This repository has been archived by the owner on Jul 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
feat(deps): update tj-actions/changed-files action to v41 [security] #45
Merged
halkeye
merged 1 commit into
main
from
renovate/github-tags-tj-actions/changed-files-vulnerability
Jan 3, 2024
Merged
feat(deps): update tj-actions/changed-files action to v41 [security] #45
halkeye
merged 1 commit into
main
from
renovate/github-tags-tj-actions/changed-files-vulnerability
Jan 3, 2024
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
deleted the
renovate/github-tags-tj-actions/changed-files-vulnerability
branch
January 3, 2024 00:44
github-actions bot
pushed a commit
that referenced
this pull request
Feb 9, 2024
- "**deps:** update felddy/foundryvtt docker tag to v11.314 ([b6009bb](b6009bb))" - "**deps:** update felddy/foundryvtt docker tag to v11.315 ([5e485ef](5e485ef))" - "**deps:** update matrixdotorg/synapse docker tag to v1.100.0 ([#40](#40)) ([65e004d](65e004d))" - "**deps:** update tj-actions/changed-files action to v41 [security] ([#45](#45)) ([4cd3e12](4cd3e12))" - "**deps:** update vectorim/element-web docker tag to v1.11.48 ([18ab179](18ab179))" - "**deps:** update vectorim/element-web docker tag to v1.11.49 ([4ca38cd](4ca38cd))"
github-actions bot
pushed a commit
that referenced
this pull request
Feb 15, 2024
- "**deps:** update matrixdotorg/synapse docker tag to v1.100.0 ([#40](#40)) ([65e004d](65e004d))" - "**deps:** update tj-actions/changed-files action to v41 [security] ([#45](#45)) ([4cd3e12](4cd3e12))" - "**deps:** update vectorim/element-web docker tag to v1.11.58 ([#42](#42)) ([20ad383](20ad383))" - "**synapse:** Switch to element version now that matrix-org isn't releasing any ([42f65ff](42f65ff))"
github-actions bot
pushed a commit
that referenced
this pull request
Apr 27, 2024
- "allow homeserver configs to have variables in them ([6d813f5](6d813f5))" - "bump element chart version ([d6f02e8](d6f02e8))" - "bump element-web chart version ([8f9ac0d](8f9ac0d))" - "bump element-web chart version ([3b292b4](3b292b4))" - "bump verison ([14ee022](14ee022))" - "bump verison ([86d6cdb](86d6cdb))" - "bump verison ([eb6c2b7](eb6c2b7))" - "bump version ([1e2876a](1e2876a))" - "bump version ([2268617](2268617))" - "bump version ([2644a3b](2644a3b))" - "create services so main/master can talk to workers since communication is no longer one way ([2056aed](2056aed))" - "force release ([1bf2cfd](1bf2cfd))" - "**foundry-vtt:** Annotation indenting was incorrect and had too many spaces on the first one ([015500e](015500e))" - "**foundry-vtt:** fully upgrade to 11.308 and tell renovate to keep that variable up to date too ([4079f84](4079f84))" - "make sure semantic release exec ([ccb746d](ccb746d))" - "make sure semantic release exec ([8ef7954](8ef7954))" - "mark a bunch of the charts i've moved over to argo or otherwise not using/maintaining as depreciated ([8c8e767](8c8e767))" - "**mautrix-instagram:** use properly released mautrix instagram docker tag ([0a967dd](0a967dd))" - "workers shouldn't connect to master on localhost ([c98afca](c98afca))" - "**deps:** update actions/setup-node action to v4 ([#31](#31)) ([2c6811f](2c6811f))" - "**deps:** update azure/setup-helm action to v4 ([#50](#50)) ([f9c5e72](f9c5e72))" - "**deps:** update dependency semantic-release to v22 ([fa09bc4](fa09bc4))" - "**deps:** update dependency semantic-release to v22.0.1 ([1101ee5](1101ee5))" - "**deps:** update dependency semantic-release to v23 ([#46](#46)) ([ff6fd10](ff6fd10))" - "**deps:** update dependency semantic-release-helm3 to v2.9.3 ([4bf6a79](4bf6a79))" - "**deps:** update dock.mau.dev/mautrix/instagram docker tag to v0.3.0 ([3fa69ee](3fa69ee))" - "**deps:** update dock.mau.dev/mautrix/instagram docker tag to v0.3.1 ([542b21c](542b21c))" - "**deps:** update dock.mau.dev/mautrix/whatsapp docker tag to v0.10.3 ([01b7dd5](01b7dd5))" - "**deps:** update dock.mau.dev/mautrix/whatsapp docker tag to v0.10.5 ([#41](#41)) ([e2cc82d](e2cc82d))" - "**deps:** update engineerd/configurator action to v0.0.10 ([ecc1d36](ecc1d36))" - "**deps:** update felddy/foundryvtt docker tag to v10.303 ([013c03b](013c03b))" - "**deps:** update felddy/foundryvtt docker tag to v11 ([d08fef7](d08fef7))" - "**deps:** update felddy/foundryvtt docker tag to v11.311 ([7cfb5c4](7cfb5c4))" - "**deps:** update felddy/foundryvtt docker tag to v11.313 ([8820393](8820393))" - "**deps:** update felddy/foundryvtt docker tag to v11.314 ([b6009bb](b6009bb))" - "**deps:** update felddy/foundryvtt docker tag to v11.315 ([5e485ef](5e485ef))" - "**deps:** update matrixdotorg/synapse docker tag to v1.100.0 ([#40](#40)) ([65e004d](65e004d))" - "**deps:** update matrixdotorg/synapse docker tag to v1.101.0 ([#48](#48)) ([826fdfe](826fdfe))" - "**deps:** update matrixdotorg/synapse docker tag to v1.102.0 ([#51](#51)) ([c2a82bc](c2a82bc))" - "**deps:** update matrixdotorg/synapse docker tag to v1.103.0 ([#57](#57)) ([4171e9a](4171e9a))" - "**deps:** update matrixdotorg/synapse docker tag to v1.92.2 ([78dfe62](78dfe62))" - "**deps:** update matrixdotorg/synapse docker tag to v1.93.0 ([4d09f33](4d09f33))" - "**deps:** update matrixdotorg/synapse docker tag to v1.94.0 ([ff8fecd](ff8fecd))" - "**deps:** update matrixdotorg/synapse docker tag to v1.95.0 ([ee35ac6](ee35ac6))" - "**deps:** update matrixdotorg/synapse docker tag to v1.95.1 ([7526cc9](7526cc9))" - "**deps:** update semantic-release monorepo ([#60](#60)) ([9fb9019](9fb9019))" - "**deps:** update signald/signald docker tag to v0.23.2 ([d439dcc](d439dcc))" - "**deps:** update tj-actions/changed-files action to v40 ([ec07b8a](ec07b8a))" - "**deps:** update tj-actions/changed-files action to v41 [security] ([#45](#45)) ([4cd3e12](4cd3e12))" - "**deps:** update tj-actions/changed-files action to v42 ([#47](#47)) ([c7f88a6](c7f88a6))" - "**deps:** update tj-actions/changed-files action to v43 ([#53](#53)) ([ce0486f](ce0486f))" - "**deps:** update vectorim/element-web docker tag to v1.11.43 ([623f095](623f095))" - "**deps:** update vectorim/element-web docker tag to v1.11.44 ([740a64e](740a64e))" - "**deps:** update vectorim/element-web docker tag to v1.11.45 ([e5e0768](e5e0768))" - "**deps:** update vectorim/element-web docker tag to v1.11.46 ([80c44ec](80c44ec))" - "**deps:** update vectorim/element-web docker tag to v1.11.47 ([bd19d7e](bd19d7e))" - "**deps:** update vectorim/element-web docker tag to v1.11.48 ([18ab179](18ab179))" - "**deps:** update vectorim/element-web docker tag to v1.11.49 ([4ca38cd](4ca38cd))" - "**deps:** update