fix: permission with release workflow (#1851)

Co-authored-by: jackton1 <jackton1@users.noreply.github.com>

.all-contributorsrc

@@ -197,6 +197,17 @@
         "bug",
         "code"
       ]
+    },
+    {
+      "login": "rodrigorfk",
+      "name": "Rodrigo Fior Kuntzer",
+      "avatar_url": "https://avatars.githubusercontent.com/u/1995033?v=4",
+      "profile": "https://github.com/rodrigorfk",
+      "contributions": [
+        "code",
+        "test",
+        "bug"
+      ]
     }
   ],
   "contributorsPerLine": 7,

.github/workflows/auto-approve.yml

@@ -1,33 +0,0 @@
-name: Auto approve
-
-on:
-  pull_request_target
-
-
-jobs:
-  auto-approve:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: hmarr/auto-approve-action@v3
-        if: |
-          (
-            github.event.pull_request.user.login == 'dependabot[bot]' ||
-            github.event.pull_request.user.login == 'dependabot' ||
-            github.event.pull_request.user.login == 'dependabot-preview[bot]' ||
-            github.event.pull_request.user.login == 'dependabot-preview' ||
-            github.event.pull_request.user.login == 'renovate[bot]' ||
-            github.event.pull_request.user.login == 'renovate' ||
-            github.event.pull_request.user.login == 'github-actions[bot]'
-          )
-            &&
-          (
-            github.actor == 'dependabot[bot]' ||
-            github.actor == 'dependabot' ||
-            github.actor == 'dependabot-preview[bot]' ||
-            github.actor == 'dependabot-preview' ||
-            github.actor == 'renovate[bot]' ||
-            github.actor == 'renovate' ||
-            github.actor == 'github-actions[bot]'
-          )
-        with:
-          github-token: ${{ secrets.PAT_TOKEN }}

.github/workflows/codacy-analysis.yml

@@ -17,6 +17,11 @@ on:
   schedule:
     - cron: '15 16 * * 2'
 
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
 jobs:
   codacy-security-scan:
     # Cancel other workflows that are running for the same branch
@@ -51,6 +56,6 @@ jobs:
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
         continue-on-error: true
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif

.github/workflows/codeql.yml

@@ -20,6 +20,11 @@ on:
   schedule:
     - cron: '44 20 * * 0'
 
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
 jobs:
   analyze:
     name: Analyze
@@ -42,7 +47,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -56,7 +61,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -69,6 +74,6 @@ jobs:
     #   ./location_of_script_within_repo/buildscript.sh
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/greetings.yml

@@ -1,14 +0,0 @@
-name: Greetings
-
-on: [pull_request_target, issues]
-
-jobs:
-  greeting:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/first-interaction@v1
-        continue-on-error: true
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-          issue-message: "Thanks for reporting this issue, don't forget to star this project if you haven't already to help us reach a wider audience."
-          pr-message: "Thanks for implementing a fix, could you ensure that the test covers your changes if applicable."

.github/workflows/issue-comment-test.yml

@@ -1,4 +1,8 @@
 name: Issue Comment Test
+
+permissions:
+   contents: read
+
 on:
   issue_comment:
 

.github/workflows/manual-test.yml

@@ -1,5 +1,8 @@
 name: Manual Test
 
+permissions:
+   contents: read
+
 on:
   workflow_dispatch:
 

.github/workflows/matrix-test.yml

@@ -1,5 +1,8 @@
 name: Matrix Test
 
+permissions:
+   contents: read
+
 on:
   workflow_dispatch:
   pull_request:
@@ -22,7 +25,6 @@ jobs:
         uses: ./
         with:
           json: true
-          quotepath: false
           escape_json: false
       - name: List all changed files
         run: echo '${{ steps.changed-files.outputs.all_changed_files }}'

.github/workflows/multi-job-test.yml

@@ -0,0 +1,67 @@
+name: Multi Job Test
+
+permissions:
+   contents: read
+
+on:
+  push:
+    branches:
+      - "**"
+  pull_request:
+    branches:
+      - "**"
+
+jobs:
+  changed-files:
+    name: Get changed files
+    runs-on: ubuntu-latest
+    outputs:
+      all_changed_files: ${{ steps.changed-files.outputs.all_changed_files }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Get changed files
+        id: changed-files
+        uses: ./
+      - name: List all changed files
+        run: echo '${{ steps.changed-files.outputs.all_changed_files }}'
+  
+  view-changed-files:
+    name: View all changed files
+    runs-on: ubuntu-latest
+    needs: [changed-files]
+    steps:
+      - name: List all changed files
+        run: |
+          echo '${{ needs.changed-files.outputs.all_changed_files }}'
+          
+
+  changed-files-rest-api:
+    name: Get changed files using REST API
+    runs-on: ubuntu-latest
+    outputs:
+      all_changed_files: ${{ steps.changed-files.outputs.all_changed_files }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Get changed files
+        id: changed-files
+        continue-on-error: ${{ github.event_name == 'push' }}
+        uses: ./
+        with:
+          use_rest_api: true
+      - name: List all changed files
+        run: echo '${{ steps.changed-files.outputs.all_changed_files }}'
+
+  view-changed-files-rest-api:
+    name: View all changed files using REST API
+    runs-on: ubuntu-latest
+    needs: [changed-files-rest-api]
+    steps:
+      - name: List all changed files
+        run: |
+          echo '${{ needs.changed-files-rest-api.outputs.all_changed_files }}'

.github/workflows/sync-release-version.yml

@@ -1,4 +1,9 @@
-name: Update release version.
+name: Update release version
+
+permissions:
+   contents: write
+   pull-requests: write
+
 on:
   release:
     types: [published]

.github/workflows/test.yml

@@ -1,12 +1,13 @@
 name: CI
 
+permissions:
+  contents: read
+  pull-requests: write
+
 on:
   push:
     branches:
       - "**"
-  pull_request_review:
-     types: [edited, dismissed, submitted]
-  pull_request_target:
   pull_request:
     types:
       - assigned
@@ -27,20 +28,9 @@ on:
       - auto_merge_enabled
       - auto_merge_disabled
     branches:
-      - main
-
+      - "**"
 
 jobs:
-  shellcheck:
-    name: Run shellcheck
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout branch
-        uses: actions/checkout@v4
-      - name: shellcheck
-        uses: reviewdog/action-shellcheck@v1.19
-
   build:
     runs-on: ubuntu-latest
     outputs:
@@ -53,7 +43,7 @@ jobs:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
 
       - name: Use Node.js 20.x
-        uses: actions/setup-node@v4.0.0
+        uses: actions/setup-node@v4.0.1
         with:
           cache: 'yarn'
           node-version: '20.x'
@@ -80,7 +70,7 @@ jobs:
           yarn all
 
       - name: Verify Changed files
-        uses: tj-actions/verify-changed-files@v16
+        uses: tj-actions/verify-changed-files@v17
         id: changed_files
         with:
           files: |
@@ -655,6 +645,29 @@ jobs:
         shell:
           bash
 
+      - name: Run changed-files with files_yaml, json and write_output_files
+        id: changed-files-json-write-output-files
+        uses: ./
+        with:
+          files_yaml: |
+            test:
+              - .github/workflows/test.yml
+          json: true
+          write_output_files: true
+
+      - name: Show all outputs
+        run: |
+          echo "${{ toJSON(steps.changed-files-json-write-output-files.outputs) }}"
+        shell:
+          bash
+
+      - name: Show all_changed_files output and list .github/outputs
+        run: |
+          echo '${{ toJSON(steps.changed-files-json-write-output-files.outputs.test_all_changed_files) }}'
+          cat .github/outputs/test_all_changed_files.json
+        shell:
+          bash
+
   test-recover-deleted-file:
     name: Test changed-files recover deleted file
     runs-on: ubuntu-latest
@@ -815,6 +828,36 @@ jobs:
             cat "deleted_files/test/test deleted.txt"
           fi
 
+      - name: Run changed-files with recover_deleted_files for an expected git submodule file
+        id: changed-files-recover-deleted-files-within-submodule
+        uses: ./
+        with:
+          base_sha: "3be651e99d3d4eae395694f6c6f3b9d18457f6c8"
+          sha: "d90c240f2ad4ec04d8f0f48e5ac290ad96ebe850"
+          recover_deleted_files: true
+          fetch_depth: 60000
+
+      - name: Show output
+        run: |
+          echo "${{ toJSON(steps.changed-files-recover-deleted-files-within-submodule.outputs) }}"
+        shell:
+          bash
+
+      - name: Verify deleted files
+        if: steps.changed-files-recover-deleted-files-within-submodule.outputs.deleted_files != 'test/demo/.github/FUNDING.yml'
+        run: |
+          echo "Expected: (test/demo/.github/FUNDING.yml) got ${{ steps.changed-files-recover-deleted-files-within-submodule.outputs.deleted_files }}"
+          exit 1
+      - name: Verify that test/demo/.github/FUNDING.yml is restored
+        run: |
+          if [ ! -f "test/demo/.github/FUNDING.yml" ]; then
+            echo "Expected: (test/demo/.github/FUNDING.yml) to exist"
+            exit 1
+          else
+            cat "test/demo/.github/FUNDING.yml"
+            rm "test/demo/.github/FUNDING.yml"
+          fi
+
   test-dir-names-deleted-files-include-only-deleted-dirs-single-file:
     name: Test dir names deleted files include only deleted dirs single file
     runs-on: ubuntu-latest
@@ -1944,7 +1987,7 @@ jobs:
           bash
       - name: Get branch name
         id: branch-name
-        uses: tj-actions/branch-names@v7
+        uses: tj-actions/branch-names@v8
         if: github.event_name == 'pull_request' && matrix.fetch-depth == 0
       - uses: nrwl/nx-set-shas@v4
         id: last_successful_commit

.github/workflows/update-readme.yml

@@ -1,5 +1,9 @@
 name: Format README.md
 
+permissions:
+  contents: read
+  pull-requests: write
+
 on:
   push:
     branches:
@@ -23,7 +27,7 @@ jobs:
         uses: tj-actions/remark@v3
 
       - name: Verify Changed files
-        uses: tj-actions/verify-changed-files@v16
+        uses: tj-actions/verify-changed-files@v17
         id: verify_changed_files
         with:
           files: |

.github/workflows/workflow-run-test.yml

@@ -0,0 +1,20 @@
+name: Workflow Run Example
+on:
+  workflow_run:
+    workflows: [Matrix Test]
+    types: [completed]
+
+permissions:
+  contents: read
+
+jobs:
+  on-success:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    steps:
+      - run: echo 'The triggering workflow passed'
+  on-failure:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
+    steps:
+      - run: echo 'The triggering workflow failed'

