Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add & deprecate old markdownSummary export #1073

Merged
merged 1 commit into from May 5, 2022

Conversation

robherley
Copy link
Member

We originally dark shipped this feature to some users as core.markdownSummary but since then the feature name has been changed to be "Job Summary". To avoid conflict with our public documentation and to maintain consistency, this'll be core.summary going forward.

However, we'll keep core.markdownSummary in the API and marked as deprecated for the next release.

Original release:

Rename:

@robherley robherley requested a review from a team as a code owner May 5, 2022 19:47
@robherley robherley merged commit c4ae214 into main May 5, 2022
kodiakhq bot pushed a commit to carbon-design-system/carbon-for-ibm-dotcom-web-components-template that referenced this pull request May 17, 2023
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@actions/core](https://togithub.com/actions/toolkit) | [`1.6.0` -> `1.9.1`](https://renovatebot.com/diffs/npm/@actions%2fcore/1.6.0/1.9.1) | [![age](https://badges.renovateapi.com/packages/npm/@actions%2fcore/1.9.1/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/npm/@actions%2fcore/1.9.1/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/npm/@actions%2fcore/1.9.1/compatibility-slim/1.6.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/npm/@actions%2fcore/1.9.1/confidence-slim/1.6.0)](https://docs.renovatebot.com/merge-confidence/) |

### GitHub Vulnerability Alerts

#### [CVE-2022-35954](https://togithub.com/actions/toolkit/security/advisories/GHSA-7r3h-m5j6-3q42)

## Impact

The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values to the `GITHUB_ENV` file may cause the path or other environment variables to be modified without the intention of the workflow or action author.

## Patches

Users should upgrade to `@actions/core v1.9.1`.

## Workarounds

If you are unable to upgrade the `@actions/core` package, you can modify your action to ensure that any user input does not contain the delimiter `_GitHubActionsFileCommandDelimeter_` before calling `core.exportVariable`.

## References

[More information about setting-an-environment-variable in workflows](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable)

If you have any questions or comments about this advisory:
* Open an issue in [`actions/toolkit`](https://togithub.com/actions/toolkit/issues)

---

### Release Notes

<details>
<summary>actions/toolkit</summary>

### [`v1.9.1`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#&#8203;191)

-   Randomize delimiter when calling `core.exportVariable`

### [`v1.9.0`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#&#8203;190)

-   Added `toPosixPath`, `toWin32Path` and `toPlatformPath` utilities [#&#8203;1102](https://togithub.com/actions/toolkit/pull/1102)

### [`v1.8.2`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#&#8203;182)

-   Update to v2.0.1 of `@actions/http-client` [#&#8203;1087](https://togithub.com/actions/toolkit/pull/1087)

### [`v1.8.1`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#&#8203;181)

-   Update to v2.0.0 of `@actions/http-client`

### [`v1.8.0`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#&#8203;180)

-   Deprecate `markdownSummary` extension export in favor of `summary`
    -   [actions/toolkit#1072
    -   [actions/toolkit#1073

### [`v1.7.0`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#&#8203;170)

-   [Added `markdownSummary` extension](https://togithub.com/actions/toolkit/pull/1014)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/carbon-design-system/carbon-for-ibm-dotcom-web-components-template).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzMi4xNjMuMCIsInVwZGF0ZWRJblZlciI6IjMyLjE2My4wIn0=-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants