From c128568da0ecb75a5f17bbded2d558da5152ba8e Mon Sep 17 00:00:00 2001 From: orbisai0security Date: Mon, 27 Apr 2026 19:03:15 +0530 Subject: [PATCH] fix: yaml.github-actions.security.run-shell-injection.run-shell-injection security vulnerability (#43824) Automated security fix generated by Orbis Security AI Co-authored-by: Ubuntu --- .github/workflows/claude-dedupe-issues.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/claude-dedupe-issues.yml b/.github/workflows/claude-dedupe-issues.yml index 71de91d1..3a955eaf 100644 --- a/.github/workflows/claude-dedupe-issues.yml +++ b/.github/workflows/claude-dedupe-issues.yml @@ -38,10 +38,11 @@ jobs: if: always() env: STATSIG_API_KEY: ${{ secrets.STATSIG_API_KEY }} + ISSUE_NUMBER: ${{ github.event.issue.number || inputs.issue_number }} + REPO: ${{ github.repository }} + TRIGGERED_BY: ${{ github.event_name }} + WORKFLOW_RUN_ID: ${{ github.run_id }} run: | - ISSUE_NUMBER=${{ github.event.issue.number || inputs.issue_number }} - REPO=${{ github.repository }} - if [ -z "$STATSIG_API_KEY" ]; then echo "STATSIG_API_KEY not found, skipping Statsig logging" exit 0 @@ -51,7 +52,8 @@ jobs: EVENT_PAYLOAD=$(jq -n \ --arg issue_number "$ISSUE_NUMBER" \ --arg repo "$REPO" \ - --arg triggered_by "${{ github.event_name }}" \ + --arg triggered_by "$TRIGGERED_BY" \ + --arg workflow_run_id "$WORKFLOW_RUN_ID" \ '{ events: [{ eventName: "github_duplicate_comment_added", @@ -60,7 +62,7 @@ jobs: repository: $repo, issue_number: ($issue_number | tonumber), triggered_by: $triggered_by, - workflow_run_id: "${{ github.run_id }}" + workflow_run_id: $workflow_run_id }, time: (now | floor | tostring) }]