Escape patterns in pull request comment

This prevents unintended bold and italic Markdown text.

__tests__/comment-upserter.test.ts

@@ -38,8 +38,8 @@ describe('CommentUpserterImpl', () => {
     const commentBody =
       HEADER +
       [
-        '| db/migrate/** | @cto, @dba |',
-        '| .github/**<br>spec/*.rb | @ci |'
+        '| db/migrate/\\*\\* | @cto, @dba |',
+        '| .github/\\*\\*<br>spec/\\*.rb | @ci |'
       ].join('\n')
 
     const stubListComments = (comments: string[]): void => {

package.json

@@ -24,12 +24,14 @@
     "@actions/core": "^1.10.0",
     "@actions/github": "^5.1.0",
     "js-yaml": "^4.1.0",
+    "markdown-escape": "^2.0.0",
     "micromatch": "^4.0.4",
     "parse-diff": "^0.11.1"
   },
   "devDependencies": {
     "@octokit/webhooks-types": "^7.0.2",
     "@types/js-yaml": "^4.0.5",
+    "@types/markdown-escape": "^1.1.3",
     "@types/micromatch": "^4.0.2",
     "@types/node": "^18.16.3",
     "@typescript-eslint/parser": "^5.59.7",

src/comment-upserter.ts

@@ -1,5 +1,6 @@
 import * as core from '@actions/core'
 import {RestEndpointMethods} from '@octokit/plugin-rest-endpoint-methods/dist-types/generated/method-types.d'
+import markdownEscape from 'markdown-escape'
 
 import {MentionRule} from './configuration'
 import {Repo} from './github-types'
@@ -80,7 +81,9 @@ export class CommentUpserterImpl implements CommentUpserter {
   private createCommentBody(rules: MentionRule[]): string {
     const body = rules
       .map(rule => {
-        const patterns = rule.patterns.join('<br>')
+        const patterns = rule.patterns
+          .map(pattern => markdownEscape(pattern, ['slashes']))
+          .join('<br>')
         const mentions = rule.mentions.map(name => `@${name}`).join(', ')
         return `| ${patterns} | ${mentions} |`
       })