Releases: cloudposse/github-action-atmos-affected-stacks
v6.10.0
fix(security): eliminate script injection vulnerabilities in action.yml @[copilot-swe-agent[bot]](https://github.com/apps/copilot-swe-agent) (#85)
- [x] Identify security vulnerabilities in action.yml - [x] Fix script injection via unquoted `${{ inputs.atmos-config-path }}` in `realpath` call — use `ATMOS_CONFIG_PATH` env var and quote it - [x] Fix script injection via unquoted `${{ inputs.base-ref }}` in `git checkout` call — use `BASE_REF`/`SKIP_CHECKOUT` env vars and bash array - [x] Fix script injection via direct `${{ inputs.* }}` embedding in shell — all inputs now passed as env vars - [x] Replace `eval` with bash arrays for safe atmos command execution — eliminated `eval` entirely - [x] Remove the now-unnecessary `affected-args` intermediate step - [x] DRY up repeated args-building logic: extract common args into a dedicated step writing to `${RUNNER_TEMP}/atmos-affected-args`; both execution steps read it with `mapfile`🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.
v6.9.0
ci(renovate): use config:best-practices @nitrocode (#67)
## what - use config:best-practiceswhy
- In light of tj-actions, it's best to pin shas for github actions. Renovate has this out of the box with its best practices which contains
helpers:pinGitHubActionDigests
references
Contributors
Assets 2
v6.8.0
chore(deps): update hashicorp/setup-terraform action to v4 @[renovate[bot]](https://github.com/apps/renovate) (#82)
This PR contains the following updates:| Package | Type | Update | Change |
|---|---|---|---|
| hashicorp/setup-terraform | action | major | v3 → v4 |
Release Notes
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
chore(deps): update actions/checkout action to v6 @[renovate[bot]](https://github.com/apps/renovate) (#80)
This PR contains the following updates:| Package | Type | Update | Change |
|---|---|---|---|
| actions/checkout | action | major | v4 → v6 |
Release Notes
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- If you want to rebase/retry this PR, check this box
This PR was generated by Mend Renovate. View the repository job log.
chore(deps): update dependency node to v24 @[renovate[bot]](https://github.com/apps/renovate) (#77)
This PR contains the following updates:| Package | Type | Update | Change |
|---|---|---|---|
| node | uses-with | major | 20 → 24 |
Release Notes
actions/node-versions (node)
v24.14.0: 24.14.0
Node.js 24.14.0
v24.13.1: 24.13.1
Node.js 24.13.1
v24.13.0: 24.13.0
Node.js 24.13.0
v24.12.0: 24.12.0
Node.js 24.12.0
v24.11.1: 24.11.1
Node.js 24.11.1
v24.11.0: 24.11.0
Node.js 24.11.0
v24.10.0: 24.10.0
Node.js 24.10.0
v24.9.0: 24.9.0
Node.js 24.9.0
v24.8.0: 24.8.0
Node.js 24.8.0
v24.7.0: 24.7.0
Node.js 24.7.0
v24.6.0: 24.6.0
Node.js 24.6.0
v24.5.0: 24.5.0
Node.js 24.5.0
v24.4.1: 24.4.1
Node.js 24.4.1
v24.4.0: 24.4.0
Node.js 24.4.0
v24.3.0: 24.3.0
Node.js 24.3.0
v24.2.0: 24.2.0
Node.js 24.2.0
v24.1.0: 24.1.0
Node.js 24.1.0
v24.0.2: 24.0.2
Node.js 24.0.2
v24.0.1: 24.0.1
Node.js 24.0.1
v24.0.0: 24.0.0
Node.js 24.0.0
v22.22.1: 22.22.1
Node.js 22.22.1
v22.22.0: 22.22.0
Node.js 22.22.0
v22.21.1: 22.21.1
Node.js 22.21.1
v22.21.0: 22.21.0
Node.js 22.21.0
v22.20.0: 22.20.0
Node.js 22.20.0
v22.19.0: 22.19.0
Node.js 22.19.0
v22.18.0: 22.18.0
[Compare Source](https://redirect.github.com/actions/node-versions/compare/22.17.1-163097707...
v6.7.0
fix: Pass Command Args to Atmos Pro @milldr (#79)
## what - Pass the same args to the affected stacks for atmos describe affected with pro enabledwhy
- We need to enable some of the same args for pro, but we only had these as options for without pro. We want to have the same options in either use case
references
- .
Contributors
Assets 2
v6.6.2
v6.6.1
Contributors
Assets 2
v6.6.0
v6.5.0
Add skip-checkout to base-ref @jamengual (#66)
This pull request includes changes to the `action.yml` file to improve the flexibility and functionality of the GitHub Action configuration. The most important changes include updating the `skip-checkout` input description and default value, modifying the `runs` section to conditionally skip the checkout step, and refining the checkout command for the base ref.Improvements to input descriptions and defaults:
action.yml: Updated theskip-checkoutinput description to include both head-ref and base-ref. Changed the default value ofskip-checkoutfrom single to double quotes for consistency.
Enhancements to the runs section:
action.yml: Added a conditional statement to theactions/checkout@v4step to skip the checkout ifskip-checkoutis set to 'true'.action.yml: Refined the checkout command for the base ref to conditionally force the checkout based on theskip-checkoutinput.
Other changes:
action.yml: Removed an unnecessary blank line in theoutputssection.
