From 4298186aef814eabf7446106b5b38af5a361b350 Mon Sep 17 00:00:00 2001 From: "hf-security-analysis[bot]" <265538906+hf-security-analysis[bot]@users.noreply.github.com> Date: Fri, 17 Jul 2026 09:26:58 +0000 Subject: [PATCH] fix(security): remediate workflow vulnerability in .github/workflows/build_frontend.yml --- .github/workflows/build_frontend.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build_frontend.yml b/.github/workflows/build_frontend.yml index f37f0947..ae787b52 100644 --- a/.github/workflows/build_frontend.yml +++ b/.github/workflows/build_frontend.yml @@ -43,7 +43,9 @@ jobs: if [[ -n "$(git status --porcelain frontend/dist)" ]]; then git add frontend/dist git commit -m "ci: rebuild frontend/dist [skip ci]" - git push "https://x-access-token:${GH_TOKEN}@github.com/${GITHUB_REPOSITORY}.git" "HEAD:${GITHUB_REF_NAME}" + echo "${GH_TOKEN}" | gh auth login --with-token + gh auth setup-git + git push origin "HEAD:${GITHUB_REF_NAME}" else echo "frontend/dist already up to date" fi