Merge branch 'main' into ci-ubuntu-runner

.github/labeler.yml

@@ -4,7 +4,6 @@ ci/cd:
   - changed-files:
       - any-glob-to-any-file:
           - .github/workflows/*
-          - .github/codecov.yml
           - .github/dependabot.yml
           - .github/labeler.yml
 

.github/workflows/checks.yml

@@ -30,12 +30,12 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         with:
           config-file: ./.github/codeql.yml
           languages: javascript
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
   format:
     name: Formatting
     runs-on: ubuntu-24.04
@@ -168,7 +168,7 @@ jobs:
         with:
           args: . --sarif --output njsscan-results.sarif || true
       - name: Upload njsscan report to GitHub
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         if: ${{ failure() || success() }}
         with:
           sarif_file: njsscan-results.sarif
@@ -230,18 +230,13 @@ jobs:
           egress-policy: block
           allowed-endpoints: >
             actions-results-receiver-production.githubapp.com:443
-            api.codecov.io:443
             api.github.com:443
             artifactcache.actions.githubusercontent.com:443
-            cli.codecov.io:443
-            codecov.io:443
             github.com:443
             gitlab.com:443
             nodejs.org:443
             objects.githubusercontent.com:443
             registry.npmjs.org:443
-            storage.googleapis.com:443
-            uploader.codecov.io:443
       - name: Checkout repository
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Install Node.js
@@ -253,14 +248,6 @@ jobs:
         run: npm clean-install
       - name: Run breakage tests
         run: npm run coverage:breakage
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1
-        if: ${{ failure() || success() }}
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          file: ./_reports/coverage/breakage/lcov.info
-          flags: breakage
   test-compatibility:
     name: Compatibility
     runs-on: ubuntu-24.04
@@ -284,18 +271,13 @@ jobs:
           egress-policy: block
           allowed-endpoints: >
             actions-results-receiver-production.githubapp.com:443
-            api.codecov.io:443
             api.github.com:443
             artifactcache.actions.githubusercontent.com:443
-            cli.codecov.io:443
-            codecov.io:443
             github.com:443
             gitlab.com:443
             nodejs.org:443
             objects.githubusercontent.com:443
             registry.npmjs.org:443
-            storage.googleapis.com:443
-            uploader.codecov.io:443
       - name: Checkout repository
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Install Node.js
@@ -309,14 +291,6 @@ jobs:
         run: npm clean-install
       - name: Run compatibility tests
         run: npm run coverage:compat
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1
-        if: ${{ matrix.node-version == '22.0.0' }}
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          file: ./_reports/coverage/compat/lcov.info
-          flags: compatibility
   test-e2e:
     name: End-to-end (${{ matrix.name }})
     runs-on: ${{ matrix.os }}
@@ -340,19 +314,14 @@ jobs:
           egress-policy: block
           allowed-endpoints: >
             actions-results-receiver-production.githubapp.com:443
-            api.codecov.io:443
             api.github.com:443
             artifactcache.actions.githubusercontent.com:443
             azure.archive.ubuntu.com:80
-            cli.codecov.io:443
-            codecov.io:443
             github.com:443
             gitlab.com:443
             nodejs.org:443
             objects.githubusercontent.com:443
             registry.npmjs.org:443
-            storage.googleapis.com:443
-            uploader.codecov.io:443
       - name: Checkout repository
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Install Node.js
@@ -370,14 +339,6 @@ jobs:
         run: sudo apt-get --assume-yes install zsh
       - name: Run end-to-end tests
         run: npm run coverage:e2e
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1
-        if: ${{ failure() || success() }}
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          file: ./_reports/coverage/e2e/lcov.info
-          flags: e2e-${{ matrix.name }}
   test-integration:
     name: Integration (${{ matrix.name }})
     runs-on: ${{ matrix.os }}
@@ -402,19 +363,14 @@ jobs:
           egress-policy: block
           allowed-endpoints: >
             actions-results-receiver-production.githubapp.com:443
-            api.codecov.io:443
             api.github.com:443
             artifactcache.actions.githubusercontent.com:443
             azure.archive.ubuntu.com:80
-            cli.codecov.io:443
-            codecov.io:443
             github.com:443
             gitlab.com:443
             nodejs.org:443
             objects.githubusercontent.com:443
             registry.npmjs.org:443
-            storage.googleapis.com:443
-            uploader.codecov.io:443
       - name: Checkout repository
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Install Node.js
@@ -432,14 +388,6 @@ jobs:
         run: sudo apt-get --assume-yes install csh
       - name: Run integration tests
         run: npm run coverage:integration
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1
-        if: ${{ failure() || success() }}
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          file: ./_reports/coverage/integration/lcov.info
-          flags: integration-${{ matrix.name }}
   test-mutation-unit:
     name: Mutation (Unit)
     runs-on: ubuntu-24.04
@@ -548,18 +496,13 @@ jobs:
           egress-policy: block
           allowed-endpoints: >
             actions-results-receiver-production.githubapp.com:443
-            api.codecov.io:443
             api.github.com:443
             artifactcache.actions.githubusercontent.com:443
-            cli.codecov.io:443
-            codecov.io:443
             github.com:443
             gitlab.com:443
             nodejs.org:443
             objects.githubusercontent.com:443
             registry.npmjs.org:443
-            storage.googleapis.com:443
-            uploader.codecov.io:443
       - name: Checkout repository
         uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
       - name: Install Node.js
@@ -571,14 +514,6 @@ jobs:
         run: npm clean-install
       - name: Run unit tests
         run: npm run coverage:unit
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1
-        if: ${{ failure() || success() }}
-        env:
-          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-        with:
-          file: ./_reports/coverage/unit/lcov.info
-          flags: unit
   transpile:
     name: Transpile
     runs-on: ubuntu-24.04
@@ -640,7 +575,7 @@ jobs:
           scan-ref: .
           template: "@/contrib/sarif.tpl"
       - name: Upload Trivy report to GitHub
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         if: ${{ failure() || success() }}
         with:
           sarif_file: trivy-results.sarif

.github/workflows/semgrep.yml

@@ -22,7 +22,7 @@ jobs:
         env:
           SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
       - name: Upload Semgrep report to GitHub
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
+        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
         if: ${{ failure() || success() }}
         with:
           sarif_file: semgrep.sarif

README.md

@@ -3,7 +3,6 @@
 # Shescape
 
 [![GitHub Actions][ci-image]][ci-url]
-[![Coverage Report][coverage-image]][coverage-url]
 [![npm Package][npm-image]][npm-url]
 
 A simple shell escape library for JavaScript. Use it to escape user-controlled
@@ -93,8 +92,6 @@ file's banner comment.
 
 [ci-url]: https://github.com/ericcornelissen/shescape/actions/workflows/checks.yml
 [ci-image]: https://github.com/ericcornelissen/shescape/actions/workflows/checks.yml/badge.svg
-[coverage-url]: https://codecov.io/gh/ericcornelissen/shescape
-[coverage-image]: https://codecov.io/gh/ericcornelissen/shescape/branch/main/graph/badge.svg
 [npm-url]: https://www.npmjs.com/package/shescape
 [npm-image]: https://img.shields.io/npm/v/shescape.svg
 [an issue]: https://github.com/ericcornelissen/shescape/issues