mirrors/zizmor
1
0
Fork 0
mirror of https://github.com/zizmorcore/zizmor.git synced 2025-12-23 08:47:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

feat: improve bot-conditions checks (#905)

Browse source
This commit is contained in:
William Woodruff 2025-06-06 17:28:57 -04:00 committed by GitHub
parent ddb337546d
commit ad7b6d03fa
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 255 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/release-notes.md
View file

@ -15,12 +15,16 @@ of `zizmor`.
rather than just workflow definitions (#896)
* The [use-trusted-publishing] audit now produces findings on composite
action definitions, rather than just workflow definitions (#899)
* The [bot-conditions] audit now detects more spoofable actor checks,
including checks against well-known user IDs for bot accounts (#905)
### Bug Fixes 🐛
* The [template-injection] audit no longer crashes when attempting to
evaluate the static-ness of an environment context within a
composite action `uses:` step (#887)
* The [bot-conditions] audit now correctly analyzes index-style contexts,
e.g. `github['actor']` (#905)
## 1.9.0