SnowCait / actions-sandbox

3 stars 1 forks source link

Update tj-actions/changed-files action to v35 [SECURITY] - autoclosed #264

Closed renovate[bot] closed 8 months ago

renovate[bot] commented 10 months ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change
tj-actions/changed-files action major v34 -> v35

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-51664

Summary

The tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets.

Details

The changed-files action returns a list of files changed in a commit or pull request which provides an escape_json input enabled by default, only escapes " for JSON values.

This could potentially allow filenames that contain special characters such as ; and ` (backtick) which can be used by an attacker to take over the GitHub Runner if the output value is used in a raw fashion (thus being directly replaced before execution) inside a run block. By running custom commands an attacker may be able to steal secrets such as GITHUB_TOKEN if triggered on other events than pull_request. For example on push.

Proof of Concept

  1. Submit a pull request to a repository with a new file injecting a command. For example $(whoami).txt which is a valid filename.
  2. Upon approval of the workflow (triggered by the pull request), the action will get executed and the malicious pull request filename will flow into the List all changed files step below.
      - name: List all changed files
        run: |
          for file in $; do
            echo "$file was changed"
          done

Example output:


##[group]Run for file in $(whoami).txt; do
    for file in $(whoami).txt; do
        echo "$file was changed"
    done
shell: /usr/bin/bash -e {0}

##[endgroup]
runner.txt was changed

Impact

This issue may lead to arbitrary command execution in the GitHub Runner.

Resolution

- name: List all changed files
  env:
    ALL_CHANGED_FILES: $
  run: |
    for file in "$ALL_CHANGED_FILES"; do
      echo "$file was changed"
    done

