shaka-player

mirror of https://github.com/shaka-project/shaka-player.git synced 2026-06-26 17:46:26 +03:00

Files

T

Joey Parrish 876511bad6 chore: Use only raw fields in gh api calls (#9482 )

Workflows using gh api should always use -f (raw field) instead of -F
(field including special characters) because a crafted message could be
used to read files from the host, which could lead to things like leaked
keys or other private information.

There is no known exploit, because these messages were not yet
controllable by an attacker as far as we know, but better safe than
sorry.

Discovered during a careful review of #9422, which adds new usage of gh
api.

2025-12-08 14:57:31 -08:00

custom-actions/prep-for-appspot

ci: Use python3 explicitly (#9288 )

2025-10-27 13:34:51 +01:00

shaka-bot-commands

chore: Use only raw fields in gh api calls (#9482 )

2025-12-08 14:57:31 -08:00

appspot.yaml

chore: Fix Java version in appspot workflows (#8932 )

2025-07-29 11:20:52 -07:00

build-and-test.yaml

ci: Use python3 explicitly (#9288 )