Actions/setup-dotnet
1
Fork 0
mirror of https://github.com/actions/setup-dotnet.git synced 2025-08-14 20:55:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
594 Commits 42 Branches 46 Tags
Commit Graph

594 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sarut Limpajeerawong| |github.tr4200812.github.com
1c972b661d
Abc 
Signed-off-by: Sarut Limpajeerawong| |github.tr4200812.github.com <179701381+tr4200812@users.noreply.github.com>
 2025-05-14 07:38:46 -04:00
Sarut Limpajeerawong| |github.tr4200812.github.com
7570626eb8
Create devcontainer.json 
Signed-off-by: Sarut Limpajeerawong| |github.tr4200812.github.com <179701381+tr4200812@users.noreply.github.com>
 2025-05-14 07:16:03 -04:00
Sarut Limpajeerawong| |github.tr4200812.github.com
f85a32b0aa
Update index.js 
Signed-off-by: Sarut Limpajeerawong| |github.tr4200812.github.com <179701381+tr4200812@users.noreply.github.com>
 2025-05-14 07:12:57 -04:00
Sarut Limpajeerawong| |github.tr4200812.github.com
c54f886def
Update LICENSE 
Signed-off-by: Sarut Limpajeerawong| |github.tr4200812.github.com <179701381+tr4200812@users.noreply.github.com>
 2025-05-14 07:11:05 -04:00
Sarut Limpajeerawong| |github.tr4200812.github.com
5c70c8dd04
Create named 
Signed-off-by: Sarut Limpajeerawong| |github.tr4200812.github.com <179701381+tr4200812@users.noreply.github.com>
 2025-05-14 07:10:22 -04:00
Sarut Limpajeerawong| |github.tr4200812.github.com
0514edf355
Update and rename .prettierrc.js to reusable/prettierrc.js 
Tool
CodeQL
Rule ID
js/incomplete-sanitization
Query
View source
Description
Sanitizing untrusted input is a common technique for preventing injection attacks such as SQL injection or cross-site scripting. Usually, this is done by escaping meta-characters such as quotes in a domain-specific way so that they are treated as normal characters.

However, directly using the string replace method to perform escaping is notoriously error-prone. Common mistakes include only replacing the first occurrence of a meta-character, or backslash-escaping various meta-characters but not the backslash itself.

In the former case, later meta-characters are left undisturbed and can be used to subvert the sanitization. In the latter case, preceding a meta-character with a backslash leads to the backslash being escaped, but the meta-character appearing un-escaped, which again makes the sanitization ineffective.

Even if the escaped string is not used in a security-critical context, incomplete escaping may still have undesirable effects, such as badly rendered or confusing output.

Recommendation
Use a (well-tested) sanitization library if at all possible. These libraries are much more likely to handle corner cases correctly than a custom implementation.

An even safer alternative is to design the application so that sanitization is not needed, for instance by using prepared statements for SQL queries.

Otherwise, make sure to use a regular expression with the g flag to ensure that all occurrences are replaced, and remember to escape backslashes if applicable.

Example
For example, assume that we want to embed a user-controlled string accountNumber into a SQL query as part of a string literal. To avoid SQL injection, we need to ensure that the string does not contain un-escaped single-quote characters. The following function attempts to ensure this by doubling single quotes, and thereby escaping them:

function escapeQuotes(s) {
  return s.replace("'", "''");
}
As written, this sanitizer is ineffective: if the first argument to replace is a string literal (as in this case), only the first occurrence of that string is replaced.

As mentioned above, the function escapeQuotes should be replaced with a purpose-built sanitization library, such as the npm module sqlstring. Many other sanitization libraries are available from npm and other sources.

If this is not an option, escapeQuotes should be rewritten to use a regular expression with the g ("global") flag instead:

function escapeQuotes(s) {
  return s.replace(/'/g, "''");
}
Note that it is very important to include the global flag: s.replace(/'/, "''") without the global flag is equivalent to the first example above and only replaces the first quote.

References
OWASP Top 10: A1 Injection.
npm: sqlstring package.
Common Weakness Enumeration: CWE-20.
Common Weakness Enumeration: CWE-80.
Common Weakness Enumeration: CWE-116.

Signed-off-by: Sarut Limpajeerawong| |github.tr4200812.github.com <179701381+tr4200812@users.noreply.github.com>
 2025-05-14 07:09:24 -04:00
Sarut Limpajeerawong| |github.tr4200812.github.com
fc9d650c54
Create SECURITY.md 
Signed-off-by: Sarut Limpajeerawong| |github.tr4200812.github.com <179701381+tr4200812@users.noreply.github.com>
 2025-05-14 07:06:03 -04:00
Sarut Limpajeerawong
13ae1a9a17
Create Cannot retrieve latest commit at this time. 
Cannot retrieve latest commit at this time.


Signed-off-by: Sarut Limpajeerawong  <179701381+tr4200812@users.noreply.github.com>
 2025-04-27 05:44:45 +07:00
Sarut Limpajeerawong
087a395c6d
Create main.yml (#19)lll 
  /language:actions
  /language:csharp
  /language:javascript-typescript






  /language:actions
  /language:csharp
  /language:javascript-typescript

Signed-off-by: Sarut Limpajeerawong  <179701381+tr4200812@users.noreply.github.com>
 2025-04-27 05:43:29 +07:00
Sarut Limpajeerawong
ac2bfcf7af
Merge pull request #16 from tr4200812/dependabot/npm_and_yarn/eslint-9.22.0git@github.com:tr4200812/setup-dotnet.git 
Bump eslint from 8.57.0 to 9.22.0
 2025-04-27 05:40:59 +07:00
Sarut Limpajeerawong
f33d5c11c3
Merge branch 'main' into dependabot/npm_and_yarn/eslint-9.22.0 2025-04-27 05:40:40 +07:00
Sarut Limpajeerawong
a3e294a118
Create Main-main 
Signed-off-by: Sarut Limpajeerawong  <179701381+tr4200812@users.noreply.github.com>
 2025-04-27 05:35:02 +07:00
dependabot[bot]
972416bacf
Bump eslint from 8.57.0 to 9.22.0 
Bumps [eslint](https://github.com/eslint/eslint) from 8.57.0 to 9.22.0.
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.57.0...v9.22.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-10 01:02:04 +00:00
dependabot[bot]
df38c190e0
Bump the npm_and_yarn group with 3 updates (#8) 
Bumps the npm_and_yarn group with 3 updates: [@octokit/plugin-paginate-rest](https://github.com/tr4200812/plugin-paginate-rest.js), [@octokit/request](https://github.com/tr4200812/request.js) and [@octokit/request-error](https://github.com/tr4200812/request-error.js).


Updates `@octokit/plugin-paginate-rest` from 9.1.4 to 9.2.2
- [Release notes](https://github.com/octokit/plugin-paginate-rest.js/releases)
- [Commits](https://github.com/octokit/plugin-paginate-rest.js/compare/v9.1.4...v9.2.2)

Updates `@octokit/request` from 8.1.5 to 8.4.1
- [Release notes](https://github.com/octokit/request.js/releases)
- [Commits](https://github.com/octokit/request.js/compare/v8.1.5...v8.4.1)

Updates `@octokit/request-error` from 5.0.1 to 5.1.1
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](https://github.com/octokit/request-error.js/compare/v5.0.1...v5.1.1)

---
updated-dependencies:
- dependency-name: "@octokit/plugin-paginate-rest"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/request"
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@octokit/request-error"
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-27 10:51:02 +07:00
Tr4200812
287cb6d07b
fix: upgrade @actions/http-client from 2.2.1 to 2.2.3 #2 
Snyk has created this PR to upgrade @actions/http-client from 2.2.1 to 2.2.3.

See this package in npm:
@actions/http-client

See this project in Snyk:
https://app.snyk.io/org/tr4200812/project/07e971ba-ec6b-403b-9133-c54496bfe796?utm_source=github&utm_medium=referral&page=upgrade-pr

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
 2025-02-27 10:18:32 +07:00
Tr4200812
83c622a76a
Create jekyll-gh-pages.yml (#7) 2025-02-27 09:58:57 +07:00
Zachary Taylor
83c0c1a6c8
v4 - Remove azureedge.net fallback logic and update install scripts (#572) 
* Remove logic for azureedge.net fallback in preparation for install script changes

* remove extra spacing

* Update README.md (#587)

* upgrade cache from 3.2.4 to 4.0.0 (#586)

* upgrade cache to 4.0.0

* license update

* failure fix

* e2e failure fix

* Configure Dependabot settings (#585)

* Create dependabot.yml

* update latest install scripts

* Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#590)

Bumps [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/actions/publish-immutable-action/releases)
- [Commits](https://github.com/actions/publish-immutable-action/compare/0.0.3...v0.0.4)

---
updated-dependencies:
- dependency-name: actions/publish-immutable-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump @actions/http-client from 2.2.1 to 2.2.3 (#592)

* Bump @actions/http-client from 2.2.1 to 2.2.3

Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 2.2.1 to 2.2.3.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client)

---
updated-dependencies:
- dependency-name: "@actions/http-client"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for the check failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>

* Bump undici from 5.28.4 to 5.28.5 (#596)

* Bump undici from 5.28.4 to 5.28.5

Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for the check failures

* fix for licensed check failure

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>

* Remove old URLs from E2E tests workflow

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Ben Wells <benwells@github.com>
Co-authored-by: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
 2025-02-12 08:36:58 -06:00
dependabot[bot]
3951f0dfe7
Bump undici from 5.28.4 to 5.28.5 (#596) 
* Bump undici from 5.28.4 to 5.28.5

Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for the check failures

* fix for licensed check failure

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
v4.3.0 		2025-01-29 11:57:00 -06:00
dependabot[bot]
4849e736f1
Bump @actions/http-client from 2.2.1 to 2.2.3 (#592) 
* Bump @actions/http-client from 2.2.1 to 2.2.3

Bumps [@actions/http-client](https://github.com/actions/toolkit/tree/HEAD/packages/http-client) from 2.2.1 to 2.2.3.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/http-client/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/http-client)

---
updated-dependencies:
- dependency-name: "@actions/http-client"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for the check failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
 2025-01-29 11:40:46 -06:00
dependabot[bot]
3e76c4dc41
Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#590) 
Bumps [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/actions/publish-immutable-action/releases)
- [Commits](https://github.com/actions/publish-immutable-action/compare/0.0.3...v0.0.4)

---
updated-dependencies:
- dependency-name: actions/publish-immutable-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-29 10:09:57 -06:00
HarithaVattikuti
91b379339b
Configure Dependabot settings (#585) 
* Create dependabot.yml

* update latest install scripts
 2025-01-21 16:16:10 -06:00
aparnajyothi-y
4b37d22250
upgrade cache from 3.2.4 to 4.0.0 (#586) 
* upgrade cache to 4.0.0

* license update

* failure fix

* e2e failure fix
 2025-01-16 16:56:28 -06:00
Ben Wells
f9d0f6282c
Update README.md (#587) 2025-01-16 08:48:22 -06:00
Dylan
87b7050bc5
V4 - Use new .NET CDN URLs and update to latest install scripts (#566) 
* Use new .NET CDN URL

* Update to latest install-dotnet scripts

* Use signed version of new `install-dotnet.ps1`

* Add fallback to old CDN URL
v4.2.0 		2024-12-26 16:21:39 -06:00
Priya Gupta
e4c228a841
Enhance Workflows, Update Dependencies and Installer Scripts (#555) 
* update workflows

* Upgrade micromatch Dependency

* Fix ubuntu 22.04 label

* exclude macos-latest

* Upgrade cross-spawn Dependency and update-installers
 2024-12-19 11:31:55 -06:00
John Wesley Walker III
3e891b0cb6
Revise isGhes logic (#556) 
* Revise `isGhes` logic

* `isGhes` should not be exported

* ran `npm run format` and `npm run build`

* ran `npm run update-installers`
v4.1.0 		2024-10-21 13:32:55 -05:00
Joel Ambass
2e0b25913c
Merge pull request #550 from actions/Jcambass-patch-2 
Upgrade IA Publish
 2024-09-26 08:24:24 +02:00
Joel Ambass
29640e4139
Upgrade IA Publish 2024-09-16 17:20:55 +02:00
Joel Ambass
cbeba61921
Merge pull request #548 from actions/Jcambass-patch-1 
Add workflow file for publishing releases to immutable action package
 2024-09-11 16:48:58 +02:00
Joel Ambass
344ba5f715 Add workflow file for publishing releases to immutable action package 
This workflow file publishes new action releases to the immutable action package of the same name as this repo.

This is part of the Immutable Actions project which is not yet fully released to the public. First party actions like this one are part of our initial testing of this feature.
 2024-09-11 12:09:14 +02:00
HarithaVattikuti
9be03d3dab
Fix failure checks (#545) 2024-08-28 17:22:02 -05:00
dependabot[bot]
dbebe359e4
Bump fast-xml-parser from 4.3.6 to 4.4.1 (#540) 
* Bump fast-xml-parser from 4.3.6 to 4.4.1

Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 4.3.6 to 4.4.1.
- [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v4.3.6...v4.4.1)

---
updated-dependencies:
- dependency-name: fast-xml-parser
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix checks

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2024-08-05 12:25:10 -05:00
dependabot[bot]
6bd8b7f777
Bump braces from 3.0.2 to 3.0.3 (#533) 
* Bump braces from 3.0.2 to 3.0.3

Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/compare/3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump undici from 5.28.3 to 5.28.4

* update checkout from v3 to v4

* Update test proxy

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
v4.0.1 		2024-07-08 14:47:49 -05:00
dependabot[bot]
5d1464d5da
Bump undici from 5.27.2 to 5.28.3 (#515) 
* Bump undici from 5.27.2 to 5.28.3

Bumps [undici](https://github.com/nodejs/undici) from 5.27.2 to 5.28.3.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v5.27.2...v5.28.3)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix failed check and updated dependencies

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
 2024-03-21 15:05:16 -05:00
samuel-w
3e6b9fe393
Update links to runner software (#499) 2024-02-13 11:54:03 -06:00
Mike Surcouf
769316e2e4
Update README.md to use latest action version (#502) 
* Update README.md

update README with latest version

* Revert NuGet URL
 2024-02-13 11:53:16 -06:00
HarithaVattikuti
4d6c8fcf3c
Upgrade Node to v20 (#484) 
* Node Version upgrade to 20

* 4.0.0

* Action Files upgrade to 20

* Updated version for outdated

* Update Format check

* Auth Test file update
v4.0.0 		2023-12-04 19:47:27 +05:30
Dmitry Shibanov
2216f56ae1
Update semver (#468) 2023-09-27 13:21:23 +02:00
Nikolai Laevskii
736bc6dea6
Merge pull request #462 from akv-platform/update-installers 
Update installers
 2023-09-14 11:01:31 +02:00
Nikolai Laevskii
f5526c2d1b Update installers 2023-09-14 10:50:07 +02:00
dependabot[bot]
4dba25fa31
Bump word-wrap from 1.2.3 to 1.2.4 (#444) 
Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4.
- [Release notes](https://github.com/jonschlinkert/word-wrap/releases)
- [Commits](https://github.com/jonschlinkert/word-wrap/compare/1.2.3...1.2.4)

---
updated-dependencies:
- dependency-name: word-wrap
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-27 13:49:28 +02:00
dependabot[bot]
ada8800330
Bump semver from 6.3.0 to 6.3.1 (#443) 2023-07-18 15:41:43 +02:00
Ivan
e1749123a8
Update dependencies (#440) 
* chore: update version of the fast-xml-parser

* chore: update tough-cookie and @azure/ms-rest-js

* chore: update license for the @azure/ms-rest-js
 2023-07-10 17:20:56 +02:00
Ivan
a6be55a915
Update fast-xml-parser and dotnet installer scripts (#437) 
* chore: update fast-xlm-parser and dotnet installer scripts

* chore: update license for the fast-xml-parser
 2023-06-23 09:47:16 +02:00
Nikolai Laevskii
9b40770825
Merge pull request #433 from akv-platform/sequential-version-install-fix 
Sequential version install fix
 2023-06-06 13:43:07 +02:00
Nikolai Laevskii
48277343a5 Reduce number of e2e tests 2023-06-06 13:23:53 +02:00
Nikolai Laevskii
70fa3206c9
Merge pull request #431 from akv-platform/allow-json-comments 
Allow json comments
 2023-06-06 13:17:59 +02:00
Nikolai Laevskii
7ed547ca75
Merge pull request #432 from akv-platform/refactor-installer 
Refactor installer
 2023-06-06 13:17:23 +02:00
Nikolai Laevskii
b5ebe9e10a Update license 2023-05-31 12:28:26 +02:00
Nikolai Laevskii
89f1766d87 Add test for global.json with comments 2023-05-31 12:28:10 +02:00