@actions/core
Advanced tools
Comparing version 1.9.0 to 1.9.1
@@ -37,2 +37,3 @@ "use strict"; | ||
const path = __importStar(require("path")); | ||
const uuid_1 = require("uuid"); | ||
const oidc_utils_1 = require("./oidc-utils"); | ||
@@ -67,3 +68,10 @@ /** | ||
if (filePath) { | ||
const delimiter = '_GitHubActionsFileCommandDelimeter_'; | ||
const delimiter = `ghadelimiter_${uuid_1.v4()}`; | ||
// These should realistically never happen, but just in case someone finds a way to exploit uuid generation let's not allow keys or values that contain the delimiter. | ||
if (name.includes(delimiter)) { | ||
throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`); | ||
} | ||
if (convertedVal.includes(delimiter)) { | ||
throw new Error(`Unexpected input: value should not contain the delimiter "${delimiter}"`); | ||
} | ||
const commandValue = `${name}<<${delimiter}${os.EOL}${convertedVal}${os.EOL}${delimiter}`; | ||
@@ -70,0 +78,0 @@ file_command_1.issueCommand('ENV', commandValue); |
{ | ||
"name": "@actions/core", | ||
"version": "1.9.0", | ||
"version": "1.9.1", | ||
"description": "Actions core lib", | ||
@@ -39,7 +39,9 @@ "keywords": [ | ||
"dependencies": { | ||
"@actions/http-client": "^2.0.1" | ||
"@actions/http-client": "^2.0.1", | ||
"uuid": "^8.3.2" | ||
}, | ||
"devDependencies": { | ||
"@types/node": "^12.0.2" | ||
"@types/node": "^12.0.2", | ||
"@types/uuid": "^8.3.4" | ||
} | ||
} |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
76612
1385
2
2
+ Addeduuid@^8.3.2
+ Addeduuid@8.3.2(transitive)