vectorim/element-web docker tag to v1.11.58 ([#42](#42)) ([20ad383](20ad383))" - "**deps:** update vectorim/element-web docker tag to v1.11.59 ([#49](#49)) ([a5a8ba8](a5a8ba8))" - "**deps:** update vectorim/element-web docker tag to v1.11.60 ([#52](#52)) ([c98fb62](c98fb62))" - "**deps:** update vectorim/element-web docker tag to v1.11.61 ([#54](#54)) ([16156ae](16156ae))" - "**deps:** update vectorim/element-web docker tag to v1.11.62 ([#58](#58)) ([7113125](7113125))" - "**deps:** update vectorim/element-web docker tag to v1.11.63 ([#62](#62)) ([d3a7daa](d3a7daa))" - "**deps:** update vectorim/element-web docker tag to v1.11.64 ([#64](#64)) ([3ef95ec](3ef95ec))" - "force release ([f89d4ef](f89d4ef))" - "force release ([776a440](776a440))" - "force release ([44bcdc0](44bcdc0))" - "**matrix-signal:** Update default config file to match master ([ed55458](ed55458))" - "**synapse:** Switch to element version now that matrix-org isn't releasing any ([42f65ff](42f65ff))"
github-actions bot
pushed a commit
that referenced
this pull request
Apr 27, 2024
- "allow homeserver configs to have variables in them ([6d813f5](6d813f5))" - "create services so main/master can talk to workers since communication is no longer one way ([2056aed](2056aed))" - "mark a bunch of the charts i've moved over to argo or otherwise not using/maintaining as depreciated ([8c8e767](8c8e767))" - "workers shouldn't connect to master on localhost ([c98afca](c98afca))" - "**deps:** update actions/setup-node action to v4 ([#31](#31)) ([2c6811f](2c6811f))" - "**deps:** update azure/setup-helm action to v4 ([#50](#50)) ([f9c5e72](f9c5e72))" - "**deps:** update dependency semantic-release to v22 ([fa09bc4](fa09bc4))" - "**deps:** update dependency semantic-release to v22.0.1 ([1101ee5](1101ee5))" - "**deps:** update dependency semantic-release to v23 ([#46](#46)) ([ff6fd10](ff6fd10))" - "**deps:** update dependency semantic-release-helm3 to v2.9.3 ([4bf6a79](4bf6a79))" - "**deps:** update dock.mau.dev/mautrix/whatsapp docker tag to v0.10.3 ([01b7dd5](01b7dd5))" - "**deps:** update dock.mau.dev/mautrix/whatsapp docker tag to v0.10.5 ([#41](#41)) ([e2cc82d](e2cc82d))" - "**deps:** update felddy/foundryvtt docker tag to v11.311 ([7cfb5c4](7cfb5c4))" - "**deps:** update felddy/foundryvtt docker tag to v11.313 ([8820393](8820393))" - "**deps:** update felddy/foundryvtt docker tag to v11.314 ([b6009bb](b6009bb))" - "**deps:** update felddy/foundryvtt docker tag to v11.315 ([5e485ef](5e485ef))" - "**deps:** update matrixdotorg/synapse docker tag to v1.100.0 ([#40](#40)) ([65e004d](65e004d))" - "**deps:** update matrixdotorg/synapse docker tag to v1.101.0 ([#48](#48)) ([826fdfe](826fdfe))" - "**deps:** update matrixdotorg/synapse docker tag to v1.102.0 ([#51](#51)) ([c2a82bc](c2a82bc))" - "**deps:** update matrixdotorg/synapse docker tag to v1.103.0 ([#57](#57)) ([4171e9a](4171e9a))" - "**deps:** update matrixdotorg/synapse docker tag to v1.93.0 ([4d09f33](4d09f33))" - "**deps:** update matrixdotorg/synapse docker tag to v1.94.0 ([ff8fecd](ff8fecd))" - "**deps:** update matrixdotorg/synapse docker tag to v1.95.0 ([ee35ac6](ee35ac6))" - "**deps:** update matrixdotorg/synapse docker tag to v1.95.1 ([7526cc9](7526cc9))" - "**deps:** update semantic-release monorepo ([#60](#60)) ([9fb9019](9fb9019))" - "**deps:** update tj-actions/changed-files action to v40 ([ec07b8a](ec07b8a))" - "**deps:** update tj-actions/changed-files action to v41 [security] ([#45](#45)) ([4cd3e12](4cd3e12))" - "**deps:** update tj-actions/changed-files action to v42 ([#47](#47)) ([c7f88a6](c7f88a6))" - "**deps:** update tj-actions/changed-files action to v43 ([#53](#53)) ([ce0486f](ce0486f))" - "**deps:** update vectorim/element-web docker tag to v1.11.44 ([740a64e](740a64e))" - "**deps:** update vectorim/element-web docker tag to v1.11.45 ([e5e0768](e5e0768))" - "**deps:** update vectorim/element-web docker tag to v1.11.46 ([80c44ec](80c44ec))" - "**deps:** update vectorim/element-web docker tag to v1.11.47 ([bd19d7e](bd19d7e))" - "**deps:** update vectorim/element-web docker tag to v1.11.48 ([18ab179](18ab179))" - "**deps:** update vectorim/element-web docker tag to v1.11.49 ([4ca38cd](4ca38cd))" - "**deps:** update vectorim/element-web docker tag to v1.11.58 ([#42](#42)) ([20ad383](20ad383))" - "**deps:** update vectorim/element-web docker tag to v1.11.59 ([#49](#49)) ([a5a8ba8](a5a8ba8))" - "**deps:** update vectorim/element-web docker tag to v1.11.60 ([#52](#52)) ([c98fb62](c98fb62))" - "**deps:** update vectorim/element-web docker tag to v1.11.61 ([#54](#54)) ([16156ae](16156ae))" - "**deps:** update vectorim/element-web docker tag to v1.11.62 ([#58](#58)) ([7113125](7113125))" - "**deps:** update vectorim/element-web docker tag to v1.11.63 ([#62](#62)) ([d3a7daa](d3a7daa))" - "**deps:** update vectorim/element-web docker tag to v1.11.64 ([#64](#64)) ([3ef95ec](3ef95ec))" - "force release ([f89d4ef](f89d4ef))" - "force release ([776a440](776a440))" - "force release ([44bcdc0](44bcdc0))" - "**synapse:** Switch to element version now that matrix-org isn't releasing any ([42f65ff](42f65ff))"
github-actions bot
pushed a commit
that referenced
this pull request
May 30, 2024
- "allow homeserver configs to have variables in them ([6d813f5](6d813f5))" - "create services so main/master can talk to workers since communication is no longer one way ([2056aed](2056aed))" - "mark a bunch of the charts i've moved over to argo or otherwise not using/maintaining as depreciated ([8c8e767](8c8e767))" - "**mautrix-instagram:** use properly released mautrix instagram docker tag ([0a967dd](0a967dd))" - "workers shouldn't connect to master on localhost ([c98afca](c98afca))" - "**deps:** update actions/setup-node action to v4 ([#31](#31)) ([2c6811f](2c6811f))" - "**deps:** update azure/setup-helm action to v4 ([#50](#50)) ([f9c5e72](f9c5e72))" - "**deps:** update dependency semantic-release to v22 ([fa09bc4](fa09bc4))" - "**deps:** update dependency semantic-release to v22.0.1 ([1101ee5](1101ee5))" - "**deps:** update dependency semantic-release to v23 ([#46](#46)) ([ff6fd10](ff6fd10))" - "**deps:** update dependency semantic-release-helm3 to v2.9.3 ([4bf6a79](4bf6a79))" - "**deps:** update dock.mau.dev/mautrix/instagram docker tag to v0.3.1 ([542b21c](542b21c))" - "**deps:** update dock.mau.dev/mautrix/whatsapp docker tag to v0.10.3 ([01b7dd5](01b7dd5))" - "**deps:** update dock.mau.dev/mautrix/whatsapp docker tag to v0.10.5 ([#41](#41)) ([e2cc82d](e2cc82d))" - "**deps:** update felddy/foundryvtt