actions
/
checkout
mirror of https://gitea.com/actions/checkout.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

edit url one more time

This commit is contained in:
Aiqiao Yan 2026-06-15 21:41:19 +00:00
parent baaeba4a5e
commit 921dc8dd24
4 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -166,7 +166,7 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
# repository's GITHUB_TOKEN, secrets, default-branch cache scope, and runner # repository's GITHUB_TOKEN, secrets, default-branch cache scope, and runner
# access; fetching and executing a fork's code in that trusted context commonly # access; fetching and executing a fork's code in that trusted context commonly
# leads to "pwn request" vulnerabilities. Set to `true` only after reviewing the # leads to "pwn request" vulnerabilities. Set to `true` only after reviewing the
# risks at https://gh.io/securely-using-pull-request-checkout. # risks at https://gh.io/securely-using-pull_request_target.
# Default: false # Default: false
allow-unsafe-pr-checkout: '' allow-unsafe-pr-checkout: ''
``` ```

2
action.yml
View File

@ -105,7 +105,7 @@ inputs:
base repository's GITHUB_TOKEN, secrets, default-branch cache scope, and base repository's GITHUB_TOKEN, secrets, default-branch cache scope, and
runner access; fetching and executing a fork's code in that trusted runner access; fetching and executing a fork's code in that trusted
context commonly leads to "pwn request" vulnerabilities. Set to `true` context commonly leads to "pwn request" vulnerabilities. Set to `true`
only after reviewing the risks at https://gh.io/securely-using-pull-request-checkout. only after reviewing the risks at https://gh.io/securely-using-pull_request_target.
default: false default: false
outputs: outputs:
ref: ref:

2
dist/index.js vendored
View File

@ -2834,7 +2834,7 @@ function assertSafePrCheckout(input) {
`This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch ` + `This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch ` +
`cache scope, and runner access. Fetching and executing a fork's code in that trusted ` + `cache scope, and runner access. Fetching and executing a fork's code in that trusted ` +
`context commonly leads to "pwn request" vulnerabilities. To opt in after reviewing ` + `context commonly leads to "pwn request" vulnerabilities. To opt in after reviewing ` +
`the risks at https://gh.io/securely-using-pull-request-checkout, set ` + `the risks at https://gh.io/securely-using-pull_request_target, set ` +
`'allow-unsafe-pr-checkout: true' on the actions/checkout step.`); `'allow-unsafe-pr-checkout: true' on the actions/checkout step.`);
} }
function pushIfSha(target, value) { function pushIfSha(target, value) {

2
src/unsafe-pr-checkout-helper.ts
View File

@ -76,7 +76,7 @@ export function assertSafePrCheckout(input: IUnsafePrCheckoutInput): void {
`This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch ` + `This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch ` +
`cache scope, and runner access. Fetching and executing a fork's code in that trusted ` + `cache scope, and runner access. Fetching and executing a fork's code in that trusted ` +
`context commonly leads to "pwn request" vulnerabilities. To opt in after reviewing ` + `context commonly leads to "pwn request" vulnerabilities. To opt in after reviewing ` +
`the risks at https://gh.io/securely-using-pull-request-checkout, set ` + `the risks at https://gh.io/securely-using-pull_request_target, set ` +
`'allow-unsafe-pr-checkout: true' on the actions/checkout step.` `'allow-unsafe-pr-checkout: true' on the actions/checkout step.`
) )
} }