HISTORY.md

@@ -1,5 +1,323 @@
 # Changelog
 
+# [41.0.1](https://github.com/tj-actions/changed-files/compare/v41.0.0...v41.0.1) - (2023-12-24)
+
+## <!-- 1 -->🐛 Bug Fixes
+
+- Update characters escaped by safe output ([#1815](https://github.com/tj-actions/changed-files/issues/1815)) ([716b1e1](https://github.com/tj-actions/changed-files/commit/716b1e13042866565e00e85fd4ec490e186c4a2f))  - (Tonye Jack)
+
+## <!-- 7 -->⚙️ Miscellaneous Tasks
+
+- **deps:** Update dependency eslint-plugin-prettier to v5.1.2 ([7aaf10d](https://github.com/tj-actions/changed-files/commit/7aaf10d9eef19e8a2432a967b88124171152caaf))  - (renovate[bot])
+
+## <!-- 9 -->⬆️ Upgrades
+
+- Upgraded to v41 ([#1811](https://github.com/tj-actions/changed-files/issues/1811))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([cc08e17](https://github.com/tj-actions/changed-files/commit/cc08e170f4447237bcaf8acaacfa615b9cb86612))  - (tj-actions[bot])
+
+# [41.0.0](https://github.com/tj-actions/changed-files/compare/v40.2.3...v41.0.0) - (2023-12-23)
+
+## <!-- 1 -->🐛 Bug Fixes
+
+- Update safe output regex and the docs ([#1805](https://github.com/tj-actions/changed-files/issues/1805)) ([ff2f6e6](https://github.com/tj-actions/changed-files/commit/ff2f6e6b91913a7be42be1b5917330fe442f2ede))  - (tj-actions[bot])
+
+## <!-- 11 -->⏪ Reverts
+
+- Revert "chore(deps): update actions/download-artifact action to v4" ([#1806](https://github.com/tj-actions/changed-files/issues/1806))
+
+ ([4f573fe](https://github.com/tj-actions/changed-files/commit/4f573fed06c9abb5da4c72f75c1c320718114ff7))  - (Tonye Jack)
+
+## <!-- 26 -->🔄 Update
+
+- Update README.md ([6e79d6e](https://github.com/tj-actions/changed-files/commit/6e79d6e3dbe48946636c2939c80ff5c84ff7f9fe))  - (Tonye Jack)
+- Update README.md ([d13ac19](https://github.com/tj-actions/changed-files/commit/d13ac1942fb3c1d7d32017915bb082cebe8a272a))  - (Tonye Jack)
+- Update README.md ([bb89f97](https://github.com/tj-actions/changed-files/commit/bb89f97963be96b39e1a303e64d5b91a1af4c340))  - (Tonye Jack)
+- Updated README.md ([#1810](https://github.com/tj-actions/changed-files/issues/1810))
+
+Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com> ([1864078](https://github.com/tj-actions/changed-files/commit/1864078d0afadf68ba489e671ecc09fefe8b70ab))  - (tj-actions[bot])
+- Update README.md ([#1808](https://github.com/tj-actions/changed-files/issues/1808))
+
+ ([47371c5](https://github.com/tj-actions/changed-files/commit/47371c50e97c089212d9eb92ca26c8453224e78e))  - (Tonye Jack)
+
+## <!-- 30 -->📝 Other
+
+- Merge pull request from GHSA-mcph-m25j-8j63
+
+* feat: add `safe_output` input enabled by default
+
+* fix: migrate README to safe uses of interpolation
+
+* fix: README `uses` typo
+
+* fix: README examples to account for newlines
+
+* fix: README examples missing `safe_output`
+
+* fix: remove sanitization of `'`
+
+* fix: also sanitize `|&;` ([0102c07](https://github.com/tj-actions/changed-files/commit/0102c07446a3cad972f4afcbd0ee4dbc4b6d2d1b))  - (Jorge)
+
+## <!-- 7 -->⚙️ Miscellaneous Tasks
+
+- **deps:** Lock file maintenance ([f495a03](https://github.com/tj-actions/changed-files/commit/f495a0321d3fffa62da2573adf70b77d5eb2f57a))  - (renovate[bot])
+- **deps:** Update dependency eslint-plugin-prettier to v5.1.1 ([089842a](https://github.com/tj-actions/changed-files/commit/089842a7a899531f61a45ef6ea69c485e1d62dbe))  - (renovate[bot])
+- **deps:** Lock file maintenance ([787db06](https://github.com/tj-actions/changed-files/commit/787db0612e783421667a00319cf394b649682c4c))  - (renovate[bot])
+- **deps:** Update dependency eslint-plugin-prettier to v5.1.0 ([4ef6b56](https://github.com/tj-actions/changed-files/commit/4ef6b56482141a958bd3efb05520e4df9ecf4147))  - (renovate[bot])
+- **deps:** Update typescript-eslint monorepo to v6.15.0 ([c9ae347](https://github.com/tj-actions/changed-files/commit/c9ae347dbba64d95d83f36a0568e0e25a688dd1f))  - (renovate[bot])
+
+## <!-- 9 -->⬆️ Upgrades
+
+- Upgraded to v40.2.3 ([#1800](https://github.com/tj-actions/changed-files/issues/1800))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com>
+Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com> ([f9480db](https://github.com/tj-actions/changed-files/commit/f9480db177263c95588c5d9dae7c78f97d39242a))  - (tj-actions[bot])
+
+# [40.2.3](https://github.com/tj-actions/changed-files/compare/v40.2.2...v40.2.3) - (2023-12-18)
+
+## <!-- 16 -->➕ Add
+
+- Added missing changes and modified dist assets.
+ ([af2816c](https://github.com/tj-actions/changed-files/commit/af2816c65436325c50621100d67f6e853cd1b0f1))  - (GitHub Action)
+
+## <!-- 26 -->🔄 Update
+
+- Update README.md ([35da2a2](https://github.com/tj-actions/changed-files/commit/35da2a2e0191eb945214321cc664869c14bb417d))  - (Tonye Jack)
+- Update README.md ([e7023fa](https://github.com/tj-actions/changed-files/commit/e7023fa1da70371f80732e85962d42429dbb753f))  - (Tonye Jack)
+
+## <!-- 7 -->⚙️ Miscellaneous Tasks
+
+- **deps:** Update actions/setup-node action to v4.0.1 ([56284d8](https://github.com/tj-actions/changed-files/commit/56284d80811fb5963a972b438f2870f175e5b7c8))  - (renovate[bot])
+- **deps:** Lock file maintenance ([35ad678](https://github.com/tj-actions/changed-files/commit/35ad6787f51ccf58acdbbb0fa3a218043189e04a))  - (renovate[bot])
+- **deps:** Update dependency @types/node to v20.10.5 ([ca0db0e](https://github.com/tj-actions/changed-files/commit/ca0db0ea03dfadeb55abbfe75f0f2a409c2b63a2))  - (renovate[bot])
+- **deps:** Update dependency eslint to v8.56.0 ([03fcd0b](https://github.com/tj-actions/changed-files/commit/03fcd0b3bbebef7d94f2dd168773ff4cfe07e4a8))  - (renovate[bot])
+- **deps:** Lock file maintenance ([2329d9f](https://github.com/tj-actions/changed-files/commit/2329d9fb48d2d2dec879a4880f6a786dabc3b600))  - (renovate[bot])
+- **deps:** Update actions/download-artifact action to v4 ([#1793](https://github.com/tj-actions/changed-files/issues/1793)) ([154ca89](https://github.com/tj-actions/changed-files/commit/154ca89d2ee4f46393b1d62a52384c81606c56c1))  - (renovate[bot])
+- **deps:** Update github/codeql-action action to v3 ([#1792](https://github.com/tj-actions/changed-files/issues/1792)) ([449352f](https://github.com/tj-actions/changed-files/commit/449352f10e90ac442b572b634237087e2deb2650))  - (renovate[bot])
+- **deps:** Update typescript-eslint monorepo to v6.14.0 ([7c18263](https://github.com/tj-actions/changed-files/commit/7c1826332f68b8fda7e96b7897dda706c8c7ade8))  - (renovate[bot])
+- **deps:** Lock file maintenance ([88be287](https://github.com/tj-actions/changed-files/commit/88be287f562aea237fd7361d4c2af5c75bc4d9aa))  - (renovate[bot])
+- **deps:** Update dependency prettier to v3.1.1 ([5513a5e](https://github.com/tj-actions/changed-files/commit/5513a5e205776f7ce167db86c93107b21826247e))  - (renovate[bot])
+
+## <!-- 9 -->⬆️ Upgrades
+
+- Upgraded to v40.2.2 ([#1787](https://github.com/tj-actions/changed-files/issues/1787))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([46550b6](https://github.com/tj-actions/changed-files/commit/46550b6fd9d874e06d58f846c7f42cc7b84e4aba))  - (tj-actions[bot])
+
+# [40.2.2](https://github.com/tj-actions/changed-files/compare/v40.2.1...v40.2.2) - (2023-12-10)
+
+## <!-- 1 -->🐛 Bug Fixes
+
+- Bug recovering deleted files for submodules ([#1784](https://github.com/tj-actions/changed-files/issues/1784)) ([9454999](https://github.com/tj-actions/changed-files/commit/94549999469dbfa032becf298d95c87a14c34394))  - (Tonye Jack)
+
+## <!-- 17 -->➖ Remove
+
+- Deleted .github/workflows/auto-approve.yml ([a661767](https://github.com/tj-actions/changed-files/commit/a66176714d5d018bc975bf0246c427135def756c))  - (Tonye Jack)
+
+## <!-- 26 -->🔄 Update
+
+- Updated README.md ([#1786](https://github.com/tj-actions/changed-files/issues/1786))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([7611ff3](https://github.com/tj-actions/changed-files/commit/7611ff348df4d0d46887198cda7203e6fc5ffa80))  - (tj-actions[bot])
+- Update README.md ([c116f52](https://github.com/tj-actions/changed-files/commit/c116f52a1566bda08e9782a74c333a21270cf952))  - (Tonye Jack)
+- Updated README.md ([#1779](https://github.com/tj-actions/changed-files/issues/1779))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([0b0b642](https://github.com/tj-actions/changed-files/commit/0b0b6429e1c5a0bc3f85230a0e1f6df2cba44600))  - (tj-actions[bot])
+- Update README.md ([f732c37](https://github.com/tj-actions/changed-files/commit/f732c371a41ace2af86e5cb2e4f7b0254e4a63e5))  - (Tonye Jack)
+- Updated README.md ([#1778](https://github.com/tj-actions/changed-files/issues/1778))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([04c0045](https://github.com/tj-actions/changed-files/commit/04c00459a27a4e6651f4b0fa3d3a4bc500480109))  - (tj-actions[bot])
+- Update README.md ([5cee511](https://github.com/tj-actions/changed-files/commit/5cee511ba525ad1e92208283322b32120a033b48))  - (Tonye Jack)
+- Update README.md ([399525a](https://github.com/tj-actions/changed-files/commit/399525a994a54fef4ac0ef55192e3d2e30dc0587))  - (Tonye Jack)
+- Update README.md ([c075bd2](https://github.com/tj-actions/changed-files/commit/c075bd27195652f012b60452cd3026891de29306))  - (Tonye Jack)
+- Update README.md ([2918913](https://github.com/tj-actions/changed-files/commit/29189133419ced6b335e576b1e1f7a9e8061fdd8))  - (Tonye Jack)
+
+## <!-- 3 -->📚 Documentation
+
+- Add rodrigorfk as a contributor for code, test, and bug ([#1785](https://github.com/tj-actions/changed-files/issues/1785)) ([187cf1e](https://github.com/tj-actions/changed-files/commit/187cf1e88cc94e5b5243c6eefcc550510b7894a8))  - (allcontributors[bot])
+
+## <!-- 7 -->⚙️ Miscellaneous Tasks
+
+- **deps:** Bump tj-actions/branch-names from 7 to 8 ([#1782](https://github.com/tj-actions/changed-files/issues/1782)) ([e1e532c](https://github.com/tj-actions/changed-files/commit/e1e532cff0353cb6a98b0bce6ff00b7e7d2cc320))  - (dependabot[bot])
+- **deps:** Update dependency @types/node to v20.10.4 ([dfecec4](https://github.com/tj-actions/changed-files/commit/dfecec4fb70c945750762cdad7026ee55d8a205f))  - (renovate[bot])
+- **deps:** Update dependency typescript to v5.3.3 ([208b83f](https://github.com/tj-actions/changed-files/commit/208b83f29576c33f31be8846aadbf644242f2b2f))  - (renovate[bot])
+- **deps-dev:** Bump @types/jest from 29.5.10 to 29.5.11 ([#1775](https://github.com/tj-actions/changed-files/issues/1775)) ([ccb109a](https://github.com/tj-actions/changed-files/commit/ccb109a58449e62280c2ecefb65010f90fbd0e4f))  - (dependabot[bot])
+- Update package.json ([#1774](https://github.com/tj-actions/changed-files/issues/1774)) ([95642a1](https://github.com/tj-actions/changed-files/commit/95642a1ebb79474d514126dd282092c68a08b01b))  - (Tonye Jack)
+- Create SECURITY.md ([#1773](https://github.com/tj-actions/changed-files/issues/1773)) ([726e06f](https://github.com/tj-actions/changed-files/commit/726e06f8efc4737fd4c48080f40a21b4305cafab))  - (Tonye Jack)
+- **deps:** Update typescript-eslint monorepo to v6.13.2 ([d96fe5d](https://github.com/tj-actions/changed-files/commit/d96fe5d9975371a6b58e65d0a309ad49d70e378e))  - (renovate[bot])
+
+## <!-- 9 -->⬆️ Upgrades
+
+- Upgraded to v40.2.1 ([#1771](https://github.com/tj-actions/changed-files/issues/1771))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([4ae611e](https://github.com/tj-actions/changed-files/commit/4ae611e5c56a1c7f3c356adf173f9f11fcca0376))  - (tj-actions[bot])
+
+# [40.2.1](https://github.com/tj-actions/changed-files/compare/v40.2.0...v40.2.1) - (2023-12-04)
+
+## <!-- 16 -->➕ Add
+
+- Added missing changes and modified dist assets.
+ ([1c93849](https://github.com/tj-actions/changed-files/commit/1c938490c880156b746568a518594309cfb3f66b))  - (GitHub Action)
+- Added missing changes and modified dist assets.
+ ([ee5ef75](https://github.com/tj-actions/changed-files/commit/ee5ef758aa548d365981b0889bab497dd108a785))  - (GitHub Action)
+
+## <!-- 17 -->➖ Remove
+
+- Deleted .github/workflows/greetings.yml ([f91c9fe](https://github.com/tj-actions/changed-files/commit/f91c9fe8b1f4719a8e3901b4878b31105efcb66e))  - (Tonye Jack)
+
+## <!-- 26 -->🔄 Update
+
+- Updated README.md ([#1769](https://github.com/tj-actions/changed-files/issues/1769))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([66b77cb](https://github.com/tj-actions/changed-files/commit/66b77cbd0c866511f45c4f624e61034699bc70c2))  - (tj-actions[bot])
+- Update README.md ([10bfa98](https://github.com/tj-actions/changed-files/commit/10bfa980b7876a94d460f54bd1b46d5c54b025d3))  - (Tonye Jack)
+- Updated README.md ([#1767](https://github.com/tj-actions/changed-files/issues/1767))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com>
+Co-authored-by: Tonye Jack <jtonye@ymail.com> ([9e46b4f](https://github.com/tj-actions/changed-files/commit/9e46b4f7f7dce12301b893ec0484694ae579108d))  - (tj-actions[bot])
+- Update README.md ([3bf6172](https://github.com/tj-actions/changed-files/commit/3bf61725348c8cd85dcf9ce468c35a8e15a5c77e))  - (Tonye Jack)
+- Updated README.md ([#1755](https://github.com/tj-actions/changed-files/issues/1755))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([48427af](https://github.com/tj-actions/changed-files/commit/48427afe26457522a3f0f4a5afae46a8bb6261b1))  - (tj-actions[bot])
+- Update README.md ([742ed36](https://github.com/tj-actions/changed-files/commit/742ed362b6c6415493f2dd3a2e86ccbb60e1035a))  - (Tonye Jack)
+- Updated README.md ([#1750](https://github.com/tj-actions/changed-files/issues/1750))
+
+Co-authored-by: repo-ranger[bot] <repo-ranger[bot]@users.noreply.github.com> ([86cabf5](https://github.com/tj-actions/changed-files/commit/86cabf5ea23ece4cc5468211fbab9fb76f2b1d91))  - (tj-actions[bot])
+
+## <!-- 30 -->📝 Other
+
+- Update test.yml removing pull_request_review event ([#1763](https://github.com/tj-actions/changed-files/issues/1763)) ([af6bdde](https://github.com/tj-actions/changed-files/commit/af6bdde59acc56af0e0a6c6a8acff0d3562162ba))  - (Tonye Jack)
+- Remove usage of pull_request_target event from test.yml ([#1758](https://github.com/tj-actions/changed-files/issues/1758)) ([3ca6b80](https://github.com/tj-actions/changed-files/commit/3ca6b800138b4c660c4b99b76bb064cdf3f31e59))  - (Tonye Jack)
+
+## <!-- 6 -->🧪 Testing
+
+- Verify bug writing outputs when files_yaml is used ([#1762](https://github.com/tj-actions/changed-files/issues/1762)) ([fc1fb2b](https://github.com/tj-actions/changed-files/commit/fc1fb2b582f5e701390f9f6200dddd7425a3cc70))  - (Tonye Jack)
+
+## <!-- 7 -->⚙️ Miscellaneous Tasks
+
+- **deps:** Lock file maintenance ([ba558db](https://github.com/tj-actions/changed-files/commit/ba558db9775398895ee078c784a5ddef602bb754))  - (renovate[bot])
+- **deps:** Update dependency @types/node to v20.10.3 ([bf19fa2](https://github.com/tj-actions/changed-files/commit/bf19fa23a6b30fb87fe85abdb237154c4573c08c))  - (renovate[bot])
+- **deps:** Update dependency eslint-config-prettier to v9.1.0 ([45581f0](https://github.com/tj-actions/changed-files/commit/45581f0044c213a3f45e5036d921892484eb7a0d))  - (renovate[bot])
+- **deps:** Update dependency eslint to v8.55.0 ([9ebb48b](https://github.com/tj-actions/changed-files/commit/9ebb48b57af1c93015957959d7d9ffe546df3ccd))  - (renovate[bot])
+- **deps:** Update dependency @types/node to v20.10.2 ([4e2dca3](https://github.com/tj-actions/changed-files/commit/4e2dca3ba527858faa57966af9baff3c9bbbb5d6))  - (renovate[bot])
+- **deps:** Update dependency @types/node to v20.10.1 ([883b4cc](https://github.com/tj-actions/changed-files/commit/883b4ccbdb2f56448769f275a0d599bb9eb942c6))  - (renovate[bot])
+- **deps:** Lock file maintenance ([42fe158](https://github.com/tj-actions/changed-files/commit/42fe158594392b80e30260bbb489eae0ed872e23))  - (renovate[bot])
+- Remove unused job ([#1754](https://github.com/tj-actions/changed-files/issues/1754)) ([5c74583](https://github.com/tj-actions/changed-files/commit/5c74583cb3f4bb017cad62c02cf599b60d088a3d))  - (Tonye Jack)
+- **deps:** Update typescript-eslint monorepo to v6.13.1 ([44d340e](https://github.com/tj-actions/changed-files/commit/44d340e48cef9bee9d0bd468f0f9a8ccf3219200))  - (renovate[bot])
+- **deps:** Update typescript-eslint monorepo to v6.13.0 ([2561448](https://github.com/tj-actions/changed-files/commit/2561448da0579d80e1916a83b9c0d3622add8fc5))  - (renovate[bot])
+- Update README.md ([#1749](https://github.com/tj-actions/changed-files/issues/1749)) ([b5fc67a](https://github.com/tj-actions/changed-files/commit/b5fc67a4f5e5dafd4d564eefde1958a4ae7974ac))  - (Tonye Jack)
+
+## <!-- 9 -->⬆️ Upgrades
+
+- Upgraded to v40.2.0 ([#1746](https://github.com/tj-actions/changed-files/issues/1746))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([0b22a52](https://github.com/tj-actions/changed-files/commit/0b22a52bff23bee090e1e07f70f9e7fab8384387))  - (tj-actions[bot])
+
+# [40.2.0](https://github.com/tj-actions/changed-files/compare/v40.1.1...v40.2.0) - (2023-11-27)
+
+## <!-- 0 -->🚀 Features
+
+- Add support for passing branch name to the base_sha and sha inputs ([#1742](https://github.com/tj-actions/changed-files/issues/1742)) ([2139fa1](https://github.com/tj-actions/changed-files/commit/2139fa1b6f71f22bf7d9f21e4aebc3aba987e05e))  - (Tonye Jack)
+
+## <!-- 1 -->🐛 Bug Fixes
+
+- Prevent similar commit hashes error when using the branch name ([#1745](https://github.com/tj-actions/changed-files/issues/1745)) ([da093c1](https://github.com/tj-actions/changed-files/commit/da093c1609db0edd0a037ce9664e135f74bf30d9))  - (Tonye Jack)
+- Prevent similar commit hashes error when using the branch name ([#1744](https://github.com/tj-actions/changed-files/issues/1744)) ([c634be9](https://github.com/tj-actions/changed-files/commit/c634be959b924afb7d2f4809d6e309859e191975))  - (Tonye Jack)
+
+## <!-- 13 -->📦 Bumps
+
+- Bump @types/node from 20.9.3 to 20.9.4 ([#1732](https://github.com/tj-actions/changed-files/issues/1732))
+
+Signed-off-by: dependabot[bot] <support@github.com>
+Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([066e72a](https://github.com/tj-actions/changed-files/commit/066e72a5fb4e82931d493f931f84b5df8cab22d0))  - (dependabot[bot])
+- Bump @types/jest from 29.5.8 to 29.5.9 ([#1726](https://github.com/tj-actions/changed-files/issues/1726))
+
+Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
+Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
+ ([c23e564](https://github.com/tj-actions/changed-files/commit/c23e564e671f2f3230a34a588eb3b55f7d60faed))  - (dependabot[bot])
+- Bump @types/micromatch from 4.0.5 to 4.0.6 ([#1727](https://github.com/tj-actions/changed-files/issues/1727))
+
+Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
+Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
+ ([c008025](https://github.com/tj-actions/changed-files/commit/c0080255e3e88e03415d2753b4d4c1f341183f79))  - (dependabot[bot])
+- Bump @types/lodash from 4.14.201 to 4.14.202 ([#1728](https://github.com/tj-actions/changed-files/issues/1728))
+
+Signed-off-by: dependabot[bot] <support@github.com>
+Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
+Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com> ([3a3d3a2](https://github.com/tj-actions/changed-files/commit/3a3d3a2b86e4d416e80a80f115c07915be7d3460))  - (dependabot[bot])
+- Bump @types/node from 20.9.2 to 20.9.3 ([#1725](https://github.com/tj-actions/changed-files/issues/1725))
+
+Signed-off-by: dependabot[bot] <support@github.com>
+Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> ([4da6e32](https://github.com/tj-actions/changed-files/commit/4da6e32cfea3c23f1a8d70337b3cb1307fe74702))  - (dependabot[bot])
+
+## <!-- 16 -->➕ Add
+
+- Added missing changes and modified dist assets.
+ ([607d5dd](https://github.com/tj-actions/changed-files/commit/607d5ddbbfd4921680b18a439387657412549259))  - (GitHub Action)
+- Added missing changes and modified dist assets.
+ ([7f1c4cb](https://github.com/tj-actions/changed-files/commit/7f1c4cb6db07d6473fae667073c46ef6e2abc5e7))  - (GitHub Action)
+- Added missing changes and modified dist assets.
+ ([1cf54bb](https://github.com/tj-actions/changed-files/commit/1cf54bb5d30a33a40efca5e00884096dd1f49cf9))  - (GitHub Action)
+- Added missing changes and modified dist assets.
+ ([d8d3669](https://github.com/tj-actions/changed-files/commit/d8d3669cb396f0081313a19b34a25ad989ba5abb))  - (GitHub Action)
+
+## <!-- 26 -->🔄 Update
+
+- Update README.md ([6784c9e](https://github.com/tj-actions/changed-files/commit/6784c9e1eeb301520aa26a6f786c3a8a1e742786))  - (Tonye Jack)
+- Update greetings.yml ([90f2c0c](https://github.com/tj-actions/changed-files/commit/90f2c0c1b1177f4c5813bf893c3c5e2ce4baca93))  - (Tonye Jack)
+- Updated README.md ([#1722](https://github.com/tj-actions/changed-files/issues/1722))
+
+Co-authored-by: repo-ranger[bot] <repo-ranger[bot]@users.noreply.github.com> ([f7779a6](https://github.com/tj-actions/changed-files/commit/f7779a6302b8b7cf930b2b7e34213c4b68e3ed2d))  - (tj-actions[bot])
+- Updated README.md ([#1721](https://github.com/tj-actions/changed-files/issues/1721))
+
+Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com> ([6d07b6e](https://github.com/tj-actions/changed-files/commit/6d07b6ee5902a442f4fee4603a23ba9f735b1ca0))  - (tj-actions[bot])
+- Updated README.md ([#1714](https://github.com/tj-actions/changed-files/issues/1714))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([97825a1](https://github.com/tj-actions/changed-files/commit/97825a1994aabf99e2c01837273ba1716a2fac73))  - (tj-actions[bot])
+- Updated README.md ([#1713](https://github.com/tj-actions/changed-files/issues/1713))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([2a9f067](https://github.com/tj-actions/changed-files/commit/2a9f067522563ebf5445c15c1480753821f99354))  - (tj-actions[bot])
+- Updated README.md ([#1712](https://github.com/tj-actions/changed-files/issues/1712))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([b082611](https://github.com/tj-actions/changed-files/commit/b082611680535c989a8f91fb644fb1984d01415d))  - (tj-actions[bot])
+- Updated README.md ([#1711](https://github.com/tj-actions/changed-files/issues/1711))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([90a4f2a](https://github.com/tj-actions/changed-files/commit/90a4f2a3269003cd5351020e24ad59586c97e2af))  - (tj-actions[bot])
+- Updated README.md ([#1710](https://github.com/tj-actions/changed-files/issues/1710))
+
+Co-authored-by: repo-ranger[bot] <repo-ranger[bot]@users.noreply.github.com> ([b20ce84](https://github.com/tj-actions/changed-files/commit/b20ce84763512903636c6bc5e95092a7f35bac61))  - (tj-actions[bot])
+
+## <!-- 7 -->⚙️ Miscellaneous Tasks
+
+- **deps:** Lock file maintenance ([d588360](https://github.com/tj-actions/changed-files/commit/d588360bfe7e5ce0b2ad1ca0f56443a105eb1cc3))  - (renovate[bot])
+- **deps:** Update dependency @types/node to v20.10.0 ([0d6e9b7](https://github.com/tj-actions/changed-files/commit/0d6e9b71966503cd14182330532c722316e450bc))  - (renovate[bot])
+- **deps:** Update dependency @types/node to v20.9.5 ([8f90cc1](https://github.com/tj-actions/changed-files/commit/8f90cc165ad22c68ab50623b2e5d8397eeb90ec7))  - (renovate[bot])
+- **deps:** Update dependency @types/jest to v29.5.10 ([75758bc](https://github.com/tj-actions/changed-files/commit/75758bc65f2f009213bf6f74451bff1200005d00))  - (renovate[bot])
+- **deps:** Update dependency @types/lodash to v4.14.202 ([79ef9d3](https://github.com/tj-actions/changed-files/commit/79ef9d3feebded8f767c62aa3ee76368dc028195))  - (renovate[bot])
+- **deps:** Update dependency @types/micromatch to v4.0.6 ([da4597e](https://github.com/tj-actions/changed-files/commit/da4597ee22010cde29dcbf422eb2a9480136c3ae))  - (renovate[bot])
+- **deps:** Update dependency @types/jest to v29.5.9 ([9f4ec1c](https://github.com/tj-actions/changed-files/commit/9f4ec1c14f0dc5c2f3053c27efba3a63781efb0b))  - (renovate[bot])
+- **deps:** Update dependency typescript to v5.3.2 ([939fbca](https://github.com/tj-actions/changed-files/commit/939fbca781a0004fbe7aa648fb6656046a8df71b))  - (renovate[bot])
+- **deps:** Update typescript-eslint monorepo to v6.12.0 ([9ba175a](https://github.com/tj-actions/changed-files/commit/9ba175ae245f8a261d7f4acf3ccfaf0a60d32302))  - (renovate[bot])
+- Simplify matrix example workflow ([#1719](https://github.com/tj-actions/changed-files/issues/1719)) ([05bdc91](https://github.com/tj-actions/changed-files/commit/05bdc91228c589841621aee130aa6033579687de))  - (Tonye Jack)
+- **deps:** Lock file maintenance ([21b4a4b](https://github.com/tj-actions/changed-files/commit/21b4a4bc7b1834f22f8fe7f17a425e984017ea5f))  - (renovate[bot])
+- **deps:** Update dependency @types/node to v20.9.2 ([658f397](https://github.com/tj-actions/changed-files/commit/658f39729762255a3e3166fd20c16573fb1738ee))  - (renovate[bot])
+- **deps:** Update dependency eslint to v8.54.0 ([38a0c32](https://github.com/tj-actions/changed-files/commit/38a0c329bb00b10f18e61d5f23349fbd1576c08e))  - (renovate[bot])
+- **deps:** Update dependency @types/node to v20.9.1 ([b0be21b](https://github.com/tj-actions/changed-files/commit/b0be21b8dfdb45d0b2b92528ce89d727f4bdb89d))  - (renovate[bot])
+- Update action.yml ([13189f9](https://github.com/tj-actions/changed-files/commit/13189f9e5209c0bd05c1c253e226dbf548695424))  - (Tonye Jack)
+- Update action inputs description ([ad01f6f](https://github.com/tj-actions/changed-files/commit/ad01f6fdbaf0f959888aeeb6684856397af589d1))  - (Tonye Jack)
+- Update input description ([a36c479](https://github.com/tj-actions/changed-files/commit/a36c479373da160c2cee10435cf68a4e93e6e68d))  - (Tonye Jack)
+- Update input description ([41ff1f2](https://github.com/tj-actions/changed-files/commit/41ff1f224927a20a43124b4d729c696c18771677))  - (Tonye Jack)
+- Update update-readme.yml ([#1709](https://github.com/tj-actions/changed-files/issues/1709)) ([875213d](https://github.com/tj-actions/changed-files/commit/875213d4a94e0703cea7109c43ef111b94f1062d))  - (Tonye Jack)
+- **deps:** Update typescript-eslint monorepo to v6.11.0 ([71b5765](https://github.com/tj-actions/changed-files/commit/71b57652f02612b6f858d71ddf7115487ad51882))  - (renovate[bot])
+- **deps:** Update dependency prettier to v3.1.0 ([834b862](https://github.com/tj-actions/changed-files/commit/834b86247ec0d15224902d58f5531c78be2e3fc5))  - (renovate[bot])
+- **deps:** Lock file maintenance ([940b170](https://github.com/tj-actions/changed-files/commit/940b170a31d813bc7b88d3816a643b25b66c1342))  - (renovate[bot])
+
+## <!-- 9 -->⬆️ Upgrades
+
+- Upgraded to v40.1.1 ([#1704](https://github.com/tj-actions/changed-files/issues/1704))
+
+Co-authored-by: jackton1 <jackton1@users.noreply.github.com> ([55b93d0](https://github.com/tj-actions/changed-files/commit/55b93d07342c1bd89af9693bfb44faff42ebcd9e))  - (tj-actions[bot])
+
 # [40.1.1](https://github.com/tj-actions/changed-files/compare/v40.1.0...v40.1.1) - (2023-11-08)
 
