diff options
| author | Mukilan Thiyagarajan <mukilan@igalia.com> | 2024-07-08 15:38:23 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-07-08 10:08:23 +0000 |
| commit | b243457ccc6cd5a2dab58d9c9ff8b6fee1db6a20 (patch) | |
| tree | c8ef76c728cdb05217fa27f0842275b52954a9f0 /components/layout_2020/table/construct.rs | |
| parent | 099b5607b95bfc53ead51caee554175f2593f1d2 (diff) | |
| download | servo-b243457ccc6cd5a2dab58d9c9ff8b6fee1db6a20.tar.gz servo-b243457ccc6cd5a2dab58d9c9ff8b6fee1db6a20.zip | |
ci: fix security issue in try job workflow (#32724)
This [issue][1] was reported by GitHub user @RedYetiDev via the Security
Advisory reporting mechanism on GitHub. The fix is also based on their
proposed solution.
The issue is that `refs/pull/{pr_number}/head` points to the latest
commit of a PR and so it could be different than the commit that was
reviewed when the try label was applied. The fix is to use the exact commit
sha at the point when the try job is triggered, which is available in
the `github` context as `github.event.pull_request.head.sha`.
[1]: https://github.com/servo/servo/security/advisories/GHSA-fxqr-xgh8-3577
Signed-off-by: Mukilan Thiyagarajan <mukilan@igalia.com>
Co-authored-by: Aviv Keller <38299977+RedYetiDev@users.noreply.github.com>
Diffstat (limited to 'components/layout_2020/table/construct.rs')
0 files changed, 0 insertions, 0 deletions