`actions/checkout` already fixed the issue on their side in
[v3.0.1](https://github.com/actions/checkout/releases/tag/v3.0.1).
But since this is a container action, it can be run with another uid than the one
from `actions/checkout` and therefore we need to add the `safe.directory` config again.
Another way of fixing this would be to make this action run with the same uid as the github runner,
but as mentioned [here](https://github.com/actions/checkout/issues/760#issuecomment-1098135955)
we're not sure whether the `1000` uid of the runner is reliable.
The different `uid` issue seems more like a Github Actions ecosystem problem,
maybe they'll take care of it later.
On v4, we used the default nodejs resolution logic to allow ES modules in dependencies.
This created a breaking change of forcing users of this action
to use the .cjs extension instead of .js in config files.
With this fix, we now bundle the action with rollup to allow ES modules
in dependencies, while keeping the support for .js config files.
With this change, the default config file was returned back to .js instead of
.cjs.
Fixes#194
After the CVE-2020-15228 vulnerability,
we can't issue commands with sensitive data on this action anymore.
Due to that, the JSON output that this action generated was removed.
BREAKING CHANGE: GITHUB_TOKEN env var is now ignored. In case a custom token is needed,
it'll be necessary to pass it via the `token` input from now on.
This follows the commitlint CLI behavior, which exits with success when there are only warnings.
This behavior can be changed by passing 'true' to the parameter `failOnWarnings`.
