buf-lint-action

buf-lint-action copied to clipboard

Bumps [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) from 7.0.2 to 7.8.0. Release notes Sourced from @​typescript-eslint/eslint-plugin's releases. v7.8.0 7.8.0 (2024-04-29) 🚀 Features rule-tester: assert suggestion messages are unique (#8995) typescript-estree: add maximumDefaultProjectFileMatchCount and wide allowDefaultProjectForFiles...

dependabot[bot]

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.11.19 to 20.12.7. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 7.0.2 to 7.8.0. Release notes Sourced from @​typescript-eslint/parser's releases. v7.8.0 7.8.0 (2024-04-29) 🚀 Features rule-tester: assert suggestion messages are unique (#8995) typescript-estree: add maximumDefaultProjectFileMatchCount and wide allowDefaultProjectForFiles...

dependabot[bot]

Bumps [undici](https://github.com/nodejs/undici) from 5.28.3 to 5.28.4. Release notes Sourced from undici's releases. v5.28.4 :warning: Security Release :warning: Fixes https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7 CVE-2024-30260 Fixes https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672 CVE-2024-30261 Full Changelog: https://github.com/nodejs/undici/compare/v5.28.3...v5.28.4 Commits fb98306 Bumped v5.28.4...

dependabot[bot]

Bumps [esbuild](https://github.com/evanw/esbuild) from 0.20.1 to 0.20.2. Release notes Sourced from esbuild's releases. v0.20.2 Support TypeScript experimental decorators on abstract class fields (#3684) With this release, you can now use TypeScript...

dependabot[bot]

Output errors from action

1

It would be good to capture the output from errors in a variable so it can be used to annotate PR's or workflow runs.

petelah

Bumps [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver) from 7.5.7 to 7.5.8. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot]

It's idiomatic to create major version tags so users can use them in their actions reducing code churn to get the latest compatible version e.g. `bufbuild/buf-lint-action@v1` Could you add the...

stevenh

This action seems vulnerable to command injection due to the use of child.execSync on unsanitized user input. See [here](https://nodejs.org/api/child_process.html#child_processexecsynccommand-options) for documentation which says "**Never pass unsanitized user input to this...

djameson42

buf lint trying to lint file that doesn't exist

5

example run: https://github.com/harmony-development/protocol/runs/4670337736?check_suite_focus=true with a configuration like: ``` lint-protos-staging: runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: bufbuild/[email protected] - uses: bufbuild/buf-lint-action@v1 with: input: 'staging' ``` and a file structure like...

sowelipililimute