Require test action

[zaradford]

Description

Fixing github action vulnerability. User input flows through environment variables into jq, which treats all input as literal data (not code) and automatically escapes special characters when constructing JSON. This means even a malicious PR title like "$(steal secrets)" is just treated as the literal text string "$(steal secrets)" with no command execution possible.

Fixes # (Tag or link relevant issues)
https://github.com/HubSpotEngineering/mainsail-security-privacy/issues/1256

Type of Change

Please delete options that are not relevant.

• [ x] Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please include test coverage results that cover the changes referenced in the PR description.

Checklist:

• [ x] I have performed a self-review of my code
• I have commented my code, remember, these are resources to help developers identify patterns for HubSpot integrations
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

[oghenekumejohn25-lang]

Description

Fixing github action vulnerability. User input flows through environment variables into jq, which treats all input as literal data (not code) and automatically escapes special characters when constructing JSON. This means even a malicious PR title like "$(steal secrets)" is just treated as the literal text string "$(steal secrets)" with no command execution possible.

Fixes # (Tag or link relevant issues)

https://github.com/HubSpotEngineering/mainsail-security-privacy/issues/1256

Type of Change

Please delete options that are not relevant.

• [ x] Bug fix (non-breaking change which fixes an issue)

• New feature (non-breaking change which adds functionality)

• Breaking change (fix or feature that would cause existing functionality to not work as expected)

• This change requires a documentation update

How Has This Been Tested?

Please include test coverage results that cover the changes referenced in the PR description.

Checklist:

• [ x] I have performed a self-review of my code

• I have commented my code, remember, these are resources to help developers identify patterns for HubSpot integrations

• I have made corresponding changes to the documentation

• My changes generate no new warnings

• I have added tests that prove my fix is effective or that my feature works

• New and existing unit tests pass locally with my changes

• Any dependent changes have been merged and published in downstream modules