Skip to content

Add Dependabot Tapioca workflow#2043

Merged
benrfairless merged 2 commits into
mainfrom
chore/dependabot-github-actions
May 1, 2026
Merged

Add Dependabot Tapioca workflow#2043
benrfairless merged 2 commits into
mainfrom
chore/dependabot-github-actions

ci: add Dependabot Tapioca workflow

0c9e5dd
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / SonarCloud failed Apr 28, 2026 in 4s

1 new alert including 1 high severity security vulnerability

New alerts in code changed by this pull request

Security Alerts:

  • 1 high

See annotations below for details.

View all branch alerts.

Annotations

Check failure on line 69 in .github/workflows/dependabot-tapioca.yml

See this annotation in the file changed.

Code scanning / SonarCloud

GitHub Actions should not be vulnerable to script injections High

The expression github.event.pull\_request.head.ref can be set by an external actor to a specially crafted value, enabling script injection. Change this workflow to not use user-controlled data directly in a run block, for example by assigning this expression to an environment variable. See more on SonarQube Cloud