Rename core's markdownSummary extension to summary#1072
Merged
Conversation
konradpabjan
approved these changes
May 5, 2022
This was referenced May 5, 2022
kodiakhq Bot
referenced
this pull request
in carbon-design-system/carbon-for-ibm-dotcom-web-components-template
May 17, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [@actions/core](https://togithub.com/actions/toolkit) | [`1.6.0` -> `1.9.1`](https://renovatebot.com/diffs/npm/@actions%2fcore/1.6.0/1.9.1) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2022-35954](https://togithub.com/actions/toolkit/security/advisories/GHSA-7r3h-m5j6-3q42) ## Impact The `core.exportVariable` function uses a well known delimiter that attackers can use to break out of that specific variable and assign values to other arbitrary variables. Workflows that write untrusted values to the `GITHUB_ENV` file may cause the path or other environment variables to be modified without the intention of the workflow or action author. ## Patches Users should upgrade to `@actions/core v1.9.1`. ## Workarounds If you are unable to upgrade the `@actions/core` package, you can modify your action to ensure that any user input does not contain the delimiter `_GitHubActionsFileCommandDelimeter_` before calling `core.exportVariable`. ## References [More information about setting-an-environment-variable in workflows](https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-environment-variable) If you have any questions or comments about this advisory: * Open an issue in [`actions/toolkit`](https://togithub.com/actions/toolkit/issues) --- ### Release Notes <details> <summary>actions/toolkit</summary> ### [`v1.9.1`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#​191) - Randomize delimiter when calling `core.exportVariable` ### [`v1.9.0`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#​190) - Added `toPosixPath`, `toWin32Path` and `toPlatformPath` utilities [#​1102](https://togithub.com/actions/toolkit/pull/1102) ### [`v1.8.2`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#​182) - Update to v2.0.1 of `@actions/http-client` [#​1087](https://togithub.com/actions/toolkit/pull/1087) ### [`v1.8.1`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#​181) - Update to v2.0.0 of `@actions/http-client` ### [`v1.8.0`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#​180) - Deprecate `markdownSummary` extension export in favor of `summary` - [https://github.com/actions/toolkit/pull/1072](https://togithub.com/actions/toolkit/pull/1072) - [https://github.com/actions/toolkit/pull/1073](https://togithub.com/actions/toolkit/pull/1073) ### [`v1.7.0`](https://togithub.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#​170) - [Added `markdownSummary` extension](https://togithub.com/actions/toolkit/pull/1014) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox. --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/carbon-design-system/carbon-for-ibm-dotcom-web-components-template). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzMi4xNjMuMCIsInVwZGF0ZWRJblZlciI6IjMyLjE2My4wIn0=-->
Redmishiaomi
approved these changes
Aug 11, 2024
Nickwittastick23
approved these changes
Oct 29, 2025
chhe
pushed a commit
to chhe/act_runner
that referenced
this pull request
May 1, 2026
](https://renovatebot.com){kind=link}
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@actions/core](https://github.com/actions/toolkit/tree/main/packages/core) ([source](https://github.com/actions/toolkit/tree/HEAD/packages/core)) | [`1.10.0` → `1.11.1`](https://renovatebot.com/diffs/npm/@actions%2fcore/1.10.0/1.11.1) |  |  | --- ### Release Notes <details> <summary>actions/toolkit (@​actions/core)</summary> ### [`v1.11.1`](https://github.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1111) - Fix uses of `crypto.randomUUID` on Node 18 and earlier [#​1842](actions/toolkit#1842) ##### 1.11.0 - Add platform info utilities [#​1551](actions/toolkit#1551) - Remove dependency on `uuid` package [#​1824](actions/toolkit#1824) ##### 1.10.1 - Fix error message reference in oidc utils [#​1511](actions/toolkit#1511) ##### 1.10.0 - `saveState` and `setOutput` now use environment files if available [#​1178](actions/toolkit#1178) - `getMultilineInput` now correctly trims whitespace by default [#​1185](actions/toolkit#1185) ##### 1.9.1 - Randomize delimiter when calling `core.exportVariable` ##### 1.9.0 - Added `toPosixPath`, `toWin32Path` and `toPlatformPath` utilities [#​1102](actions/toolkit#1102) ##### 1.8.2 - Update to v2.0.1 of `@actions/http-client` [#​1087](actions/toolkit#1087) ##### 1.8.1 - Update to v2.0.0 of `@actions/http-client` ##### 1.8.0 - Deprecate `markdownSummary` extension export in favor of `summary` - [#​1072](actions/toolkit#1072) - [#​1073](actions/toolkit#1073) ##### 1.7.0 - [Added `markdownSummary` extension](actions/toolkit#1014) ##### 1.6.0 - [Added OIDC Client function `getIDToken`](actions/toolkit#919) - [Added `file` parameter to `AnnotationProperties`](actions/toolkit#896) ##### 1.5.0 - [Added support for notice annotations and more annotation fields](actions/toolkit#855) ##### 1.4.0 - [Added the `getMultilineInput` function](actions/toolkit#829) ##### 1.3.0 - [Added the trimWhitespace option to getInput](actions/toolkit#802) - [Added the getBooleanInput function](actions/toolkit#725) ##### 1.2.7 - [Prepend newline for set-output](actions/toolkit#772) ##### 1.2.6 - [Update `exportVariable` and `addPath` to use environment files](actions/toolkit#571) ##### 1.2.5 - [Correctly bundle License File with package](actions/toolkit#548) ##### 1.2.4 - [Be more lenient in accepting non-string command inputs](actions/toolkit#405) - [Add Echo commands](actions/toolkit#411) ##### 1.2.3 - [IsDebug logging](README.md#logging) ##### 1.2.2 - [Fix escaping for runner commands](actions/toolkit#302) ##### 1.2.1 - [Remove trailing comma from commands](actions/toolkit#263) - [Add "types" to package.json](actions/toolkit#221) ##### 1.2.0 - saveState and getState functions for wrapper tasks (on finally entry points that run post job) ##### 1.1.3 - setSecret added to register a secret with the runner to be masked from the logs - exportSecret which was not implemented and never worked was removed after clarification from product. ##### 1.1.1 - Add support for action input variables with multiple spaces [#​127](actions/toolkit#127) - Switched ## commands to :: commands (should have no noticeable impact) \[[#​110](https://github.com/actions/toolkit/issues/110))([#​110](https://github.com/actions/toolkit/pull/110)) ##### 1.1.0 - Added helpers for `group` and `endgroup` [#​98](actions/toolkit#98) ##### 1.0.0 - Initial release ### [`v1.11.0`](https://github.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1110) - Add platform info utilities [#​1551](actions/toolkit#1551) - Remove dependency on `uuid` package [#​1824](actions/toolkit#1824) ### [`v1.10.1`](https://github.com/actions/toolkit/blob/HEAD/packages/core/RELEASES.md#1101) - Fix error message reference in oidc utils [#​1511](actions/toolkit#1511) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNTAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjE1MC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Reviewed-on: https://gitea.com/gitea/runner/pulls/880 Reviewed-by: Nicolas <bircni@icloud.com> Co-authored-by: Renovate Bot <renovate-bot@gitea.com> Co-committed-by: Renovate Bot <renovate-bot@gitea.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For consistency, the feature will be called "Job Summary" not "Markdown Summary" so we'll need to rename the core extensions.