 ## <!-- 16 -->➕ Add

README.md

@@ -3,13 +3,13 @@
 [![Windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge\&logo=windows\&logoColor=white)](https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idruns-on)
 [![Public workflows that use this action.](https://img.shields.io/endpoint?style=for-the-badge\&url=https%3A%2F%2Fused-by.vercel.app%2Fapi%2Fgithub-actions%2Fused-by%3Faction%3Dtj-actions%2Fchanged-files%26badge%3Dtrue)](https://github.com/search?o=desc\&q=tj-actions+changed-files+language%3AYAML\&s=\&type=Code)
 
-[![Codacy Badge](https://app.codacy.com/project/badge/Grade/4a625e9b62794b5b98e169c15c0e673c)](https://www.codacy.com/gh/tj-actions/changed-files/dashboard?utm_source=github.com\&utm_medium=referral\&utm_content=tj-actions/changed-files\&utm_campaign=Badge_Grade)
+[![Codacy Badge](https://app.codacy.com/project/badge/Grade/4fe2f49c3ab144b0bbe4effc85a061a0)](https://app.codacy.com/gh/tj-actions/changed-files/dashboard?utm_source=gh\&utm_medium=referral\&utm_content=\&utm_campaign=Badge_grade)
 [![CI](https://github.com/tj-actions/changed-files/actions/workflows/test.yml/badge.svg)](https://github.com/tj-actions/changed-files/actions/workflows/test.yml)
 [![Update release version.](https://github.com/tj-actions/changed-files/actions/workflows/sync-release-version.yml/badge.svg)](https://github.com/tj-actions/changed-files/actions/workflows/sync-release-version.yml)
 
 <!-- ALL-CONTRIBUTORS-BADGE:START - Do not remove or modify this section -->
 
-[![All Contributors](https://img.shields.io/badge/all_contributors-21-orange.svg?style=flat-square)](#contributors-)
+[![All Contributors](https://img.shields.io/badge/all_contributors-22-orange.svg?style=flat-square)](#contributors-)
 
 <!-- ALL-CONTRIBUTORS-BADGE:END -->
 
@@ -17,9 +17,9 @@
 
 Effortlessly track all changed files and directories relative to a target branch, preceding commit or the last remote commit returning **relative paths** from the project root using this GitHub action.
 
-> **Note** :exclamation:
+> \[!NOTE]
 >
-> *   This action solely identifies files that have undergone changes within the context of events such as `pull_request*`, `push`, and more. However, it doesn't detect pending uncommitted changes created during the workflow execution.
+> *   This action solely identifies files that have changed within the context of events such as `pull_request*`, `push`, and more. However, it doesn't detect pending uncommitted changes created during the workflow execution.
 >
 >     See: https://github.com/tj-actions/verify-changed-files instead
 
@@ -32,9 +32,9 @@ Effortlessly track all changed files and directories relative to a target branch
         *   [Using Github's API :octocat:](#using-githubs-api-octocat)
     *   [On `push` ⬆️](#on-push-️)
     *   [Other supported events :electron:](#other-supported-events-electron)
+*   [Inputs ⚙️](#inputs-️)
 *   [Useful Acronyms 🧮](#useful-acronyms-)
 *   [Outputs 📤](#outputs-)
-*   [Inputs ⚙️](#inputs-️)
 *   [Versioning 🏷️](#versioning-️)
 *   [Examples 📄](#examples-)
 *   [Real-world usage 🌐](#real-world-usage-)
@@ -51,7 +51,7 @@ Effortlessly track all changed files and directories relative to a target branch
 *   Fast execution, averaging 0-10 seconds.
 *   Leverages either [Github's REST API](https://docs.github.com/en/rest/reference/repos#list-commits) or [Git's native diff](https://git-scm.com/docs/git-diff) to determine changed files.
 *   Facilitates easy debugging.
-*   Scales to handle large repositories.
+*   Scales to handle large/mono repositories.
 *   Supports Git submodules.
 *   Supports [merge queues](https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/configuring-pull-request-merges/managing-a-merge-queue) for pull requests.
 *   Generates escaped [JSON output for running matrix jobs](https://github.com/tj-actions/changed-files/blob/main/.github/workflows/matrix-test.yml) based on changed files.
@@ -60,7 +60,7 @@ Effortlessly track all changed files and directories relative to a target branch
     *   Optionally excludes the current directory.
 *   Writes outputs to a designated `.txt` or `.json` file for further processing.
 *   Restores deleted files to their previous location or a newly specified location.
-*   Supports Monorepos by fetching a fixed number of commits.
+*   Supports fetching a fixed number of commits which improves performance.
 *   Compatible with all platforms (Linux, MacOS, Windows).
 *   Supports [GitHub-hosted runners](https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners).
 *   Supports [GitHub Enterprise Server](https://docs.github.com/en/enterprise-server@3.3/admin/github-actions/getting-started-with-github-actions-for-your-enterprise/getting-started-with-github-actions-for-github-enterprise-server).
@@ -83,7 +83,7 @@ And many more...
 
 ## Usage 💻
 
-> **Important** :bangbang:
+> \[!IMPORTANT]
 >
 > *   **Push Events**: When configuring [`actions/checkout`](https://github.com/actions/checkout#usage), make sure to set [`fetch-depth`](https://github.com/actions/checkout#usage) to either `0` or `2`, depending on your use case.
 > *   **Mono Repositories**: To avoid pulling the entire branch history, you can utilize the default [`actions/checkout`](https://github.com/actions/checkout#usage)'s [`fetch-depth`](https://github.com/actions/checkout#usage) of `1` for [`pull_request`](https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request) events.
@@ -122,43 +122,46 @@ jobs:
       # Example 1
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v40
-        
+        uses: tj-actions/changed-files@v41
         # To compare changes between the current commit and the last pushed remote commit set `since_last_remote_commit: true`. e.g
         # with:
         #   since_last_remote_commit: true 
 
       - name: List all changed files
+        env:
+          ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
         run: |
-          for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
+          for file in "$ALL_CHANGED_FILES"; do
             echo "$file was changed"
           done
 
       # Example 2
       - name: Get all changed markdown files
         id: changed-markdown-files
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@v41
         with:
+          # Avoid using single or double quotes for multiline patterns
           files: |
              **.md
-        # Avoid using single or double quotes for multiline patterns
 
       - name: List all changed files markdown files
+        if: steps.changed-markdown-files.outputs.any_changed == 'true'
+        env:
+          ALL_CHANGED_FILES: ${{ steps.changed-markdown-files.outputs.all_changed_files }}
         run: |
-          for file in ${{ steps.changed-markdown-files.outputs.all_changed_files }}; do
+          for file in "$ALL_CHANGED_FILES"; do
             echo "$file was changed"
           done
 
       # Example 3
       - name: Get all test, doc and src files that have changed
         id: changed-files-yaml
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@v41
         with:
           files_yaml: |
             doc:
               - '**.md'
               - docs/**
-              - README.md
             test:
               - test/**
               - '!test/**.md'
@@ -169,29 +172,35 @@ jobs:
       - name: Run step if test file(s) change
         # NOTE: Ensure all outputs are prefixed by the same key used above e.g. `test_(...)` | `doc_(...)` | `src_(...)` when trying to access the `any_changed` output.
         if: steps.changed-files-yaml.outputs.test_any_changed == 'true'  
+        env:
+          TEST_ALL_CHANGED_FILES: ${{ steps.changed-files-yaml.outputs.test_all_changed_files }}
         run: |
           echo "One or more test file(s) has changed."
-          echo "List all the files that have changed: ${{ steps.changed-files-yaml.outputs.test_all_changed_files }}"
+          echo "List all the files that have changed: $TEST_ALL_CHANGED_FILES"
       
       - name: Run step if doc file(s) change
         if: steps.changed-files-yaml.outputs.doc_any_changed == 'true'
+        env:
+          DOC_ALL_CHANGED_FILES: ${{ steps.changed-files-yaml.outputs.doc_all_changed_files }}
         run: |
           echo "One or more doc file(s) has changed."
-          echo "List all the files that have changed: ${{ steps.changed-files-yaml.outputs.doc_all_changed_files }}"
+          echo "List all the files that have changed: $DOC_ALL_CHANGED_FILES"
 
       # Example 3
       - name: Get changed files in the docs folder
         id: changed-files-specific
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@v41
         with:
           files: docs/*.{js,html}  # Alternatively using: `docs/**`
           files_ignore: docs/static.js
 
       - name: Run step if any file(s) in the docs folder change
         if: steps.changed-files-specific.outputs.any_changed == 'true'
+        env:
+          ALL_CHANGED_FILES: ${{ steps.changed-files-specific.outputs.all_changed_files }}
         run: |
           echo "One or more files in the docs folder has changed."
-          echo "List all the files that have changed: ${{ steps.changed-files-specific.outputs.all_changed_files }}"
+          echo "List all the files that have changed: $ALL_CHANGED_FILES"
 ```
 
 #### Using Github's API :octocat:
@@ -222,11 +231,13 @@ jobs:
     steps:
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@v41
 
       - name: List all changed files
+        env:
+          ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
         run: |
-          for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
+          for file in "$ALL_CHANGED_FILES"; do
             echo "$file was changed"
           done
 ```
@@ -263,13 +274,14 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v40
-
+        uses: tj-actions/changed-files@v41
       # NOTE: `since_last_remote_commit: true` is implied by default and falls back to the previous local commit.
 
