mirror of
https://github.com/RGBCube/serenity
synced 2025-07-26 19:27:45 +00:00
CI: Disable variable substitution on input to the twitter script
This prevents command injection through backticks in commit messages.
This commit is contained in:
Idan Horowitz
Ali Mohammad Pur
parent
788472f91a
commit
6602ab27e1
1 changed files with 1 additions and 1 deletions
2
.github/workflows/twitter.yml
vendored
2
.github/workflows/twitter.yml
vendored
|
|
@ -14,7 +14,7 @@ jobs:
|
||||||
node-version: '14'
|
node-version: '14'
|
||||||
- run: npm i twit
|
- run: npm i twit
|
||||||
- run: |
|
- run: |
|
||||||
node ${{ github.workspace }}/Meta/tweet-commits.js << EOF
|
node ${{ github.workspace }}/Meta/tweet-commits.js << 'EOF'
|
||||||
${{ toJSON(github.event) }}
|
${{ toJSON(github.event) }}
|
||||||
EOF
|
EOF
|
||||||
env:
|
env:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue