From 5faea996b088158d464e51706ae30811ca2ac08b Mon Sep 17 00:00:00 2001
From: "Shane F. Carr" <shane@unicode.org>
Date: Tue, 3 Sep 2024 11:22:03 -0700
Subject: [PATCH] ICU-22723 Update double-conversion

---
 .../upstream/.github/dependabot.yml           |  8 +++
 .../upstream/.github/workflows/ci.yml         |  2 +-
 .../upstream/.github/workflows/cifuzz.yml     | 37 +++++++++++
 .../upstream/.github/workflows/scons.yml      |  2 +-
 .../upstream/.github/workflows/scorecard.yml  | 63 +++++++++++++++++++
 .../double-conversion/upstream/CMakeLists.txt |  7 ++-
 .../double-conversion/upstream/MODULE.bazel   |  7 +++
 vendor/double-conversion/upstream/README.md   |  4 ++
 .../upstream/msvc/double-conversion.vcxproj   |  4 +-
 9 files changed, 128 insertions(+), 6 deletions(-)
 create mode 100644 vendor/double-conversion/upstream/.github/dependabot.yml
 create mode 100644 vendor/double-conversion/upstream/.github/workflows/cifuzz.yml
 create mode 100644 vendor/double-conversion/upstream/.github/workflows/scorecard.yml
 create mode 100644 vendor/double-conversion/upstream/MODULE.bazel

diff --git a/vendor/double-conversion/upstream/.github/dependabot.yml b/vendor/double-conversion/upstream/.github/dependabot.yml
new file mode 100644
index 000000000000..5bacb9a4eacb
--- /dev/null
+++ b/vendor/double-conversion/upstream/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions" # Necessary to update action hashs	
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    # Allow up to 3 opened pull requests for github-actions versions
+    open-pull-requests-limit: 3
diff --git a/vendor/double-conversion/upstream/.github/workflows/ci.yml b/vendor/double-conversion/upstream/.github/workflows/ci.yml
index 72aef9ee7be0..bbc25b74f45a 100644
--- a/vendor/double-conversion/upstream/.github/workflows/ci.yml
+++ b/vendor/double-conversion/upstream/.github/workflows/ci.yml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ${{ matrix.container }}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Configure
         shell: bash
diff --git a/vendor/double-conversion/upstream/.github/workflows/cifuzz.yml b/vendor/double-conversion/upstream/.github/workflows/cifuzz.yml
new file mode 100644
index 000000000000..f29b4dc78b7a
--- /dev/null
+++ b/vendor/double-conversion/upstream/.github/workflows/cifuzz.yml
@@ -0,0 +1,37 @@
+name: CIFuzz
+on: [pull_request]
+permissions:
+  contents: read
+jobs:
+ Fuzzing:
+   runs-on: ubuntu-latest
+   permissions:
+     security-events: write
+   steps:
+   - name: Build Fuzzers
+     id: build
+     uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@a790ab47e189e5e3b4941b991f4784ec769a9e70
+     with:
+       oss-fuzz-project-name: 'double-conversion'
+       language: c++
+   - name: Run Fuzzers
+     uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@a790ab47e189e5e3b4941b991f4784ec769a9e70
+     with:
+       oss-fuzz-project-name: 'double-conversion'
+       language: c++
+       fuzz-seconds: 300
+       output-sarif: true
+   - name: Upload Crash
+     uses: actions/upload-artifact@65d862660abb392b8c4a3d1195a2108db131dd05
+     if: failure() && steps.build.outcome == 'success'
+     with:
+       name: artifacts
+       path: ./out/artifacts
+   - name: Upload Sarif
+     if: always() && steps.build.outcome == 'success'
+     uses: github/codeql-action/upload-sarif@ce84bed59466c6755ffcf84a426881bafbb162e1
+     with:
+      # Path to SARIF file relative to the root of the repository
+      sarif_file: cifuzz-sarif/results.sarif
+      checkout_path: cifuzz-sarif
+      category: CIFuzz
diff --git a/vendor/double-conversion/upstream/.github/workflows/scons.yml b/vendor/double-conversion/upstream/.github/workflows/scons.yml
index 3109cb2f4c27..0505ced7fefc 100644
--- a/vendor/double-conversion/upstream/.github/workflows/scons.yml
+++ b/vendor/double-conversion/upstream/.github/workflows/scons.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Install dependencies
         run: |
diff --git a/vendor/double-conversion/upstream/.github/workflows/scorecard.yml b/vendor/double-conversion/upstream/.github/workflows/scorecard.yml
new file mode 100644
index 000000000000..b8d556fe1902
--- /dev/null
+++ b/vendor/double-conversion/upstream/.github/workflows/scorecard.yml
@@ -0,0 +1,63 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '29 2 * * 0'
+  push:
+    branches: [ "master" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write # to upload the results to code-scanning dashboard
+      id-token: write # to publish results and get a badge
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if you want to enable the
+          # Branch-Protection check
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-fine-grained-pat-optional.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        with:
+          sarif_file: results.sarif
diff --git a/vendor/double-conversion/upstream/CMakeLists.txt b/vendor/double-conversion/upstream/CMakeLists.txt
index 644d8b66db45..79ee40c30f7a 100644
--- a/vendor/double-conversion/upstream/CMakeLists.txt
+++ b/vendor/double-conversion/upstream/CMakeLists.txt
@@ -3,8 +3,11 @@ project(double-conversion VERSION 3.3.0)
 
