dependabot e-mails unreadable due to HTML escaping

[Malvineous]

Select Topic Area

Bug

GitHub Feature Area

Dependabot

Body

When dependabot opens an issue, the plain text e-mail is virtually unreadable as it contains escaped HTML/XML:

Bumps [actions/cache](/~https://github.com/actions/cache) from 4.2.0 to 4.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="/~https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p>
<blockquote>
<h2>v4.2.1</h2>
<h2>What's Changed</h2>
<blockquote>
<p>[!IMPORTANT]
As a reminder, there were important backend changes to release v4.2.0, see <a href="/~https://github.com/actions/cache/releases/tag/v4.2.0">those release notes</a> and <a href="/~https://github.com/actions/cache/discussions/1510">the announcement</a> for more details.</p>
</blockquote>
<ul>
<li>docs: GitHub is spelled incorrectly in caching-strategies.md by <a href="/~https://github.com/janco-absa"><code>@​janco-absa</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1526">actions/cache#1526</a></li>
<li>docs: Make the "always save prime numbers" example more clear by <a href="/~https://github.com/Tobbe"><code>@​Tobbe</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1525">actions/cache#1525</a></li>
<li>Update force deletion docs due a recent deprecation by <a href="/~https://github.com/sebbalex"><code>@​sebbalex</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1500">actions/cache#1500</a></li>
<li>Bump <code>@​actions/cache</code> to v4.0.1 by <a href="/~https://github.com/robherley"><code>@​robherley</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1554">actions/cache#1554</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="/~https://github.com/janco-absa"><code>@​janco-absa</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1526">actions/cache#1526</a></li>
<li><a href="/~https://github.com/Tobbe"><code>@​Tobbe</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1525">actions/cache#1525</a></li>
<li><a href="/~https://github.com/sebbalex"><code>@​sebbalex</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1500">actions/cache#1500</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="/~https://github.com/actions/cache/compare/v4.2.0...v4.2.1">/~https://github.com/actions/cache/compare/v4.2.0...v4.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="/~https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p>
<blockquote>
<h1>Releases</h1>
<h3>4.2.1</h3>
<ul>
<li>Bump <code>@actions/cache</code> to v4.0.1</li>
</ul>
<h3>4.2.0</h3>
<p>TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. <a href="/~https://github.com/actions/cache">actions/cache</a> now integrates with the new cache service (v2) APIs.</p>
<p>The new service will gradually roll out as of <strong>February 1st, 2025</strong>. The legacy service will also be sunset on the same date. Changes in these release are <strong>fully backward compatible</strong>.</p>
<p><strong>We are deprecating some versions of this action</strong>. We recommend upgrading to version <code>v4</code> or <code>v3</code> as soon as possible before <strong>February 1st, 2025.</strong> (Upgrade instructions below).</p>
<p>If you are using pinned SHAs, please use the SHAs of versions <code>v4.2.0</code> or <code>v3.4.0</code></p>
<p>If you do not upgrade, all workflow runs using any of the deprecated <a href="/~https://github.com/actions/cache">actions/cache</a> will fail.</p>
<p>Upgrading to the recommended versions will not break your workflows.</p>
<h3>4.1.2</h3>
<ul>
<li>Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - <a href="https://redirect.github.com/actions/cache/pull/1474">#1474</a></li>
<li>Security fix: Bump braces from 3.0.2 to 3.0.3 - <a href="https://redirect.github.com/actions/cache/pull/1475">#1475</a></li>
</ul>
<h3>4.1.1</h3>
<ul>
<li>Restore original behavior of <code>cache-hit</code> output - <a href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li>
</ul>
<h3>4.1.0</h3>
<ul>
<li>Ensure <code>cache-hit</code> output is set when a cache is missed - <a href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li>
<li>Deprecate <code>save-always</code> input - <a href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li>
</ul>
<h3>4.0.2</h3>
<ul>
<li>Fixed restore <code>fail-on-cache-miss</code> not working.</li>
</ul>
<h3>4.0.1</h3>
<ul>
<li>Updated <code>isGhes</code> check</li>
</ul>
<h3>4.0.0</h3>
<ul>
<li>Updated minimum runner version support from node 12 -> node 20</li>
</ul>
<h3>3.4.0</h3>
<ul>
<li>Integrated with the new cache service (v2) APIs</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="/~https://github.com/actions/cache/commit/0c907a75c2c80ebcb7f088228285e798b750cf8f"><code>0c907a7</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1554">#1554</a> from actions/robherley/v4.2.1</li>
<li><a href="/~https://github.com/actions/cache/commit/710893c2369beb60748049b671f18c43a3656fce"><code>710893c</code></a> bump <code>@​actions/cache</code> to v4.0.1</li>
<li><a href="/~https://github.com/actions/cache/commit/9fa7e61ec7e1f44ac75218e7aaea81da8856fd11"><code>9fa7e61</code></a> Update force deletion docs due a recent deprecation (<a href="https://redirect.github.com/actions/cache/issues/1500">#1500</a>)</li>
<li><a href="/~https://github.com/actions/cache/commit/36f1e144e1c8edb0a652766b484448563d8baf46"><code>36f1e14</code></a> docs: Make the "always save prime numbers" example more clear (<a href="https://redirect.github.com/actions/cache/issues/1525">#1525</a>)</li>
<li><a href="/~https://github.com/actions/cache/commit/53aa38c736a561b9c17b62df3fe885a17b78ee6d"><code>53aa38c</code></a> Correct GitHub Spelling in caching-strategies.md (<a href="https://redirect.github.com/actions/cache/issues/1526">#1526</a>)</li>
<li>See full diff in <a href="/~https://github.com/actions/cache/compare/1bd1e32a3bdc45362d1e726936510720a7c30a57...0c907a75c2c80ebcb7f088228285e798b750cf8f">compare view</a></li>
</ul>
</details>
<br />

