Merge branch 'main' into main

Author: nseidle

.github/dependabot.yml

@@ -7,27 +7,39 @@ updates:
   # See: https://docs.github.com/en/code-security/supply-chain-security/keeping-your-actions-up-to-date-with-dependabot
   - package-ecosystem: github-actions
     directory: / # Check the repository's workflows under /.github/workflows/
+    assignees:
+      - per1234
+    open-pull-requests-limit: 100
     schedule:
       interval: daily
     labels:
       - "topic: infrastructure"
   - package-ecosystem: github-actions
     target-branch: production
     directory: /
+    assignees:
+      - per1234
+    open-pull-requests-limit: 100
     schedule:
       interval: daily
     labels:
       - "topic: infrastructure"
   - package-ecosystem: gomod
     target-branch: production
     directory: /.github/workflows/assets/validate-registry/
+    assignees:
+      - per1234
+    open-pull-requests-limit: 100
     schedule:
       interval: daily
     labels:
       - "topic: infrastructure"
   - package-ecosystem: pip
     target-branch: production
     directory: /
+    assignees:
+      - per1234
+    open-pull-requests-limit: 100
     schedule:
       interval: daily
     labels:

.github/workflows/manage-prs.yml

@@ -5,7 +5,7 @@ env:
   MAINTAINERS: |
     # GitHub user names to request reviews from in cases where PRs can't be managed automatically.
     - per1234
-  CHECK_SUBMISSIONS_FAIL_FLAG_ARTIFACT: check-submissions-failed
+  CHECK_SUBMISSIONS_FAIL_FLAG_ARTIFACT_PREFIX: check-submissions-failed-
   ERROR_MESSAGE_PREFIX: ":x: **ERROR:** "
 
 on:
@@ -114,7 +114,7 @@ jobs:
         run: echo "::set-output name=head::$(jq -c .head.sha "${{ steps.configuration.outputs.path }}/${{ env.JSON_IDENTIFIER }}")"
 
       - name: Upload diff file to workflow artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           path: ${{ steps.configuration.outputs.path }}/${{ steps.configuration.outputs.filename }}
           name: ${{ steps.configuration.outputs.artifact }}
@@ -144,13 +144,13 @@ jobs:
           location: ${{ runner.temp }}
 
       - name: Download diff
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           path: ${{ needs.diff.outputs.path }}
           name: ${{ needs.diff.outputs.artifact }}
 
       - name: Remove no longer needed artifact
-        uses: geekyeggo/delete-artifact@v2
+        uses: geekyeggo/delete-artifact@v5
         with:
           name: ${{ needs.diff.outputs.artifact }}
 
@@ -376,15 +376,23 @@ jobs:
         if: env.PASS == 'false'
         run: touch ${{ env.FAIL_FLAG_PATH }} # Arbitrary file to provide content for the flag artifact
 
+      # Each workflow artifact must have a unique name. The job matrix doesn't provide a guaranteed unique string to use
+      # for a name so it is necessary to generate one.
+      - name: Generate unique artifact suffix
+        if: env.PASS == 'false'
+        run: |
+          echo "CHECK_SUBMISSIONS_FAIL_FLAG_ARTIFACT_SUFFIX=$(cat /proc/sys/kernel/random/uuid)" >> "$GITHUB_ENV"
+
       # The value of a job matrix output is set by whichever job happened to run last, not of use for this application.
       # So it's necessary to use an alternative means of indicating that at least one submission failed the checks.
       - name: Upload failure flag artifact
         if: env.PASS == 'false'
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           if-no-files-found: error
+          include-hidden-files: true
           path: ${{ env.FAIL_FLAG_PATH }}
-          name: ${{ env.CHECK_SUBMISSIONS_FAIL_FLAG_ARTIFACT }}
+          name: ${{ env.CHECK_SUBMISSIONS_FAIL_FLAG_ARTIFACT_PREFIX }}${{ env.CHECK_SUBMISSIONS_FAIL_FLAG_ARTIFACT_SUFFIX }}
 
   check-submissions-result:
     needs: check-submissions
@@ -393,13 +401,22 @@ jobs:
     outputs:
       pass: ${{ steps.failure-flag-exists.outcome == 'failure' }}
 
+    env:
+      CHECK_SUBMISSIONS_FAIL_FLAG_ARTIFACT_PATH: ${{ github.workspace }}/artifacts
+
     steps:
+      - name: Download submission check failure flag artifacts
+        uses: actions/download-artifact@v4
+        with:
+          path: ${{ env.CHECK_SUBMISSIONS_FAIL_FLAG_ARTIFACT_PATH }}
+          pattern: ${{ env.CHECK_SUBMISSIONS_FAIL_FLAG_ARTIFACT_PREFIX }}*
+
       - name: Check for existence of submission check failure flag artifact
         id: failure-flag-exists
-        uses: actions/download-artifact@v3
         continue-on-error: true
-        with:
-          name: ${{ env.CHECK_SUBMISSIONS_FAIL_FLAG_ARTIFACT }}
+        # actions/download-artifact does not create a folder per its `path` input if no artifacts match `pattern`.
+        run: |
+          test -d "${{ env.CHECK_SUBMISSIONS_FAIL_FLAG_ARTIFACT_PATH }}"
 
   check-submissions-fail:
     needs:

