Merge branch 'develop' of https://github.com/stdlib-js/stdlib into develop

Author: kgryte

.editorconfig

@@ -148,11 +148,6 @@ indent_size = 2
 indent_style = space
 indent_size = 2
 
-# Set properties for `tslint.json` files:
-[tslint.json]
-indent_style = space
-indent_size = 2
-
 # Set properties for `tsconfig.json` files:
 [tsconfig.json]
 indent_style = space

etc/eslint/.eslintignore renamed to .eslintignore

@@ -19,6 +19,7 @@
 # Files #
 #########
 !.*.js
+!.*.ts
 
 # Directories #
 ###############

.github/codeql/codeql_config.yml

@@ -0,0 +1,37 @@
+#/
+# @license Apache-2.0
+#
+# Copyright (c) 2023 The Stdlib Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#/
+
+name: codeql_configuration
+
+# Define paths for which code scanning should be performed:
+paths:
+  - 'lib'
+
+# Define paths for which code scanning should *not* be performed:
+paths-ignore:
+  - '**/_tools'
+  - '**/test/*.js'
+  - '**/test/**/*.js'
+  - '**/benchmark/*.js'
+  - '**/benchmark/**/*.js'
+  - '**/examples/*.js'
+  - '**/examples/**/*.js'
+  - '**/data'
+  - '**/scripts'
+  - '**/etc'
+  - '**/docs'

.github/dependabot.yml

@@ -18,6 +18,13 @@
 
 version: 2
 updates:
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: weekly
+  ignore:
+    - dependency-name: "distributhor/workflow-webhook"
+
 - package-ecosystem: npm
   directory: "/"
   schedule:
@@ -32,6 +39,11 @@ updates:
     - dependency-name: "debug"
     - dependency-name: "ajv"
     - dependency-name: "d3-scale"
+    - dependency-name: "d3-shape"
+    - dependency-name: "d3-time-format"
+    - dependency-name: "d3-format"
     - dependency-name: "readable-stream"
     - dependency-name: "mkdirp"
     - dependency-name: "semver"
+    - dependency-name: "glob"
+    - dependency-name: "node-gyp"

.github/workflows/check_licenses.yml

@@ -22,6 +22,11 @@ name: check_licenses
 # Workflow triggers:
 on: [pull_request]
 
+# Global permissions:
+permissions:
+  # Allow read-only access to the repository contents:
+  contents: read
+
 # Workflow jobs:
 jobs:
 
@@ -53,8 +58,8 @@ jobs:
 
       # Checkout the repository:
       - name: 'Checkout repository'
-        # Pin action to full length commit SHA corresponding to v4.1.0
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+        # Pin action to full length commit SHA
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           # Specify whether to remove untracked files before checking out the repository:
           clean: false
@@ -75,8 +80,8 @@ jobs:
 
       # Install Node.js:
       - name: 'Install Node.js'
-        # Pin action to full length commit SHA corresponding to v3.8.1
-        uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d
+        # Pin action to full length commit SHA
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
         with:
           node-version: '20' # 'lts/*'
         timeout-minutes: 5
@@ -122,8 +127,8 @@ jobs:
 
       # Upload the log file:
       - name: 'Upload log file'
-        # Pin action to full length commit SHA corresponding to v3.1.3
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32
+        # Pin action to full length commit SHA
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         if: always()
         with:
           # Define a name for the uploaded artifact:

.github/workflows/check_required_files.yml

@@ -25,6 +25,11 @@ on:
   pull_request_target:
     types: [review_requested]
 
+# Global permissions:
+permissions:
+  # Allow read-only access to the repository contents:
+  contents: read
+
 # Workflow jobs:
 jobs:
 
@@ -42,8 +47,8 @@ jobs:
 
       # Checkout the repository:
       - name: 'Checkout repository'
-        # Pin action to full length commit SHA corresponding to v4.1.0
-        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+        # Pin action to full length commit SHA
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           # Specify whether to remove untracked files before checking out the repository:
           clean: true
@@ -214,8 +219,8 @@ jobs:
       # Create a comment on the pull request informing the user whether the pull request is missing required files:
       - name: 'Create a comment on the pull request informing the user whether the pull request is missing required files'
         if: steps.check-reviewers.outputs.is_stdlib_bot == 'true'
-        # Pin action to full length commit SHA corresponding to v3.0.2
-        uses: peter-evans/create-or-update-comment@c6c9a1a66007646a28c153e2a8580a5bad27bcfa
+        # Pin action to full length commit SHA
+        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
         with:
           # Specify the issue or pull request number:
           issue-number: ${{ github.event.pull_request.number }}

.github/workflows/codeql.yml

@@ -0,0 +1,183 @@
+#/
+# @license Apache-2.0
+#
+# Copyright (c) 2023 The Stdlib Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#/
+
+name: codeql
+
+# Workflow triggers:
+on:
+  # push:
+  #   branches: [ "develop", "master" ]
+  # pull_request:
+  #   branches: [ "develop", "master" ]
+  schedule:
+    # Run the workflow once a week (Sunday at midnight):
+    - cron: '0 0 * * 0'
+
+  # Allow the workflow to be manually run:
+  workflow_dispatch:
+
+# Global permissions:
+permissions:
+  # Allow read-only access to the repository contents:
+  contents: read
+
+# Workflow jobs:
+jobs:
+
+  # Define a job for performing CodeQL analysis...
+  analyze:
+
+    # Define a display name:
+    name: 'Analyze'
+
+    # Define the type of virtual host machine.
+    #
+    # ## Notes
+    #
+    # -   Runner size impacts CodeQL analysis time. To learn more, please see:
+    #     -   https://gh.io/recommended-hardware-resources-for-running-codeql
+    #     -   https://gh.io/supported-runners-and-hardware-resources
+    #     -   https://gh.io/using-larger-runners
+    #
+    # -   For analysis time improvements, consider using larger runners.
+    runs-on: ubuntu-latest
+
+    # Limit how long the job can run:
+    timeout-minutes: 360
+
+    # Restrict the type of data which is accessible to this job:
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    # Define the build matrix strategy...
+    strategy:
+
+      # Specify whether to cancel all in-progress jobs if any matrix job fails:
+      fail-fast: false
+
+      # Define the build matrix:
+      matrix:
+
+        # CodeQL supports the following languages:
+        #
+        #    [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ]
+        #
+        # Use only 'java-kotlin' to analyze code written in Java, Kotlin, or both.
+        #
+        # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript, or both.
+        language: [ 'javascript-typescript' ]
+
+    # Define the sequence of job steps:
+    steps:
+
+      # Checkout the repository:
+      - name: 'Checkout repository'
+        # Pin action to full length commit SHA
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          # Specify whether to remove untracked files before checking out the repository:
+          clean: false
+
+          # Limit clone depth to the most recent 100 commits:
+          fetch-depth: 100
+
+          # Specify whether to download Git-LFS files:
+          lfs: false
+        timeout-minutes: 10
+
+      # Install compilers:
+      - name: 'Install compilers'
+        run: |
+          sudo -E apt-add-repository -y "ppa:ubuntu-toolchain-r/test"
+          sudo -E apt-get update -q
+          sudo -E apt-get -yq --no-install-suggests --no-install-recommends --allow-downgrades --allow-remove-essential --allow-change-held-packages install binutils gcc-9 gcc-9-multilib g++-9 g++-9-multilib gfortran-9 gfortran-9-multilib
+          mkdir -p $HOME/bin
+          echo "$HOME/bin" >> $GITHUB_PATH
+          ln -s /usr/bin/gcc-9 $HOME/bin/gcc
+          ln -s /usr/bin/g++-9 $HOME/bin/g++
+          ln -s /usr/bin/gfortran-9 $HOME/bin/gfortran
+        timeout-minutes: 10
+
+      # Install Node.js:
+      - name: 'Install Node.js'
+        # Pin action to full length commit SHA
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
+        with:
+          node-version: '20' # 'lts/*'
+        timeout-minutes: 5
+
+      # Print debug info:
+      - name: 'Print debug info'
+        run: |
+          echo 'PATH:'
+          echo $PATH
+          echo ''
+          echo 'gcc:'
+          gcc --version
+          echo ''
+          echo 'g++:'
+          g++ --version
+          echo ''
+          echo 'gfortran:'
+          gfortran --version
+          echo ''
+          echo 'Git:'
+          git --version
+          echo ''
+          echo 'Node.js:'
+          file $(which node)
+          node --version
+          node -p 'process.platform + "@" + process.arch'
+          echo ''
+          echo 'npm:'
+          npm --version
+          npm config get registry
+        timeout-minutes: 2
+
+      # Install dependencies (accounting for possible network failures, etc, when installing node module dependencies):
+      - name: 'Install dependencies'
+        run: |
+          make install-node-modules || make install-node-modules || make install-node-modules
+        timeout-minutes: 15
+
+      # Build native add-ons:
+      # - name: 'Build native add-ons'
+      #   run: |
+      #     make install-node-addons
+
+      # Initialize CodeQL tools for scanning:
+      - name: 'Initialize CodeQL'
+
+        # Pin action to full length commit SHA
+        uses: github/codeql-action/init@382a50a0284c0de445104889a9d6003acb4b3c1d # v2.15.4
+
+        with:
+          languages: ${{ matrix.language }}
+
+          # Specify a path to a custom CodeQL configuration file:
+          config-file: './.github/codeql/codeql_config.yml'
+
+      # Perform CodeQL analysis:
+      - name: 'Perform CodeQL Analysis'
+
+        # Pin action to full length commit SHA
+        uses: github/codeql-action/analyze@382a50a0284c0de445104889a9d6003acb4b3c1d # v2.15.4
+        with:
+          category: "/language:${{matrix.language}}"

.github/workflows/deprecate_packages.yml

@@ -30,6 +30,11 @@ on:
       message:
         description: 'Custom deprecation message:'
 
+# Global permissions:
+permissions:
+  # Allow read-only access to the repository contents:
+  contents: read
+
 # Workflow concurrency group:
 concurrency:
 

.github/workflows/discussion_bot_response.yml

@@ -24,6 +24,11 @@ on:
   discussion:
     types: [created]
 
+# Global permissions:
+permissions:
+  # Allow read-only access to the repository contents:
+  contents: read
+
 # Workflow jobs:
 jobs:
   respond:
@@ -33,8 +38,8 @@ jobs:
     # Define a display name:
     name: 'Respond to question'
 
-    # Define the conditions under which the job should run:
-    if: github.event.discussion.category.name == 'stdlib-bot Q&A'
+    # Define the conditions under which the job should run: FIXME: un-comment if and when re-enabled
+    # if: github.event.discussion.category.name == 'stdlib-bot Q&A'
 
     # Define the type of virtual host machine:
     runs-on: ubuntu-latest
@@ -43,7 +48,8 @@ jobs:
     steps:
       # Run the chatbot action:
       - name: 'Run chatbot action'
-        uses: stdlib-js/stdlib-chat-bot@main
+        # Pin action to full length commit SHA
+        uses: stdlib-js/stdlib-chat-bot@6c0643a5a1eb3c782b2df3bfd11e836d2ac7268e # v0.0.1
         with:
           OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           GITHUB_TOKEN: ${{ secrets.CHATBOT_GITHUB_TOKEN }}