You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
github-action: Resolve command injection vulnerability in action script (#56, 1863c50)
Build System
deps: Bump python-semantic-release from 9.21.1 to 10.0.0 (#59, 155d667)
Breaking Changes
github-action: The root_options action input parameter has been removed because it created a command injection vulnerability for arbitrary code to execute within the container context of the GitHub action if a command injection code was provided as part of the root_options parameter string. To eliminate the vulnerability, each relevant option that can be provided to semantic-release has been individually added as its own parameter and will be processed individually to prevent command injection. Please review our Github Actions Configuration page on the Python Semantic Release Documentation website to review the newly available configuration options that replace the root_options parameter.
Resolved Issues
#55: bug: command injection through GH action inputs
