Skip to content

Add Dependabot Tapioca workflow#2043

Merged
benrfairless merged 2 commits into
mainfrom
chore/dependabot-github-actions
May 1, 2026
Merged

Add Dependabot Tapioca workflow#2043
benrfairless merged 2 commits into
mainfrom
chore/dependabot-github-actions

ci: add Dependabot Tapioca workflow

0c9e5dd
Select commit
Loading
Failed to load commit list.
SonarQubeCloud / SonarCloud Code Analysis failed Apr 28, 2026 in 19s

Quality Gate failed

Failed conditions
1 Security Hotspot
E Security Rating on New Code (required ≥ A)

See analysis details on SonarQube Cloud

Catch issues before they fail your Quality Gate with our IDE extension SonarQube for IDE

Annotations

Check failure on line 69 in .github/workflows/dependabot-tapioca.yml

See this annotation in the file changed.

@sonarqubecloud sonarqubecloud / SonarCloud Code Analysis

The expression github.event.pull_request.head.ref can be set by an external actor to a specially crafted value, enabling script injection. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. 

See more on https://sonarcloud.io/project/issues?id=openaustralia_planningalerts&issues=AZ3TZ_wrJvNQ_U3gjcE_&open=AZ3TZ_wrJvNQ_U3gjcE_&pullRequest=2043
View more details on SonarQubeCloud