馃敟 馃敟 BREAKING CHANGE 馃敟 馃敟
A new safe_output input is now available to prevent outputting unsafe filename characters (Enabled by default). This would escape characters in the filename that could be used for command injection.
Note
This can be disabled by setting the safe_output to false this comes with a recommendation to store all outputs generated in an environment variable first before using them.
Example
...
- name: Verify Changed files
uses: tj-actions/verify-changed-files@v16
id: verify-changed-files
with:
safe_output: false # set to false because we are using an environment variable to store the output and avoid command injection.
- name: List all changed tracked and untracked files
env:
FILES_CHANGED: ${{ steps.verify-changed-files.outputs.changed_files }}
run: |
echo "Changed files: $FILES_CHANGED
...What's Changed
- Upgraded to v16.1.1 by @tj-actions-bot in #343
- chore(deps): update actions/checkout action to v4.1.1 by @renovate in #344
- Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #345
- chore(deps): update tj-actions/auto-doc action to v3.1.1 by @renovate in #346
- chore(deps): update tj-actions/auto-doc action to v3.2.0 by @renovate in #347
- chore(deps): update tj-actions/auto-doc action to v3.2.1 by @renovate in #348
- chore(deps): update tj-actions/auto-doc action to v3.3.0 by @renovate in #349
- chore(deps): update tj-actions/auto-doc action to v3.4.0 by @renovate in #350
- Updated README.md by @tj-actions-bot in #351
- Updated README.md by @tj-actions-bot in #352
- Updated README.md by @tj-actions-bot in #353
- chore(deps): update github/codeql-action action to v3 by @renovate in #354
- Updated README.md by @tj-actions-bot in #355
- chore: update entrypoint.sh by @jackton1 in #357
Full Changelog: v16...v17.0.0
Contributors
renovate, jackton1, and 2 other contributors