Relative sourceMappingURL should be resolved relative to the JS file

[evanweible-wf]

Currently, the python script used by this action uses the sourceroot input to resolve relative URIs in the sarif file as well as relative sourceMappingURLs read from the end of a JS file (the output of sourcemap.discover(...)). The first usage makes sense, as the sarif output from github/codeql-action/analyze@v2 uses URLs relative to the root of the repo by default, but I think the second usage is incorrect. My understanding is that the sourceMappingURL value must be a URI, and if it is relative, it should be resolved relative to the JS file it is included in.

When they are instead resolved relative to sourceroot, I'm unable to configure and run this action in a way that both the compiled JS file and its sourcemap can be located successfully.

[aegilops]

Thanks for raising the issue. I'm happy to go ahead and merge. It'd be best to see a sample repo that demonstrates this issue and for me to see that this change resolves it, but I won't make that a blocker for merging

[aegilops]

I've merged #4 to resolve this.

Please can you test it to confirm it works in your case? If so I'll close this issue.

Thanks for raising this issue and for your PR 🙏