alteropen/streamyfin
1
0
Fork 0
mirror of https://github.com/streamyfin/streamyfin.git synced 2026-06-02 03:58:36 +01:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity
Files
5f59dce0c7ca84ad62fbfc1c941564a0ff44b02f
streamyfin/.github/workflows
History
Gauvino 5f59dce0c7 fix(pr-validation): run under pull_request_target + drop DoS-prone comment loop 
Security audit fixes:
- The jobs gated on github.event_name == 'pull_request' but the trigger is
  pull_request_target, so they never ran (validation was silently disabled).
  Gate on 'pull_request_target'.
- Replace the loop-until-stable HTML-comment strip with a single linear pass
  (+ trailing-unterminated strip): still leaves no <!-- (CodeQL-clean) but
  removes the quadratic re-scan a crafted nested-comment body could abuse.
2026-06-01 20:14:24 +02:00
..
artifact-comment.yml
feat: Enables iOS TV builds (#1422)
2026-05-22 08:49:15 +02:00
build-apps.yml
chore(deps): migrate to Expo SDK 56 (Phase 1 - compat)
2026-05-28 23:56:03 +02:00
check-lockfile.yml
chore(deps): Update actions/cache action to v5.0.5 (#1429)
2026-05-20 13:43:17 +02:00
ci-codeql.yml
chore(deps): Update github/codeql-action action to v4.36.0 (#1593)
2026-05-26 15:23:11 +02:00
conflict.yml
fix: update merge conflict and stale issue labels to include emojis
2025-08-28 17:06:03 +02:00
crowdin.yml
chore(deps): Update crowdin/github-action action to v2.16.2 (#1504)
2026-05-19 19:58:56 +02:00
linting.yml
ci(pr-validation): validate PR title + body against the template
2026-06-01 17:24:03 +02:00
notification.yml
fix(ci): code scanning alert no. 219 (#1353)
2026-01-13 18:41:56 +01:00
pr-validation.yml
fix(pr-validation): run under pull_request_target + drop DoS-prone comment loop
2026-06-01 20:14:24 +02:00
release.yml
fix(ci): grant actions:read to github-release job (#1634)
2026-06-01 10:31:05 +02:00
update-issue-form.yml
chore(deps): Update peter-evans/create-pull-request action to v8.1.1 (#1566)
2026-05-20 17:37:53 +02:00