installed dependencies
+              run: npm audit signatures
+            - name: Release
+              env:
+                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+                  NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+              run: npx semantic-release

.github/workflows/semgrep.yml

@@ -12,12 +12,12 @@ on:
 jobs:
     semgrep:
         name: Scan
-        runs-on: ubuntu-20.04
+        runs-on: ubuntu-22.04
         env:
             SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
         container:
-            image: returntocorp/semgrep
+            image: returntocorp/semgrep@sha256:875ea8c5200ca5938836fa0c155b2220eca8fc83940da1bfa90caf67d73fb0ed
         if: (github.actor != 'dependabot[bot]')
         steps:
-            - uses: actions/checkout@v3
+            - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
             - run: semgrep ci