Fix Artifact Tracking SQL Injection Bug

[ghost]

Hey everyone,

Artifact tracking appears to be broken when a parent directory contains a SQL special character. The code that I modified (local_file_hash_storage.py) assumed that Unix paths could be injected without being escaped into SQL statements -- so I just did the standard ? SQL escaping. If you are tracking artifacts in a directory that has a parent that contains, for example, ' (e.g. Frederick's Workspace/) would break the SQL queries necessary for tracking artifacts.

[Blaizzy]

Hey @fmorlock-tt

Thank you very much for the detailed explanation of the issue and the PR!

I will talk to the engineering team and come back to you as soon as I hear from them.

[Raalsky]

Hey @fmorlock-tt, I really appreciate your work!

LGTM, but two minor things:

• Could you rebase/sync your fork as we've rewritten some Github Workflows settings this should be fixed now
• Update the CHANGELOG

[ghost]

Hi @Raalsky and @Blaizzy

I made synced my branch and added a line to the Changelog. Please feel free to make edits to my branch if you'd like since maintainers should have access (I think).

Best,
Frederick