[Security] Bump elliptic from 6.5.3 to 6.5.4

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,68 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+# ******** NOTE ********
+
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ development ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ development ]
+  schedule:
+    - cron: '32 15 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more...
+        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/deno.yml

@@ -0,0 +1,39 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
+# This workflow will install Deno and run tests across stable and nightly builds on Windows, Ubuntu and macOS.
+# For more information see: https://github.com/denolib/setup-deno
+
+name: Deno
+
+on:
+  push:
+    branches: [development]
+  pull_request:
+    branches: [development]
+
+jobs:
+  test:
+    runs-on: ${{ matrix.os }} # runs a test on Ubuntu, Windows and macOS
+
+    strategy:
+      matrix:
+        deno: ["v1.x", "nightly"]
+        os: [macOS-latest, windows-latest, ubuntu-latest]
+
+    steps:
+      - name: Setup repo
+        uses: actions/checkout@v2
+
+      - name: Setup Deno
+        uses: denolib/setup-deno@c7d7968ad4a59c159a777f79adddad6872ee8d96
+        with:
+          deno-version: ${{ matrix.deno }} # tests across multiple Deno versions
+
+      - name: Cache Dependencies
+        run: deno cache deps.ts
+
+      - name: Run Tests
+        run: deno test -A --unstable

.github/workflows/ossar-analysis.yml

@@ -0,0 +1,49 @@
+# This workflow integrates a collection of open source static analysis tools
+# with GitHub code scanning. For documentation, or to provide feedback, visit
+# https://github.com/github/ossar-action
+name: OSSAR
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  OSSAR-Scan:
+    # OSSAR runs on windows-latest.
+    # ubuntu-latest and macos-latest support coming soon
+    runs-on: windows-latest
+
+    steps:
+      # Checkout your code repository to scan
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+
+    # Ensure a compatible version of dotnet is installed.
+    # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
+    # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action.
+    # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped.
+    # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action:
+    # - name: Install .NET
+    #   uses: actions/setup-dotnet@v1
+    #   with:
+    #     dotnet-version: '3.1.x'
+
+      # Run open source static analysis tools
+    - name: Run OSSAR
+      uses: github/ossar-action@v1
+      id: ossar
+
+      # Upload results to the Security tab
+    - name: Upload OSSAR results
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: ${{ steps.ossar.outputs.sarifFile }}

app/src/lib/remote-parsing.ts

@@ -27,19 +27,19 @@ interface IGitRemoteURL {
 const remoteRegexes: ReadonlyArray<{ protocol: Protocol; regex: RegExp }> = [
   {
     protocol: 'https',
-    regex: new RegExp('^https?://(?:.+@)?(.+)/(.+)/(.+?)(?:/|.git/?)?$'),
+    regex: new RegExp('^https?://(?:.+@)?([^/]+)/([^/]+)/(.+?)(?:/|.git/?)?$'),
   },
   {
     protocol: 'ssh',
-    regex: new RegExp('^git@(.+):(.+)/(.+?)(?:/|.git)?$'),
+    regex: new RegExp('^git@([^/]+):([^/]+)/(.+?)(?:/|.git)?$'),
   },
   {
     protocol: 'ssh',
-    regex: new RegExp('^git:(.+)/(.+)/(.+?)(?:/|.git)?$'),
+    regex: new RegExp('^git:([^/]+)/([^/]+)/(.+?)(?:/|.git)?$'),
   },
   {
     protocol: 'ssh',
-    regex: new RegExp('^ssh://git@(.+)/(.+)/(.+?)(?:/|.git)?$'),
+    regex: new RegExp('^ssh://git@([^/]+)/([^/]+)/(.+?)(?:/|.git)?$'),
   },
 ]
 
@@ -51,6 +51,11 @@ export function parseRemote(url: string): IGitRemoteURL | null {
       continue
     }
 
+    // We have extra slashes in our path so we need to just take the first one
+    if ((result[3].match(/\//g) || []).length > 0) {
+      result[3] = result[3].split('/')[0]
+    }
+
     const hostname = result[1]
     const owner = result[2]
     const name = result[3]

app/src/ui/lib/configure-git-user.tsx

@@ -183,6 +183,7 @@ export class ConfigureGitUser extends React.Component<
           />
 