Resources


Release Notes

tj-actions/changed-files (tj-actions/changed-files) ### [`v35`](https://togithub.com/tj-actions/changed-files/releases/tag/v35) [Compare Source](https://togithub.com/tj-actions/changed-files/compare/v34...v35) ##### Changes in v35.9.2 ##### What's Changed - Upgraded to v35.9.1 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1107](https://togithub.com/tj-actions/changed-files/pull/1107) - chore(deps): update tj-actions/glob action to v17.2.0 (main) by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1108](https://togithub.com/tj-actions/changed-files/pull/1108) - chore(deps): update tj-actions/glob action to v17.2.5 (main) by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1110](https://togithub.com/tj-actions/changed-files/pull/1110) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.9.2 *** ##### Changes in v35.9.1 ##### What's Changed - Upgraded to v35.9.0 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1098](https://togithub.com/tj-actions/changed-files/pull/1098) - fix: switch to use git diff for retrieving renamed files by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1106](https://togithub.com/tj-actions/changed-files/pull/1106) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.9.1 *** ##### Changes in v35.9.0 ##### What's Changed - Upgraded to v35.8.0 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1084](https://togithub.com/tj-actions/changed-files/pull/1084) - chore: Update README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1087](https://togithub.com/tj-actions/changed-files/pull/1087) - chore(deps): update tj-actions/json2file action to v1.4.2 (main) by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1089](https://togithub.com/tj-actions/changed-files/pull/1089) - chore(deps): update tj-actions/glob action to v17.1.0 (main) by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1096](https://togithub.com/tj-actions/changed-files/pull/1096) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.9.0 *** ##### Changes in v35.8.0 ##### What's Changed - Upgraded to v35.7.12 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1078](https://togithub.com/tj-actions/changed-files/pull/1078) - chore: upgrade tj-actions/glob by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1082](https://togithub.com/tj-actions/changed-files/pull/1082) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.8.0 *** ##### Changes in v35.7.12 ##### What's Changed - Upgraded to v35.7.11 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1072](https://togithub.com/tj-actions/changed-files/pull/1072) - chore(deps): update tj-actions/json2file action to v1.4.1 (main) by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1073](https://togithub.com/tj-actions/changed-files/pull/1073) - chore(deps): update peter-evans/create-pull-request action to v5 (main) by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1075](https://togithub.com/tj-actions/changed-files/pull/1075) - fix: error finding merge base by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1077](https://togithub.com/tj-actions/changed-files/pull/1077) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.7.12 *** ##### Changes in v35.7.11 ##### What's Changed - Upgraded to v35.7.10 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1070](https://togithub.com/tj-actions/changed-files/pull/1070) - chore: Update sync-release-version.yml by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1071](https://togithub.com/tj-actions/changed-files/pull/1071) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.7.11 *** ##### Changes in v35.7.10 ##### What's Changed - chore: generate changelogs using tj-actions/git-cliff by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1069](https://togithub.com/tj-actions/changed-files/pull/1069) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.7.10 *** ##### Changes in v35.7.9 ##### What's Changed - Upgraded to V35 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1053](https://togithub.com/tj-actions/changed-files/pull/1053) - Upgraded to v35.7.8 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1054](https://togithub.com/tj-actions/changed-files/pull/1054) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1055](https://togithub.com/tj-actions/changed-files/pull/1055) - Update README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1056](https://togithub.com/tj-actions/changed-files/pull/1056) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1057](https://togithub.com/tj-actions/changed-files/pull/1057) - Correct version in examples. by [@​albertoperdomo2](https://togithub.com/albertoperdomo2) in [https://github.com/tj-actions/changed-files/pull/1060](https://togithub.com/tj-actions/changed-files/pull/1060) - docs: add albertoperdomo2 as a contributor for doc by [@​allcontributors](https://togithub.com/allcontributors) in [https://github.com/tj-actions/changed-files/pull/1061](https://togithub.com/tj-actions/changed-files/pull/1061) - Update README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1062](https://togithub.com/tj-actions/changed-files/pull/1062) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1063](https://togithub.com/tj-actions/changed-files/pull/1063) - Update README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1064](https://togithub.com/tj-actions/changed-files/pull/1064) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1065](https://togithub.com/tj-actions/changed-files/pull/1065) - Update README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1066](https://togithub.com/tj-actions/changed-files/pull/1066) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1067](https://togithub.com/tj-actions/changed-files/pull/1067) - feat: improve error handling by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1068](https://togithub.com/tj-actions/changed-files/pull/1068) ##### New Contributors - [@​albertoperdomo2](https://togithub.com/albertoperdomo2) made their first contribution in [https://github.com/tj-actions/changed-files/pull/1060](https://togithub.com/tj-actions/changed-files/pull/1060) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.7.9 *** ##### Changes in v35.7.8 ##### What's Changed - Upgraded to v35.7.7 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1050](https://togithub.com/tj-actions/changed-files/pull/1050) - chore(deps): update tj-actions/glob action to v16.14 (main) by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1051](https://togithub.com/tj-actions/changed-files/pull/1051) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35.7.7...v35.7.8 *** ##### Changes in v35.7.7 ##### What's Changed - Upgraded to v35.7.3 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1043](https://togithub.com/tj-actions/changed-files/pull/1043) - Upgraded to v35.7.4 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1044](https://togithub.com/tj-actions/changed-files/pull/1044) - Upgraded to v35.7.6 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1045](https://togithub.com/tj-actions/changed-files/pull/1045) - chore: update README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1047](https://togithub.com/tj-actions/changed-files/pull/1047) - chore(deps): update tj-actions/glob action to v16.13 (main) by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1048](https://togithub.com/tj-actions/changed-files/pull/1048) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35.7.6...v35.7.7 *** ##### Changes in v35.7.6 ##### What’s Changed - fix(internal): Github action to automate tagging of versions that implement security hardening strategies. **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35.7.5...v35.7.6 *** ##### Changes in v35.7.5 ##### What’s Changed - fix(internal): Github action to automate tagging of versions that implement security hardening strategies. **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35.7.4...v35.7.5 *** ##### Changes in v35.7.4 ##### What’s Changed - fix(internal): Github action to automate tagging of versions that implement security hardening strategies. **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35.7.3...v35.7.4 *** ##### Changes in v35.7.3 ##### What's Changed - Upgraded to v35.7.2 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1033](https://togithub.com/tj-actions/changed-files/pull/1033) - chore(deps): update tj-actions/verify-changed-files action to v14 (main) by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1034](https://togithub.com/tj-actions/changed-files/pull/1034) - chore: add sec auto merge action by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1037](https://togithub.com/tj-actions/changed-files/pull/1037) - chore(deps): update tj-actions/json2file action to v1.4.0 (main) by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1038](https://togithub.com/tj-actions/changed-files/pull/1038) - fix: bug with returning old and new rename files by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1040](https://togithub.com/tj-actions/changed-files/pull/1040) - chore: update sec-auto-merge.yml by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1041](https://togithub.com/tj-actions/changed-files/pull/1041) - chore: add create sec tag job by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1042](https://togithub.com/tj-actions/changed-files/pull/1042) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35.7.2...v35.7.3 *** ##### Changes in v35.7.2 ##### What's Changed - Upgraded to v35.7.1 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1027](https://togithub.com/tj-actions/changed-files/pull/1027) - chore(deps): update peter-evans/create-pull-request action to v4.2.4 by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1028](https://togithub.com/tj-actions/changed-files/pull/1028) - chore: update README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1031](https://togithub.com/tj-actions/changed-files/pull/1031) - Bump tj-actions/glob from 16.11 to 16.12 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/tj-actions/changed-files/pull/1032](https://togithub.com/tj-actions/changed-files/pull/1032) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35.7.1...v35.7.2 *** ##### Changes in v35.7.1 ##### What's Changed - chore(docs): Added example for saving the outputs to a file by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1021](https://togithub.com/tj-actions/changed-files/pull/1021) - Upgraded to v35.7.0 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1022](https://togithub.com/tj-actions/changed-files/pull/1022) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1025](https://togithub.com/tj-actions/changed-files/pull/1025) - fix: switch to git tag as opposed to full sha by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1024](https://togithub.com/tj-actions/changed-files/pull/1024) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1026](https://togithub.com/tj-actions/changed-files/pull/1026) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.7.1 *** ##### Changes in v35.7.0 ##### What's Changed - Upgraded to v35.6.4 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1016](https://togithub.com/tj-actions/changed-files/pull/1016) - chore(deps): update tj-actions/github-changelog-generator action to v1.18 by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1017](https://togithub.com/tj-actions/changed-files/pull/1017) - chore(deps): update tj-actions/release-tagger action to v3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1018](https://togithub.com/tj-actions/changed-files/pull/1018) - pin: glob and json2file actions to the latest full length sha by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1020](https://togithub.com/tj-actions/changed-files/pull/1020) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.7.0 *** ##### Changes in v35.6.4 ##### What's Changed - chore(deps): update tj-actions/auto-doc action to