bug : fix tj-actions/verify-changed-files (CVE-2023-52137 )#313
bug : fix tj-actions/verify-changed-files (CVE-2023-52137 )#313sanjay7178 wants to merge 1 commit intogreenelab:mainfrom
Conversation
| if: github.event.action != 'closed' | ||
| id: changed | ||
| uses: tj-actions/verify-changed-files@v18 | ||
| uses: dorny/paths-filter@v2 |
There was a problem hiding this comment.
Because this action works differently than tj-actions, I think we'll need some other changes as well.
In the steps that follow these paths-filter steps, instead of checking e.g. steps.changed.outputs.files_changed, we'll have to check either steps.changed.outputs.citations == 'true' (if I'm understanding the docs correctly). Or perhaps more ideally: check if the changes array length is > 0, so we can just use the same checking code in all places, and not be tied to the specific filters key used.
There was a problem hiding this comment.
Ideally i tried this workflow works for my lab , btw i try to look again
|
Aside from my comment above, I'll also have to test this thoroughly to make sure it works, and make a proper version bump out of it (changelog, etc). |
sure |
2 participants
fix #312
To the maintainers according to the issue mentioned , I have changed the deprecated actions to new one for the fix