Skip to content

v3.0.0

Marketplace
Marketplace
Compare
Choose a tag to compare
@github-actions github-actions released this 19 Oct 20:53
· 19 commits to main since this release
v3.0.0
a2581d6

3.0.0 (2022-10-19)

Bug Fixes

  • deps: bump @actions/core from 1.9.1 to 1.10.0 (284e5eb)
  • Ensure releases can be pinned to SHAs #23 (#39) (428eec3)

Features

  • mitigating script injection attacks by passing issue body as env var (#42) (0b27d4a)

BREAKING CHANGES

  • Add issue-body argument which is required from v3 onwards

To mitigate script injection attacks, github-issue-parser v3 will require workflow authors to pass the issue body as an argument. By doing so you will follow GitHub's Good practices for mitigating script injection attacks

- uses: stefanbuck/github-issue-parser@v3
  id: issue-parser
  with:
    issue-body: ${{ github.event.issue.body }} # required
    template-path: .github/ISSUE_TEMPLATE/bug-report.yml # optional but recommended

The previous checkbox output produced this:

 {
    "laravel": true,
    "svelte": true,
 }

whereas the new output will be an array like this

{
    "fav_frameworks": ["Laravel", "Svelte"]
}
Assets 2