Sourced from tj-actions/changed-files's releases.

v46

[!WARNING]
Security Alert: A critical security issue was identified in this action due to a compromised commit.

This commit has been removed from all tags and branches, and necessary measures have been implemented to prevent similar issues in the future.

Action Required:

• Review your workflows executed between March 14 and March 15. If you notice unexpected output under the changed-files section, decode it using the following command: echo 'xxx' | base64 -d | base64 -d
  If the output contains sensitive information (e.g., tokens or secrets), revoke and rotate those secrets immediately.
• If your workflows reference this commit directly by its SHA, you must update them immediately to avoid using the compromised version.
• If you are using tagged versions (e.g., v35, v44.5.1), no action is required as these tags have been updated and are now safe to use.

Additionally, as a precaution, we recommend rotating any secrets that may have been exposed during this timeframe to ensure the continued security of your workflows.

Changes in v46.0.1

What's Changed

• update: sync-release-version.yml to use signed commits by @​jackton1 in tj-actions/changed-files#2472
• Updated README.md by @​github-actions in tj-actions/changed-files#2473

Full Changelog: tj-actions/changed-files@v46...v46.0.1

---

Changes in v46.0.0

What's Changed

• docs: update docs to highlight security issues by @​jackton1 in tj-actions/changed-files#2465
• fix: update github workflow update-readme.yml by @​jackton1 in tj-actions/changed-files#2466
• fix: update permission in update-readme.yml workflow by @​jackton1 in tj-actions/changed-files#2467
• fix: update update-readme.yml to sign-commits by @​jackton1 in tj-actions/changed-files#2468
• Updated README.md by @​github-actions in tj-actions/changed-files#2469
• update: sync-release-version.yml by @​jackton1 in tj-actions/changed-files#2471

New Contributors

• @​github-actions made their first contribution in tj-actions/changed-files#2469

Full Changelog: tj-actions/changed-files@v45.0.5...v46.0.0

What's Changed

• docs: update docs to highlight security issues by @​jackton1 in tj-actions/changed-files#2465
• fix: update github workflow update-readme.yml by @​jackton1 in tj-actions/changed-files#2466
• fix: update permission in update-readme.yml workflow by @​jackton1 in tj-actions/changed-files#2467
• fix: update update-readme.yml to sign-commits by @​jackton1 in tj-actions/changed-files#2468
• Updated README.md by @​github-actions in tj-actions/changed-files#2469
• update: sync-release-version.yml by @​jackton1 in tj-actions/changed-files#2471

Full Changelog: tj-actions/changed-files@v45.0.5...v46.0.0

... (truncated)

Sourced from tj-actions/changed-files's changelog.

Changelog

46.0.1 - (2025-03-16)

🔄 Update

• Updated README.md (#2473)

Co-authored-by: github-actions[bot] (2f7c5bf) - (github-actions[bot])

• Sync-release-version.yml to use signed commits (#2472) (4189ec6) - (Tonye Jack)

46.0.0 - (2025-03-16)

🐛 Bug Fixes

• Update update-readme.yml to sign-commits (#2468) (0f1ffe6) - (Tonye Jack)
• Update permission in update-readme.yml workflow (#2467) (ddef03e) - (Tonye Jack)
• Update github workflow update-readme.yml (#2466) (9c2df0d) - (Tonye Jack)

➖ Remove

• Deleted renovate.json (e37e952) - (Tonye Jack)

🔄 Update

• Sync-release-version.yml (#2471) (4cd184a) - (Tonye Jack)
• Updated README.md (#2469)

Co-authored-by: github-actions[bot] (5cbf220) - (github-actions[bot])

📚 Documentation

• Update docs to highlight security issues (#2465) (6525332) - (Tonye Jack)

45.0.9 - (2025-03-15)

🐛 Bug Fixes

• deps: Update dependency @​octokit/rest to v21.1.1 (#2435) (fb8dcda) - (renovate[bot])
• deps: Update dependency @​octokit/rest to v21.1.0 (#2394) (7b72c97) - (renovate[bot])
• deps: Update dependency yaml to v2.7.0 (#2383) (5f974c2) - (renovate[bot])

⚙️ Miscellaneous Tasks

• deps: Lock file maintenance (#2460) (9200e69) - (renovate[bot])
• deps: Update dependency @​types/node to v22.13.10 (#2459) (e650cfd) - (renovate[bot])
• deps: Update dependency eslint-config-prettier to v10.1.1 (#2458) (82af21f) - (renovate[bot])
• deps: Update dependency eslint-config-prettier to v10.1.0 (#2457) (82fa4a6) - (renovate[bot])
• deps: Update peter-evans/create-pull-request action to v7.0.8 (#2455) (315505a) - (renovate[bot])
• deps: Update dependency @​types/node to v22.13.9 (#2454) (c8e1cdb) - (renovate[bot])

... (truncated)

• 2f7c5bf Updated README.md (#2473)
• 4189ec6 update: sync-release-version.yml to use signed commits (#2472)
• 4cd184a update: sync-release-version.yml (#2471)
• 5cbf220 Updated README.md (#2469)
• 0f1ffe6 fix: update update-readme.yml to sign-commits (#2468)
• ddef03e fix: update permission in update-readme.yml workflow (#2467)
• 9c2df0d fix: update github workflow update-readme.yml (#2466)
• 6525332 docs: update docs to highlight security issues (#2465)
• e37e952 Deleted renovate.json
• a284dc1 Upgraded to v45.0.8 (#2462)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)