Could the plain text versions of these e-mails be stripped of all HTML/XML tags instead of escaping them, so that the e-mail content is readable in e-mail clients rendering the text/plain version of the e-mail?

(Note that you should see ampersands, gt; and lt; in the above block of text. This is not a mistake, this is how the e-mail actually appears.)

[github-actions[bot]]

💬 Your Product Feedback Has Been Submitted 🎉

Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users.

Here's what you can expect moving forward ⏩

• Your input will be carefully reviewed and cataloged by members of our product teams. 
  • Due to the high volume of submissions, we may not always be able to provide individual responses.
  • Rest assured, your feedback will help chart our course for product improvements.
• Other users may engage with your post, sharing their own perspectives or experiences. 
• GitHub staff may reach out for further clarification or insight. 
  • We may 'Answer' your discussion if there is a current solution, workaround, or roadmap/changelog post related to the feedback.

Where to look to see what's shipping 👀

• Read the Changelog for real-time updates on the latest GitHub features, enhancements, and calls for feedback.
• Explore our Product Roadmap, which details upcoming major releases and initiatives.

What you can do in the meantime 💻

• Upvote and comment on other user feedback Discussions that resonate with you.
• Add more information at any point! Useful details include: use cases, relevant labels, desired outcomes, and any accompanying screenshots.

As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities.

Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐

[queenofcorgis]

Hey there! Would you mind sharing more about your experience with this? What specifically is this blocking for you and/or your tools?

[Malvineous]

Hi, it's basically unreadable for me as a human because of all the escaped HTML codes embedded within the message. "ampersand lt slash h2 ampersand gt ampersand lt ul ampersand gt ampersand lt li ampersand gt ampersand lt" adds absolutely nothing to the content of the message, with the actual content hidden within this mass of meaningless stuff.

In some ways it would be better to just omit the text/plain version of the e-mail entirely. text/plain versions are supposed to be there to make it easier for people to read who use e-mail clients that can't render HTML, and on all other GitHub e-mails this works superbly well (it just seems to put the Markdown source in the text/plain version, which is easily human readable). However it's just the dependabot ones that don't translate into text/plain very well, and unfortunately come out far worse as far as readability is concerned.

It could be a little better if < and > weren't changed into < and > (since there is no need to escape these characters in text/plain content) however it looks like the e-mail content would still be very verbose, although it would be slightly easier to read.