Overview - Nx

Nx

7 days30 days

Latest CI Pipeline Executions

Exact

Succeeded
32488
db6ce9da fix(repo): mitigate script injection vulnerability in PR title validation Replace bash-based PR title validation with a secure JavaScript implementation to prevent potential script injection attacks through untrusted PR titles/bodies. The previous implementation used bash heredocs which could be vulnerable to command injection if malicious content was included in PR titles or bodies. This change follows GitHub's security best practices by using environment variables instead of direct interpolation. Changes: - Created dedicated validate-pr-title.js script that reads from env vars - Refactored commit-lint.js to export reusable validateCommitMessage function - Updated GitHub Actions workflow to use environment variables safely - Removed bash heredoc approach that directly interpolated user input Security reference: https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable This ensures that PR titles and bodies are treated as data, not code, preventing any potential command injection attacks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2 months ago by AgentEnder
Canceled
32488
95a65116 fix(repo): mitigate script injection vulnerability in PR title validation Replace bash-based PR title validation with a secure JavaScript implementation to prevent potential script injection attacks through untrusted PR titles/bodies. The previous implementation used bash heredocs which could be vulnerable to command injection if malicious content was included in PR titles or bodies. This change follows GitHub's security best practices by using environment variables instead of direct interpolation. Changes: - Created dedicated validate-pr-title.js script that reads from env vars - Refactored commit-lint.js to export reusable validateCommitMessage function - Updated GitHub Actions workflow to use environment variables safely - Removed bash heredoc approach that directly interpolated user input Security reference: https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable This ensures that PR titles and bodies are treated as data, not code, preventing any potential command injection attacks. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2 months ago by AgentEnder