Bump actions/checkout from 2 to 3 #6

dependabot · 2022-06-14T17:21:11Z

Release notes

Sourced from actions/checkout's releases.

v3.0.0

Updated to the node16 runtime by default

This requires a minimum Actions Runner version of v2.285.0 to run, which is by default available in GHES 3.4 or later.

v2.4.2

What's Changed

Add set-safe-directory input to allow customers to take control. (#770) by @TingluoHuang in actions/checkout#776

Prepare changelog for v2.4.2. by @TingluoHuang in actions/checkout#778

Full Changelog: actions/checkout@v2...v2.4.2

v2.4.1

Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory

v2.4.0

Convert SSH URLs like org-<ORG_ID>@github.com: to https://github.com/ - pr

v2.3.5

Update dependencies

v2.3.4

Add missing awaits

Swap to Environment Files

v2.3.3

Remove Unneeded commit information from build logs

Add Licensed to verify third party dependencies

v2.3.2

Add Third Party License Information to Dist Files

v2.3.1

Fix default branch resolution for .wiki and when using SSH

v2.3.0

Fallback to the default branch

v2.2.0

Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Changes to support GHES (here and here)

v2.1.0

Group output

Changes to support GHES alpha release

Persist core.sshCommand for submodules

Add support ssh

Convert submodule SSH URL to HTTPS, when not using SSH

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v3.0.2

Add input set-safe-directory

v3.0.1

Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory

Bumped various npm package versions

v3.0.0

Update to node 16

v2.3.1

Fix default branch resolution for .wiki and when using SSH

v2.3.0

Fallback to the default branch

v2.2.0

Fetch all history for all tags and branches when fetch-depth=0

v2.1.1

Changes to support GHES (here and here)

v2.1.0

Group output

Changes to support GHES alpha release

Persist core.sshCommand for submodules

Add support ssh

Convert submodule SSH URL to HTTPS, when not using SSH

Add submodule support

Follow proxy settings

Fix ref for pr closed event when a pr is merged

Fix issue checking detached when git less than 2.22

v2.0.0

Do not pass cred on command line

Add input persist-credentials

Fallback to REST API to download repo

Commits

2541b12 Prepare changelog for v3.0.2. (#777)
0ffe6f9 Add set-safe-directory input to allow customers to take control. (#770)
dcd71f6 Enforce safe directory (#762)
add3486 Patch to fix the dependbot alert. (#744)
5126516 Bump minimist from 1.2.5 to 1.2.6 (#741)
d50f8ea Add v3.0 release information to changelog (#740)
2d1c119 update test workflows to checkout v3 (#709)
a12a394 update readme for v3 (#708)
8f9e05e Update to node 16 (#689)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v3) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2022-06-14T17:40:47Z

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Ran into this when using to_port(getenv(...)). It crashes under ASAN, but not sure if that's because strtol() is intercepted. Testing CI ``` ================================================================= ==2832157==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55d178a21121 at pc 0x7f5df300127c bp 0x7fffcb3b83b0 sp 0x7fffcb3b7b60 READ of size 1 at 0x55d178a21121 thread T0 #0 0x7f5df300127b in __interceptor_strcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:446 #1 0x55d179d8b954 in zeek::util::streq(char const*, char const*) ../src/util.cc:1107 #2 0x55d17a18d0cd in zeek::BifFunc::to_port_bif(zeek::detail::Frame*, std::vector<zeek::IntrusivePtr<zeek::Val>, std::allocator<zeek::IntrusivePtr<zeek::Val> > > const*) <...>/zeek/build/zeek.bif:2888 #3 0x55d17a16a99b in zeek::detail::BuiltinFunc::Invoke(std::vector<zeek::IntrusivePtr<zeek::Val>, std::allocator<zeek::IntrusivePtr<zeek::Val> > >*, zeek::detail::Frame*) const ../src/Func.cc:706 #4 0x55d17a07b7f3 in zeek::detail::CallExpr::Eval(zeek::detail::Frame*) const ../src/Expr.cc:4709 #5 0x55d17a339bce in zeek::detail::ExprStmt::Exec(zeek::detail::Frame*, zeek::detail::StmtFlowType&) ../src/Stmt.cc:427 #6 0x55d17a33ab6f in zeek::detail::StmtList::Exec(zeek::detail::Frame*, zeek::detail::StmtFlowType&) ../src/Stmt.cc:1649 #7 0x55d179e78b9c in zeek::detail::setup(int, char**, zeek::Options*) ../src/zeek-setup.cc:1063 #8 0x55d17bcfd18d in main ../src/main.cc:13 #9 0x7f5df268cd09 in __libc_start_main ../csu/libc-start.c:308 #10 0x55d179ade2a9 in _start (<...>/zeek/build/src/zeek+0x346c2a9) 0x55d178a21121 is located 63 bytes to the left of global variable '*.LC3' defined in '../src/ZeekString.cc' (0x55d178a21160) of size 11 '*.LC3' is ascii string 'ZeekString' 0x55d178a21121 is located 0 bytes to the right of global variable '*.LC2' defined in '../src/ZeekString.cc' (0x55d178a21120) of size 1 '*.LC2' is ascii string '' SUMMARY: AddressSanitizer: global-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:446 in __interceptor_strcmp Shadow bytes around the buggy address: 0x0abaaf13c1d0: f9 f9 f9 f9 00 00 00 00 06 f9 f9 f9 f9 f9 f9 f9 0x0abaaf13c1e0: 00 00 04 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 0x0abaaf13c1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 02 f9 f9 0x0abaaf13c200: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 06 f9 f9 0x0abaaf13c210: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 f9 f9 =>0x0abaaf13c220: f9 f9 f9 f9[01]f9 f9 f9 f9 f9 f9 f9 00 03 f9 f9 0x0abaaf13c230: f9 f9 f9 f9 00 05 f9 f9 f9 f9 f9 f9 00 00 00 02 0x0abaaf13c240: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 02 f9 f9 0x0abaaf13c250: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 0x0abaaf13c260: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 0x0abaaf13c270: f9 f9 f9 f9 00 00 02 f9 f9 f9 f9 f9 00 00 00 07 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2832157==ABORTING ```