docker tag to v11.311 ([7cfb5c4](7cfb5c4))" - "**deps:** update felddy/foundryvtt docker tag to v11.313 ([8820393](8820393))" - "**deps:** update felddy/foundryvtt docker tag to v11.314 ([b6009bb](b6009bb))" - "**deps:** update felddy/foundryvtt docker tag to v11.315 ([5e485ef](5e485ef))" - "**deps:** update matrixdotorg/synapse docker tag to v1.100.0 ([#40](#40)) ([65e004d](65e004d))" - "**deps:** update matrixdotorg/synapse docker tag to v1.101.0 ([#48](#48)) ([826fdfe](826fdfe))" - "**deps:** update matrixdotorg/synapse docker tag to v1.102.0 ([#51](#51)) ([c2a82bc](c2a82bc))" - "**deps:** update matrixdotorg/synapse docker tag to v1.103.0 ([#57](#57)) ([4171e9a](4171e9a))" - "**deps:** update matrixdotorg/synapse docker tag to v1.106.0 ([#63](#63)) ([e2bc5a9](e2bc5a9))" - "**deps:** update matrixdotorg/synapse docker tag to v1.107.0 ([#69](#69)) ([2b2cd61](2b2cd61))" - "**deps:** update matrixdotorg/synapse docker tag to v1.108.0 ([#71](#71)) ([6461db5](6461db5))" - "**deps:** update matrixdotorg/synapse docker tag to v1.93.0 ([4d09f33](4d09f33))" - "**deps:** update matrixdotorg/synapse docker tag to v1.94.0 ([ff8fecd](ff8fecd))" - "**deps:** update matrixdotorg/synapse docker tag to v1.95.0 ([ee35ac6](ee35ac6))" - "**deps:** update matrixdotorg/synapse docker tag to v1.95.1 ([7526cc9](7526cc9))" - "**deps:** update semantic-release monorepo ([#60](#60)) ([9fb9019](9fb9019))" - "**deps:** update tj-actions/changed-files action to v40 ([ec07b8a](ec07b8a))" - "**deps:** update tj-actions/changed-files action to v41 [security] ([#45](#45)) ([4cd3e12](4cd3e12))" - "**deps:** update tj-actions/changed-files action to v42 ([#47](#47)) ([c7f88a6](c7f88a6))" - "**deps:** update tj-actions/changed-files action to v43 ([#53](#53)) ([ce0486f](ce0486f))" - "**deps:** update vectorim/element-web docker tag to v1.11.44 ([740a64e](740a64e))" - "**deps:** update vectorim/element-web docker tag to v1.11.45 ([e5e0768](e5e0768))" - "**deps:** update vectorim/element-web docker tag to v1.11.46 ([80c44ec](80c44ec))" - "**deps:** update vectorim/element-web docker tag to v1.11.47 ([bd19d7e](bd19d7e))" - "**deps:** update vectorim/element-web docker tag to v1.11.48 ([18ab179](18ab179))" - "**deps:** update vectorim/element-web docker tag to v1.11.49 ([4ca38cd](4ca38cd))" - "**deps:** update vectorim/element-web docker tag to v1.11.58 ([#42](#42)) ([20ad383](20ad383))" - "**deps:** update vectorim/element-web docker tag to v1.11.59 ([#49](#49)) ([a5a8ba8](a5a8ba8))" - "**deps:** update vectorim/element-web docker tag to v1.11.60 ([#52](#52)) ([c98fb62](c98fb62))" - "**deps:** update vectorim/element-web docker tag to v1.11.61 ([#54](#54)) ([16156ae](16156ae))" - "**deps:** update vectorim/element-web docker tag to v1.11.62 ([#58](#58)) ([7113125](7113125))" - "**deps:** update vectorim/element-web docker tag to v1.11.63 ([#62](#62)) ([d3a7daa](d3a7daa))" - "**deps:** update vectorim/element-web docker tag to v1.11.64 ([#64](#64)) ([3ef95ec](3ef95ec))" - "**deps:** update vectorim/element-web docker tag to v1.11.66 ([#66](#66)) ([8ad207d](8ad207d))" - "**deps:** update vectorim/element-web docker tag to v1.11.67 ([#70](#70)) ([7cafd3f](7cafd3f))" - "force release ([f89d4ef](f89d4ef))" - "force release ([776a440](776a440))" - "force release ([44bcdc0](44bcdc0))" - "**synapse:** Switch to element version now that matrix-org isn't releasing any ([42f65ff](42f65ff))"
github-actions bot
pushed a commit
that referenced
this pull request
May 30, 2024
- "allow homeserver configs to have variables in them ([6d813f5](6d813f5))" - "create services so main/master can talk to workers since communication is no longer one way ([2056aed](2056aed))" - "mark a bunch of the charts i've moved over to argo or otherwise not using/maintaining as depreciated ([8c8e767](8c8e767))" - "workers shouldn't connect to master on localhost ([c98afca](c98afca))" - "**deps:** update actions/setup-node action to v4 ([#31](#31)) ([2c6811f](2c6811f))" - "**deps:** update azure/setup-helm action to v4 ([#50](#50)) ([f9c5e72](f9c5e72))" - "**deps:** update dependency semantic-release to v22.0.1 ([1101ee5](1101ee5))" - "**deps:** update dependency semantic-release to v23 ([#46](#46)) ([ff6fd10](ff6fd10))" - "**deps:** update dependency semantic-release-helm3 to v2.9.3 ([4bf6a79](4bf6a79))" - "**deps:** update dock.mau.dev/mautrix/whatsapp docker tag to v0.10.3 ([01b7dd5](01b7dd5))" - "**deps:** update dock.mau.dev/mautrix/whatsapp docker tag to v0.10.5 ([#41](#41)) ([e2cc82d](e2cc82d))" - "**deps:** update felddy/foundryvtt docker tag to v11.311 ([7cfb5c4](7cfb5c4))" - "**deps:** update felddy/foundryvtt docker tag to v11.313 ([8820393](8820393))" - "**deps:** update felddy/foundryvtt docker tag to v11.314 ([b6009bb](b6009bb))" - "**deps:** update felddy/foundryvtt docker tag to v11.315 ([5e485ef](5e485ef))" - "**deps:** update matrixdotorg/synapse docker tag to v1.100.0 ([#40](#40)) ([65e004d](65e004d))" - "**deps:** update matrixdotorg/synapse docker tag to v1.101.0 ([#48](#48)) ([826fdfe](826fdfe))" - "**deps:** update matrixdotorg/synapse docker tag to v1.102.0 ([#51](#51)) ([c2a82bc](c2a82bc))" - "**deps:** update matrixdotorg/synapse docker tag to v1.103.0 ([#57](#57)) ([4171e9a](4171e9a))" - "**deps:** update matrixdotorg/synapse docker tag to v1.106.0 ([#63](#63)) ([e2bc5a9](e2bc5a9))" - "**deps:** update matrixdotorg/synapse docker tag to v1.107.0 ([#69](#69)) ([2b2cd61](2b2cd61))" - "**deps:** update matrixdotorg/synapse docker tag to v1.108.0 ([#71](#71)) ([6461db5](6461db5))" - "**deps:** update matrixdotorg/synapse docker tag to v1.93.0 ([4d09f33](4d09f33))" - "**deps:** update matrixdotorg/synapse docker tag to v1.94.0 ([ff8fecd](ff8fecd))" - "**deps:** update matrixdotorg/synapse docker tag to v1.95.0 ([ee35ac6](ee35ac6))" - "**deps:** update matrixdotorg/synapse docker tag to v1.95.1 ([7526cc9](7526cc9))" - "**deps:** update semantic-release monorepo ([#60](#60)) ([9fb9019](9fb9019))" - "**deps:** update tj-actions/changed-files action to v40 ([ec07b8a](ec07b8a))" - "**deps:** update tj-actions/changed-files action to v41 [security] ([#45](#45)) ([4cd3e12](4cd3e12))" - "**deps:** update tj-actions/changed-files action to v42 ([#47](#47)) ([c7f88a6](c7f88a6))" - "**deps:** update tj-actions/changed-files action to v43 ([#53](#53)) ([ce0486f](ce0486f))" - "**deps:** update vectorim/element-web docker tag to v1.11.44 ([740a64e](740a64e))" - "**deps:** update vectorim/element-web docker tag to v1.11.45 ([e5e0768](e5e0768))" - "**deps:** update vectorim/element-web docker tag to v1.11.46 ([80c44ec](80c44ec))" - "**deps:** update vectorim/element-web docker tag to v1.11.47 ([bd19d7e](bd19d7e))" - "**deps:** update vectorim/element-web docker tag to v1.11.48 ([18ab179](18ab179))" - "**deps:** update vectorim/element-web docker tag to v1.11.49 ([4ca38cd](4ca38cd))" - "**deps:** update vectorim/element-web docker tag to v1.11.58 ([#42](#42)) ([20ad383](20ad383))" - "**deps:** update vectorim/element-web docker tag to v1.11.59 ([#49](#49)) ([a5a8ba8](a5a8ba8))" - "**deps:** update vectorim/element-web docker tag to v1.11.60 ([#52](#52)) ([c98fb62](c98fb62))" - "**deps:** update vectorim/element-web docker tag to v1.11.61 ([#54](#54)) ([16156ae](16156ae))" - "**deps:** update vectorim/element-web docker tag to v1.11.62 ([#58](#58)) ([7113125](7113125))" - "**deps:** update vectorim/element-web docker tag to v1.11.63 ([#62](#62)) ([d3a7daa](d3a7daa))" - "**deps:** update vectorim/element-web docker tag to v1.11.64 ([#64](#64)) ([3ef95ec](3ef95ec))" - "**deps:** update vectorim/element-web docker tag to v1.11.66 ([#66](#66)) ([8ad207d](8ad207d))" - "**deps:** update vectorim/element-web docker tag to v1.11.67 ([#70](#70)) ([7cafd3f](7cafd3f))" - "force release ([f89d4ef](f89d4ef))" - "force release ([776a440](776a440))" - "force release ([44bcdc0](44bcdc0))" - "**synapse:** Switch to element version now that matrix-org isn't releasing any ([42f65ff](42f65ff))"
github-actions bot
pushed a commit
that referenced
this pull request
Jul 12, 2024
- "mark a bunch of the charts i've moved over to argo or otherwise not using/maintaining as depreciated ([8c8e767](8c8e767))" - "**deps:** update actions/setup-node action to v4 ([#31](#31)) ([2c6811f](2c6811f))" - "**deps:** update azure/setup-helm action to v4 ([#50](#50)) ([f9c5e72](f9c5e72))" - "**deps:** update dependency semantic-release to v23 ([#46](#46)) ([ff6fd10](ff6fd10))" - "**deps:** update dock.mau.dev/mautrix/whatsapp docker tag to v0.10.5 ([#41](#41)) ([e2cc82d](e2cc82d))" - "**deps:** update felddy/foundryvtt docker tag to v12 ([#67](#67)) ([8b80153](8b80153))" - "**deps:** update matrixdotorg/synapse docker tag to v1.100.0 ([#40](#40)) ([65e004d](65e004d))" - "**deps:** update matrixdotorg/synapse docker tag to v1.101.0 ([#48](#48)) ([826fdfe](826fdfe))" - "**deps:** update matrixdotorg/synapse docker tag to v1.102.0 ([#51](#51)) ([c2a82bc](c2a82bc))" - "**deps:** update matrixdotorg/synapse docker tag to v1.103.0 ([#57](#57)) ([4171e9a](4171e9a))" - "**deps:** update matrixdotorg/synapse docker tag to v1.106.0 ([#63](#63)) ([e2bc5a9](e2bc5a9))" - "**deps:** update matrixdotorg/synapse docker tag to v1.107.0 ([#69](#69)) ([2b2cd61](2b2cd61))" - "**deps:** update matrixdotorg/synapse docker tag to v1.108.0 ([#71](#71)) ([6461db5](6461db5))" - "**deps:** update matrixdotorg/synapse docker tag to v1.109.0 ([#74](#74)) ([b9ad9c4](b9ad9c4))" - "**deps:** update matrixdotorg/synapse docker tag to v1.110.0 ([#75](#75)) ([2c02ca8](2c02ca8))" - "**deps:** update semantic-release monorepo ([#60](#60)) ([9fb9019](9fb9019))" - "**deps:** update tj-actions/changed-files action to v41 [security] ([#45](#45)) ([4cd3e12](4cd3e12))" - "**deps:** update tj-actions/changed-files action to v42 ([#47](#47)) ([c7f88a6](c7f88a6))" - "**deps:** update