fix: dependency_updater security, POSIX compliance, and improved descriptions

Author: Kewe63

dependency_updater/dependency_updater.go

@@ -89,19 +89,6 @@ func updater(token string, repoPath string, commit bool, githubAction bool) erro
 		return fmt.Errorf("error resolving repo path: %s", err)
 	}
 
-	// Ensure the resolved path stays within the workspace (CWE-22)
-	base := os.Getenv("GITHUB_WORKSPACE")
-	if base != "" {
-		absBase, err := filepath.Abs(base)
-		if err != nil {
-			return fmt.Errorf("error resolving workspace base path: %w", err)
-		}
-		rel, err := filepath.Rel(absBase, repoPath)
-		if err != nil || strings.HasPrefix(rel, "..") {
-			return fmt.Errorf("security error: repo path '%s' is outside of workspace '%s'", repoPath, absBase)
-		}
-	}
-
 	f, err := os.ReadFile(filepath.Join(repoPath, "versions.json"))
 	if err != nil {
 		return fmt.Errorf("error reading versions JSON: %s", err)