Merge d86d1a437e into d632683dd7

Prepare 4.2.0 release (#1878 )
* Bump package version to 4.1.8 * Add v4.1.8 changelog * Bump version to `4.2.0`
2025-10-31 13:58:09 +08:00 · 2024-09-26 22:09:13 +05:30 · 2024-09-25 13:51:15 -04:00 · 2024-01-16 08:51:56 +13:00 · 2022-12-13 11:16:31 +13:00
4 changed files with 13 additions and 5 deletions
--- a/.github/workflows/update-main-version.yml
+++ b/.github/workflows/update-main-version.yml
@@ -18,6 +18,9 @@ on:
 jobs:
  tag:
    runs-on: ubuntu-latest
+    env:
+      TARGET: ${{ github.event.inputs.target }}
+      MAIN_VERSION: ${{ github.event.inputs.major_version }}
    steps:
    # Note this update workflow can also be used as a rollback tool.
    # For that reason, it's best to pin `actions/checkout` to a known, stable version
@@ -30,6 +33,6 @@ jobs:
        git config user.name "github-actions[bot]"
        git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
    - name: Tag new target
-      run: git tag -f ${{ github.event.inputs.major_version }} ${{ github.event.inputs.target }}
+      run: git tag -f "$MAIN_VERSION" "$TARGET"
    - name: Push new tag
-      run: git push origin ${{ github.event.inputs.major_version }} --force
+      run: git push origin "$MAIN_VERSION" --force
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog

+## v4.2.0
+
+* Add Ref and Commit outputs by @lucacome in https://github.com/actions/checkout/pull/1180
+* Dependency updates by @dependabot- https://github.com/actions/checkout/pull/1777, https://github.com/actions/checkout/pull/1872
+
 ## v4.1.7
 * Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in https://github.com/actions/checkout/pull/1739
 * Bump actions/checkout from 3 to 4 by @dependabot in https://github.com/actions/checkout/pull/1697
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "checkout",
-  "version": "4.1.7",
+  "version": "4.2.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "checkout",
-      "version": "4.1.7",
+      "version": "4.2.0",
      "license": "MIT",
      "dependencies": {
        "@actions/core": "^1.10.1",
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "checkout",
-  "version": "4.1.7",
+  "version": "4.2.0",
  "description": "checkout action",
  "main": "lib/main.js",
  "scripts": {
Author	SHA1	Message	Date
Y. Meyer-Norwood	d3fe023418	Merge `d86d1a437e` into `d632683dd7`	2024-09-26 22:09:13 +05:30
Josh Gross	d632683dd7	Prepare 4.2.0 release (#1878 ) * Bump package version to 4.1.8 * Add v4.1.8 changelog * Bump version to `4.2.0`	2024-09-25 13:51:15 -04:00
Y. Meyer-Norwood	d86d1a437e	Merge branch 'main' into patch-1	2024-01-16 08:51:56 +13:00
Y. Meyer-Norwood	fe77b196f4	Prevent Script Injection Attack The user provided inputs here are vulnerable to script injection. This PR uses an intermediary environment variable to treat the input as a string, rather than as part of the command. See: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable	2022-12-13 11:16:31 +13:00