Joey Parrish 876511bad6 chore: Use only raw fields in gh api calls (#9482) ...

Workflows using gh api should always use -f (raw field) instead of -F
(field including special characters) because a crafted message could be
used to read files from the host, which could lead to things like leaked
keys or other private information.

There is no known exploit, because these messages were not yet
controllable by an attacker as far as we know, but better safe than
sorry.

Discovered during a careful review of #9422, which adds new usage of gh
api.

2025-12-08 14:57:31 -08:00

..

ISSUE_TEMPLATE

docs: Update docs api links to use Github pages (#8702)

2025-06-05 21:34:12 +02:00

workflows

chore: Use only raw fields in gh api calls (#9482)

2025-12-08 14:57:31 -08:00