Skip to content

fix: prevent script injection in workflows (release/v0.8.x)#623

Merged
thpierce merged 1 commit intorelease/v0.8.xfrom
fix-github-event-injection-v0.8.x
Feb 10, 2026
Merged

fix: prevent script injection in workflows (release/v0.8.x)#623
thpierce merged 1 commit intorelease/v0.8.xfrom
fix-github-event-injection-v0.8.x

Conversation

@thpierce
Copy link
Copy Markdown
Contributor

@thpierce thpierce commented Feb 10, 2026

Move github.event references to env vars to prevent script injection vulnerabilities in run steps.

This change follows the same pattern as the main branch fix.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

@thpierce thpierce added the skip changelog doesn't need a CHANGELOG entry label Feb 10, 2026
@thpierce thpierce requested a review from a team as a code owner February 10, 2026 19:47
@thpierce thpierce force-pushed the fix-github-event-injection-v0.8.x branch 4 times, most recently from d718f77 to 3788219 Compare February 10, 2026 20:13
@thpierce
fix: prevent script injection in workflows
f910ebb 
Move github.event references to env vars to prevent script injection vulnerabilities in run steps
@thpierce thpierce force-pushed the fix-github-event-injection-v0.8.x branch from 3788219 to f910ebb Compare February 10, 2026 20:14
@thpierce thpierce merged commit 75e7ec8 into release/v0.8.x Feb 10, 2026
4 of 12 checks passed
@thpierce thpierce deleted the fix-github-event-injection-v0.8.x branch February 10, 2026 21:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

skip changelog doesn't need a CHANGELOG entry

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thpierce