       - name: List all changed files
+        env:
+          ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
         run: |
-          for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
+          for file in "$ALL_CHANGED_FILES"; do
             echo "$file was changed"
           done
       ...
@@ -296,77 +308,18 @@ Support this project with a :star:
 
 [buymeacoffee-shield]: https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png
 
-## Useful Acronyms 🧮
-
-|  Acronym  |   Meaning    |
-|:---------:|:------------:|
-|     A     |    Added     |
-|     C     |    Copied    |
-|     M     |   Modified   |
-|     D     |   Deleted    |
-|     R     |   Renamed    |
-|     T     | Type changed |
-|     U     |   Unmerged   |
-|     X     |   Unknown    |
-
-> **Warning** 🚨
+> \[!IMPORTANT]
 >
-> *   When using `files_yaml*` inputs ensure all outputs are prefixed by the key `test_{...}` e.g. `test_added_files`, `test_any_changed`
-> *   All keys must start with a letter or \_ and contain only alphanumeric characters, -, or \_.
-
-## Outputs 📤
-
-<!-- AUTO-DOC-OUTPUT:START - Do not remove or modify this section -->
-
-|                                                                     OUTPUT                                                                     |  TYPE  |                                                                                                                                                       DESCRIPTION                                                                                                                                                       |
-|------------------------------------------------------------------------------------------------------------------------------------------------|--------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|                                      <a name="output_added_files"></a>[added\_files](#output_added_files)                                       | string |                                                                                                                                       Returns only files that are <br>Added (A).                                                                                                                                        |
-|                             <a name="output_added_files_count"></a>[added\_files\_count](#output_added_files_count)                              | string |                                                                                                                                           Returns the number of `added_files`                                                                                                                                           |
-|          <a name="output_all_changed_and_modified_files"></a>[all\_changed\_and\_modified\_files](#output_all_changed_and_modified_files)          | string |                                                                                                                     Returns all changed and modified <br>files i.e. *a combination of (ACMRDTUX)*                                                                                                                       |
-| <a name="output_all_changed_and_modified_files_count"></a>[all\_changed\_and\_modified\_files\_count](#output_all_changed_and_modified_files_count) | string |                                                                                                                                 Returns the number of `all_changed_and_modified_files`                                                                                                                                  |
-|                             <a name="output_all_changed_files"></a>[all\_changed\_files](#output_all_changed_files)                              | string |                                                                                                       Returns all changed files i.e. <br>*a combination of all added, copied, modified and renamed files (ACMR)*                                                                                                        |
-|                    <a name="output_all_changed_files_count"></a>[all\_changed\_files\_count](#output_all_changed_files_count)                     | string |                                                                                                                                        Returns the number of `all_changed_files`                                                                                                                                        |
-|                            <a name="output_all_modified_files"></a>[all\_modified\_files](#output_all_modified_files)                            | string |                                                                                                 Returns all changed files i.e. <br>*a combination of all added, copied, modified, renamed and deleted files (ACMRD)*.                                                                                                   |
-|                   <a name="output_all_modified_files_count"></a>[all\_modified\_files\_count](#output_all_modified_files_count)                   | string |                                                                                                                                       Returns the number of `all_modified_files`                                                                                                                                        |
-|                 <a name="output_all_old_new_renamed_files"></a>[all\_old\_new\_renamed\_files](#output_all_old_new_renamed_files)                  | string | Returns only files that are <br>Renamed and lists their old <br>and new names. **NOTE:** This <br>requires setting `include_all_old_new_renamed_files` to `true`. <br>Also, keep in mind that <br>this output is global and <br>wouldn't be nested in outputs <br>generated when the `*_yaml_*` input <br>is used. (R)  |
-|        <a name="output_all_old_new_renamed_files_count"></a>[all\_old\_new\_renamed\_files\_count](#output_all_old_new_renamed_files_count)         | string |                                                                                                                                    Returns the number of `all_old_new_renamed_files`                                                                                                                                    |
-|                                      <a name="output_any_changed"></a>[any\_changed](#output_any_changed)                                       | string |                                                     Returns `true` when any of <br>the filenames provided using the <br>`files*` or `files_ignore*` inputs has changed. i.e. <br>*includes a combination of all added, copied, modified and renamed files (ACMR)*.                                                      |
-|                                      <a name="output_any_deleted"></a>[any\_deleted](#output_any_deleted)                                       | string |                                                                                            Returns `true` when any of <br>the filenames provided using the <br>`files*` or `files_ignore*` inputs has been deleted. <br>(D)                                                                                             |
-|                                     <a name="output_any_modified"></a>[any\_modified](#output_any_modified)                                     | string |                                            Returns `true` when any of <br>the filenames provided using the <br>`files*` or `files_ignore*` inputs has been modified. <br>i.e. *includes a combination of all added, copied, modified, renamed, and deleted files (ACMRD)*.                                              |
-|                                     <a name="output_changed_keys"></a>[changed\_keys](#output_changed_keys)                                     | string |                                                                     Returns all changed YAML keys <br>when the `files_yaml` input is <br>used. i.e. *key that contains any path that has either been added, copied, modified, and renamed (ACMR)*                                                                       |
-|                                     <a name="output_copied_files"></a>[copied\_files](#output_copied_files)                                     | string |                                                                                                                                      Returns only files that are <br>Copied (C).                                                                                                                                        |
-|                            <a name="output_copied_files_count"></a>[copied\_files\_count](#output_copied_files_count)                            | string |                                                                                                                                          Returns the number of `copied_files`                                                                                                                                           |
-|                                   <a name="output_deleted_files"></a>[deleted\_files](#output_deleted_files)                                    | string |                                                                                                                                      Returns only files that are <br>Deleted (D).                                                                                                                                       |
-|                          <a name="output_deleted_files_count"></a>[deleted\_files\_count](#output_deleted_files_count)                           | string |                                                                                                                                          Returns the number of `deleted_files`                                                                                                                                          |
-|                                  <a name="output_modified_files"></a>[modified\_files](#output_modified_files)                                  | string |                                                                                                                                     Returns only files that are <br>Modified (M).                                                                                                                                       |
-|                         <a name="output_modified_files_count"></a>[modified\_files\_count](#output_modified_files_count)                         | string |                                                                                                                                         Returns the number of `modified_files`                                                                                                                                          |
-|                                   <a name="output_modified_keys"></a>[modified\_keys](#output_modified_keys)                                    | string |                                                                    Returns all modified YAML keys <br>when the `files_yaml` input is <br>used. i.e. *key that contains any path that has either been added, copied, modified, and deleted (ACMRD)*                                                                      |
-|                                     <a name="output_only_changed"></a>[only\_changed](#output_only_changed)                                     | string |                                                            Returns `true` when only files <br>provided using the `files*` or `files_ignore*` inputs <br>has changed. i.e. *includes a combination of all added, copied, modified and renamed files (ACMR)*.                                                             |
-|                                     <a name="output_only_deleted"></a>[only\_deleted](#output_only_deleted)                                     | string |                                                                                                   Returns `true` when only files <br>provided using the `files*` or `files_ignore*` inputs <br>has been deleted. (D)                                                                                                    |
-|                                   <a name="output_only_modified"></a>[only\_modified](#output_only_modified)                                    | string |                                                                                                Returns `true` when only files <br>provided using the `files*` or `files_ignore*` inputs <br>has been modified. (ACMRD).                                                                                                 |
-|                          <a name="output_other_changed_files"></a>[other\_changed\_files](#output_other_changed_files)                           | string |                                                                              Returns all other changed files <br>not listed in the files <br>input i.e. *includes a combination of all added, copied, modified and renamed files (ACMR)*.                                                                               |
-|                 <a name="output_other_changed_files_count"></a>[other\_changed\_files\_count](#output_other_changed_files_count)                  | string |                                                                                                                                       Returns the number of `other_changed_files`                                                                                                                                       |
-|                          <a name="output_other_deleted_files"></a>[other\_deleted\_files](#output_other_deleted_files)                           | string |                                                                                                  Returns all other deleted files <br>not listed in the files <br>input i.e. *a  combination of all deleted files (D)*                                                                                                   |
-|                 <a name="output_other_deleted_files_count"></a>[other\_deleted\_files\_count](#output_other_deleted_files_count)                  | string |                                                                                                                                       Returns the number of `other_deleted_files`                                                                                                                                       |
-|                         <a name="output_other_modified_files"></a>[other\_modified\_files](#output_other_modified_files)                         | string |                                                                                 Returns all other modified files <br>not listed in the files <br>input i.e. *a combination of all added, copied, modified, and deleted files (ACMRD)*                                                                                   |
-|                <a name="output_other_modified_files_count"></a>[other\_modified\_files\_count](#output_other_modified_files_count)                | string |                                                                                                                                      Returns the number of `other_modified_files`                                                                                                                                       |
-|                                   <a name="output_renamed_files"></a>[renamed\_files](#output_renamed_files)                                    | string |                                                                                                                                      Returns only files that are <br>Renamed (R).                                                                                                                                       |
-|                          <a name="output_renamed_files_count"></a>[renamed\_files\_count](#output_renamed_files_count)                           | string |                                                                                                                                          Returns the number of `renamed_files`                                                                                                                                          |
-|                            <a name="output_type_changed_files"></a>[type\_changed\_files](#output_type_changed_files)                            | string |                                                                                                                             Returns only files that have <br>their file type changed (T).                                                                                                                               |
-|                   <a name="output_type_changed_files_count"></a>[type\_changed\_files\_count](#output_type_changed_files_count)                   | string |                                                                                                                                       Returns the number of `type_changed_files`                                                                                                                                        |
-|                                   <a name="output_unknown_files"></a>[unknown\_files](#output_unknown_files)                                    | string |                                                                                                                                      Returns only files that are <br>Unknown (X).                                                                                                                                       |
-|                          <a name="output_unknown_files_count"></a>[unknown\_files\_count](#output_unknown_files_count)                           | string |                                                                                                                                          Returns the number of `unknown_files`                                                                                                                                          |
-|                                  <a name="output_unmerged_files"></a>[unmerged\_files](#output_unmerged_files)                                  | string |                                                                                                                                     Returns only files that are <br>Unmerged (U).                                                                                                                                       |
-|                         <a name="output_unmerged_files_count"></a>[unmerged\_files\_count](#output_unmerged_files_count)                         | string |                                                                                                                                         Returns the number of `unmerged_files`                                                                                                                                          |
-
-<!-- AUTO-DOC-OUTPUT:END -->
+> *   When using `files_yaml*` inputs:
+>     *   All keys must start with a letter or `_` and contain only alphanumeric characters, `-`, or `_`.
+>         For example, `test` or `test_key` or `tesT-key` are all valid.
 
