Skip to content

chore(deps): update dorny/paths-filter action to v4.0.2#1641

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/dorny-paths-filter-4.x
Open

chore(deps): update dorny/paths-filter action to v4.0.2#1641
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/dorny-paths-filter-4.x

Conversation

@renovate

@renovate renovate Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
dorny/paths-filter action patch v4.0.1v4.0.2

Release Notes

dorny/paths-filter (dorny/paths-filter)

v4.0.2

Compare Source


Configuration

📅 Schedule: (in timezone Asia/Tokyo)

  • Branch creation
    • Between 09:00 AM and 06:59 PM, Monday through Friday (* 9-18 * * 1-5)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team as a code owner July 3, 2026 01:20
@changeset-bot

changeset-bot Bot commented Jul 3, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: d2076bc

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

🤖 Claude Dependency Review

📦 Update Summary

  • Library: dorny/paths-filter (GitHub Action)
  • Version: v4.0.1 → v4.0.2
  • Change Type: Patch

📝 Release Notes

https://github.com/dorny/paths-filter/releases/tag/v4.0.2

🔐 Security Assessment

  • Risk: 🟢 Low
  • Known vulnerabilities: None found. No CVE/GHSA advisories exist for either v4.0.1 or v4.0.2 in the GitHub Advisory Database or the repository's security page.
  • Supply-chain notes: Repository is actively maintained by the original owner (dorny) with consistent activity. The v4.0.2 release (July 2, 2026) includes contributions from established maintainer @​saschabratton and first-time contributors @​squat and @​cgundy. No signs of ownership transfer, suspicious lifecycle scripts (GitHub Actions don't use npm install scripts), or unusual dependencies. The action has strong adoption (3.2k stars, 57.6k dependents) including use by major organizations like Sentry.io and GoogleChrome.

✨ Main Changes

🐛 Bug Fixes

  1. Container job compatibility (#317) - Resolves "fatal: detected dubious ownership in repository" errors that occur when the workspace is owned by a different user in containerized environments. The fix implements automatic error detection and recovery by temporarily overriding the HOME environment variable with a git config containing safe.directory entries. This approach mirrors actions/checkout's technique and supports older Git versions (pre-2.32).

  2. Git version compatibility (#303) - Replaces git branch --show-current (requires Git 2.22+) with git rev-parse --abbrev-ref HEAD, which works with much older Git installations. Includes safeguard check for detached HEAD state to maintain existing fallback behavior. Fixes #88.

  3. Warning message correction (#282) - Fixed an incorrect and misleading warning message to provide clearer feedback to users.

📚 Documentation

  • Updated CHANGELOG.md for v4.0.2
  • Fixed "GitHub" spelling in logs (#278)

🔍 Impact Analysis

📁 Usage Locations

dorny/paths-filter is used in the following 6 files:

  1. .github/workflows/changeset-check.yml

    - name: Detect changes
      id: filter
      uses: dorny/paths-filter@​7b450fff21473bca461d4b92ce414b9d0420d706 # v4.0.2
      with:
        filters: |
          changeset:
            - '.changeset/*.md'
            - '!.changeset/README.md'
          packages:
            - 'packages/sdk/**'
            - 'packages/create-sdk/**'
            - 'packages/tailor-proto/**'
    • Feature used: File path filtering to detect changeset and package changes
    • Impact: ✅ Improved reliability in container environments and better Git compatibility. No breaking changes.
  2. .github/workflows/deploy.yml

    - uses: dorny/paths-filter@​7b450fff21473bca461d4b92ce414b9d0420d706 # v4.0.2
      id: filter
      with:
        filters: |
          changes:
            - .github/workflows/deploy.yml
            - .github/actions/**
            - example/**
            - packages/**
            - package.json
            - tsconfig.json
            - pnpm-workspace.yaml
            - pnpm-lock.yaml
    • Feature used: File path filtering to detect deployment-relevant changes
    • Impact: ✅ The container job fix (Fix: cycle import #317) directly benefits this workflow, which runs on both Linux and Windows runners. No breaking changes.
  3. .github/workflows/generate.yml

    - uses: dorny/paths-filter@​7b450fff21473bca461d4b92ce414b9d0420d706 # v4.0.2
      id: filter
      with:
        filters: |
          changes:
            - .github/workflows/generate.yml
            - .github/actions/**
            - packages/**
            - example/**
            - package.json
            - tsconfig.json
            - pnpm-workspace.yaml
            - pnpm-lock.yaml
    • Feature used: File path filtering to detect changes requiring code generation
    • Impact: ✅ Improved reliability and compatibility. No breaking changes.
  4. .github/workflows/migration.yml

    - uses: dorny/paths-filter@​7b450fff21473bca461d4b92ce414b9d0420d706 # v4.0.2
      id: filter
      with:
        filters: |
          changes:
            - .github/workflows/migration.yml
            - example/**
            - packages/**
            - package.json
            - pnpm-lock.yaml
    • Feature used: File path filtering to detect changes requiring migration tests
    • Impact: ✅ Benefits from both the container job fix and Git compatibility improvements. No breaking changes.
  5. .github/workflows/sdk-e2e.yml

    - uses: dorny/paths-filter@​7b450fff21473bca461d4b92ce414b9d0420d706 # v4.0.2
      id: filter
      with:
        filters: |
          changes:
            - .github/workflows/sdk-e2e.yml
            - .github/actions/**
            - packages/**
            - package.json
            - tsconfig.json
            - pnpm-workspace.yaml
            - pnpm-lock.yaml
    • Feature used: File path filtering to detect changes requiring e2e tests
    • Impact: ✅ Improved reliability in CI environment. No breaking changes.
  6. .github/workflows/test.yml

    - uses: dorny/paths-filter@​7b450fff21473bca461d4b92ce414b9d0420d706 # v4.0.2
      id: filter
      with:
        filters: |
          changes:
            - .github/workflows/test.yml
            - .github/actions/**
            - packages/**
            - example/**
            - llm-challenge/**
            - package.json
            - tsconfig.json
            - pnpm-workspace.yaml
            - pnpm-lock.yaml
    • Feature used: File path filtering to detect changes requiring test execution
    • Impact: ✅ Benefits from improved error handling and Git compatibility. No breaking changes.

📊 Impact Summary

All six workflows use dorny/paths-filter in a consistent pattern:

  • Detect file changes based on glob patterns
  • Set outputs (should_run or specific filter names) used by downstream jobs
  • Enable conditional job execution to optimize CI runtime

The v4.0.2 changes provide pure improvements with no breaking changes:

No changes to the action's API, inputs, outputs, or behavior beyond the bug fixes.

✅ Recommended Actions

None - This is a safe, beneficial patch update that improves reliability and compatibility with no breaking changes. All usage patterns in our workflows remain valid and will benefit from the improved error handling and Git compatibility.

The update can be merged with confidence.


Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants