Skip to content

Material Change - new dependabot finding #986

Material Change - new dependabot finding

Material Change - new dependabot finding #986

Workflow file for this run

name: Demo vulnerable workflow
on:
issues:
types: [opened]
env:
# Environment variable for demonstration purposes
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
jobs:
vuln_job:
runs-on: ubuntu-latest
steps:
# Checkout used for demonstration purposes
- uses: actions/checkout@v2
- run: |
echo "ISSUE TITLE: ${{github.event.issue.title}}"
echo "ISSUE DESCRIPTION: ${{github.event.issue.body}}"
- run: |
curl -X POST -H "Authorization: Token ${{ secrets.BOT_TOKEN }}" -d '{"labels": ["New Issue"]}' ${{ github.event.issue.url }}/labels