tj-actions/changed-files action to v43 ([#53](#53)) ([ce0486f](ce0486f))" - "**deps:** update vectorim/element-web docker tag to v1.11.49 ([4ca38cd](4ca38cd))" - "**deps:** update vectorim/element-web docker tag to v1.11.58 ([#42](#42)) ([20ad383](20ad383))" - "**deps:** update vectorim/element-web docker tag to v1.11.59 ([#49](#49)) ([a5a8ba8](a5a8ba8))" - "**deps:** update vectorim/element-web docker tag to v1.11.60 ([#52](#52)) ([c98fb62](c98fb62))" - "**deps:** update vectorim/element-web docker tag to v1.11.61 ([#54](#54)) ([16156ae](16156ae))" - "**deps:** update vectorim/element-web docker tag to v1.11.62 ([#58](#58)) ([7113125](7113125))" - "**deps:** update vectorim/element-web docker tag to v1.11.63 ([#62](#62)) ([d3a7daa](d3a7daa))" - "**deps:** update vectorim/element-web docker tag to v1.11.64 ([#64](#64)) ([3ef95ec](3ef95ec))" - "**deps:** update vectorim/element-web docker tag to v1.11.66 ([#66](#66)) ([8ad207d](8ad207d))" - "**deps:** update vectorim/element-web docker tag to v1.11.67 ([#70](#70)) ([7cafd3f](7cafd3f))" - "**deps:** update vectorim/element-web docker tag to v1.11.68 ([#72](#72)) ([94923ed](94923ed))" - "**deps:** update vectorim/element-web docker tag to v1.11.69 ([#73](#73)) ([5976789](5976789))" - "**deps:** update vectorim/element-web docker tag to v1.11.70 ([#76](#76)) ([32bc923](32bc923))" - "**synapse:** Switch to element version now that matrix-org isn't releasing any ([42f65ff](42f65ff))"
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v40
->v41
GitHub Vulnerability Alerts
CVE-2023-51664
Summary
The
tj-actions/changed-files
workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets.Details
The
changed-files
action returns a list of files changed in a commit or pull request which provides anescape_json
input enabled by default, only escapes"
for JSON values.This could potentially allow filenames that contain special characters such as
;
and ` (backtick) which can be used by an attacker to take over the GitHub Runner if the output value is used in a raw fashion (thus being directly replaced before execution) inside arun
block. By running custom commands an attacker may be able to steal secrets such asGITHUB_TOKEN
if triggered on other events thanpull_request
. For example onpush
.Proof of Concept
$(whoami).txt
which is a valid filename.List all changed files
step below.Example output:
Impact
This issue may lead to arbitrary command execution in the GitHub Runner.
Resolution
A new
safe_output
input would be enabled by default and return filename paths escaping special characters like ;, ` (backtick), $, (), etc for bash environments.A safe recommendation of using environment variables to store unsafe outputs.
Resources
Release Notes
tj-actions/changed-files (tj-actions/changed-files)
v41
Compare Source
Changes in v41.0.1
What's Changed
Full Changelog: tj-actions/changed-files@v41...v41.0.1
Changes in v41.0.0
🔥 🔥 BREAKING CHANGE 🔥 🔥
A new
safe_output
input is now available to prevent outputting unsafe filename characters (Enabled by default). This would escape characters in the filename that could be used for command injection.Example
What's Changed
Full Changelog: tj-actions/changed-files@v40...v41.0.0
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.