Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump tj-actions/changed-files from 45.0.0 to 46.0.1 in the all group #2814

Merged
merged 1 commit into from
Mar 24, 2025
Merged

Bump tj-actions/changed-files from 45.0.0 to 46.0.1 in the all group #2814

merged 1 commit into from
Mar 24, 2025
+1 −1

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 17, 2025
edited
Loading

Bumps the all group with 1 update: tj-actions/changed-files.

Updates tj-actions/changed-files from 45.0.0 to 46.0.1

Release notes

Sourced from tj-actions/changed-files's releases.

v46.0.1

[!WARNING]
Security Alert: A critical security issue was identified in this action due to a compromised commit: 0e58ed8671d6b60d0890c21b07f8835ace038e67.

This commit has been removed from all tags and branches, and necessary measures have been implemented to prevent similar issues in the future.

Action Required:

  • Review your workflows executed between March 14 and March 15. If you notice unexpected output under the changed-files section, decode it using the following command: echo 'xxx' | base64 -d | base64 -d
    If the output contains sensitive information (e.g., tokens or secrets), revoke and rotate those secrets immediately.
  • If your workflows reference this commit directly by its SHA, you must update them immediately to avoid using the compromised version.
  • If you are using tagged versions (e.g., v35, v44.5.1), no action is required as these tags have been updated and are now safe to use.

Additionally, as a precaution, we recommend rotating any secrets that may have been exposed during this timeframe to ensure the continued security of your workflows.

What's Changed

Full Changelog: tj-actions/changed-files@v46...v46.0.1

v46

[!WARNING]
Security Alert: A critical security issue was identified in this action due to a compromised commit: 0e58ed8671d6b60d0890c21b07f8835ace038e67.

This commit has been removed from all tags and branches, and necessary measures have been implemented to prevent similar issues in the future.

Action Required:

  • Review your workflows executed between March 14 and March 15. If you notice unexpected output under the changed-files section, decode it using the following command: echo 'xxx' | base64 -d | base64 -d
    If the output contains sensitive information (e.g., tokens or secrets), revoke and rotate those secrets immediately.
  • If your workflows reference this commit directly by its SHA, you must update them immediately to avoid using the compromised version.
  • If you are using tagged versions (e.g., v35, v44.5.1), no action is required as these tags have been updated and are now safe to use.

Additionally, as a precaution, we recommend rotating any secrets that may have been exposed during this timeframe to ensure the continued security of your workflows.

Changes in v46.0.1

What's Changed

Full Changelog: tj-actions/changed-files@v46...v46.0.1

Changes in v46.0.0

... (truncated)

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

46.0.1 - (2025-03-16)

🔄 Update

  • Updated README.md (#2473)

Co-authored-by: github-actions[bot] (2f7c5bf) - (github-actions[bot])

  • Sync-release-version.yml to use signed commits (#2472) (4189ec6) - (Tonye Jack)

46.0.0 - (2025-03-16)

🐛 Bug Fixes

  • Update update-readme.yml to sign-commits (#2468) (0f1ffe6) - (Tonye Jack)
  • Update permission in update-readme.yml workflow (#2467) (ddef03e) - (Tonye Jack)
  • Update github workflow update-readme.yml (#2466) (9c2df0d) - (Tonye Jack)

➖ Remove

  • Deleted renovate.json (e37e952) - (Tonye Jack)

🔄 Update

  • Sync-release-version.yml (#2471) (4cd184a) - (Tonye Jack)
  • Updated README.md (#2469)

Co-authored-by: github-actions[bot] (5cbf220) - (github-actions[bot])

📚 Documentation

  • Update docs to highlight security issues (#2465) (6525332) - (Tonye Jack)

45.0.9 - (2025-03-15)

🐛 Bug Fixes

  • deps: Update dependency @​octokit/rest to v21.1.1 (#2435) (fb8dcda) - (renovate[bot])
  • deps: Update dependency @​octokit/rest to v21.1.0 (#2394) (7b72c97) - (renovate[bot])
  • deps: Update dependency yaml to v2.7.0 (#2383) (5f974c2) - (renovate[bot])

⚙️ Miscellaneous Tasks

  • deps: Lock file maintenance (#2460) (9200e69) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.13.10 (#2459) (e650cfd) - (renovate[bot])
  • deps: Update dependency eslint-config-prettier to v10.1.1 (#2458) (82af21f) - (renovate[bot])
  • deps: Update dependency eslint-config-prettier to v10.1.0 (#2457) (82fa4a6) - (renovate[bot])
  • deps: Update peter-evans/create-pull-request action to v7.0.8 (#2455) (315505a) - (renovate[bot])
  • deps: Update dependency @​types/node to v22.13.9 (#2454) (c8e1cdb) - (renovate[bot])

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Mar 17, 2025
@dependabot dependabot bot requested a review from a team as a code owner March 17, 2025 05:35
@dependabot dependabot bot requested a review from mperrotti March 17, 2025 05:35
@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Mar 17, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 5f719bf

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions github-actions bot temporarily deployed to Storybook Preview March 17, 2025 05:38 Inactive
@dependabot
Bump tj-actions/changed-files from 45.0.0 to 46.0.1 in the all group
Loading
Loading status checks…
5f719bf 
Bumps the all group with 1 update: [tj-actions/changed-files](https://github.com/tj-actions/changed-files).


Updates `tj-actions/changed-files` from 45.0.0 to 46.0.1
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](tj-actions/changed-files@40853de...2f7c5bf)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/all-22c1952716 branch from bd0e234 to 5f719bf Compare March 21, 2025 05:58
@github-actions github-actions bot temporarily deployed to Storybook Preview March 21, 2025 06:00 Inactive
@jonrohan jonrohan merged commit da44988 into main Mar 24, 2025
12 of 14 checks passed
@jonrohan jonrohan deleted the dependabot/github_actions/all-22c1952716 branch March 24, 2025 17:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonrohan jonrohan

@mperrotti mperrotti

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@jonrohan