Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
My scanner picked up this vulnerability added recently. Just making a PR to fix it instead of going through the whole ASF reporting process because the workflow permissions are locked down to just PR and issues write and there are no secrets, so the worst someone could do is be a nuisance or try cache poisoning (which attackers don't know how to do...yet). Ref: https://securitylab.github.com/research/github-actions-untrusted-input/
- Loading branch information