From 5c3b0702fdcdde193312d3236036f354a2ab9c9f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 18 Feb 2024 06:10:47 +0000
Subject: [PATCH 1/2] Bump packageurl-js from 1.1.1 to 1.2.1

Bumps [packageurl-js](https://github.com/package-url/packageurl-js) from 1.1.1 to 1.2.1.
- [Changelog](https://github.com/package-url/packageurl-js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/package-url/packageurl-js/compare/v1.1.1...v1.2.1)

---
updated-dependencies:
- dependency-name: packageurl-js
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 14 +++++++-------
 package.json      |  2 +-
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 00d9ece..6b239fb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,7 +12,7 @@
         "@actions/core": "^1.10.1",
         "@actions/github": "^6.0.0",
         "@github/dependency-submission-toolkit": "^1.2.10",
-        "packageurl-js": "^1.1.1",
+        "packageurl-js": "^1.2.1",
         "zod": "^3.22.4"
       },
       "devDependencies": {
@@ -908,9 +908,9 @@
       }
     },
     "node_modules/packageurl-js": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-1.1.1.tgz",
-      "integrity": "sha512-juW4p0J23BvvMj0I9/ORe/Y7TFsNNrEjoZ/h3ToPfU0dvnGXUm6vHtcAINf2Scgv5EqQW7ngTZnkTfgFBPeXNw=="
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-1.2.1.tgz",
+      "integrity": "sha512-cZ6/MzuXaoFd16/k0WnwtI298UCaDHe/XlSh85SeOKbGZ1hq0xvNbx3ILyCMyk7uFQxl6scF3Aucj6/EO9NwcA=="
     },
     "node_modules/prettier": {
       "version": "2.7.0",
@@ -2052,9 +2052,9 @@
       }
     },
     "packageurl-js": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-1.1.1.tgz",
-      "integrity": "sha512-juW4p0J23BvvMj0I9/ORe/Y7TFsNNrEjoZ/h3ToPfU0dvnGXUm6vHtcAINf2Scgv5EqQW7ngTZnkTfgFBPeXNw=="
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-1.2.1.tgz",
+      "integrity": "sha512-cZ6/MzuXaoFd16/k0WnwtI298UCaDHe/XlSh85SeOKbGZ1hq0xvNbx3ILyCMyk7uFQxl6scF3Aucj6/EO9NwcA=="
     },
     "prettier": {
       "version": "2.7.0",
diff --git a/package.json b/package.json
index 0c3938c..22ddaf0 100644
--- a/package.json
+++ b/package.json
@@ -25,7 +25,7 @@
     "@actions/core": "^1.10.1",
     "@actions/github": "^6.0.0",
     "@github/dependency-submission-toolkit": "^1.2.10",
-    "packageurl-js": "^1.1.1",
+    "packageurl-js": "^1.2.1",
     "zod": "^3.22.4"
   },
   "devDependencies": {

From fcf9d02d7635c2655bb94304f252ff51752af735 Mon Sep 17 00:00:00 2001
From: Kenichi Kamiya <kachick1@gmail.com>
Date: Sun, 18 Feb 2024 15:12:10 +0900
Subject: [PATCH 2/2] `makers setup && makers build`

---
 dist/index.js | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/dist/index.js b/dist/index.js
index 2237ab3..c826cc2 100644
--- a/dist/index.js
+++ b/dist/index.js
@@ -38755,11 +38755,20 @@ var require_package_url2 = __commonJS({
       _handlePyPi() {
         this.name = this.name.toLowerCase().replace(/_/g, "-");
       }
+      _handlePub() {
+        this.name = this.name.toLowerCase();
+        if (!/^[a-z0-9_]+$/i.test(this.name)) {
+          throw new Error("Invalid purl: contains an illegal character.");
+        }
+      }
       toString() {
         var purl = ["pkg:", encodeURIComponent(this.type), "/"];
         if (this.type === "pypi") {
           this._handlePyPi();
         }
+        if (this.type === "pub") {
+          this._handlePub();
+        }
         if (this.namespace) {
           purl.push(
             encodeURIComponent(this.namespace).replace(/%3A/g, ":").replace(/%2F/g, "/")
@@ -38769,7 +38778,7 @@ var require_package_url2 = __commonJS({
         purl.push(encodeURIComponent(this.name).replace(/%3A/g, ":"));
         if (this.version) {
           purl.push("@");
-          purl.push(encodeURIComponent(this.version).replace(/%3A/g, ":"));
+          purl.push(encodeURIComponent(this.version).replace(/%3A/g, ":").replace(/%2B/g, "+"));
         }
         if (this.qualifiers) {
           purl.push("?");
@@ -38792,7 +38801,8 @@ var require_package_url2 = __commonJS({
         if (!purl || typeof purl !== "string" || !purl.trim()) {
           throw new Error("A purl string argument is required.");
         }
-        let [scheme, remainder] = purl.split(":", 2);
+        let scheme = purl.slice(0, purl.indexOf(":"));
+        let remainder = purl.slice(purl.indexOf(":") + 1);
         if (scheme !== "pkg") {
           throw new Error('purl is missing the required "pkg" scheme component.');
         }
@@ -38825,7 +38835,7 @@ var require_package_url2 = __commonJS({
           let index = path.indexOf("@");
           let rawVersion = path.substring(index + 1);
           version2 = decodeURIComponent(rawVersion);
-          let versionEncoded = encodeURIComponent(version2).replace(/%3A/g, ":");
+          let versionEncoded = encodeURIComponent(version2).replace(/%3A/g, ":").replace(/%2B/g, "+");
           if (rawVersion !== versionEncoded) {
             throw new Error("Invalid purl: version must be percent-encoded");
           }