Updated to pin dependent actions with full sha

.github/workflows/sec-auto-merge.yml

@@ -1,33 +0,0 @@
-name: Auto merge and fix conflicts
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  automerge-sec:
-    runs-on: ubuntu-latest
-    name: Auto merge and fix merge conflicts
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          persist-credentials: false
-
-      - name: Fix merge conflicts
-        run: |
-          git config --local user.email "github-actions[bot]@users.noreply.github.com"
-          git config --local user.name "github-actions[bot]"
-          
-          git checkout sec
-          
-          git merge --no-edit --no-ff --strategy-option=ours main
-
-      - name: Push changes
-        uses: ad-m/github-push-action@master
-        continue-on-error: true
-        with:
-          github_token: ${{ secrets.PAT_TOKEN }}
-          branch: sec

.github/workflows/submodule-sync.yml

@@ -19,7 +19,7 @@ jobs:
           git submodule update --remote --recursive
       
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4.2.4
+        uses: peter-evans/create-pull-request@v4.2.3
         with:
           title: "Updated submodule"
           labels: "merge when passing"

.github/workflows/sync-release-version.yml

@@ -5,31 +5,6 @@ on:
 
 
 jobs:
-  create-sec-tag:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-          ref: sec
-      - name: Get branch name
-        id: branch-name
-        uses: tj-actions/branch-names@v6
-
-      - name: Generate new tag
-        id: generate-tag
-        run: |
-          git config --local user.email "github-actions[bot]@users.noreply.github.com"
-          git config --local user.name "github-actions[bot]"
-          git tag -a ${{ steps.branch-name.outputs.tag }}-sec -m "Security release for ${{ steps.branch-name.outputs.tag }}"
-
-      - name: Push tag
-        uses: ad-m/github-push-action@master
-        with:
-          tags: true
-          github_token: ${{ secrets.PAT_TOKEN }}
-          branch: sec
-
   update-version:
     runs-on: ubuntu-latest
     steps:
@@ -51,7 +26,7 @@ jobs:
         with:
           output: 'HISTORY.md'
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4.2.4
+        uses: peter-evans/create-pull-request@v4.2.3
         with:
           base: "main"
           labels: "merge when passing"

.github/workflows/update-readme.yml

@@ -20,7 +20,7 @@ jobs:
         uses: tj-actions/remark@v3
 
       - name: Verify Changed files
-        uses: tj-actions/verify-changed-files@v14
+        uses: tj-actions/verify-changed-files@v13
         id: verify_changed_files
         with:
           files: |

