Closed jeremylong closed 2 years ago
When the action runs - the build will pass. The warning.md file will not be created until the merge occurs and the code executes against main.
warning.md
main
Note, this abuse is in plain site. The malicious code could be hidden in a new or upgraded dependency.
When the action runs - the build will pass. The
warning.mdfile will not be created until the merge occurs and the code executes againstmain.Note, this abuse is in plain site. The malicious code could be hidden in a new or upgraded dependency.