 option(BUILD_SHARED_LIBS "Build shared libraries (.dll/.so) instead of static ones (.lib/.a)" OFF)
 
-if(BUILD_SHARED_LIBS AND MSVC)
-  set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS ON)
+if(MSVC)
+  if(BUILD_SHARED_LIBS)
+    set(CMAKE_WINDOWS_EXPORT_ALL_SYMBOLS ON)
+  endif()
+  set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} /D_DEBUG /D_ITERATOR_DEBUG_LEVEL=2")
 endif()
 
 set(headers
diff --git a/vendor/double-conversion/upstream/MODULE.bazel b/vendor/double-conversion/upstream/MODULE.bazel
new file mode 100644
index 000000000000..3beab1867ad6
--- /dev/null
+++ b/vendor/double-conversion/upstream/MODULE.bazel
@@ -0,0 +1,7 @@
+module(
+    name = "double-conversion",
+    compatibility_level = 1,
+    version = "0.0.0",
+)
+
+bazel_dep(name = "rules_cc", version = "0.0.6")
diff --git a/vendor/double-conversion/upstream/README.md b/vendor/double-conversion/upstream/README.md
index e5d9a4e68246..d8e9190c9404 100644
--- a/vendor/double-conversion/upstream/README.md
+++ b/vendor/double-conversion/upstream/README.md
@@ -1,5 +1,9 @@
+Double Conversion
+========
 https://github.com/google/double-conversion
 
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/google/double-conversion/badge)](https://securityscorecards.dev/viewer/?uri=github.com/google/double-conversion)
+
 This project (double-conversion) provides binary-decimal and decimal-binary
 routines for IEEE doubles.
 
diff --git a/vendor/double-conversion/upstream/msvc/double-conversion.vcxproj b/vendor/double-conversion/upstream/msvc/double-conversion.vcxproj
index e2d2ef87eadd..cf3aa3aa3c74 100644
--- a/vendor/double-conversion/upstream/msvc/double-conversion.vcxproj
+++ b/vendor/double-conversion/upstream/msvc/double-conversion.vcxproj
@@ -88,7 +88,7 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;_ITERATOR_DEBUG_LEVEL=2;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <SDLCheck>true</SDLCheck>
     </ClCompile>
     <Link>
@@ -102,7 +102,7 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;_ITERATOR_DEBUG_LEVEL=2;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <SDLCheck>true</SDLCheck>
     </ClCompile>
     <Link>