 ## Inputs ⚙️
 
 <!-- AUTO-DOC-INPUT:START - Do not remove or modify this section -->
 
 ```yaml
-- uses: tj-actions/changed-files@v40
+- uses: tj-actions/changed-files@v41
   id: changed-files
   with:
     # Github API URL.
@@ -600,6 +553,12 @@ Support this project with a :star:
     # Default: "\n"
     recover_files_separator: ''
 
+    # Apply sanitization to output filenames before being set as 
+    # output. 
+    # Type: boolean
+    # Default: "true"
+    safe_output: ''
+
     # Split character for output strings.
     # Type: string
     # Default: " "
@@ -643,6 +602,12 @@ Support this project with a :star:
     # Type: string
     until: ''
 
+    # Force the use of Github's REST API even when 
+    # a local copy of the repository exists 
+    # Type: boolean
+    # Default: "false"
+    use_rest_api: ''
+
     # Write outputs to the `output_dir` defaults to `.github/outputs` folder. 
     # NOTE: This creates a `.txt` file by default and 
     # a `.json` file if `json` is set to `true`. 
@@ -654,6 +619,73 @@ Support this project with a :star:
 
 <!-- AUTO-DOC-INPUT:END -->
 
+## Useful Acronyms 🧮
+
+|  Acronym  |   Meaning    |
+|:---------:|:------------:|
+|     A     |    Added     |
+|     C     |    Copied    |
+|     M     |   Modified   |
+|     D     |   Deleted    |
+|     R     |   Renamed    |
+|     T     | Type changed |
+|     U     |   Unmerged   |
+|     X     |   Unknown    |
+
+> \[!IMPORTANT]
+>
+> *   When using `files_yaml*` inputs:
+>     *   it's required to prefix all outputs with the key to ensure that the correct outputs are accessible.
+>
+>         For example, if you use `test` as the key, you can access outputs like `added_files`, `any_changed`, and so on by prefixing them with the key `test_added_files` or `test_any_changed` etc.
+
+## Outputs 📤
+
+<!-- AUTO-DOC-OUTPUT:START - Do not remove or modify this section -->
+
+|                                                                     OUTPUT                                                                     |  TYPE  |                                                                                                                                                       DESCRIPTION                                                                                                                                                       |
+|------------------------------------------------------------------------------------------------------------------------------------------------|--------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|                                      <a name="output_added_files"></a>[added\_files](#output_added_files)                                       | string |                                                                                                                                       Returns only files that are <br>Added (A).                                                                                                                                        |
+|                             <a name="output_added_files_count"></a>[added\_files\_count](#output_added_files_count)                              | string |                                                                                                                                           Returns the number of `added_files`                                                                                                                                           |
+|          <a name="output_all_changed_and_modified_files"></a>[all\_changed\_and\_modified\_files](#output_all_changed_and_modified_files)          | string |                                                                                                                     Returns all changed and modified <br>files i.e. *a combination of (ACMRDTUX)*                                                                                                                       |
+| <a name="output_all_changed_and_modified_files_count"></a>[all\_changed\_and\_modified\_files\_count](#output_all_changed_and_modified_files_count) | string |                                                                                                                                 Returns the number of `all_changed_and_modified_files`                                                                                                                                  |
+|                             <a name="output_all_changed_files"></a>[all\_changed\_files](#output_all_changed_files)                              | string |                                                                                                       Returns all changed files i.e. <br>*a combination of all added, copied, modified and renamed files (ACMR)*                                                                                                        |
+|                    <a name="output_all_changed_files_count"></a>[all\_changed\_files\_count](#output_all_changed_files_count)                     | string |                                                                                                                                        Returns the number of `all_changed_files`                                                                                                                                        |
+|                            <a name="output_all_modified_files"></a>[all\_modified\_files](#output_all_modified_files)                            | string |                                                                                                 Returns all changed files i.e. <br>*a combination of all added, copied, modified, renamed and deleted files (ACMRD)*.                                                                                                   |
+|                   <a name="output_all_modified_files_count"></a>[all\_modified\_files\_count](#output_all_modified_files_count)                   | string |                                                                                                                                       Returns the number of `all_modified_files`                                                                                                                                        |
+|                 <a name="output_all_old_new_renamed_files"></a>[all\_old\_new\_renamed\_files](#output_all_old_new_renamed_files)                  | string | Returns only files that are <br>Renamed and lists their old <br>and new names. **NOTE:** This <br>requires setting `include_all_old_new_renamed_files` to `true`. <br>Also, keep in mind that <br>this output is global and <br>wouldn't be nested in outputs <br>generated when the `*_yaml_*` input <br>is used. (R)  |
+|        <a name="output_all_old_new_renamed_files_count"></a>[all\_old\_new\_renamed\_files\_count](#output_all_old_new_renamed_files_count)         | string |                                                                                                                                    Returns the number of `all_old_new_renamed_files`                                                                                                                                    |
+|                                      <a name="output_any_changed"></a>[any\_changed](#output_any_changed)                                       | string |                                                     Returns `true` when any of <br>the filenames provided using the <br>`files*` or `files_ignore*` inputs has changed. i.e. <br>*includes a combination of all added, copied, modified and renamed files (ACMR)*.                                                      |
+|                                      <a name="output_any_deleted"></a>[any\_deleted](#output_any_deleted)                                       | string |                                                                                            Returns `true` when any of <br>the filenames provided using the <br>`files*` or `files_ignore*` inputs has been deleted. <br>(D)                                                                                             |
+|                                     <a name="output_any_modified"></a>[any\_modified](#output_any_modified)                                     | string |                                            Returns `true` when any of <br>the filenames provided using the <br>`files*` or `files_ignore*` inputs has been modified. <br>i.e. *includes a combination of all added, copied, modified, renamed, and deleted files (ACMRD)*.                                              |
+|                                     <a name="output_changed_keys"></a>[changed\_keys](#output_changed_keys)                                     | string |                                                                     Returns all changed YAML keys <br>when the `files_yaml` input is <br>used. i.e. *key that contains any path that has either been added, copied, modified, and renamed (ACMR)*                                                                       |
+|                                     <a name="output_copied_files"></a>[copied\_files](#output_copied_files)                                     | string |                                                                                                                                      Returns only files that are <br>Copied (C).                                                                                                                                        |
+|                            <a name="output_copied_files_count"></a>[copied\_files\_count](#output_copied_files_count)                            | string |                                                                                                                                          Returns the number of `copied_files`                                                                                                                                           |
+|                                   <a name="output_deleted_files"></a>[deleted\_files](#output_deleted_files)                                    | string |                                                                                                                                      Returns only files that are <br>Deleted (D).                                                                                                                                       |
+|                          <a name="output_deleted_files_count"></a>[deleted\_files\_count](#output_deleted_files_count)                           | string |                                                                                                                                          Returns the number of `deleted_files`                                                                                                                                          |
+|                                  <a name="output_modified_files"></a>[modified\_files](#output_modified_files)                                  | string |                                                                                                                                     Returns only files that are <br>Modified (M).                                                                                                                                       |
+|                         <a name="output_modified_files_count"></a>[modified\_files\_count](#output_modified_files_count)                         | string |                                                                                                                                         Returns the number of `modified_files`                                                                                                                                          |
+|                                   <a name="output_modified_keys"></a>[modified\_keys](#output_modified_keys)                                    | string |                                                                    Returns all modified YAML keys <br>when the `files_yaml` input is <br>used. i.e. *key that contains any path that has either been added, copied, modified, and deleted (ACMRD)*                                                                      |
+|                                     <a name="output_only_changed"></a>[only\_changed](#output_only_changed)                                     | string |                                                            Returns `true` when only files <br>provided using the `files*` or `files_ignore*` inputs <br>has changed. i.e. *includes a combination of all added, copied, modified and renamed files (ACMR)*.                                                             |
+|                                     <a name="output_only_deleted"></a>[only\_deleted](#output_only_deleted)                                     | string |                                                                                                   Returns `true` when only files <br>provided using the `files*` or `files_ignore*` inputs <br>has been deleted. (D)                                                                                                    |
+|                                   <a name="output_only_modified"></a>[only\_modified](#output_only_modified)                                    | string |                                                                                                Returns `true` when only files <br>provided using the `files*` or `files_ignore*` inputs <br>has been modified. (ACMRD).                                                                                                 |
+|                          <a name="output_other_changed_files"></a>[other\_changed\_files](#output_other_changed_files)                           | string |                                                                              Returns all other changed files <br>not listed in the files <br>input i.e. *includes a combination of all added, copied, modified and renamed files (ACMR)*.                                                                               |
+|                 <a name="output_other_changed_files_count"></a>[other\_changed\_files\_count](#output_other_changed_files_count)                  | string |                                                                                                                                       Returns the number of `other_changed_files`                                                                                                                                       |
+|                          <a name="output_other_deleted_files"></a>[other\_deleted\_files](#output_other_deleted_files)                           | string |                                                                                                  Returns all other deleted files <br>not listed in the files <br>input i.e. *a  combination of all deleted files (D)*                                                                                                   |
+|                 <a name="output_other_deleted_files_count"></a>[other\_deleted\_files\_count](#output_other_deleted_files_count)                  | string |                                                                                                                                       Returns the number of `other_deleted_files`                                                                                                                                       |
+|                         <a name="output_other_modified_files"></a>[other\_modified\_files](#output_other_modified_files)                         | string |                                                                                 Returns all other modified files <br>not listed in the files <br>input i.e. *a combination of all added, copied, modified, and deleted files (ACMRD)*                                                                                   |
+|                <a name="output_other_modified_files_count"></a>[other\_modified\_files\_count](#output_other_modified_files_count)                | string |                                                                                                                                      Returns the number of `other_modified_files`                                                                                                                                       |
+|                                   <a name="output_renamed_files"></a>[renamed\_files](#output_renamed_files)                                    | string |                                                                                                                                      Returns only files that are <br>Renamed (R).                                                                                                                                       |
+|                          <a name="output_renamed_files_count"></a>[renamed\_files\_count](#output_renamed_files_count)                           | string |                                                                                                                                          Returns the number of `renamed_files`                                                                                                                                          |
+|                            <a name="output_type_changed_files"></a>[type\_changed\_files](#output_type_changed_files)                            | string |                                                                                                                             Returns only files that have <br>their file type changed (T).                                                                                                                               |
+|                   <a name="output_type_changed_files_count"></a>[type\_changed\_files\_count](#output_type_changed_files_count)                   | string |                                                                                                                                       Returns the number of `type_changed_files`                                                                                                                                        |
+|                                   <a name="output_unknown_files"></a>[unknown\_files](#output_unknown_files)                                    | string |                                                                                                                                      Returns only files that are <br>Unknown (X).                                                                                                                                       |
+|                          <a name="output_unknown_files_count"></a>[unknown\_files\_count](#output_unknown_files_count)                           | string |                                                                                                                                          Returns the number of `unknown_files`                                                                                                                                          |
+|                                  <a name="output_unmerged_files"></a>[unmerged\_files](#output_unmerged_files)                                  | string |                                                                                                                                     Returns only files that are <br>Unmerged (U).                                                                                                                                       |
+|                         <a name="output_unmerged_files_count"></a>[unmerged\_files\_count](#output_unmerged_files_count)                         | string |                                                                                                                                         Returns the number of `unmerged_files`                                                                                                                                          |
+
+<!-- AUTO-DOC-OUTPUT:END -->
+
 ## Versioning 🏷️
 
 This GitHub Action follows the principles of [Semantic Versioning](https://semver.org) for versioning releases.
@@ -675,7 +707,30 @@ The format of the version string is as follows:
 ...
     - name: Get changed files
       id: changed-files
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
+...
+```
+
+</details>
+
+<details>
+<summary>Get all changed files without escaping unsafe filename characters</summary>
+
+```yaml
+...
+    - name: Get changed files
+      id: changed-files
+      uses: tj-actions/changed-files@v41
+      with:
+        safe_output: false # set to false because we are using an environment variable to store the output and avoid command injection.
+
+    - name: List all added files
+      env:
+        ADDED_FILES: ${{ steps.changed-files.outputs.added_files }}
+      run: |
+        for file in "$ADDED_FILES"; do
+          echo "$file was added"
+        done
 ...
 ```
 
@@ -688,7 +743,7 @@ The format of the version string is as follows:
 ...
     - name: Get all changed files and use a comma separator in the output
       id: changed-files
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
       with:
         separator: ","
 ...
@@ -705,11 +760,13 @@ See [inputs](#inputs) for more information.
 ...
     - name: Get changed files
       id: changed-files
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
 
     - name: List all added files
+      env:
+        ADDED_FILES: ${{ steps.changed-files.outputs.added_files }}
       run: |
-        for file in ${{ steps.changed-files.outputs.added_files }}; do
+        for file in "$ADDED_FILES"; do
           echo "$file was added"
         done
 ...
@@ -726,7 +783,7 @@ See [outputs](#outputs) for a list of all available outputs.
 ...
     - name: Get changed files
       id: changed-files
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
 
     - name: Run a step if my-file.txt was modified
       if: contains(steps.changed-files.outputs.modified_files, 'my-file.txt')
@@ -747,7 +804,7 @@ See [outputs](#outputs) for a list of all available outputs.
 
    - name: Get changed files and write the outputs to a Txt file
      id: changed-files-write-output-files-txt
-     uses: ./
+     uses: tj-actions/changed-files@v41
      with:
        write_output_files: true
 
@@ -766,7 +823,7 @@ See [outputs](#outputs) for a list of all available outputs.
 ...
    - name: Get changed files and write the outputs to a JSON file
      id: changed-files-write-output-files-json
-     uses: ./
+     uses: tj-actions/changed-files@v41
      with:
        json: true
        write_output_files: true
@@ -786,7 +843,7 @@ See [outputs](#outputs) for a list of all available outputs.
 ...
     - name: Get changed files
       id: changed-files
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
       with:
         files: |
           my-file.txt
@@ -809,7 +866,7 @@ See [inputs](#inputs) for more information.
 ...
     - name: Get changed files
       id: changed-files-specific
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
       with:
         files: |
           my-file.txt
@@ -831,15 +888,19 @@ See [inputs](#inputs) for more information.
 
     - name: Run step if any of the listed files above is deleted
       if: steps.changed-files-specific.outputs.any_deleted == 'true'
+      env:
+        DELETED_FILES: ${{ steps.changed-files-specific.outputs.deleted_files }}
       run: |
-        for file in ${{ steps.changed-files-specific.outputs.deleted_files }}; do
+        for file in "$DELETED_FILES"; do
           echo "$file was deleted"
         done
 
     - name: Run step if all listed files above have been deleted
       if: steps.changed-files-specific.outputs.only_deleted == 'true'
+      env:
+        DELETED_FILES: ${{ steps.changed-files-specific.outputs.deleted_files }}
       run: |
-        for file in ${{ steps.changed-files-specific.outputs.deleted_files }}; do
+        for file in "$DELETED_FILES"; do
           echo "$file was deleted"
         done
 ...
@@ -856,7 +917,7 @@ See [outputs](#outputs) for a list of all available outputs.
 ...
     - name: Get changed files using a source file or list of file(s) to populate to files input.
       id: changed-files-specific-source-file
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
       with:
         files_from_source_file: test/changed-files-list.txt
 ...
@@ -873,7 +934,7 @@ See [inputs](#inputs) for more information.
 ...
     - name: Get changed files using a source file or list of file(s) to populate to files input and optionally specify more files.
       id: changed-files-specific-source-file-and-specify-files
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
       with:
         files_from_source_file: |
           test/changed-files-list.txt
@@ -894,7 +955,7 @@ See [inputs](#inputs) for more information.
 ...
     - name: Get changed files using a different SHA
       id: changed-files
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
       with:
         sha: ${{ github.event.pull_request.head.sha }}
 ...
@@ -911,7 +972,7 @@ See [inputs](#inputs) for more information.
 ...
     - name: Get changed files using a different base SHA
       id: changed-files
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
       with:
         base_sha: ${{ github.event.pull_request.base.sha }}
 ...
@@ -943,20 +1004,22 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@v41
 
       - name: Get changed files in the .github folder
         id: changed-files-specific
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@v41
         with:
           base_sha: ${{ steps.get-base-sha.outputs.base_sha }}
           files: .github/**
 