HISTORY.md

@@ -1,74 +1,21 @@
 # Changelog
 
-## [v35.7.6-sec](https://github.com/tj-actions/changed-files/tree/v35.7.6-sec) (2023-03-22)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35.7.6...v35.7.6-sec)
-
-## [v35.7.6](https://github.com/tj-actions/changed-files/tree/v35.7.6) (2023-03-22)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35...v35.7.6)
-
-## [v35](https://github.com/tj-actions/changed-files/tree/v35) (2023-03-22)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35.7.5...v35)
-
-## [v35.7.5](https://github.com/tj-actions/changed-files/tree/v35.7.5) (2023-03-22)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35.7.4...v35.7.5)
-
-## [v35.7.4](https://github.com/tj-actions/changed-files/tree/v35.7.4) (2023-03-22)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35.7.3...v35.7.4)
-
-## [v35.7.3](https://github.com/tj-actions/changed-files/tree/v35.7.3) (2023-03-22)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35.7.2...v35.7.3)
-
-**Fixed bugs:**
-
-- \[BUG\] all\_old\_new\_renamed\_files Gets all files renamed files from history [\#1030](https://github.com/tj-actions/changed-files/issues/1030)
-
-**Closed issues:**
-
-- Dependency Dashboard [\#27](https://github.com/tj-actions/changed-files/issues/27)
-
-**Merged pull requests:**
-
-- chore: add create sec tag job [\#1042](https://github.com/tj-actions/changed-files/pull/1042) ([jackton1](https://github.com/jackton1))
-- chore: update sec-auto-merge.yml [\#1041](https://github.com/tj-actions/changed-files/pull/1041) ([jackton1](https://github.com/jackton1))
-- fix: bug with returning old and new rename files [\#1040](https://github.com/tj-actions/changed-files/pull/1040) ([jackton1](https://github.com/jackton1))
-- chore\(deps\): update tj-actions/json2file action to v1.4.0 \(main\) [\#1038](https://github.com/tj-actions/changed-files/pull/1038) ([renovate[bot]](https://github.com/apps/renovate))
-- chore: add sec auto merge action [\#1037](https://github.com/tj-actions/changed-files/pull/1037) ([jackton1](https://github.com/jackton1))
-- chore\(deps\): update tj-actions/verify-changed-files action to v14 \(main\) [\#1034](https://github.com/tj-actions/changed-files/pull/1034) ([renovate[bot]](https://github.com/apps/renovate))
-- Upgraded to v35.7.2 [\#1033](https://github.com/tj-actions/changed-files/pull/1033) ([jackton1](https://github.com/jackton1))
-
-## [v35.7.2](https://github.com/tj-actions/changed-files/tree/v35.7.2) (2023-03-17)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35.7.1-sec...v35.7.2)
-
-**Merged pull requests:**
-
-- Bump tj-actions/glob from 16.11 to 16.12 [\#1032](https://github.com/tj-actions/changed-files/pull/1032) ([dependabot[bot]](https://github.com/apps/dependabot))
-- chore: update README.md [\#1031](https://github.com/tj-actions/changed-files/pull/1031) ([jackton1](https://github.com/jackton1))
-- chore\(deps\): update peter-evans/create-pull-request action to v4.2.4 [\#1028](https://github.com/tj-actions/changed-files/pull/1028) ([renovate[bot]](https://github.com/apps/renovate))
-- Upgraded to v35.7.1 [\#1027](https://github.com/tj-actions/changed-files/pull/1027) ([jackton1](https://github.com/jackton1))
-
-## [v35.7.1-sec](https://github.com/tj-actions/changed-files/tree/v35.7.1-sec) (2023-03-14)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35-sec...v35.7.1-sec)
-
-## [v35-sec](https://github.com/tj-actions/changed-files/tree/v35-sec) (2023-03-14)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35.7.1...v35-sec)
-
 ## [v35.7.1](https://github.com/tj-actions/changed-files/tree/v35.7.1) (2023-03-14)
 
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35.7.0-sec...v35.7.1)
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35...v35.7.1)
+
+## [v35](https://github.com/tj-actions/changed-files/tree/v35) (2023-03-14)
+
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35.7.0-sec...v35)
 
 **Fixed bugs:**
 
 - \[BUG\] Error in GitHub Action dependencies tj-actions/glob and tj-actions/json2file [\#1023](https://github.com/tj-actions/changed-files/issues/1023)
 
+**Closed issues:**
+
+- Dependency Dashboard [\#27](https://github.com/tj-actions/changed-files/issues/27)
+
 **Merged pull requests:**
 
 - Updated README.md [\#1026](https://github.com/tj-actions/changed-files/pull/1026) ([jackton1](https://github.com/jackton1))
@@ -77,7 +24,11 @@
 
 ## [v35.7.0-sec](https://github.com/tj-actions/changed-files/tree/v35.7.0-sec) (2023-03-13)
 
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35.7.0...v35.7.0-sec)
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35-sec...v35.7.0-sec)
+
+## [v35-sec](https://github.com/tj-actions/changed-files/tree/v35-sec) (2023-03-13)
+
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v35.7.0...v35-sec)
 
 **Implemented enhancements:**
 
@@ -937,7 +888,7 @@
 
 ## [v34.0.0](https://github.com/tj-actions/changed-files/tree/v34.0.0) (2022-10-25)
 
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v33.0.0...v34.0.0)
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v33...v34.0.0)
 
 **Fixed bugs:**
 
@@ -950,13 +901,13 @@
 - feat: add support for fetching more history [\#709](https://github.com/tj-actions/changed-files/pull/709) ([jackton1](https://github.com/jackton1))
 - Upgraded to v33.0.0 [\#707](https://github.com/tj-actions/changed-files/pull/707) ([jackton1](https://github.com/jackton1))
 
-## [v33.0.0](https://github.com/tj-actions/changed-files/tree/v33.0.0) (2022-10-21)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v33...v33.0.0)
-
 ## [v33](https://github.com/tj-actions/changed-files/tree/v33) (2022-10-21)
 
