From 6eaec5cccd59d6c17f9ed7802b002ffb990131f5 Mon Sep 17 00:00:00 2001 From: Siddharth Dushantha <27065646+sdushantha@users.noreply.github.com> Date: Sat, 2 May 2026 09:27:28 +0200 Subject: [PATCH 1/2] Fix command injection vuln --- .github/workflows/validate_modified_targets.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/validate_modified_targets.yml b/.github/workflows/validate_modified_targets.yml index 37e2eb01cd..5dea4153df 100644 --- a/.github/workflows/validate_modified_targets.yml +++ b/.github/workflows/validate_modified_targets.yml @@ -20,6 +20,7 @@ jobs: # Checkout the base branch but fetch all history to avoid a second fetch call ref: ${{ github.base_ref }} fetch-depth: 0 + persist-credentials: false - name: Set up Python uses: actions/setup-python@v6 @@ -90,11 +91,11 @@ jobs: # --- The rest of the steps below are unchanged --- - name: Validate modified targets - if: steps.discover-modified.outputs.changed_targets != '' - continue-on-error: true + env: + CHANGED_TARGETS: ${{ steps.discover-modified.outputs.changed_targets }} run: | poetry run pytest -q --tb no -rA -m validate_targets -n 20 \ - --chunked-sites "${{ steps.discover-modified.outputs.changed_targets }}" \ + --chunked-sites "$CHANGED_TARGETS" \ --junitxml=validation_results.xml - name: Prepare validation summary From 61aae782ee592c8b5fcdc2039e31ea7d7d646e95 Mon Sep 17 00:00:00 2001 From: Siddharth Dushantha <27065646+sdushantha@users.noreply.github.com> Date: Sat, 2 May 2026 09:42:36 +0200 Subject: [PATCH 2/2] version bump --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 2ebad06406..44d84173cb 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -8,7 +8,7 @@ source = "init" [tool.poetry] name = "sherlock-project" -version = "0.16.0" +version = "0.16.1" description = "Hunt down social media accounts by username across social networks" license = "MIT" authors = [