Summary
The CI workflow disables changelog/version enforcement when a PR title starts with chore, refactor, deps, or docs. Since contributors control the initial PR title, an untrusted metadata field determines whether the policy check runs. Maintainers still decide whether to merge, but the system can present a false impression that changelog policy was enforced when it was actually skipped.
Expected behavior
Whether changelog/version enforcement runs should depend only on trusted signals, such as maintainer-applied labels or diff-based classification of the changed files.
Actual behavior
A contributor can open a PR that changes crate code and give it an exempt title prefix, causing the enforcement step to be skipped. If the maintainer does not rename the title or otherwise catch the mismatch, the PR may merge without the intended changelog/version check.
Relevant log output
There may be no failing log output because the enforcement step is skipped entirely by this condition in `/.github/workflows/ci.yml`:
if: >
github.event_name == 'pull_request' &&
!startsWith(github.event.pull_request.title, 'chore') &&
!startsWith(github.event.pull_request.title, 'refactor') &&
!startsWith(github.event.pull_request.title, 'deps') &&
!startsWith(github.event.pull_request.title, 'docs') &&
!contains(github.event.pull_request.labels.*.name, 'internal-change')
Possible Solution
Remove PR-title prefixes from the skip logic. Only allow exemptions through trusted maintainer actions, such as labels, or through deterministic diff-based checks. If title prefixes are kept, treat them only as hints and validate them against the actual changed files before skipping enforcement.
Version
No response
Would you like to work on fixing this bug?
Yes
Summary
The CI workflow disables changelog/version enforcement when a PR title starts with
chore,refactor,deps, ordocs. Since contributors control the initial PR title, an untrusted metadata field determines whether the policy check runs. Maintainers still decide whether to merge, but the system can present a false impression that changelog policy was enforced when it was actually skipped.Expected behavior
Whether changelog/version enforcement runs should depend only on trusted signals, such as maintainer-applied labels or diff-based classification of the changed files.
Actual behavior
A contributor can open a PR that changes crate code and give it an exempt title prefix, causing the enforcement step to be skipped. If the maintainer does not rename the title or otherwise catch the mismatch, the PR may merge without the intended changelog/version check.
Relevant log output
Possible Solution
Remove PR-title prefixes from the skip logic. Only allow exemptions through trusted maintainer actions, such as labels, or through deterministic diff-based checks. If title prefixes are kept, treat them only as hints and validate them against the actual changed files before skipping enforcement.
Version
No response
Would you like to work on fixing this bug?
Yes