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v32.1.2...v33)
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v33.0.0...v33)
+
+## [v33.0.0](https://github.com/tj-actions/changed-files/tree/v33.0.0) (2022-10-21)
+
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v32.1.2...v33.0.0)
 
 **Closed issues:**
 
@@ -1037,7 +988,7 @@
 
 ## [v32.0.0](https://github.com/tj-actions/changed-files/tree/v32.0.0) (2022-10-06)
 
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v31...v32.0.0)
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v31.0.3...v32.0.0)
 
 **Merged pull requests:**
 
@@ -1048,13 +999,13 @@
 - chore\(deps\): update actions/checkout action to v3.1.0 [\#669](https://github.com/tj-actions/changed-files/pull/669) ([renovate[bot]](https://github.com/apps/renovate))
 - Upgraded to v31.0.3 [\#667](https://github.com/tj-actions/changed-files/pull/667) ([jackton1](https://github.com/jackton1))
 
-## [v31](https://github.com/tj-actions/changed-files/tree/v31) (2022-10-02)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v31.0.3...v31)
-
 ## [v31.0.3](https://github.com/tj-actions/changed-files/tree/v31.0.3) (2022-10-02)
 
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v31.0.2...v31.0.3)
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v31...v31.0.3)
+
+## [v31](https://github.com/tj-actions/changed-files/tree/v31) (2022-10-02)
+
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v31.0.2...v31)
 
 **Fixed bugs:**
 
@@ -1994,7 +1945,7 @@
 
 ## [v13](https://github.com/tj-actions/changed-files/tree/v13) (2022-02-17)
 
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v2.0.1...v13)
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v12.2...v13)
 
 **Implemented enhancements:**
 
@@ -2013,13 +1964,13 @@
 - \[BUG\] wrong result of any\_change output [\#314](https://github.com/tj-actions/changed-files/issues/314)
 - \[BUG\] Investigate possible bug using since\_last\_remote\_commit when force pushing changes. [\#303](https://github.com/tj-actions/changed-files/issues/303)
 
-## [v2.0.1](https://github.com/tj-actions/changed-files/tree/v2.0.1) (2021-12-30)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v12.2...v2.0.1)
-
 ## [v12.2](https://github.com/tj-actions/changed-files/tree/v12.2) (2021-12-30)
 
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v12.1...v12.2)
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v2.0.1...v12.2)
+
+## [v2.0.1](https://github.com/tj-actions/changed-files/tree/v2.0.1) (2021-12-30)
+
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v12.1...v2.0.1)
 
 **Merged pull requests:**
 
@@ -2173,7 +2124,7 @@
 
 ## [v1.2.1](https://github.com/tj-actions/changed-files/tree/v1.2.1) (2021-11-08)
 
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v1.2.0...v1.2.1)
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v11.5...v1.2.1)
 
 **Implemented enhancements:**
 
@@ -2187,13 +2138,13 @@
 - Update actions/checkout action to v2.4.0 [\#243](https://github.com/tj-actions/changed-files/pull/243) ([renovate[bot]](https://github.com/apps/renovate))
 - Upgraded to v11.5 [\#241](https://github.com/tj-actions/changed-files/pull/241) ([jackton1](https://github.com/jackton1))
 
-## [v1.2.0](https://github.com/tj-actions/changed-files/tree/v1.2.0) (2021-10-30)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v11.5...v1.2.0)
-
 ## [v11.5](https://github.com/tj-actions/changed-files/tree/v11.5) (2021-10-30)
 
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v11.4...v11.5)
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v1.2.0...v11.5)
+
+## [v1.2.0](https://github.com/tj-actions/changed-files/tree/v1.2.0) (2021-10-30)
+
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v11.4...v1.2.0)
 
 **Merged pull requests:**
 
@@ -2578,7 +2529,7 @@
 
 ## [v7](https://github.com/tj-actions/changed-files/tree/v7) (2021-06-09)
 
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v6.3...v7)
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v6...v7)
 
 **Closed issues:**
 
@@ -2594,13 +2545,13 @@
 - Update tj-actions/sync-release-version action to v8.7 [\#86](https://github.com/tj-actions/changed-files/pull/86) ([renovate[bot]](https://github.com/apps/renovate))
 - Upgraded to v6.3 [\#85](https://github.com/tj-actions/changed-files/pull/85) ([jackton1](https://github.com/jackton1))
 
