Bump tj-actions/verify-changed-files from 16 to 17 in /.github/workflows #536

dependabot · 2024-01-02T16:44:15Z

Bumps tj-actions/verify-changed-files from 16 to 17.

Release notes

Sourced from tj-actions/verify-changed-files's releases.

v17

Changes in v17.0.0

🔥 🔥 BREAKING CHANGE 🔥 🔥

A new safe_output input is now available to prevent outputting unsafe filename characters (Enabled by default). This would escape characters in the filename that could be used for command injection.

[!NOTE] This can be disabled by setting the safe_output to false this comes with a recommendation to store all outputs generated in an environment variable first before using them.

Example
...
      - name: Verify Changed files
        uses: tj-actions/verify-changed-files@v16
        id: verify-changed-files
        with:
          safe_output: false # set to false because we are using an environment variable to store the output and avoid command injection.
  - name: List all changed tracked and untracked files
    env:
      FILES_CHANGED: ${{ steps.verify-changed-files.outputs.changed_files }}
    run: |
      echo &quot;Changed files: $FILES_CHANGED

...
What's Changed

Upgraded to v16.1.1 by @tj-actions-bot in tj-actions/verify-changed-files#343

chore(deps): update actions/checkout action to v4.1.1 by @renovate in tj-actions/verify-changed-files#344

Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in tj-actions/verify-changed-files#345

chore(deps): update tj-actions/auto-doc action to v3.1.1 by @renovate in tj-actions/verify-changed-files#346

chore(deps): update tj-actions/auto-doc action to v3.2.0 by @renovate in tj-actions/verify-changed-files#347

chore(deps): update tj-actions/auto-doc action to v3.2.1 by @renovate in tj-actions/verify-changed-files#348

chore(deps): update tj-actions/auto-doc action to v3.3.0 by @renovate in tj-actions/verify-changed-files#349

chore(deps): update tj-actions/auto-doc action to v3.4.0 by @renovate in tj-actions/verify-changed-files#350

Updated README.md by @tj-actions-bot in tj-actions/verify-changed-files#351

Updated README.md by @tj-actions-bot in tj-actions/verify-changed-files#352

Updated README.md by @tj-actions-bot in tj-actions/verify-changed-files#353

chore(deps): update github/codeql-action action to v3 by @renovate in tj-actions/verify-changed-files#354

Updated README.md by @tj-actions-bot in tj-actions/verify-changed-files#355

chore: update entrypoint.sh by @jackton1 in tj-actions/verify-changed-files#357

Full Changelog: tj-actions/verify-changed-files@v16...v17.0.0

v17.0.0

🔥 🔥 BREAKING CHANGE 🔥 🔥

A new safe_output input is now available to prevent outputting unsafe filename characters (Enabled by default). This would escape characters in the filename that could be used for command injection.

... (truncated)

Changelog

Sourced from tj-actions/verify-changed-files's changelog.

➕ Add

Create SECURITY.md (08975f0) - (Tonye Jack)

➖ Remove

Deleted .github/workflows/auto-approve.yml (7b7a3b8) - (Tonye Jack)

Deleted .github/workflows/greetings.yml (9f02ec6) - (Tonye Jack)

🔄 Update

Update README.md (bc950d8) - (Tonye Jack)

Update README.md (e302902) - (Tonye Jack)

Update README.md (2f947c4) - (Tonye Jack)

Update README.md (a6a8167) - (Tonye Jack)

Updated README.md (f151bce) - (jackton1)

Updated README.md (3571d65) - (jackton1)

Update README.md (126b949) - (Tonye Jack)

Updated README.md (47f2c87) - (jackton1)

Update update-readme.yml (14b9592) - (Tonye Jack)

Updated README.md (301fce7) - (jackton1)

Update README.md (1e75cac) - (Tonye Jack)

Update README.md (7149bbe) - (Tonye Jack)

Update README.md (78dc414) - (Tonye Jack)

📝 Other

PR #355: README.md (6f91e27) - (repo-ranger[bot])

Merge pull request from GHSA-ghm2-rq8q-wrhc

feat: add safe_output input enabled by default

fix: migrate README to safe uses of interpolation

fix: also sanitize )

fix: remove sanitization of '

fix: also sanitize |

fix: also sanitize &

fix: also sanitize ; (498d3f3) - (Jorge)

PR #354: update github/codeql-action action to v3 (97c5ec9) - (repo-ranger[bot])

PR #353: README.md (5eff60f) - (repo-ranger[bot])

PR #352: README.md (4053b68) - (repo-ranger[bot])

... (truncated)

Commits

bc950d8 Update README.md
e302902 Update README.md
2f947c4 Update README.md
a6a8167 Update README.md
592e305 chore: update entrypoint.sh (#357)
6f91e27 Merge pull request #355 from tj-actions/chore/update-readme
f151bce Updated README.md
498d3f3 Merge pull request from GHSA-ghm2-rq8q-wrhc
08975f0 Create SECURITY.md
97c5ec9 Merge pull request #354 from tj-actions/renovate/github-codeql-action-3.x
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [tj-actions/verify-changed-files](https://github.com/tj-actions/verify-changed-files) from 16 to 17. - [Release notes](https://github.com/tj-actions/verify-changed-files/releases) - [Changelog](https://github.com/tj-actions/verify-changed-files/blob/main/HISTORY.md) - [Commits](tj-actions/verify-changed-files@v16...v17) --- updated-dependencies: - dependency-name: tj-actions/verify-changed-files dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2024-01-04T05:05:25Z

Looks like tj-actions/verify-changed-files is up-to-date now, so this is no longer needed.

dependabot bot added dependencies github_actions Pull requests that update Github_actions code labels Jan 2, 2024

dependabot bot closed this Jan 4, 2024

dependabot bot deleted the dependabot/github_actions/dot-github/workflows/tj-actions/verify-changed-files-17 branch January 4, 2024 05:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump tj-actions/verify-changed-files from 16 to 17 in /.github/workflows #536

Bump tj-actions/verify-changed-files from 16 to 17 in /.github/workflows #536

dependabot bot commented on behalf of github Jan 2, 2024 •

edited

dependabot bot commented on behalf of github Jan 4, 2024

Bump tj-actions/verify-changed-files from 16 to 17 in /.github/workflows #536

Bump tj-actions/verify-changed-files from 16 to 17 in /.github/workflows #536

Conversation

dependabot bot commented on behalf of github Jan 2, 2024 • edited

v17

Changes in v17.0.0

🔥 🔥 BREAKING CHANGE 🔥 🔥

Example

What's Changed

v17.0.0

🔥 🔥 BREAKING CHANGE 🔥 🔥

➕ Add

➖ Remove

🔄 Update

📝 Other

dependabot bot commented on behalf of github Jan 4, 2024

dependabot bot commented on behalf of github Jan 2, 2024 •

edited