       - name: Run step if any file(s) in the .github folder change
         if: steps.changed-files-specific.outputs.any_changed == 'true'
+        env:
+          ALL_CHANGED_FILES: ${{ steps.changed-files-specific.outputs.all_changed_files }}
         run: |
           echo "One or more files in the .github folder has changed."
-          echo "List all the files that have changed: ${{ steps.changed-files-specific.outputs.all_changed_files }}"
+          echo "List all the files that have changed: $ALL_CHANGED_FILES"
 ...
 ```
 
@@ -977,13 +1040,16 @@ See [inputs](#inputs) for more information.
 
     - name: Run changed-files with defaults in dir1
       id: changed-files-for-dir1
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
       with:
         path: dir1
 
     - name: List all added files in dir1
+      env:
+        ADDED_FILES: |-
+          ${{ steps.changed-files-for-dir1.outputs.added_files }}
       run: |
-        for file in ${{ steps.changed-files-for-dir1.outputs.added_files }}; do
+        for file in "$ADDED_FILES"; do
           echo "$file was added"
         done
 ...
@@ -1000,13 +1066,13 @@ See [inputs](#inputs) for more information.
 ...
     - name: Run changed-files with quotepath disabled
       id: changed-files-quotepath
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
       with:
         quotepath: "false"
 
     - name: Run changed-files with quotepath disabled for a specified list of file(s)
       id: changed-files-quotepath-specific
-      uses: ./
+      uses: tj-actions/changed-files@v41
       with:
         files: test/test-è.txt
         quotepath: "false"
@@ -1039,7 +1105,7 @@ See [inputs](#inputs) for more information.
 
       - name: Run changed-files with the commit of the last successful test workflow run
         id: changed-files-base-sha-push
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@v41
         with:
           base_sha: ${{ steps.last_successful_commit_push.outputs.base }}
 ...
@@ -1066,7 +1132,7 @@ See [inputs](#inputs) for more information.
 
       - name: Run changed-files with the commit of the last successful test workflow run on the main branch
         id: changed-files-base-sha-pull-request
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@v41
         with:
           base_sha: ${{ steps.last_successful_commit_pull_request.outputs.base }}
 ...
@@ -1092,7 +1158,7 @@ See [inputs](#inputs) for more information.
 ...
     - name: Run changed-files with dir_names
       id: changed-files-dir-names
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
       with:
         dir_names: "true"
 ...
@@ -1109,7 +1175,7 @@ See [inputs](#inputs) for more information.
 ...
     - name: Run changed-files with JSON output
       id: changed-files-json
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
       with:
         json: "true"
 ...
@@ -1126,13 +1192,13 @@ See [inputs](#inputs) for more information.
 ...
     - name: Get changed-files since 2022-08-19
       id: changed-files-since
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
       with:
         since: "2022-08-19"
 
     - name: Get changed-files until 2022-08-20
       id: changed-files-until
-      uses: tj-actions/changed-files@v40
+      uses: tj-actions/changed-files@v41
       with:
         until: "2022-08-20"
 ...
@@ -1172,7 +1238,7 @@ And many more...
 
 ## Important Notice ⚠️
 
-> **Important** : :bangbang:
+> \[!IMPORTANT]
 >
 > *   Spaces in file names can introduce bugs when using bash loops. See: [#216](https://github.com/tj-actions/changed-files/issues/216)
 >     However, this action will handle spaces in file names, with a recommendation of using a separator to prevent any hidden issues.
@@ -1259,6 +1325,9 @@ Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/d
       <td align="center" valign="top" width="14.28%"><a href="https://github.com/albertoperdomo2"><img src="https://avatars.githubusercontent.com/u/62241095?v=4?s=100" width="100px;" alt="Alberto Perdomo"/><br /><sub><b>Alberto Perdomo</b></sub></a><br /><a href="https://github.com/tj-actions/changed-files/commits?author=albertoperdomo2" title="Documentation">📖</a></td>
       <td align="center" valign="top" width="14.28%"><a href="https://arthurvolant.com"><img src="https://avatars.githubusercontent.com/u/37664438?v=4?s=100" width="100px;" alt="Arthur"/><br /><sub><b>Arthur</b></sub></a><br /><a href="https://github.com/tj-actions/changed-files/issues?q=author%3AV0lantis" title="Bug reports">🐛</a> <a href="https://github.com/tj-actions/changed-files/commits?author=V0lantis" title="Code">💻</a></td>
     </tr>
+    <tr>
+      <td align="center" valign="top" width="14.28%"><a href="https://github.com/rodrigorfk"><img src="https://avatars.githubusercontent.com/u/1995033?v=4?s=100" width="100px;" alt="Rodrigo Fior Kuntzer"/><br /><sub><b>Rodrigo Fior Kuntzer</b></sub></a><br /><a href="https://github.com/tj-actions/changed-files/commits?author=rodrigorfk" title="Code">💻</a> <a href="https://github.com/tj-actions/changed-files/commits?author=rodrigorfk" title="Tests">⚠️</a> <a href="https://github.com/tj-actions/changed-files/issues?q=author%3Arodrigorfk" title="Bug reports">🐛</a></td>
+    </tr>
   </tbody>
 </table>
 

SECURITY.md

@@ -0,0 +1,32 @@
+# Security Policy
+
+## Proactive Security Measures
+
+To proactively detect and address security vulnerabilities, we utilize several robust tools and processes:
+
+- **Dependency Updates:** We use [Renovate](https://renovatebot.com) and [Dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/about-dependabot-security-updates) to keep our dependencies updated and promptly patch detected vulnerabilities through automated PRs.
+- **[GitHub's Security Features](https://github.com/features/security):** Our repository and dependencies are continuously monitored via GitHub's security features, which include:
+  - **Code Scanning:** Using GitHub's CodeQL, all pull requests are scanned to identify potential vulnerabilities in our source code.
+  - **Automated Alerts:** Dependabot identifies vulnerabilities based on the GitHub Advisory Database and opens PRs with patches, while automated [secret scanning](https://docs.github.com/en/enterprise-cloud@latest/code-security/secret-scanning/about-secret-scanning#about-secret-scanning-for-partner-patterns) provides alerts for detected secrets.
+- **[GitGuardian Security Checks](https://www.gitguardian.com/):** We employ GitGuardian to ensure security checks are performed on the codebase, enhancing the overall security of our project.
+- **Code Analysis and Security Scanning:** With the help of [Codacy Static Code Analysis](https://www.codacy.com/) and [Codacy Security Scan](https://security.codacy.com/), we conduct thorough analyses and scans of our code for potential security risks.
+
+## Reporting Security Vulnerabilities
+
+Despite our best efforts to deliver secure software, we acknowledge the invaluable role of the community in identifying security breaches.
+
+### Private Vulnerability Disclosures
+
+We request all suspected vulnerabilities to be responsibly and privately disclosed by sending an email to [support@tj-actions.online](mailto:support@tj-actions.online).
+
+### Public Vulnerability Disclosures
+
+For publicly disclosed security vulnerabilities, please **IMMEDIATELY** email [support@tj-actions.online](mailto:support@tj-actions.online) with the details for prompt action.
+
+Upon confirmation of a breach, reporters will receive full credit and recognition for their contribution. Please note, that we do not offer monetary compensation for reporting vulnerabilities.
+
+## Communication of Security Breaches
+
+We will utilize the [GitHub Security Advisory](https://github.com/tj-actions/changed-files/security/advisories) to communicate any security breaches. The advisory will be made public once a patch has been released to rectify the issue.
+
+We appreciate your cooperation and contribution to maintaining the security of our software. Remember, a secure community is a strong community.

action.yml

@@ -134,6 +134,10 @@ inputs:
     description: "Escape JSON output."
     required: false
     default: "true"
+  safe_output:
+    description: "Apply sanitization to output filenames before being set as output."
+    required: false
+    default: "true"
   fetch_depth:
     description: "Depth of additional branch history fetched. NOTE: This can be adjusted to resolve errors with insufficient history."
     required: false
@@ -199,6 +203,10 @@ inputs:
     description: "Github API URL."
     required: false
     default: ${{ github.api_url }}
+  use_rest_api:
+    description: "Force the use of Github's REST API even when a local copy of the repository exists"
+    required: false
+    default: "false"
   fail_on_initial_diff_error:
     description: "Fail when the initial diff fails."
     required: false

dist/index.js

@@ -454,7 +454,8 @@ const setOutputsAndGetModifiedAndChangedFilesStatus = ({ allDiffFiles, allFilter
         writeOutputFiles: inputs.writeOutputFiles,
         outputDir: inputs.outputDir,
         json: inputs.json,
-        shouldEscape: inputs.escapeJson
+        shouldEscape: inputs.escapeJson,
+        safeOutput: inputs.safeOutput
     });
     yield (0, utils_1.setOutput)({
         key: (0, utils_1.getOutputKey)('added_files_count', outputPrefix),
@@ -474,7 +475,8 @@ const setOutputsAndGetModifiedAndChangedFilesStatus = ({ allDiffFiles, allFilter
         writeOutputFiles: inputs.writeOutputFiles,
         outputDir: inputs.outputDir,
         json: inputs.json,
-        shouldEscape: inputs.escapeJson
+        shouldEscape: inputs.escapeJson,
+        safeOutput: inputs.safeOutput
     });
     yield (0, utils_1.setOutput)({
         key: (0, utils_1.getOutputKey)('copied_files_count', outputPrefix),
@@ -494,7 +496,8 @@ const setOutputsAndGetModifiedAndChangedFilesStatus = ({ allDiffFiles, allFilter
         writeOutputFiles: inputs.writeOutputFiles,
         outputDir: inputs.outputDir,
         json: inputs.json,
-        shouldEscape: inputs.escapeJson
+        shouldEscape: inputs.escapeJson,
+        safeOutput: inputs.safeOutput
     });
     yield (0, utils_1.setOutput)({
         key: (0, utils_1.getOutputKey)('modified_files_count', outputPrefix),
@@ -514,7 +517,8 @@ const setOutputsAndGetModifiedAndChangedFilesStatus = ({ allDiffFiles, allFilter
         writeOutputFiles: inputs.writeOutputFiles,
         outputDir: inputs.outputDir,
         json: inputs.json,
-        shouldEscape: inputs.escapeJson
+        shouldEscape: inputs.escapeJson,
+        safeOutput: inputs.safeOutput
     });
     yield (0, utils_1.setOutput)({
         key: (0, utils_1.getOutputKey)('renamed_files_count', outputPrefix),
@@ -534,7 +538,8 @@ const setOutputsAndGetModifiedAndChangedFilesStatus = ({ allDiffFiles, allFilter
         writeOutputFiles: inputs.writeOutputFiles,
         outputDir: inputs.outputDir,
         json: inputs.json,
-        shouldEscape: inputs.escapeJson
+        shouldEscape: inputs.escapeJson,
+        safeOutput: inputs.safeOutput
     });
     yield (0, utils_1.setOutput)({
         key: (0, utils_1.getOutputKey)('type_changed_files_count', outputPrefix),
@@ -554,7 +559,8 @@ const setOutputsAndGetModifiedAndChangedFilesStatus = ({ allDiffFiles, allFilter
         writeOutputFiles: inputs.writeOutputFiles,
         outputDir: inputs.outputDir,
         json: inputs.json,
-        shouldEscape: inputs.escapeJson
+        shouldEscape: inputs.escapeJson,
+        safeOutput: inputs.safeOutput
     });
     yield (0, utils_1.setOutput)({
         key: (0, utils_1.getOutputKey)('unmerged_files_count', outputPrefix),
@@ -574,7 +580,8 @@ const setOutputsAndGetModifiedAndChangedFilesStatus = ({ allDiffFiles, allFilter
         writeOutputFiles: inputs.writeOutputFiles,
         outputDir: inputs.outputDir,
         json: inputs.json,
-        shouldEscape: inputs.escapeJson
+        shouldEscape: inputs.escapeJson,
+        safeOutput: inputs.safeOutput
     });
     yield (0, utils_1.setOutput)({
         key: (0, utils_1.getOutputKey)('unknown_files_count', outputPrefix),
@@ -593,7 +600,8 @@ const setOutputsAndGetModifiedAndChangedFilesStatus = ({ allDiffFiles, allFilter
         writeOutputFiles: inputs.writeOutputFiles,
         outputDir: inputs.outputDir,
         json: inputs.json,
-        shouldEscape: inputs.escapeJson
+        shouldEscape: inputs.escapeJson,
+        safeOutput: inputs.safeOutput
     });
     yield (0, utils_1.setOutput)({
         key: (0, utils_1.getOutputKey)('all_changed_and_modified_files_count', outputPrefix),
@@ -618,7 +626,8 @@ const setOutputsAndGetModifiedAndChangedFilesStatus = ({ allDiffFiles, allFilter
         writeOutputFiles: inputs.writeOutputFiles,
         outputDir: inputs.outputDir,
         json: inputs.json,
-        shouldEscape: inputs.escapeJson
+        shouldEscape: inputs.escapeJson,
+        safeOutput: inputs.safeOutput
     });
     yield (0, utils_1.setOutput)({
         key: (0, utils_1.getOutputKey)('all_changed_files_count', outputPrefix),
@@ -687,7 +696,8 @@ const setOutputsAndGetModifiedAndChangedFilesStatus = ({ allDiffFiles, allFilter
         writeOutputFiles: inputs.writeOutputFiles,
         outputDir: inputs.outputDir,
         json: inputs.json,
-        shouldEscape: inputs.escapeJson
+        shouldEscape: inputs.escapeJson,
+        safeOutput: inputs.safeOutput
     });
     yield (0, utils_1.setOutput)({
         key: (0, utils_1.getOutputKey)('all_modified_files_count', outputPrefix),
@@ -768,7 +778,8 @@ const setOutputsAndGetModifiedAndChangedFilesStatus = ({ allDiffFiles, allFilter
         writeOutputFiles: inputs.writeOutputFiles,
         outputDir: inputs.outputDir,
         json: inputs.json,
-        shouldEscape: inputs.escapeJson
+        shouldEscape: inputs.escapeJson,
+        safeOutput: inputs.safeOutput
     });
     yield (0, utils_1.setOutput)({
         key: (0, utils_1.getOutputKey)('deleted_files_count', outputPrefix),
@@ -1498,6 +1509,7 @@ const getInputs = () => {
     });
     const json = core.getBooleanInput('json', { required: false });
     const escapeJson = core.getBooleanInput('escape_json', { required: false });
+    const safeOutput = core.getBooleanInput('safe_output', { required: false });
     const fetchDepth = core.getInput('fetch_depth', { required: false });
     const sinceLastRemoteCommit = core.getBooleanInput('since_last_remote_commit', { required: false });
     const writeOutputFiles = core.getBooleanInput('write_output_files', {
@@ -1541,6 +1553,9 @@ const getInputs = () => {
     const negationPatternsFirst = core.getBooleanInput('negation_patterns_first', {
         required: false
     });
+    const useRestApi = core.getBooleanInput('use_rest_api', {
+        required: false
+    });
     const inputs = {
         files,
         filesSeparator,
@@ -1587,12 +1602,14 @@ const getInputs = () => {
         dirNamesIncludeFilesSeparator,
         json,
         escapeJson,
+        safeOutput,
         writeOutputFiles,
         outputDir,
         outputRenamedFilesAsDeletedAndAdded,
         token,
         apiUrl,
-        negationPatternsFirst
+        negationPatternsFirst,
+        useRestApi
     };
     if (fetchDepth) {
         inputs.fetchDepth = Math.max(parseInt(fetchDepth, 10), 2);
@@ -1725,7 +1742,9 @@ const getChangedFilesFromLocalGitHistory = ({ inputs, env, workingDirectory, fil
             workingDirectory,
             deletedFiles: allDiffFiles[changedFiles_1.ChangeTypeEnum.Deleted],
             recoverPatterns,
-            sha: diffResult.previousSha
+            diffResult,
+            hasSubmodule,
+            submodulePaths
         });
     }
     yield (0, changedFiles_1.processChangedFiles)({
@@ -1750,7 +1769,8 @@ const getChangedFilesFromLocalGitHistory = ({ inputs, env, workingDirectory, fil
             value: allOldNewRenamedFiles.paths,
             writeOutputFiles: inputs.writeOutputFiles,
             outputDir: inputs.outputDir,
-            json: inputs.json
+            json: inputs.json,
+            safeOutput: inputs.safeOutput
         });
         yield (0, utils_1.setOutput)({
             key: 'all_old_new_renamed_files_count',
@@ -1777,7 +1797,7 @@ const getChangedFilesFromRESTAPI = ({ inputs, filePatterns, yamlFilePatterns })
     });
 });
 function run() {
-    var _a;
+    var _a, _b;
     return __awaiter(this, void 0, void 0, function* () {
         core.startGroup('changed-files');
         const env = yield (0, env_1.getEnv)();
@@ -1799,21 +1819,31 @@ function run() {
             workingDirectory
         });
         core.debug(`Yaml file patterns: ${JSON.stringify(yamlFilePatterns)}`);
+        if (inputs.useRestApi && !((_a = github.context.payload.pull_request) === null || _a === void 0 ? void 0 : _a.number)) {
+            throw new Error("Only pull_request* events are supported when using GitHub's REST API.");
+        }
         if (inputs.token &&
-            ((_a = github.context.payload.pull_request) === null || _a === void 0 ? void 0 : _a.number) &&
-            !hasGitDirectory) {
+            ((_b = github.context.payload.pull_request) === null || _b === void 0 ? void 0 : _b.number) &&
+            (!hasGitDirectory || inputs.useRestApi)) {
             core.info("Using GitHub's REST API to get changed files");
             const unsupportedInputs = [
                 'sha',
                 'baseSha',
                 'since',
                 'until',
+                'path',
+                'quotePath',
+                'diffRelative',
                 'sinceLastRemoteCommit',
                 'recoverDeletedFiles',
                 'recoverDeletedFilesToDestination',
                 'recoverFiles',
+                'recoverFilesSeparator',
                 'recoverFilesIgnore',
+                'recoverFilesIgnoreSeparator',
                 'includeAllOldNewRenamedFiles',
+                'oldNewSeparator',
+                'oldNewFilesSeparator',
                 'skipInitialFetch',
                 'fetchSubmoduleHistory',
                 'dirNamesDeletedFilesIncludeOnlyDeletedDirs'