-## [v6.3](https://github.com/tj-actions/changed-files/tree/v6.3) (2021-05-26)
-
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v6...v6.3)
-
 ## [v6](https://github.com/tj-actions/changed-files/tree/v6) (2021-05-26)
 
-[Full Changelog](https://github.com/tj-actions/changed-files/compare/v6.2...v6)
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v6.3...v6)
+
+## [v6.3](https://github.com/tj-actions/changed-files/tree/v6.3) (2021-05-26)
+
+[Full Changelog](https://github.com/tj-actions/changed-files/compare/v6.2...v6.3)
 
 **Merged pull requests:**
 

README.md

@@ -15,7 +15,7 @@
 
 ## changed-files
 
-Retrieve all changed files and directories relative to a target branch, preceeding commit or the last remote commit returning a **relative paths** from the project root.
+Retrieve all changed files and directories relative to the target branch or the last remote commit returning a **relative path** from the project root.
 
 ## Table of contents
 
@@ -63,7 +63,7 @@ Retrieve all changed files and directories relative to a target branch, preceedi
 >
 > *   **IMPORTANT:** For `push` events you need to include `fetch-depth: 0` **OR** `fetch-depth: 2` depending on your use case.
 > *   For monorepos where pulling all the branch history might not be desired, you can omit `fetch-depth` for `pull_request` events.
-> *   For files located in a sub-directory ensure that the pattern specified contains `**/` (globstar) to match any preceding directories or explicitly pass the full path relative to the project root. See: [Pattern Gotcha](https://github.com/tj-actions/glob#pattern-gotcha).
+> *   For files located in a sub-directory ensure that the pattern specified contains `**/` (globstar) to match any preceding directories or explicitly pass the full path relative to the project root. See: [#314](https://github.com/tj-actions/changed-files/issues/314).
 > *   All multiline inputs should not use double or single quotes since the value is already a string seperated by a newline character. See [Examples](#examples) for more information.
 > *   Ensure that `persist-credentials` is set to `true` when configuring `actions/checkout` if `fetch-depth` isn't set to `0`.
 
@@ -120,19 +120,18 @@ jobs:
           echo "List all the files that have changed: ${{ steps.changed-files-specific.outputs.all_changed_files }}"
       
       # Example 3
-      - name: Get all changed *.js file(s) or any file in the static folder excluding the docs folder
+      - name: Get changed js files excluding the docs folder
         id: changed-files-excluded
         uses: tj-actions/changed-files@v35
         with:
           files: |
             **/*.js
-            static
-          files_ignore: docs
+          files_ignore: docs/** # Alternatively using: `docs`
 
-      - name: Run step if any *.js file(s) or any file in the static folder change
+      - name: Run step if any other js file(s) change
         if: steps.changed-files-excluded.outputs.any_changed == 'true'
         run: |
-          echo "One or more *.js file(s) or any file in the static folder but not in the doc folder has changed."
+          echo "One or more js files not in the doc folder has changed."
           echo "List all the files that have changed: ${{ steps.changed-files-excluded.outputs.all_changed_files }}"
 ```
 
@@ -234,9 +233,7 @@ In addition to the standard versioning scheme, this action also uses the `v[majo
 The format of the version string is as follows:
 
 major: is a major release number that indicates significant changes or new features that may not be backward compatible.
-
 minor: is a minor release number that indicates minor changes or new features that are backward compatible.
-
 patch : is a patch release number that indicates bug fixes or other small changes that are backward compatible.
 
 `-sec` is a suffix that indicates a security-hardened version that implements additional security measures.
@@ -318,28 +315,6 @@ See [outputs](#outputs) for a list of all available outputs.
 
 </details>
 
-<details>
-<summary>Get all changed files and write the outputs to a txt file</summary>
-
-```yaml
-...
-
-   - name: Get changed files and write the outputs to a txt file
-     id: changed-files-write-output-files-txt
-     uses: ./
-     with:
-       write_output_files: true
-
-    - name: Verify the contents of the .github/outputs/added_files.txt file
-      run: |
-        cat .github/outputs/added_files.txt
-...
-```
-
-See [action.yml](action.yml#L264) for a list of all available keys.
-
-</details>
-
 <details>
 <summary>Get all changed files and write the outputs to a json file</summary>
 
@@ -353,9 +328,31 @@ See [action.yml](action.yml#L264) for a list of all available keys.
        json: true
        write_output_files: true
 
-    - name: Verify the contents of the .github/outputs/added_files.json file
+    - name: Verify the contents of the .github/added_files.json file
       run: |
-        cat .github/outputs/added_files.json
+        cat .github/added_files.json
+...
+```
+
+See [action.yml](action.yml#L264) for a list of all available keys.
+
+</details>
+
+<details>
+<summary>Get all changed files and write the outputs to a txt file</summary>
+
+```yaml
+...
+
+   - name: Get changed files and write the outputs to a txt file
+     id: changed-files-write-output-files-txt
+     uses: ./
+     with:
+       write_output_files: true
+
+    - name: Verify the contents of the .github/added_files.txt file
+      run: |
+        cat .github/added_files.txt
 ...
 ```
 

action.yml

@@ -208,7 +208,7 @@ runs:
         INPUT_FETCH_DEPTH: ${{ inputs.fetch_depth }}
         INPUT_SINCE_LAST_REMOTE_COMMIT: ${{ inputs.since_last_remote_commit }}
     - name: Glob match
-      uses: tj-actions/glob@v16.13
+      uses: tj-actions/glob@cebfb084cdf62d72c5318b1b3595ac5a45ed022f # renovate: tag=v16.11
       id: glob
       with:
         files: ${{ inputs.files }}
@@ -255,7 +255,7 @@ runs:
         INPUT_HAS_CUSTOM_PATTERNS: ${{ steps.glob.outputs.has-custom-patterns }}
         INPUT_JSON_RAW_FORMAT: ${{ inputs.json_raw_format }}
     - name: Generate output files
-      uses: tj-actions/json2file@v1.4.0
+      uses: tj-actions/json2file@ee0fd2ce53e57fa50da61615cd644018eaf3ab6c # renovate: tag=v1.3.0
       if: inputs.write_output_files == 'true'
       with:
         outputs: ${{ toJSON(steps.changed-files.outputs) }}

get-changed-paths.sh

@@ -126,7 +126,7 @@ function get_renames() {
       (
         cd "$sub" && (
           # the strange magic number is a hardcoded "empty tree" commit sha
-          git log --name-status --ignore-submodules=all "${sub_commit_pre:-4b825dc642cb6eb9a060e54bf8d69288fbee4904}".."${sub_commit_cur}" | { grep -E "^R" || true; } | awk -F '\t' -v d="$INPUT_OLD_NEW_SEPARATOR" '{print $2d$3}' | awk -v r="$sub" '{ print "" r "/" $0}'
+          git log --name-status --ignore-submodules=all "${sub_commit_pre:-4b825dc642cb6eb9a060e54bf8d69288fbee4904}" "${sub_commit_cur}" | { grep -E "^R" || true; } | awk -F '\t' -v d="$INPUT_OLD_NEW_SEPARATOR" '{print $2d$3}' | awk -v r="$sub" '{ print "" r "/" $0}'
         )
       ) || {
         echo "::warning::Failed to get renamed files for submodule ($sub) between: ${sub_commit_pre:-4b825dc642cb6eb9a060e54bf8d69288fbee4904} ${sub_commit_cur}. Please ensure that submodules are initialized and up to date. See: https://github.com/actions/checkout#usage" >&2
@@ -134,7 +134,7 @@ function get_renames() {
     fi
   done < <(git submodule | awk '{print $2}')
 
-  git log --name-status --ignore-submodules=all "$base".."$sha" | { grep -E "^R" || true; } | awk -F '\t' -v d="$INPUT_OLD_NEW_SEPARATOR" '{print $2d$3}' && exit_status=$? || exit_status=$?
+  git log --name-status --ignore-submodules=all "$base" "$sha" | { grep -E "^R" || true; } | awk -F '\t' -v d="$INPUT_OLD_NEW_SEPARATOR" '{print $2d$3}' && exit_status=$? || exit_status=$?
 
   if [[ $exit_status -ne 0 ]]; then
     echo "::error::Failed to get renamed files between: $base → $sha" >&2

renovate.json

@@ -20,7 +20,6 @@
     "enabled": true,
     "automerge": true
   },
-  "baseBranches": ["main", "sec"],
   "packageRules": [
     {
       "matchUpdateTypes": ["minor", "patch", "pin", "digest"],