.github/workflows/sync-labels.yml

@@ -19,7 +19,7 @@ on:
 
 env:
   CONFIGURATIONS_FOLDER: .github/label-configuration-files
-  CONFIGURATIONS_ARTIFACT: label-configuration-files
+  CONFIGURATIONS_ARTIFACT_PREFIX: label-configuration-file-
 
 jobs:
   check:
@@ -70,13 +70,13 @@ jobs:
           file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/${{ matrix.filename }}
 
       - name: Pass configuration files to next job via workflow artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           path: |
             *.yaml
             *.yml
           if-no-files-found: error
-          name: ${{ env.CONFIGURATIONS_ARTIFACT }}
+          name: ${{ env.CONFIGURATIONS_ARTIFACT_PREFIX }}${{ matrix.filename }}
 
   sync:
     needs: download
@@ -107,16 +107,17 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Download configuration files artifact
-        uses: actions/download-artifact@v3
+      - name: Download configuration file artifacts
+        uses: actions/download-artifact@v4
         with:
-          name: ${{ env.CONFIGURATIONS_ARTIFACT }}
+          merge-multiple: true
+          pattern: ${{ env.CONFIGURATIONS_ARTIFACT_PREFIX }}*
           path: ${{ env.CONFIGURATIONS_FOLDER }}
 
-      - name: Remove unneeded artifact
-        uses: geekyeggo/delete-artifact@v2
+      - name: Remove unneeded artifacts
+        uses: geekyeggo/delete-artifact@v5
         with:
-          name: ${{ env.CONFIGURATIONS_ARTIFACT }}
+          name: ${{ env.CONFIGURATIONS_ARTIFACT_PREFIX }}*
 
       - name: Merge label configuration files
         run: |

FAQ.md

@@ -26,6 +26,7 @@
   - [When I install a library that I know depends on another library, will this other library be installed as well?](#when-i-install-a-library-that-i-know-depends-on-another-library-will-this-other-library-be-installed-as-well)
   - [Can I install multiple versions of one library and use the proper one in my sketches?](#can-i-install-multiple-versions-of-one-library-and-use-the-proper-one-in-my-sketches)
   - [How can I remove a library I installed via Library Manager?](#how-can-i-remove-a-library-i-installed-via-library-manager)
+- [Security & Malware Reporting](#security--malware-reporting)
 
 <!-- tocstop -->
 
@@ -43,9 +44,10 @@ When a library is [added to the library list](README.md#adding-a-library-to-libr
 
 More information:
 
+- https://docs.arduino.cc/software/ide-v2/tutorials/ide-v2-installing-a-library#installing-a-library
 - https://docs.arduino.cc/software/ide-v1/tutorials/installing-libraries#using-the-library-manager
 - https://arduino.github.io/arduino-cli/latest/commands/arduino-cli_lib/
-- https://create.arduino.cc/projecthub/Arduino_Genuino/getting-started-with-arduino-web-editor-on-various-platforms-4b3e4a
+- https://docs.arduino.cc/arduino-cloud/guides/editor/#library-manager
 
 ### How is the Library Manager index generated?
 
@@ -195,3 +197,11 @@ This version of the Arduino IDE does not have an integrated uninstall functional
 #### Arduino CLI
 
 Libraries can be uninstalled via [the `arduino-cli lib uninstall` command](https://arduino.github.io/arduino-cli/latest/commands/arduino-cli_lib_uninstall/).
+
+## Security & Malware Reporting
+
+If you think you found a vulnerability, malware or other security-related defect in any Arduino Library projects, please take a look at our security policy and report it to our Security Team 🛡️.
+
+Thank you!
+
+E-mail contact: [email protected]

README.md

@@ -15,6 +15,7 @@ This repository contains the list of libraries in the
 - [Changing the URL of a library already in Library Manager](#changing-the-url-of-a-library-already-in-library-manager)
 - [Removing a library from Library Manager](#removing-a-library-from-library-manager)
 - [Report a problem with Library Manager](#report-a-problem-with-library-manager)
+- [Security & Malware Reporting](#security--malware-reporting)
 
 <!-- tocstop -->
 
@@ -118,3 +119,11 @@ This repository is not an appropriate place to request support or report problem
 own documentation for instructions or ask on the [Arduino Forum](https://forum.arduino.cc/).
 
 If the problem is about something else, please submit an issue report [here](https://github.com/arduino/library-registry/issues/new/choose).
+
+## Security & Malware Reporting
+
+If you think you found a vulnerability, malware or other security-related defect in any Arduino Library projects, please take a look at our security policy and report it to our Security Team 🛡️.
+
+Thank you!
+
+E-mail contact: [email protected]