From e6846377050706b962d67aa97d0a7970a780c21f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 8 Oct 2025 11:02:37 +0000
Subject: [PATCH 1/3] build(deps): bump semver from 7.7.2 to 7.7.3

Bumps [semver](https://github.com/npm/node-semver) from 7.7.2 to 7.7.3.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.7.2...v7.7.3)

---
updated-dependencies:
- dependency-name: semver
  dependency-version: 7.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 15 +++++++--------
 package.json      |  2 +-
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 50790882..7ee05723 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
       "dependencies": {
         "@actions/core": "^1.11.1",
         "@actions/tool-cache": "^2.0.2",
-        "semver": "^7.7.2",
+        "semver": "^7.7.3",
         "typed-rest-client": "^2.1.0"
       },
       "devDependencies": {
@@ -9824,10 +9824,9 @@
       "license": "ISC"
     },
     "node_modules/semver": {
-      "version": "7.7.2",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
-      "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==",
-      "license": "ISC",
+      "version": "7.7.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz",
+      "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==",
       "bin": {
         "semver": "bin/semver.js"
       },
@@ -17990,9 +17989,9 @@
       "dev": true
     },
     "semver": {
-      "version": "7.7.2",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
-      "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA=="
+      "version": "7.7.3",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz",
+      "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q=="
     },
     "set-function-length": {
       "version": "1.2.2",
diff --git a/package.json b/package.json
index e6b65072..c7b34783 100644
--- a/package.json
+++ b/package.json
@@ -18,7 +18,7 @@
   "dependencies": {
     "@actions/core": "^1.11.1",
     "@actions/tool-cache": "^2.0.2",
-    "semver": "^7.7.2",
+    "semver": "^7.7.3",
     "typed-rest-client": "^2.1.0"
   },
   "devDependencies": {

From f41a0a64e9d63594764e628845c6645bd8c50a9e Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Wed, 8 Oct 2025 05:45:18 -0700
Subject: [PATCH 2/3] Update dependency license metadata cache for `semver`
 bump

---
 .licenses/npm/{semver-7.7.2.dep.yml => semver-7.7.3.dep.yml} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename .licenses/npm/{semver-7.7.2.dep.yml => semver-7.7.3.dep.yml} (98%)

diff --git a/.licenses/npm/semver-7.7.2.dep.yml b/.licenses/npm/semver-7.7.3.dep.yml
similarity index 98%
rename from .licenses/npm/semver-7.7.2.dep.yml
rename to .licenses/npm/semver-7.7.3.dep.yml
index 41578916..77ae9813 100644
--- a/.licenses/npm/semver-7.7.2.dep.yml
+++ b/.licenses/npm/semver-7.7.3.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: semver
-version: 7.7.2
+version: 7.7.3
 type: npm
 summary: The semantic version parser used by npm.
 homepage:

From f2330c8ac917159aad5b4796cda25697a262527d Mon Sep 17 00:00:00 2001
From: per1234 <accounts@perglass.com>
Date: Wed, 8 Oct 2025 05:46:39 -0700
Subject: [PATCH 3/3] Repackage action following `semver` bump

GitHub downloads each action run in a workflow during runtime and executes it as a complete package of code before you
can use workflow commands like run to interact with the runner machine. This means that we must provide all JavaScript
package dependencies as part of the distributed action in order for it to be usable in workflows.

A naive approach to doing this is checking in the `node_modules` folder. However, this approach results in a huge amount
of frequently changing external content being included in the repository, much of which is not even part of the executed
program.

A far better approach is to use the excellent ncc tool to compile the program, including all the relevant code from the
dependencies, into a single file.

We use a "continuous packaging" approach, where the packaged action code that is generated via ncc is always kept in
sync with the development source code and dependencies. This allows a beta version of the action to be easily used in
workflows by beta testers or those who need changes not in the release simply by using the name of the branch as the
action ref (e.g., `uses: arduino/arduino-lint-action@main` will cause the version of the action from the tip of the
`main` branch to be used by the workflow run).

The update of the package dependency results in a change to the packaged code, so the packaging is here updated
accordingly.
---
 dist/index.js | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

diff --git a/dist/index.js b/dist/index.js
index 56d009f0..03cf4cf4 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -8854,6 +8854,7 @@ const isSatisfiable = (comparators, options) => {
 // already replaced the hyphen ranges
 // turn into a set of JUST comparators.
 const parseComparator = (comp, options) => {
+  comp = comp.replace(re[t.BUILD], '')
   debug('comp', comp, options)
   comp = replaceCarets(comp, options)
   debug('caret', comp)
@@ -9274,11 +9275,25 @@ class SemVer {
       other = new SemVer(other, this.options)
     }
 
-    return (
-      compareIdentifiers(this.major, other.major) ||
-      compareIdentifiers(this.minor, other.minor) ||
-      compareIdentifiers(this.patch, other.patch)
-    )
+    if (this.major < other.major) {
+      return -1
+    }
+    if (this.major > other.major) {
+      return 1
+    }
+    if (this.minor < other.minor) {
+      return -1
+    }
+    if (this.minor > other.minor) {
+      return 1
+    }
+    if (this.patch < other.patch) {
+      return -1
+    }
+    if (this.patch > other.patch) {
+      return 1
+    }
+    return 0
   }
 
   comparePre (other) {
@@ -10179,6 +10194,10 @@ module.exports = debug
 
 const numeric = /^[0-9]+$/
 const compareIdentifiers = (a, b) => {
+  if (typeof a === 'number' && typeof b === 'number') {
+    return a === b ? 0 : a < b ? -1 : 1
+  }
+
   const anum = numeric.test(a)
   const bnum = numeric.test(b)