           <TextBox
+            type="email"
             label="Email"
             placeholder="your-email@example.com"
             value={this.state.email}

app/src/ui/lib/text-box.tsx

@@ -42,7 +42,7 @@ export interface ITextBoxProps {
   readonly onKeyDown?: (event: React.KeyboardEvent<HTMLInputElement>) => void
 
   /** The type of the input. Defaults to `text`. */
-  readonly type?: 'text' | 'search' | 'password'
+  readonly type?: 'text' | 'search' | 'password' | 'email'
 
   /**
    * An optional text for a link label element. A link label is, for the purposes

app/src/ui/preferences/git.tsx

@@ -68,6 +68,7 @@ export class Git extends React.Component<IGitProps, IGitState> {
         </Row>
         <Row>
           <TextBox
+            type="email"
             label="Email"
             value={this.props.email}
             onValueChanged={this.props.onEmailChanged}

app/styles/ui/_text-box.scss

@@ -24,6 +24,10 @@
     margin-bottom: var(--spacing-third);
   }
 
+  :invalid{
+    border-color: $red-500;
+  }
+
   input {
     @include textboxish;
     @include textboxish-disabled;

app/test/unit/remote-parsing-test.ts

@@ -33,6 +33,14 @@ describe('URL remote parsing', () => {
     expect(remote!.name).toBe('repo')
   })
 
+  it('parses HTTPS URLs which are too long', () => {
+    const remote = parseRemote('https://github.com/hubot/repo/extra/path')
+    expect(remote).not.toBeNull()
+    expect(remote!.hostname).toBe('github.com')
+    expect(remote!.owner).toBe('hubot')
+    expect(remote!.name).toBe('repo')
+  })
+
   it('parses SSH URLs', () => {
     const remote = parseRemote('git@github.com:hubot/repo.git')
     expect(remote).not.toBeNull()
@@ -57,6 +65,14 @@ describe('URL remote parsing', () => {
     expect(remote!.name).toBe('repo')
   })
 
+  it('parses SSH URLs which are too long', () => {
+    const remote = parseRemote('git@github.com:hubot/repo/extra/path')
+    expect(remote).not.toBeNull()
+    expect(remote!.hostname).toBe('github.com')
+    expect(remote!.owner).toBe('hubot')
+    expect(remote!.name).toBe('repo')
+  })
+
   it('parses git URLs', () => {
     const remote = parseRemote('git:github.com/hubot/repo.git')
     expect(remote).not.toBeNull()
@@ -81,6 +97,14 @@ describe('URL remote parsing', () => {
     expect(remote!.name).toBe('repo')
   })
 
+  it('parses git URLs which are too long', () => {
+    const remote = parseRemote('git:github.com/hubot/repo/extra/path')
+    expect(remote).not.toBeNull()
+    expect(remote!.hostname).toBe('github.com')
+    expect(remote!.owner).toBe('hubot')
+    expect(remote!.name).toBe('repo')
+  })
+
   it('parses SSH URLs with the ssh prefix', () => {
     const remote = parseRemote('ssh://git@github.com/hubot/repo')
     expect(remote).not.toBeNull()
@@ -96,4 +120,12 @@ describe('URL remote parsing', () => {
     expect(remote!.owner).toBe('hubot')
     expect(remote!.name).toBe('repo')
   })
+
+  it('parses SSH URLs with the ssh prefix and which are too long', () => {
+    const remote = parseRemote('ssh://git@github.com/hubot/repo/extra/path')
+    expect(remote).not.toBeNull()
+    expect(remote!.hostname).toBe('github.com')
+    expect(remote!.owner).toBe('hubot')
+    expect(remote!.name).toBe('repo')
+  })
 })

package.json

@@ -169,7 +169,7 @@
     "@types/webpack-merge": "^4.1.3",
     "@types/winston": "^2.2.0",
     "@types/xml2js": "^0.4.0",
-    "electron": "9.1.2",
+    "electron": "9.3.1",
     "electron-builder": "^22.7.0",
     "electron-packager": "^14.2.1",
     "electron-winstaller": "4.0.0"