v2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1011](https://togithub.com/tj-actions/changed-files/pull/1011) - Upgraded to v35.6.3 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1012](https://togithub.com/tj-actions/changed-files/pull/1012) - fix: error fetching history for PR branches by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1015](https://togithub.com/tj-actions/changed-files/pull/1015) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.6.4 *** ##### Changes in v35.6.3 ##### What's Changed - Upgraded to v35.6.2 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1008](https://togithub.com/tj-actions/changed-files/pull/1008) - chore: simplify fetch by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1009](https://togithub.com/tj-actions/changed-files/pull/1009) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.6.3 *** ##### Changes in v35.6.2 ##### What's Changed - Upgraded to v35.6.1 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1004](https://togithub.com/tj-actions/changed-files/pull/1004) - chore(deps): update codacy/codacy-analysis-cli-action action to v4.3.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/1005](https://togithub.com/tj-actions/changed-files/pull/1005) - fix: fetching history for pr made from a fork with checkout set to the target repository by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1007](https://togithub.com/tj-actions/changed-files/pull/1007) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.6.2 *** ##### Changes in v35.6.1 ##### What's Changed - Upgraded to v35.6.0 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1002](https://togithub.com/tj-actions/changed-files/pull/1002) - feat: pull submodule history for pull request events by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1003](https://togithub.com/tj-actions/changed-files/pull/1003) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.6.1 *** ##### Changes in v35.6.0 ##### What's Changed - Upgraded to v35.5.6 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/997](https://togithub.com/tj-actions/changed-files/pull/997) - fix: readme typo by [@​benhammondmusic](https://togithub.com/benhammondmusic) in [https://github.com/tj-actions/changed-files/pull/1000](https://togithub.com/tj-actions/changed-files/pull/1000) - feat: add support for listing deleted submodules. by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/1001](https://togithub.com/tj-actions/changed-files/pull/1001) ##### New Contributors - [@​benhammondmusic](https://togithub.com/benhammondmusic) made their first contribution in [https://github.com/tj-actions/changed-files/pull/1000](https://togithub.com/tj-actions/changed-files/pull/1000) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.6.0 *** ##### Changes in v35.5.6 ##### What's Changed - Upgraded to v35.5.5 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/991](https://togithub.com/tj-actions/changed-files/pull/991) - chore(deps): update pascalgn/automerge-action action to v0.15.6 by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/994](https://togithub.com/tj-actions/changed-files/pull/994) - fix: error fetch remote ref when using fetch depth of 1 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/996](https://togithub.com/tj-actions/changed-files/pull/996) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.5.6 *** ##### Changes in v35.5.5 ##### What's Changed - Upgraded to v35.5.4 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/986](https://togithub.com/tj-actions/changed-files/pull/986) - fix: bug with fetching history by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/989](https://togithub.com/tj-actions/changed-files/pull/989) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.5.5 *** ##### Changes in v35.5.4 ##### What's Changed - Upgraded to v35.5.3 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/982](https://togithub.com/tj-actions/changed-files/pull/982) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/984](https://togithub.com/tj-actions/changed-files/pull/984) - fix: bug getting diff for submodules and fetching more history by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/980](https://togithub.com/tj-actions/changed-files/pull/980) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.5.4 *** ##### Changes in v35.5.3 ##### What's Changed - Upgraded to v35.5.2 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/977](https://togithub.com/tj-actions/changed-files/pull/977) - fix: bug with pr from forks with similar branch names by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/981](https://togithub.com/tj-actions/changed-files/pull/981) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.5.3 *** ##### Changes in v35.5.2 ##### What's Changed - Upgraded to v35.5.1 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/974](https://togithub.com/tj-actions/changed-files/pull/974) - chore: update use of tilde to use caret instead by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/975](https://togithub.com/tj-actions/changed-files/pull/975) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.5.2 *** ##### Changes in v35.5.1 ##### What's Changed - Upgraded to v35.5.0 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/969](https://togithub.com/tj-actions/changed-files/pull/969) - chore: update readme by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/971](https://togithub.com/tj-actions/changed-files/pull/971) - fix: including non branch changes in diff output by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/973](https://togithub.com/tj-actions/changed-files/pull/973) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.5.1 *** ##### Changes in v35.5.0 ##### What's Changed - chore: code clean up by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/959](https://togithub.com/tj-actions/changed-files/pull/959) - Upgraded to v35.4.4 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/960](https://togithub.com/tj-actions/changed-files/pull/960) - chore(deps): update