github-starred/actual
2
0
Fork 0
mirror of https://github.com/actualbudget/actual.git synced 2026-05-06 07:01:45 -05:00
Code Issues 1.5k Packages Projects Releases 54 Wiki Activity
Files
49538fae54507ecf34db6a80d7909435aa160bc0
actual/.github/workflows
History
Matiss Janis Aboltins 4efa8bba04 Fix script injection patterns in GitHub Actions workflows (#7433) 
* [AI] Fix script injection in vrt-update-apply.yml workflow

Use environment variables instead of direct expression interpolation
in the github-script step to prevent potential script injection via
artifact-sourced values (steps.apply.outputs.error and
steps.metadata.outputs.pr_number).

https://claude.ai/code/session_01V28NTQAXTvSfwyoDhWpWo9

* [AI] Fix script injection in generate-release-pr.yml workflow

Use environment variable instead of direct expression interpolation
for github.event.inputs.version in the shell script context to
prevent potential command injection.

https://claude.ai/code/session_01V28NTQAXTvSfwyoDhWpWo9

* [AI] Add release notes for #7433

https://claude.ai/code/session_01V28NTQAXTvSfwyoDhWpWo9

---------

Co-authored-by: Claude <noreply@anthropic.com>
2026-04-08 22:19:45 +00:00
..
ai-generated-release-notes.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
autofix.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
build.yml
trim down some unused/unnecessary dependencies (#7350)
2026-04-05 18:12:51 +01:00
check.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
codeql.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
count-points.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
docker-edge.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
docker-release.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
docs-spelling.yml
Pin check-spelling action versions to specific commits (#7430)
2026-04-08 21:38:07 +00:00
e2e-test.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
e2e-vrt-comment.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
electron-master.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
electron-pr.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
fork-pr-welcome.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
generate-release-pr.yml
Fix script injection patterns in GitHub Actions workflows (#7433)
2026-04-08 22:19:45 +00:00
i18n-string-extract-master.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
issues-close-feature-requests.yml
lint: actual/typography disallow using curly quotes (#6454)
2025-12-20 19:51:16 +00:00
issues-feature-implemented.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
issues-remove-help-wanted.yml
fix github action version resolution (#6114)
2025-11-11 23:26:07 +00:00
merge-freeze-unfreeze.yml
[AI] Make merge-freeze-unfreeze workflow work on fork PRs (#7104)
2026-03-01 20:46:58 +00:00
netlify-release.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
publish-flathub.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
publish-nightly-electron.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
publish-nightly-npm-packages.yml
[AI] Experimental CLI tool for Actual (#7208)
2026-03-18 18:22:38 +00:00
publish-npm-packages.yml
[AI] Experimental CLI tool for Actual (#7208)
2026-03-18 18:22:38 +00:00
release-notes.yml
migrate actualbudget/actions to the main repo (#7406)
2026-04-07 10:28:30 +00:00
size-compare.yml
trim down some unused/unnecessary dependencies (#7350)
2026-04-05 18:12:51 +01:00
stale.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00
vrt-update-apply.yml
Fix script injection patterns in GitHub Actions workflows (#7433)
2026-04-08 22:19:45 +00:00
vrt-update-generate.yml
⬆️ bump github actions (#7234)
2026-03-18 08:53:03 +00:00