v1.1.2

What's Changed

Fixed

• Fixed a command injection vulnerability via the manifest-path input parameter.

  The code was using GitHub action templates to inject the value directly into the shell command, which does not perform the necessary escaping.
  For fixing the issue, the value is passed via an environment variable, which performs the proper escaping.
  This is only an issue if the manifest-path parameter was set from some other untrusted source.
  Using a static string to call the action is safe.

  Thanks to @mleblebici for reporting and fixing the issue.

New Contributors

• @mleblebici made their first contribution in #9

Full Changelog: v1.1.1...v1.1.2

v1.1.1

Fixed

• Parse the new rustfmt file and line number format

  The format changed in rust-lang/rustfmt#5971

  Thanks to @0xcypher02 for pointing out the problem.

Full Changelog: v1...v1.1.1

v1.1.0

Merge pull request #2 from actions-rust-lang/add-manifest-path

v1.0.1

Switch from set-output to $GITHUB_OUTPUT

https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

v1.0.0

Ensure releases are properly tagged