Merge branch 'main' into dependabot/npm_and_yarn/types/node-20.17.46

Author: jreineckearm

.github/workflows/ci.yml

@@ -12,11 +12,23 @@ on:
   release:
     types: [published]
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
 jobs:
   build:
     name: Build and test
     runs-on: [ubuntu-latest]
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
@@ -111,6 +123,11 @@ jobs:
           - linux-arm64
           - darwin-arm64
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
@@ -157,6 +174,11 @@ jobs:
     if: github.event_name == 'release'
     needs: package
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
       - name: Download packages
         uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
         with:

.github/workflows/codeql.yml

@@ -24,6 +24,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
       - name: Checkout
         id: checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

.github/workflows/dependency-review.yml

@@ -0,0 +1,19 @@
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: 'Checkout Repository'
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: 'Dependency Review'
+        uses: actions/dependency-review-action@38ecb5b593bf0eb19e335c03f97670f792489a8b # v4.7.0

.github/workflows/markdown.yml

@@ -43,6 +43,11 @@ jobs:
     name: Check Markdown Links
     runs-on: ubuntu-latest
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Check Links

.github/workflows/mkdocs.yml

@@ -16,6 +16,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -49,7 +52,14 @@ jobs:
     if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
     runs-on: ubuntu-latest
     needs: build
+    permissions:
+      contents: write  # for Git to git push
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
       - name: Checkout vscode-cmsis-debugger
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:

.github/workflows/scorecard.yml

@@ -75,6 +75,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable the upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
         with:
           sarif_file: results.sarif

.github/workflows/tpip.yml

@@ -12,16 +12,30 @@ on:
 
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
 jobs:
   report:
+    permissions:
+      contents: write  # for Git to git push
     name: Generate report
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.head_ref }}
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: '20'
           cache: 'yarn'

docs/debug_views.md

@@ -168,7 +168,7 @@ Inline breakpoints are only hit when the execution reaches the column associated
 This is useful when debugging minified code, which contains multiple statements in a single line.
 
 An inline breakpoint can be set using **Shift + F9** or through the context menu during a debug session.
-Inline breakpoint are shown inline in the editor.
+Inline breakpoints are shown inline in the editor.
 
 Inline breakpoints can also have conditions. Editing multiple breakpoints on a line is possible through the
 context menu in the editor's left margin.

package.json

@@ -250,11 +250,11 @@
     "ts-jest": "29.3.2",
     "ts-loader": "^9.5.2",
     "ts-node": "^10.9.2",
-    "type-fest": "^4.40.1",
+    "type-fest": "^4.41.0",
     "typescript": "^5.8.3",
     "typescript-eslint": "8.32.0",
     "vscode-uri": "^3.1.0",
-    "webpack": "^5.99.7",
+    "webpack": "^5.99.8",
     "webpack-cli": "^6.0.1",
     "yargs": "^17.7.2"
   },

src/utils.test.ts

@@ -0,0 +1,49 @@
+/**
+ * Copyright 2025 Arm Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+jest.mock('path');
+import * as os from 'os';
+import * as path from 'path';
+import { getCmsisPackRootPath, isWindows } from './utils';
+
+const CMSIS_PACK_ROOT_DEFAULT = 'mock/path';
+describe('getCmsisPackRoot', () => {
+
+    afterEach(() => {
+        jest.clearAllMocks();
+    });
+
+    it('checks if CMSIS_PACK_ROOT already exists', () => {
+        const originalProcessEnv = process.env;
+        process.env = { ...originalProcessEnv, CMSIS_PACK_ROOT: CMSIS_PACK_ROOT_DEFAULT };
+        const returnValue = getCmsisPackRootPath();
+        expect(returnValue).toBe(CMSIS_PACK_ROOT_DEFAULT);
+        process.env = originalProcessEnv;
+    });
+
+    it('checks if CMSIS_PACK_ROOT has been added or not', () => {
+        const originalProcessEnv = process.env;
+        delete process.env['CMSIS_PACK_ROOT'];
+        const spy = jest.spyOn(path, 'join');
+        getCmsisPackRootPath();
+        if (isWindows) {
+            expect(spy).toHaveBeenCalledWith(process.env['LOCALAPPDATA'] ?? os.homedir(), 'Arm', 'Packs');
+        } else {
+            expect(spy).toHaveBeenCalledWith(os.homedir(), '.cache', 'arm', 'packs');
+        }
+        process.env = originalProcessEnv;
+    });
+});