The github.event could include shell characters such as ``` in the commit message, which would be interpreted by the shell and can lead to unexpected code execution. Dependabot PRs break because of commit title rules, skip.
What is the new behavior?
Uses intermediate file for getting github.event information. Direct shell interpretation doesn't escape special characters, which can cause problems or lead to code execution. Skips the job for dependabot PRs.
What kind of change does this PR introduce?
Bug fix, and maintenance to CI
What is the current behavior?
The
github.eventcould include shell characters such as ``` in the commit message, which would be interpreted by the shell and can lead to unexpected code execution. Dependabot PRs break because of commit title rules, skip.What is the new behavior?
Uses intermediate file for getting
github.eventinformation. Direct shell interpretation doesn't escape special characters, which can cause problems or lead to code execution. Skips the job for dependabot PRs.