mirror of
https://github.com/actions/checkout.git
synced 2024-11-25 08:01:37 +08:00
fe77b196f4
The user provided inputs here are vulnerable to script injection. This PR uses an intermediary environment variable to treat the input as a string, rather than as part of the command. See: https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable |
||
---|---|---|
.. | ||
check-dist.yml | ||
codeql-analysis.yml | ||
licensed.yml | ||
test.yml | ||
update-main-version.yml |