reviewdog/action-shellcheck action to v1.17 by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/961](https://togithub.com/tj-actions/changed-files/pull/961) - chore: update docs by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/964](https://togithub.com/tj-actions/changed-files/pull/964) - feat: add support for excluding the top level directory by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/967](https://togithub.com/tj-actions/changed-files/pull/967) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/968](https://togithub.com/tj-actions/changed-files/pull/968) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.5.0 *** ##### Changes in v35.4.4 ##### What's Changed - feat: add guide for retrieving changed files for tags by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/955](https://togithub.com/tj-actions/changed-files/pull/955) - Upgraded to v35.4.3 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/954](https://togithub.com/tj-actions/changed-files/pull/954) - fix: revert change to pull pr branch via the branch name by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/958](https://togithub.com/tj-actions/changed-files/pull/958) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.4.4 *** ##### Changes in v35.4.3 ##### What's Changed - Upgraded to v35.4.2 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/951](https://togithub.com/tj-actions/changed-files/pull/951) - fix: handling since last remote commits for the first pr branch commit by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/953](https://togithub.com/tj-actions/changed-files/pull/953) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.4.3 *** ##### Changes in v35.4.2 ##### What's Changed - Upgraded to v35.4.1 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/946](https://togithub.com/tj-actions/changed-files/pull/946) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/948](https://togithub.com/tj-actions/changed-files/pull/948) - fix: handle case of invalid file patterns by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/950](https://togithub.com/tj-actions/changed-files/pull/950) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.4.2 *** ##### Changes in v35.4.1 ##### What's Changed - Upgraded to v35.4.0 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/937](https://togithub.com/tj-actions/changed-files/pull/937) - chore: make since_last_remote_commit optional by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/942](https://togithub.com/tj-actions/changed-files/pull/942) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/943](https://togithub.com/tj-actions/changed-files/pull/943) - fix: bug retrieving diff with custom a base sha by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/945](https://togithub.com/tj-actions/changed-files/pull/945) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.4.1 *** ##### Changes in v35.4.0 ##### What's Changed - docs: add cfernhout as a contributor for doc by [@​allcontributors](https://togithub.com/allcontributors) in [https://github.com/tj-actions/changed-files/pull/932](https://togithub.com/tj-actions/changed-files/pull/932) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/935](https://togithub.com/tj-actions/changed-files/pull/935) - feat: skip fetching remote refs for non shallow clones by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/934](https://togithub.com/tj-actions/changed-files/pull/934) - fix: error overriding the base sha by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/933](https://togithub.com/tj-actions/changed-files/pull/933) - Upgraded to v35.3.2 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/936](https://togithub.com/tj-actions/changed-files/pull/936) - Make example consistent and out of the box usable by [@​cfernhout](https://togithub.com/cfernhout) in [https://github.com/tj-actions/changed-files/pull/931](https://togithub.com/tj-actions/changed-files/pull/931) ##### New Contributors - [@​cfernhout](https://togithub.com/cfernhout) made their first contribution in [https://github.com/tj-actions/changed-files/pull/931](https://togithub.com/tj-actions/changed-files/pull/931) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.4.0 *** ##### Changes in v35.3.2 ##### What's Changed - Upgraded to v35.3.1 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/928](https://togithub.com/tj-actions/changed-files/pull/928) - chore(deps): update actions/checkout action to v3.3.0 by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/929](https://togithub.com/tj-actions/changed-files/pull/929) - fix(regression): invalid json output. by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/930](https://togithub.com/tj-actions/changed-files/pull/930) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.3.2 *** ##### Changes in v35.3.1 ##### What's Changed - Upgraded to v35.3.0 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/925](https://togithub.com/tj-actions/changed-files/pull/925) - fix: json output by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/927](https://togithub.com/tj-actions/changed-files/pull/927) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.3.1 *** ##### Changes in v35.3.0 ##### What's Changed - Upgraded to v35.2.1 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/919](https://togithub.com/tj-actions/changed-files/pull/919) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/920](https://togithub.com/tj-actions/changed-files/pull/920) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/921](https://togithub.com/tj-actions/changed-files/pull/921) - chore(deps): update tj-actions/auto-doc action to v1.7.3 by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/922](https://togithub.com/tj-actions/changed-files/pull/922) - fix: bug dirnames output by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/923](https://togithub.com/tj-actions/changed-files/pull/923) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.3.0 *** ##### Changes in v35.2.1 ##### What's Changed - Upgraded to v35.2.0 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/910](https://togithub.com/tj-actions/changed-files/pull/910) - chore(deps): update tj-actions/auto-doc action to v1.7.1 by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/911](https://togithub.com/tj-actions/changed-files/pull/911) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/912](https://togithub.com/tj-actions/changed-files/pull/912) - chore(deps): update tj-actions/auto-doc action to v1.7.2 by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/913](https://togithub.com/tj-actions/changed-files/pull/913) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/914](https://togithub.com/tj-actions/changed-files/pull/914) - fix: bug running on pull_request_review by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/915](https://togithub.com/tj-actions/changed-files/pull/915) - Bump tj-actions/auto-doc from 1.7.1 to 1.7.2 by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/tj-actions/changed-files/pull/917](https://togithub.com/tj-actions/changed-files/pull/917) - chore: update readme by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/916](https://togithub.com/tj-actions/changed-files/pull/916) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/918](https://togithub.com/tj-actions/changed-files/pull/918) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.2.1 *** ##### Changes in v35.2.0 ##### What's Changed - Upgraded to v35.1.2 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/905](https://togithub.com/tj-actions/changed-files/pull/905) - docs: add adonisgarciac as a contributor for code, and doc by [@​allcontributors](https://togithub.com/allcontributors) in [https://github.com/tj-actions/changed-files/pull/907](https://togithub.com/tj-actions/changed-files/pull/907) - add raw-output option for json output by [@​adonisgarciac](https://togithub.com/adonisgarciac) in [https://github.com/tj-actions/changed-files/pull/900](https://togithub.com/tj-actions/changed-files/pull/900) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/908](https://togithub.com/tj-actions/changed-files/pull/908) - chore: update the test by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/909](https://togithub.com/tj-actions/changed-files/pull/909) ##### New Contributors - [@​adonisgarciac](https://togithub.com/adonisgarciac) made their first contribution in [https://github.com/tj-actions/changed-files/pull/900](https://togithub.com/tj-actions/changed-files/pull/900) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.2.0 *** ##### Changes in v35.1.2 ##### What's Changed - Upgraded to v35.1.1 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/898](https://togithub.com/tj-actions/changed-files/pull/898) - chore(deps): update tj-actions/github-changelog-generator action to v1.17 by [@​renovate](https://togithub.com/renovate) in [https://github.com/tj-actions/changed-files/pull/899](https://togithub.com/tj-actions/changed-files/pull/899) - feat: add support for excluding matched directories by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/902](https://togithub.com/tj-actions/changed-files/pull/902) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/903](https://togithub.com/tj-actions/changed-files/pull/903) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/904](https://togithub.com/tj-actions/changed-files/pull/904) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.1.2 *** ##### Changes in v35.1.1 ##### What's Changed - Upgraded to v35.1.0 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/892](https://togithub.com/tj-actions/changed-files/pull/892) - chore: update the default sha by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/896](https://togithub.com/tj-actions/changed-files/pull/896) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/897](https://togithub.com/tj-actions/changed-files/pull/897) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.1.1 *** ##### Changes in v35.1.0 ##### What's Changed - Upgraded to v35.0.1 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/889](https://togithub.com/tj-actions/changed-files/pull/889) - feat: add support for writing outputs to files by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/890](https://togithub.com/tj-actions/changed-files/pull/890) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/891](https://togithub.com/tj-actions/changed-files/pull/891) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.1.0 *** ##### Changes in v35.0.1 ##### What's Changed - Upgraded to v35 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/886](https://togithub.com/tj-actions/changed-files/pull/886) - chore: code cleanup by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/887](https://togithub.com/tj-actions/changed-files/pull/887) - chore: update test by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/888](https://togithub.com/tj-actions/changed-files/pull/888) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v35...v35.0.1 *** ##### Changes in v35.0.0 ##### 🔥 🔥 BREAKING CHANGE 🔥 🔥 - Removed input `max_fetch_depth` ##### What's Changed - Upgraded to v34.6.2 by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/878](https://togithub.com/tj-actions/changed-files/pull/878) - fix: fail when the merge base is not found by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/879](https://togithub.com/tj-actions/changed-files/pull/879) - fix: error retrieving changed files by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/882](https://togithub.com/tj-actions/changed-files/pull/882) - Updated README.md by [@​jackton1](https://togithub.com/jackton1) in [https://github.com/tj-actions/changed-files/pull/885](https://togithub.com/tj-actions/changed-files/pull/885) **Full Changelog**: https://github.com/tj-actions/changed-files/compare/v34...v35.0.0 ***

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR has been generated by Mend Renovate. View repository job log here.