Ran into this when using to_port(getenv(...)) for an undefined/empty environment variable. ASAN doesn't like that the slash variable ends up being access behind the string. ``` ================================================================= ==2832157==ERROR: AddressSanitizer: global-buffer-overflow on address 0x55d178a21121 at pc 0x7f5df300127c bp 0x7fffcb3b83b0 sp 0x7fffcb3b7b60 READ of size 1 at 0x55d178a21121 thread T0 #0 0x7f5df300127b in __interceptor_strcmp ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:446 #1 0x55d179d8b954 in zeek::util::streq(char const*, char const*) ../src/util.cc:1107 #2 0x55d17a18d0cd in zeek::BifFunc::to_port_bif(zeek::detail::Frame*, std::vector<zeek::IntrusivePtr<zeek::Val>, std::allocator<zeek::IntrusivePtr<zeek::Val> > > const*) <...>/zeek/build/zeek.bif:2888 #3 0x55d17a16a99b in zeek::detail::BuiltinFunc::Invoke(std::vector<zeek::IntrusivePtr<zeek::Val>, std::allocator<zeek::IntrusivePtr<zeek::Val> > >*, zeek::detail::Frame*) const ../src/Func.cc:706 #4 0x55d17a07b7f3 in zeek::detail::CallExpr::Eval(zeek::detail::Frame*) const ../src/Expr.cc:4709 #5 0x55d17a339bce in zeek::detail::ExprStmt::Exec(zeek::detail::Frame*, zeek::detail::StmtFlowType&) ../src/Stmt.cc:427 #6 0x55d17a33ab6f in zeek::detail::StmtList::Exec(zeek::detail::Frame*, zeek::detail::StmtFlowType&) ../src/Stmt.cc:1649 #7 0x55d179e78b9c in zeek::detail::setup(int, char**, zeek::Options*) ../src/zeek-setup.cc:1063 #8 0x55d17bcfd18d in main ../src/main.cc:13 #9 0x7f5df268cd09 in __libc_start_main ../csu/libc-start.c:308 #10 0x55d179ade2a9 in _start (<...>/zeek/build/src/zeek+0x346c2a9) 0x55d178a21121 is located 63 bytes to the left of global variable '*.LC3' defined in '../src/ZeekString.cc' (0x55d178a21160) of size 11 '*.LC3' is ascii string 'ZeekString' 0x55d178a21121 is located 0 bytes to the right of global variable '*.LC2' defined in '../src/ZeekString.cc' (0x55d178a21120) of size 1 '*.LC2' is ascii string '' SUMMARY: AddressSanitizer: global-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:446 in __interceptor_strcmp Shadow bytes around the buggy address: 0x0abaaf13c1d0: f9 f9 f9 f9 00 00 00 00 06 f9 f9 f9 f9 f9 f9 f9 0x0abaaf13c1e0: 00 00 04 f9 f9 f9 f9 f9 00 06 f9 f9 f9 f9 f9 f9 0x0abaaf13c1f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 02 f9 f9 0x0abaaf13c200: f9 f9 f9 f9 00 00 05 f9 f9 f9 f9 f9 00 06 f9 f9 0x0abaaf13c210: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 f9 f9 =>0x0abaaf13c220: f9 f9 f9 f9[01]f9 f9 f9 f9 f9 f9 f9 00 03 f9 f9 0x0abaaf13c230: f9 f9 f9 f9 00 05 f9 f9 f9 f9 f9 f9 00 00 00 02 0x0abaaf13c240: f9 f9 f9 f9 00 00 07 f9 f9 f9 f9 f9 00 02 f9 f9 0x0abaaf13c250: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 05 f9 f9 f9 0x0abaaf13c260: f9 f9 f9 f9 05 f9 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 0x0abaaf13c270: f9 f9 f9 f9 00 00 02 f9 f9 f9 f9 f9 00 00 00 07 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==2832157==ABORTING ```

dependabot bot added the dependencies Pull requests that update a dependency file label Jun 14, 2022

zeek-bot closed this Jun 14, 2022

zeek-bot deleted the dependabot/github_actions/actions/checkout-3 branch June 14, 2022 17:40

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump actions/checkout from 2 to 3 #6

Bump actions/checkout from 2 to 3 #6

dependabot bot commented on behalf of github Jun 14, 2022

dependabot bot commented on behalf of github Jun 14, 2022

Bump actions/checkout from 2 to 3 #6

Bump actions/checkout from 2 to 3 #6

Conversation

dependabot bot commented on behalf of github Jun 14, 2022

v3.0.0

v2.4.2

What's Changed

v2.4.1

v2.4.0

v2.3.5

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.0

v2.1.1

v2.1.0

Changelog

v3.0.2

v3.0.1

v3.0.0

v2.3.1

v2.3.0

v2.2.0

v2.1.1

v2.1.0

v2.0.0

dependabot bot commented on behalf of github Jun 14, 2022