@@ -1831,8 +1861,8 @@ function run() {
         }
         else {
             if (!hasGitDirectory) {
-                core.setFailed("Can't find local .git directory. Please run actions/checkout before this action");
-                return;
+                core.info(`Running on a ${github.context.eventName} event...`);
+                throw new Error("Can't find local .git directory. Please run actions/checkout before this action (Make sure the path specified in the 'path' input is correct). If you intend to use Github's REST API note that only pull_request* events are supported.");
             }
             core.info('Using local .git directory');
             yield getChangedFilesFromLocalGitHistory({
@@ -1851,6 +1881,7 @@ if (!process.env.TESTING) {
     // eslint-disable-next-line github/no-then
     run().catch(e => {
         core.setFailed(e.message || e);
+        process.exit(1);
     });
 }
 
@@ -2798,11 +2829,12 @@ const setArrayOutput = ({ key, inputs, value, outputPrefix }) => __awaiter(void
         writeOutputFiles: inputs.writeOutputFiles,
         outputDir: inputs.outputDir,
         json: inputs.json,
-        shouldEscape: inputs.escapeJson
+        shouldEscape: inputs.escapeJson,
+        safeOutput: inputs.safeOutput
     });
 });
 exports.setArrayOutput = setArrayOutput;
-const setOutput = ({ key, value, writeOutputFiles, outputDir, json = false, shouldEscape = false }) => __awaiter(void 0, void 0, void 0, function* () {
+const setOutput = ({ key, value, writeOutputFiles, outputDir, json = false, shouldEscape = false, safeOutput = false }) => __awaiter(void 0, void 0, void 0, function* () {
     let cleanedValue;
     if (json) {
         cleanedValue = (0, exports.jsonOutput)({ value, shouldEscape });
@@ -2810,6 +2842,10 @@ const setOutput = ({ key, value, writeOutputFiles, outputDir, json = false, shou
     else {
         cleanedValue = value.toString().trim();
     }
+    // if safeOutput is true, escape special characters for bash shell
+    if (safeOutput) {
+        cleanedValue = cleanedValue.replace(/[^\x20-\x7E]|[:*?<>|;`$()&!]/g, '\\$&');
+    }
     core.setOutput(key, cleanedValue);
     if (writeOutputFiles) {
         const extension = json ? 'json' : 'txt';
@@ -2832,7 +2868,7 @@ const getDeletedFileContents = ({ cwd, filePath, sha }) => __awaiter(void 0, voi
     }
     return stdout;
 });
-const recoverDeletedFiles = ({ inputs, workingDirectory, deletedFiles, recoverPatterns, sha }) => __awaiter(void 0, void 0, void 0, function* () {
+const recoverDeletedFiles = ({ inputs, workingDirectory, deletedFiles, recoverPatterns, diffResult, hasSubmodule, submodulePaths }) => __awaiter(void 0, void 0, void 0, function* () {
     let recoverableDeletedFiles = deletedFiles;
     core.debug(`recoverable deleted files: ${recoverableDeletedFiles}`);
     if (recoverPatterns.length > 0) {
@@ -2848,15 +2884,46 @@ const recoverDeletedFiles = ({ inputs, workingDirectory, deletedFiles, recoverPa
         if (inputs.recoverDeletedFilesToDestination) {
             target = path.join(workingDirectory, inputs.recoverDeletedFilesToDestination, deletedFile);
         }
-        const deletedFileContents = yield getDeletedFileContents({
-            cwd: workingDirectory,
-            filePath: deletedFile,
-            sha
-        });
+        let deletedFileContents;
+        const submodulePath = submodulePaths.find(p => deletedFile.startsWith(p));
+        if (hasSubmodule && submodulePath) {
+            const submoduleShaResult = yield (0, exports.gitSubmoduleDiffSHA)({
+                cwd: workingDirectory,
+                parentSha1: diffResult.previousSha,
+                parentSha2: diffResult.currentSha,
+                submodulePath,
+                diff: diffResult.diff
+            });
+            if (submoduleShaResult.previousSha) {
+                core.debug(`recovering deleted file "${deletedFile}" from submodule ${submodulePath} from ${submoduleShaResult.previousSha}`);
+                deletedFileContents = yield getDeletedFileContents({
+                    cwd: path.join(workingDirectory, submodulePath),
+                    // E.g. submodulePath = test/demo and deletedFile = test/demo/.github/README.md => filePath => .github/README.md
+                    filePath: deletedFile.replace(submodulePath, '').substring(1),
+                    sha: submoduleShaResult.previousSha
+                });
+            }
+            else {
+                core.warning(`Unable to recover deleted file "${deletedFile}" from submodule ${submodulePath} from ${submoduleShaResult.previousSha}`);
+                continue;
+            }
+        }
+        else {
+            core.debug(`recovering deleted file "${deletedFile}" from ${diffResult.previousSha}`);
+            deletedFileContents = yield getDeletedFileContents({
+                cwd: workingDirectory,
+                filePath: deletedFile,
+                sha: diffResult.previousSha
+            });
+        }
+        core.debug(`recovered deleted file "${deletedFile}"`);
         if (!(yield (0, exports.exists)(path.dirname(target)))) {
+            core.debug(`creating directory "${path.dirname(target)}"`);
             yield fs_1.promises.mkdir(path.dirname(target), { recursive: true });
         }
+        core.debug(`writing file "${target}"`);
         yield fs_1.promises.writeFile(target, deletedFileContents);
+        core.debug(`wrote file "${target}"`);
     }
 });
 exports.recoverDeletedFiles = recoverDeletedFiles;
@@ -6475,7 +6542,7 @@ module.exports = __toCommonJS(dist_src_exports);
 var import_universal_user_agent = __nccwpck_require__(5030);
 
 // pkg/dist-src/version.js
-var VERSION = "9.0.3";
+var VERSION = "9.0.4";
 
 // pkg/dist-src/defaults.js
 var userAgent = `octokit-endpoint.js/${VERSION} ${(0, import_universal_user_agent.getUserAgent)()}`;
@@ -6594,10 +6661,13 @@ function extractUrlVariableNames(url) {
 
 // pkg/dist-src/util/omit.js
 function omit(object, keysToOmit) {
-  return Object.keys(object).filter((option) => !keysToOmit.includes(option)).reduce((obj, key) => {
-    obj[key] = object[key];
-    return obj;
-  }, {});
+  const result = { __proto__: null };
+  for (const key of Object.keys(object)) {
+    if (keysToOmit.indexOf(key) === -1) {
+      result[key] = object[key];
+    }
+  }
+  return result;
 }
 
 // pkg/dist-src/util/url-template.js
@@ -7014,7 +7084,7 @@ __export(dist_src_exports, {
 module.exports = __toCommonJS(dist_src_exports);
 
 // pkg/dist-src/version.js
-var VERSION = "9.1.4";
+var VERSION = "9.1.5";
 
 // pkg/dist-src/normalize-paginated-list-response.js
 function normalizePaginatedListResponse(response) {
@@ -7411,7 +7481,7 @@ __export(dist_src_exports, {
 module.exports = __toCommonJS(dist_src_exports);
 
 // pkg/dist-src/version.js
-var VERSION = "10.1.5";
+var VERSION = "10.2.0";
 
 // pkg/dist-src/generated/endpoints.js
 var Endpoints = {
@@ -33034,6 +33104,7 @@ function request (opts, callback) {
 }
 
 module.exports = request
+module.exports.RequestHandler = RequestHandler
 
 
 /***/ }),
@@ -33580,7 +33651,7 @@ module.exports = class BodyReadable extends Readable {
       this
         .on('close', function () {
           signalListenerCleanup()
-          if (signal?.aborted) {
+          if (signal && signal.aborted) {
             reject(signal.reason || Object.assign(new Error('The operation was aborted'), { name: 'AbortError' }))
           } else {
             resolve(null)
@@ -34974,13 +35045,13 @@ module.exports = {
 /***/ }),
 
 /***/ 9174:
-/***/ ((module) => {
+/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
 
 "use strict";
 
 
 module.exports = {
-  kConstruct: Symbol('constructable')
+  kConstruct: (__nccwpck_require__(2785).kConstruct)
 }
 
 
@@ -35966,11 +36037,9 @@ class Parser {
       socket[kReset] = true
     }
 
-    let pause
-    try {
-      pause = request.onHeaders(statusCode, headers, this.resume, statusText) === false
-    } catch (err) {
-      util.destroy(socket, err)
+    const pause = request.onHeaders(statusCode, headers, this.resume, statusText) === false
+
+    if (request.aborted) {
       return -1
     }
 
@@ -36017,13 +36086,8 @@ class Parser {
 
     this.bytesRead += buf.length
 
-    try {
-      if (request.onData(buf) === false) {
-        return constants.ERROR.PAUSED
-      }
-    } catch (err) {
-      util.destroy(socket, err)
-      return -1
+    if (request.onData(buf) === false) {
+      return constants.ERROR.PAUSED
     }
   }
 
@@ -36064,11 +36128,7 @@ class Parser {
       return -1
     }
 
-    try {
-      request.onComplete(headers)
-    } catch (err) {
-      errorRequest(client, request, err)
-    }
+    request.onComplete(headers)
 
     client[kQueue][client[kRunningIdx]++] = null
 
@@ -36854,13 +36914,17 @@ function writeH2 (client, session, request) {
   })
 
   stream.on('data', (chunk) => {
-    if (request.onData(chunk) === false) stream.pause()
+    if (request.onData(chunk) === false) {
+      stream.pause()
+    }
   })
 
   stream.once('close', () => {
     h2State.openStreams -= 1
     // TODO(HTTP/2): unref only if current streams count is 0
-    if (h2State.openStreams === 0) session.unref()
+    if (h2State.openStreams === 0) {
+      session.unref()
+    }
   })
 
   stream.once('error', function (err) {
@@ -38903,7 +38967,11 @@ class Request {
 
   onBodySent (chunk) {
     if (this[kHandler].onBodySent) {
-      return this[kHandler].onBodySent(chunk)
+      try {
+        return this[kHandler].onBodySent(chunk)
+      } catch (err) {
+        this.abort(err)
+      }
     }
   }
 
@@ -38913,7 +38981,11 @@ class Request {
     }
 
     if (this[kHandler].onRequestSent) {
-      return this[kHandler].onRequestSent()
+      try {
+        return this[kHandler].onRequestSent()
+      } catch (err) {
+        this.abort(err)
+      }
     }
   }
 
@@ -38937,14 +39009,23 @@ class Request {
       channels.headers.publish({ request: this, response: { statusCode, headers, statusText } })
     }
 
-    return this[kHandler].onHeaders(statusCode, headers, resume, statusText)
+    try {
+      return this[kHandler].onHeaders(statusCode, headers, resume, statusText)
+    } catch (err) {
+      this.abort(err)
+    }
   }
 
   onData (chunk) {
     assert(!this.aborted)
     assert(!this.completed)
 
-    return this[kHandler].onData(chunk)
+    try {
+      return this[kHandler].onData(chunk)
+    } catch (err) {
+      this.abort(err)
+      return false
+    }
   }
 
   onUpgrade (statusCode, headers, socket) {
@@ -38963,7 +39044,13 @@ class Request {
     if (channels.trailers.hasSubscribers) {
       channels.trailers.publish({ request: this, trailers })
     }
-    return this[kHandler].onComplete(trailers)
+
+    try {
+      return this[kHandler].onComplete(trailers)
+    } catch (err) {
+      // TODO (fix): This might be a bad idea?
+      this.onError(err)
+    }
   }
 
   onError (error) {
@@ -38977,6 +39064,7 @@ class Request {
       return
     }
     this.aborted = true
+
     return this[kHandler].onError(error)
   }
 
@@ -39214,7 +39302,8 @@ module.exports = {
   kHTTP1BuildRequest: Symbol('http1 build request'),
   kHTTP2CopyHeaders: Symbol('http2 copy headers'),
   kHTTPConnVersion: Symbol('http connection version'),
-  kRetryHandlerDefaultRetry: Symbol('retry agent default retry')
+  kRetryHandlerDefaultRetry: Symbol('retry agent default retry'),
+  kConstruct: Symbol('constructable')
 }
 
 
@@ -40862,17 +40951,14 @@ function dataURLProcessor (dataURL) {
  * @param {boolean} excludeFragment
  */
 function URLSerializer (url, excludeFragment = false) {
-  const href = url.href
-
   if (!excludeFragment) {
-    return href
+    return url.href
   }
 
-  const hash = href.lastIndexOf('#')
-  if (hash === -1) {
-    return href
-  }
-  return href.slice(0, hash)
+  const href = url.href
+  const hashLength = url.hash.length
+
+  return hashLength === 0 ? href : href.substring(0, href.length - hashLength)
 }
 
 // https://infra.spec.whatwg.org/#collect-a-sequence-of-code-points
@@ -42056,7 +42142,7 @@ module.exports = {
 
 
 
-const { kHeadersList } = __nccwpck_require__(2785)
+const { kHeadersList, kConstruct } = __nccwpck_require__(2785)
 const { kGuard } = __nccwpck_require__(5861)
 const { kEnumerableProperty } = __nccwpck_require__(3983)
 const {
@@ -42294,6 +42380,9 @@ class HeadersList {
 // https://fetch.spec.whatwg.org/#headers-class
 class Headers {
   constructor (init = undefined) {
+    if (init === kConstruct) {
+      return
+    }
     this[kHeadersList] = new HeadersList()
 
     // The new Headers(init) constructor steps are:
@@ -42934,7 +43023,7 @@ function finalizeAndReportTiming (response, initiatorType = 'other') {
   }
 
   // 8. If response’s timing allow passed flag is not set, then:
-  if (!timingInfo.timingAllowPassed) {
+  if (!response.timingAllowPassed) {
     //  1. Set timingInfo to a the result of creating an opaque timing info for timingInfo.
     timingInfo = createOpaqueTimingInfo({
       startTime: timingInfo.startTime
@@ -44811,7 +44900,8 @@ const {
   isValidHTTPToken,
   sameOrigin,
   normalizeMethod,
-  makePolicyContainer
+  makePolicyContainer,
+  normalizeMethodRecord
 } = __nccwpck_require__(2538)
 const {
   forbiddenMethodsSet,
@@ -44828,13 +44918,12 @@ const { kHeaders, kSignal, kState, kGuard, kRealm } = __nccwpck_require__(5861)
 const { webidl } = __nccwpck_require__(1744)
 const { getGlobalOrigin } = __nccwpck_require__(1246)
 const { URLSerializer } = __nccwpck_require__(685)
-const { kHeadersList } = __nccwpck_require__(2785)
+const { kHeadersList, kConstruct } = __nccwpck_require__(2785)
 const assert = __nccwpck_require__(9491)
 const { getMaxListeners, setMaxListeners, getEventListeners, defaultMaxListeners } = __nccwpck_require__(2361)
 
 let TransformStream = globalThis.TransformStream
 
-const kInit = Symbol('init')
 const kAbortController = Symbol('abortController')
 
 const requestFinalizer = new FinalizationRegistry(({ signal, abort }) => {
@@ -44845,7 +44934,7 @@ const requestFinalizer = new FinalizationRegistry(({ signal, abort }) => {
 class Request {
   // https://fetch.spec.whatwg.org/#dom-request
   constructor (input, init = {}) {
-    if (input === kInit) {
+    if (input === kConstruct) {
       return
     }
 
@@ -44984,8 +45073,10 @@ class Request {
       urlList: [...request.urlList]
     })
 
+    const initHasKey = Object.keys(init).length !== 0
+
     // 13. If init is not empty, then:
-    if (Object.keys(init).length > 0) {
+    if (initHasKey) {
       // 1. If request’s mode is "navigate", then set it to "same-origin".
       if (request.mode === 'navigate') {
         request.mode = 'same-origin'
@@ -45100,7 +45191,7 @@ class Request {
     }
 
     // 23. If init["integrity"] exists, then set request’s integrity metadata to it.
-    if (init.integrity !== undefined && init.integrity != null) {
+    if (init.integrity != null) {
       request.integrity = String(init.integrity)
     }
 
@@ -45116,16 +45207,16 @@ class Request {
 
       // 2. If method is not a method or method is a forbidden method, then
       // throw a TypeError.
-      if (!isValidHTTPToken(init.method)) {
-        throw new TypeError(`'${init.method}' is not a valid HTTP method.`)
+      if (!isValidHTTPToken(method)) {
+        throw new TypeError(`'${method}' is not a valid HTTP method.`)
       }
 
       if (forbiddenMethodsSet.has(method.toUpperCase())) {
-        throw new TypeError(`'${init.method}' HTTP method is unsupported.`)
+        throw new TypeError(`'${method}' HTTP method is unsupported.`)
       }
 
       // 3. Normalize method.
-      method = normalizeMethod(init.method)
+      method = normalizeMethodRecord[method] ?? normalizeMethod(method)
 
       // 4. Set request’s method to method.
       request.method = method
@@ -45196,7 +45287,7 @@ class Request {
     // 30. Set this’s headers to a new Headers object with this’s relevant
     // Realm, whose header list is request’s header list and guard is
     // "request".
-    this[kHeaders] = new Headers()
+    this[kHeaders] = new Headers(kConstruct)
     this[kHeaders][kHeadersList] = request.headersList
     this[kHeaders][kGuard] = 'request'
     this[kHeaders][kRealm] = this[kRealm]
@@ -45216,25 +45307,25 @@ class Request {
     }
 
     // 32. If init is not empty, then:
-    if (Object.keys(init).length !== 0) {
+    if (initHasKey) {
+      /** @type {HeadersList} */
+      const headersList = this[kHeaders][kHeadersList]
       // 1. Let headers be a copy of this’s headers and its associated header
       // list.
-      let headers = new Headers(this[kHeaders])
-
       // 2. If init["headers"] exists, then set headers to init["headers"].
-      if (init.headers !== undefined) {
-        headers = init.headers
-      }
+      const headers = init.headers !== undefined ? init.headers : new HeadersList(headersList)
 
       // 3. Empty this’s headers’s header list.
-      this[kHeaders][kHeadersList].clear()
+      headersList.clear()
 
       // 4. If headers is a Headers object, then for each header in its header
       // list, append header’s name/header’s value to this’s headers.
-      if (headers.constructor.name === 'Headers') {
+      if (headers instanceof HeadersList) {
         for (const [key, val] of headers) {
-          this[kHeaders].append(key, val)
+          headersList.append(key, val)
         }
+        // Note: Copy the `set-cookie` meta-data.
+        headersList.cookies = headers.cookies
       } else {
         // 5. Otherwise, fill this’s headers with headers.
         fillHeaders(this[kHeaders], headers)
@@ -45523,10 +45614,10 @@ class Request {
 
     // 3. Let clonedRequestObject be the result of creating a Request object,
     // given clonedRequest, this’s headers’s guard, and this’s relevant Realm.
-    const clonedRequestObject = new Request(kInit)
+    const clonedRequestObject = new Request(kConstruct)
     clonedRequestObject[kState] = clonedRequest
     clonedRequestObject[kRealm] = this[kRealm]
-    clonedRequestObject[kHeaders] = new Headers()
+    clonedRequestObject[kHeaders] = new Headers(kConstruct)
