mirror of
https://github.com/actualbudget/actual.git
synced 2026-05-21 06:31:58 -05:00
62d7c0e479
* [AI] Fix template injection in setup action's Lage cache step
The 'Ensure Lage cache directory exists' step expanded
${{ inputs.working-directory }} directly into the shell command via
format(), which zizmor flags as a code-injection risk. Pass the input
through an env var and reference it with shell expansion instead.
* [AI] Add release note for template injection fix
* [AI] Rename release note to match PR #7858
---------
Co-authored-by: Claude <noreply@anthropic.com>