search

microsoft / mu_devops

Project Mu Developer Operations
https://microsoft.github.io/mu/
Other
26 stars 22 forks source link

GitHub Action: Bump stefanbuck/github-issue-parser from 2 to 3 [Rebase & FF] #69

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps stefanbuck/github-issue-parser from 2 to 3.

Release notes

Sourced from stefanbuck/github-issue-parser's releases.

v3.0.0

3.0.0 (2022-10-19)

Bug Fixes

  • deps: bump @​actions/core from 1.9.1 to 1.10.0 (284e5eb)
  • Ensure releases can be pinned to SHAs #23 (#39) (428eec3)

Features

  • mitigating script injection attacks by passing issue body as env var (#42) (0b27d4a)

BREAKING CHANGES

  • Add issue-body argument which is required from v3 onwards

To mitigate script injection attacks, github-issue-parser v3 will require workflow authors to pass the issue body as an argument. By doing so you will follow GitHub's Good practices for mitigating script injection attacks 

- uses: stefanbuck/github-issue-parser@v3
  id: issue-parser
  with:
    issue-body: ${{ github.event.issue.body }} # required
    template-path: .github/ISSUE_TEMPLATE/bug-report.yml # optional but recommended

The previous checkbox output produced this:

 {
    "laravel": true,
    "svelte": true,
 }

whereas the new output will be an array like this

{
    "fav_frameworks": ["Laravel", "Svelte"]
}

... (truncated)

Commits
  • 2e4d854 build
  • 55281d1 build(deps-dev): bump jest from 29.2.2 to 29.3.1
  • 3c9c1c3 build(deps-dev): bump jest from 29.1.2 to 29.2.2 (#49)
  • 741688b feat: add issue-body default (#47)
  • de423fc docs: Add migration section
  • 0b27d4a feat: mitigating script injection attacks by passing issue body as env var (#42)
  • 1d341cb feat: parse checkboxes (#21)
  • 284e5eb fix(deps): bump @​actions/core from 1.9.1 to 1.10.0
  • See full diff in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
makubacki commented 1 year ago

I added some commits to the PR to address changes needed for the V3 action integration.