     clonedRequestObject[kHeaders][kHeadersList] = clonedRequest.headersList
     clonedRequestObject[kHeaders][kGuard] = this[kHeaders][kGuard]
     clonedRequestObject[kHeaders][kRealm] = this[kHeaders][kRealm]
@@ -45776,7 +45867,7 @@ const { webidl } = __nccwpck_require__(1744)
 const { FormData } = __nccwpck_require__(2015)
 const { getGlobalOrigin } = __nccwpck_require__(1246)
 const { URLSerializer } = __nccwpck_require__(685)
-const { kHeadersList } = __nccwpck_require__(2785)
+const { kHeadersList, kConstruct } = __nccwpck_require__(2785)
 const assert = __nccwpck_require__(9491)
 const { types } = __nccwpck_require__(3837)
 
@@ -45897,7 +45988,7 @@ class Response {
     // 2. Set this’s headers to a new Headers object with this’s relevant
     // Realm, whose header list is this’s response’s header list and guard
     // is "response".
-    this[kHeaders] = new Headers()
+    this[kHeaders] = new Headers(kConstruct)
     this[kHeaders][kGuard] = 'response'
     this[kHeaders][kHeadersList] = this[kState].headersList
     this[kHeaders][kRealm] = this[kRealm]
@@ -46267,11 +46358,7 @@ webidl.converters.XMLHttpRequestBodyInit = function (V) {
     return webidl.converters.Blob(V, { strict: false })
   }
 
-  if (
-    types.isAnyArrayBuffer(V) ||
-    types.isTypedArray(V) ||
-    types.isDataView(V)
-  ) {
+  if (types.isArrayBuffer(V) || types.isTypedArray(V) || types.isDataView(V)) {
     return webidl.converters.BufferSource(V)
   }
 
@@ -47052,11 +47139,30 @@ function isCancelled (fetchParams) {
     fetchParams.controller.state === 'terminated'
 }
 
-// https://fetch.spec.whatwg.org/#concept-method-normalize
+const normalizeMethodRecord = {
+  delete: 'DELETE',
+  DELETE: 'DELETE',
+  get: 'GET',
+  GET: 'GET',
+  head: 'HEAD',
+  HEAD: 'HEAD',
+  options: 'OPTIONS',
+  OPTIONS: 'OPTIONS',
+  post: 'POST',
+  POST: 'POST',
+  put: 'PUT',
+  PUT: 'PUT'
+}
+
+// Note: object prototypes should not be able to be referenced. e.g. `Object#hasOwnProperty`.
+Object.setPrototypeOf(normalizeMethodRecord, null)
+
+/**
+ * @see https://fetch.spec.whatwg.org/#concept-method-normalize
+ * @param {string} method
+ */
 function normalizeMethod (method) {
-  return /^(DELETE|GET|HEAD|OPTIONS|POST|PUT)$/i.test(method)
-    ? method.toUpperCase()
-    : method
+  return normalizeMethodRecord[method.toLowerCase()] ?? method
 }
 
 // https://infra.spec.whatwg.org/#serialize-a-javascript-value-to-a-json-string
@@ -47401,7 +47507,8 @@ module.exports = {
   urlIsLocal,
   urlHasHttpsScheme,
   urlIsHttpHttpsScheme,
-  readAllBytes
+  readAllBytes,
+  normalizeMethodRecord
 }
 
 
@@ -49525,7 +49632,7 @@ module.exports = RedirectHandler
 /***/ 2286:
 /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
 
-const assert = __nccwpck_require__(8061)
+const assert = __nccwpck_require__(9491)
 
 const { kRetryHandlerDefaultRetry } = __nccwpck_require__(2785)
 const { RequestRetryError } = __nccwpck_require__(8045)
@@ -49622,7 +49729,7 @@ class RetryHandler {
   }
 
   onBodySent (chunk) {
-    return this.handler.onBodySent(chunk)
+    if (this.handler.onBodySent) return this.handler.onBodySent(chunk)
   }
 
   static [kRetryHandlerDefaultRetry] (err, { state, opts }, cb) {
@@ -51785,6 +51892,9 @@ class ProxyAgent extends DispatcherBase {
     this[kProxyTls] = opts.proxyTls
     this[kProxyHeaders] = opts.headers || {}
 
+    const resolvedUrl = new URL(opts.uri)
+    const { origin, port, host, username, password } = resolvedUrl
+
     if (opts.auth && opts.token) {
       throw new InvalidArgumentError('opts.auth cannot be used in combination with opts.token')
     } else if (opts.auth) {
@@ -51792,11 +51902,10 @@ class ProxyAgent extends DispatcherBase {
       this[kProxyHeaders]['proxy-authorization'] = `Basic ${opts.auth}`
     } else if (opts.token) {
       this[kProxyHeaders]['proxy-authorization'] = opts.token
+    } else if (username && password) {
+      this[kProxyHeaders]['proxy-authorization'] = `Basic ${Buffer.from(`${decodeURIComponent(username)}:${decodeURIComponent(password)}`).toString('base64')}`
     }
 
-    const resolvedUrl = new URL(opts.uri)
-    const { origin, port, host } = resolvedUrl
-
     const connect = buildConnector({ ...opts.proxyTls })
     this[kConnectEndpoint] = buildConnector({ ...opts.requestTls })
     this[kClient] = clientFactory(resolvedUrl, { connect })
@@ -51820,7 +51929,7 @@ class ProxyAgent extends DispatcherBase {
           })
           if (statusCode !== 200) {
             socket.on('error', () => {}).destroy()
-            callback(new RequestAbortedError('Proxy response !== 200 when HTTP Tunneling'))
+            callback(new RequestAbortedError(`Proxy response (${statusCode}) !== 200 when HTTP Tunneling`))
           }
           if (opts.protocol !== 'https:') {
             callback(null, socket)
@@ -54817,14 +54926,6 @@ module.exports = require("net");
 
 /***/ }),
 
-/***/ 8061:
-/***/ ((module) => {
-
-"use strict";
-module.exports = require("node:assert");
-
-/***/ }),
-
 /***/ 5673:
 /***/ ((module) => {
 

jest.config.js

@@ -10,4 +10,4 @@ module.exports = {
   setupFiles: [
     "<rootDir>/jest/setupEnv.cjs"
   ]
-}
+};

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tj-actions/changed-files",
-  "version": "40.1.1",
+  "version": "41.0.1",
   "description": "Github action to retrieve all (added, copied, modified, deleted, renamed, type changed, unmerged, unknown) files and directories.",
   "main": "lib/main.js",
   "publishConfig": {
@@ -8,10 +8,10 @@
   },
   "scripts": {
     "build": "tsc",
-    "format": "prettier --write **/*.ts",
-    "format-check": "prettier --check **/*.ts",
-    "lint": "eslint **/*.ts --max-warnings 0",
-    "lint:fix": "eslint --fix src/**/*.ts",
+    "format": "prettier --write src/*.ts src/**/*.ts",
+    "format-check": "prettier --check src/*.ts src/**/*.ts",
+    "lint": "eslint src/*.ts src/**/*.ts --max-warnings 0",
+    "lint:fix": "eslint --fix src/*.ts src/**/*.ts",
     "package": "ncc build lib/main.js --source-map --license licenses.txt",
     "test": "jest --coverage",
     "all": "yarn build && yarn format && yarn lint && yarn package && yarn test"

src/changedFilesOutput.ts

@@ -43,7 +43,8 @@ export const setOutputsAndGetModifiedAndChangedFilesStatus = async ({
     writeOutputFiles: inputs.writeOutputFiles,
     outputDir: inputs.outputDir,
     json: inputs.json,
-    shouldEscape: inputs.escapeJson
+    shouldEscape: inputs.escapeJson,
+    safeOutput: inputs.safeOutput
   })
   await setOutput({
     key: getOutputKey('added_files_count', outputPrefix),
@@ -64,7 +65,8 @@ export const setOutputsAndGetModifiedAndChangedFilesStatus = async ({
     writeOutputFiles: inputs.writeOutputFiles,
     outputDir: inputs.outputDir,
     json: inputs.json,
-    shouldEscape: inputs.escapeJson
+    shouldEscape: inputs.escapeJson,
+    safeOutput: inputs.safeOutput
   })
 
   await setOutput({
@@ -86,7 +88,8 @@ export const setOutputsAndGetModifiedAndChangedFilesStatus = async ({
     writeOutputFiles: inputs.writeOutputFiles,
     outputDir: inputs.outputDir,
     json: inputs.json,
-    shouldEscape: inputs.escapeJson
+    shouldEscape: inputs.escapeJson,
+    safeOutput: inputs.safeOutput
   })
 
   await setOutput({
@@ -108,7 +111,8 @@ export const setOutputsAndGetModifiedAndChangedFilesStatus = async ({
     writeOutputFiles: inputs.writeOutputFiles,
     outputDir: inputs.outputDir,
     json: inputs.json,
-    shouldEscape: inputs.escapeJson
+    shouldEscape: inputs.escapeJson,
+    safeOutput: inputs.safeOutput
   })
 
   await setOutput({
@@ -130,7 +134,8 @@ export const setOutputsAndGetModifiedAndChangedFilesStatus = async ({
     writeOutputFiles: inputs.writeOutputFiles,
     outputDir: inputs.outputDir,
     json: inputs.json,
-    shouldEscape: inputs.escapeJson
+    shouldEscape: inputs.escapeJson,
+    safeOutput: inputs.safeOutput
   })
 
   await setOutput({
@@ -152,7 +157,8 @@ export const setOutputsAndGetModifiedAndChangedFilesStatus = async ({
     writeOutputFiles: inputs.writeOutputFiles,
     outputDir: inputs.outputDir,
     json: inputs.json,
-    shouldEscape: inputs.escapeJson
+    shouldEscape: inputs.escapeJson,
+    safeOutput: inputs.safeOutput
   })
 
   await setOutput({
@@ -174,7 +180,8 @@ export const setOutputsAndGetModifiedAndChangedFilesStatus = async ({
     writeOutputFiles: inputs.writeOutputFiles,
     outputDir: inputs.outputDir,
     json: inputs.json,
-    shouldEscape: inputs.escapeJson
+    shouldEscape: inputs.escapeJson,
+    safeOutput: inputs.safeOutput
   })
 
   await setOutput({
@@ -199,7 +206,8 @@ export const setOutputsAndGetModifiedAndChangedFilesStatus = async ({
     writeOutputFiles: inputs.writeOutputFiles,
     outputDir: inputs.outputDir,
     json: inputs.json,
-    shouldEscape: inputs.escapeJson
+    shouldEscape: inputs.escapeJson,
+    safeOutput: inputs.safeOutput
   })
 
   await setOutput({
@@ -226,7 +234,8 @@ export const setOutputsAndGetModifiedAndChangedFilesStatus = async ({
     writeOutputFiles: inputs.writeOutputFiles,
     outputDir: inputs.outputDir,
     json: inputs.json,
-    shouldEscape: inputs.escapeJson
+    shouldEscape: inputs.escapeJson,
+    safeOutput: inputs.safeOutput
   })
 
   await setOutput({
@@ -314,7 +323,8 @@ export const setOutputsAndGetModifiedAndChangedFilesStatus = async ({
     writeOutputFiles: inputs.writeOutputFiles,
     outputDir: inputs.outputDir,
     json: inputs.json,
-    shouldEscape: inputs.escapeJson
+    shouldEscape: inputs.escapeJson,
+    safeOutput: inputs.safeOutput
   })
 
   await setOutput({
@@ -419,7 +429,8 @@ export const setOutputsAndGetModifiedAndChangedFilesStatus = async ({
     writeOutputFiles: inputs.writeOutputFiles,
     outputDir: inputs.outputDir,
     json: inputs.json,
-    shouldEscape: inputs.escapeJson
+    shouldEscape: inputs.escapeJson,
+    safeOutput: inputs.safeOutput
   })
 
   await setOutput({

src/inputs.ts

@@ -34,6 +34,7 @@ export type Inputs = {
   dirNamesDeletedFilesIncludeOnlyDeletedDirs: boolean
   json: boolean
   escapeJson: boolean
+  safeOutput: boolean
   fetchDepth?: number
   fetchSubmoduleHistory: boolean
   sinceLastRemoteCommit: boolean
@@ -52,6 +53,7 @@ export type Inputs = {
   failOnInitialDiffError: boolean
   failOnSubmoduleDiffError: boolean
   negationPatternsFirst: boolean
+  useRestApi: boolean
 }
 
 export const getInputs = (): Inputs => {
@@ -154,6 +156,7 @@ export const getInputs = (): Inputs => {
   )
   const json = core.getBooleanInput('json', {required: false})
   const escapeJson = core.getBooleanInput('escape_json', {required: false})
+  const safeOutput = core.getBooleanInput('safe_output', {required: false})
   const fetchDepth = core.getInput('fetch_depth', {required: false})
   const sinceLastRemoteCommit = core.getBooleanInput(
     'since_last_remote_commit',
@@ -226,6 +229,10 @@ export const getInputs = (): Inputs => {
     }
   )
 
+  const useRestApi = core.getBooleanInput('use_rest_api', {
+    required: false
+  })
+
   const inputs: Inputs = {
     files,
     filesSeparator,
@@ -272,12 +279,14 @@ export const getInputs = (): Inputs => {
     dirNamesIncludeFilesSeparator,
     json,
     escapeJson,
+    safeOutput,
     writeOutputFiles,
     outputDir,
     outputRenamedFilesAsDeletedAndAdded,
     token,
     apiUrl,
-    negationPatternsFirst
+    negationPatternsFirst,
+    useRestApi
   }
 
   if (fetchDepth) {

src/main.ts

@@ -144,7 +144,9 @@ const getChangedFilesFromLocalGitHistory = async ({
       workingDirectory,
       deletedFiles: allDiffFiles[ChangeTypeEnum.Deleted],
       recoverPatterns,
-      sha: diffResult.previousSha
+      diffResult,
+      hasSubmodule,
+      submodulePaths
     })
   }
 
@@ -171,7 +173,8 @@ const getChangedFilesFromLocalGitHistory = async ({
       value: allOldNewRenamedFiles.paths,
       writeOutputFiles: inputs.writeOutputFiles,
       outputDir: inputs.outputDir,
-      json: inputs.json
+      json: inputs.json,
+      safeOutput: inputs.safeOutput
     })
     await setOutput({
       key: 'all_old_new_renamed_files_count',
@@ -240,10 +243,16 @@ export async function run(): Promise<void> {
   })
   core.debug(`Yaml file patterns: ${JSON.stringify(yamlFilePatterns)}`)
 
+  if (inputs.useRestApi && !github.context.payload.pull_request?.number) {
+    throw new Error(
+      "Only pull_request* events are supported when using GitHub's REST API."
+    )
+  }
+
   if (
     inputs.token &&
     github.context.payload.pull_request?.number &&
-    !hasGitDirectory
+    (!hasGitDirectory || inputs.useRestApi)
   ) {
     core.info("Using GitHub's REST API to get changed files")
     const unsupportedInputs: (keyof Inputs)[] = [
@@ -251,12 +260,19 @@ export async function run(): Promise<void> {
       'baseSha',
       'since',
       'until',
+      'path',
+      'quotePath',
+      'diffRelative',
       'sinceLastRemoteCommit',
       'recoverDeletedFiles',
       'recoverDeletedFilesToDestination',
       'recoverFiles',
+      'recoverFilesSeparator',
       'recoverFilesIgnore',
+      'recoverFilesIgnoreSeparator',
       'includeAllOldNewRenamedFiles',
+      'oldNewSeparator',
+      'oldNewFilesSeparator',
       'skipInitialFetch',
       'fetchSubmoduleHistory',
       'dirNamesDeletedFilesIncludeOnlyDeletedDirs'
@@ -276,10 +292,10 @@ export async function run(): Promise<void> {
     })
   } else {
     if (!hasGitDirectory) {
-      core.setFailed(
-        "Can't find local .git directory. Please run actions/checkout before this action"
+      core.info(`Running on a ${github.context.eventName} event...`)
+      throw new Error(
+        "Can't find local .git directory. Please run actions/checkout before this action (Make sure the path specified in the 'path' input is correct). If you intend to use Github's REST API note that only pull_request* events are supported."
       )
-      return
     }
 
     core.info('Using local .git directory')
@@ -298,5 +314,6 @@ if (!process.env.TESTING) {
   // eslint-disable-next-line github/no-then
   run().catch(e => {
     core.setFailed(e.message || e)
+    process.exit(1)
   })
 }

src/utils.ts

@@ -10,6 +10,7 @@ import * as path from 'path'
 import {createInterface} from 'readline'
 import {parseDocument} from 'yaml'
 import {ChangedFiles, ChangeTypeEnum} from './changedFiles'
+import {DiffResult} from './commitSha'
 import {Inputs} from './inputs'
 
 const MINIMUM_GIT_VERSION = '2.18.0'
@@ -1323,7 +1324,8 @@ export const setArrayOutput = async ({
     writeOutputFiles: inputs.writeOutputFiles,
     outputDir: inputs.outputDir,
     json: inputs.json,
-    shouldEscape: inputs.escapeJson
+    shouldEscape: inputs.escapeJson,
+    safeOutput: inputs.safeOutput
   })
 }
 
@@ -1333,7 +1335,8 @@ export const setOutput = async ({
   writeOutputFiles,
   outputDir,
   json = false,
-  shouldEscape = false
+  shouldEscape = false,
+  safeOutput = false
 }: {
   key: string
   value: string | string[] | boolean
@@ -1341,6 +1344,7 @@ export const setOutput = async ({
   outputDir: string
   json?: boolean
   shouldEscape?: boolean
+  safeOutput?: boolean
 }): Promise<void> => {
   let cleanedValue
   if (json) {
@@ -1349,6 +1353,11 @@ export const setOutput = async ({
     cleanedValue = value.toString().trim()
   }
 
+  // if safeOutput is true, escape special characters for bash shell
+  if (safeOutput) {
+    cleanedValue = cleanedValue.replace(/[^\x20-\x7E]|[:*?<>|;`$()&!]/g, '\\$&')
+  }
+
   core.setOutput(key, cleanedValue)
 
   if (writeOutputFiles) {
@@ -1395,13 +1404,17 @@ export const recoverDeletedFiles = async ({
   workingDirectory,
   deletedFiles,
   recoverPatterns,
-  sha
+  diffResult,
+  hasSubmodule,
+  submodulePaths
 }: {
   inputs: Inputs
   workingDirectory: string
   deletedFiles: string[]
   recoverPatterns: string[]
-  sha: string
+  diffResult: DiffResult
+  hasSubmodule: boolean
+  submodulePaths: string[]
 }): Promise<void> => {
   let recoverableDeletedFiles = deletedFiles
   core.debug(`recoverable deleted files: ${recoverableDeletedFiles}`)
@@ -1426,16 +1439,55 @@ export const recoverDeletedFiles = async ({
       )
     }
 
-    const deletedFileContents = await getDeletedFileContents({
-      cwd: workingDirectory,
-      filePath: deletedFile,
-      sha
-    })
+    let deletedFileContents: string
+
+    const submodulePath = submodulePaths.find(p => deletedFile.startsWith(p))
+
+    if (hasSubmodule && submodulePath) {
+      const submoduleShaResult = await gitSubmoduleDiffSHA({
+        cwd: workingDirectory,
+        parentSha1: diffResult.previousSha,
+        parentSha2: diffResult.currentSha,
+        submodulePath,
+        diff: diffResult.diff
+      })
+
+      if (submoduleShaResult.previousSha) {
+        core.debug(
+          `recovering deleted file "${deletedFile}" from submodule ${submodulePath} from ${submoduleShaResult.previousSha}`
+        )
+        deletedFileContents = await getDeletedFileContents({
+          cwd: path.join(workingDirectory, submodulePath),
+          // E.g. submodulePath = test/demo and deletedFile = test/demo/.github/README.md => filePath => .github/README.md
+          filePath: deletedFile.replace(submodulePath, '').substring(1),
+          sha: submoduleShaResult.previousSha
+        })
+      } else {
+        core.warning(
+          `Unable to recover deleted file "${deletedFile}" from submodule ${submodulePath} from ${submoduleShaResult.previousSha}`
+        )
+        continue
+      }
+    } else {
+      core.debug(
+        `recovering deleted file "${deletedFile}" from ${diffResult.previousSha}`
+      )
+      deletedFileContents = await getDeletedFileContents({
+        cwd: workingDirectory,
+        filePath: deletedFile,
+        sha: diffResult.previousSha
+      })
+    }
+
+    core.debug(`recovered deleted file "${deletedFile}"`)
 
     if (!(await exists(path.dirname(target)))) {
+      core.debug(`creating directory "${path.dirname(target)}"`)
       await fs.mkdir(path.dirname(target), {recursive: true})
     }
+    core.debug(`writing file "${target}"`)
     await fs.writeFile(target, deletedFileContents)
+    core.debug(`wrote file "${target}"`)
   }
 }