Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rename core's markdownSummary extension to summary #1072

Merged
merged 1 commit into from May 5, 2022

Conversation

robherley
Copy link
Member

For consistency, the feature will be called "Job Summary" not "Markdown Summary" so we'll need to rename the core extensions.

@robherley robherley requested a review from a team as a code owner May 5, 2022 17:30
Copy link
Contributor

@jtamsut jtamsut left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@robherley robherley merged commit 01aceea into main May 5, 2022
kodiakhq bot pushed a commit to carbon-design-system/carbon-for-ibm-dotcom-web-components-template that referenced this pull request May 17, 2023
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@actions/core](https://togithub.com/actions/toolkit) | [`1.6.0` -> `1.9.1`](https://renovatebot.com/diffs/npm/@actions%2fcore/1.6.0/1.9.1) | [![age](https://badges.renovateapi.com/packages/npm/@actions%2fcore/1.9.1/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/npm/@actions%2fcore/1.9.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/npm/@actions%2fcore/1.9.1/compatibility-slim/1.6.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/npm/@actions%2fcore/1.9.1/confidence-slim/1.6.0)](https://docs.renovatebot.com/merge-confidence/) |

### GitHub Vulnerability Alerts

#### [CVE-2022-35954](https://togithub.com/actions/toolkit/security/advisories/GHSA-7r3h-m5j6-3q42)

## Impact

The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values to the `GITHUB_ENV` file may cause the path or other environment variables to be modified without the intention of the workflow or action author.

## Patches

Users should upgrade to `@actions/core v1.9.1`.

## Workarounds

If you are unable to upgrade the `@actions/core` package, you can modify your action to ensure that any user input does not contain the delimiter `_GitHubActionsFileCommandDelimeter_` before calling `core.exportVariable`.

## References

[More information about setting-an-environment-variable in workflows](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable)

If you have any questions or comments about this advisory:
* Open an issue in [`actions/toolkit`](https://togithub.com/actions/toolkit/issues)

---

### Release Notes

<details>
<summary>actions/toolkit</summary>

### [`v1.9.1`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#&#8203;191)

-   Randomize delimiter when calling `core.exportVariable`

### [`v1.9.0`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#&#8203;190)

-   Added `toPosixPath`, `toWin32Path` and `toPlatformPath` utilities [#&#8203;1102](https://togithub.com/actions/toolkit/pull/1102)

### [`v1.8.2`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#&#8203;182)

-   Update to v2.0.1 of `@actions/http-client` [#&#8203;1087](https://togithub.com/actions/toolkit/pull/1087)

### [`v1.8.1`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#&#8203;181)

-   Update to v2.0.0 of `@actions/http-client`

### [`v1.8.0`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#&#8203;180)

-   Deprecate `markdownSummary` extension export in favor of `summary`
    -   [actions/toolkit#1072
    -   [actions/toolkit#1073

### [`v1.7.0`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#&#8203;170)

-   [Added `markdownSummary` extension](https://togithub.com/actions/toolkit/pull/1014)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/carbon-design-system/carbon-for-ibm-dotcom-web-components-template).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzMi4xNjMuMCIsInVwZGF0ZWRJblZlciI6IjMyLjE2My4wIn0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants