Skip to content

Fix GHA variable interpolation #199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 15, 2025
Merged

Fix GHA variable interpolation #199

merged 1 commit into from
Sep 15, 2025

Conversation

@stephanos
Copy link
Collaborator

@stephanos stephanos commented Sep 10, 2025
edited
Loading

What was changed

Don't use GHA var interpolation directly.

Why?

It's a command Injection vulnerability. (reported by Security)

Checklist

  1. Closes SDK-4256

  2. How was this tested:

  1. Any docs updates needed?

@stephanos stephanos marked this pull request as ready for review September 10, 2025 18:39
@stephanos stephanos requested a review from a team as a code owner September 10, 2025 18:39
@stephanos stephanos merged commit b4f896d into main Sep 15, 2025
33 checks passed
@stephanos stephanos deleted the gha-vars branch September 15, 2025 20:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Sushisource Sushisource Sushisource approved these changes

@bergundy bergundy Awaiting requested review from bergundy

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@stephanos @Sushisource