Skip to content

[GHSA-pr98-23f8-jwxv] QOS.CH logback-core Expression Language Injection vulnerability #4873

[GHSA-pr98-23f8-jwxv] QOS.CH logback-core Expression Language Injection vulnerability

[GHSA-pr98-23f8-jwxv] QOS.CH logback-core Expression Language Injection vulnerability #4873

name: Create PR staging branch
on:
pull_request_target:
branches: [main]
types: [opened, synchronize, reopened, edited]
paths:
- "advisories/**"
workflow_dispatch:
jobs:
ensure-base-is-staging:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: ensure base is staging
env:
PR_AUTHOR: ${{ github.event.pull_request.user.login }}
PR_NUMBER: ${{ github.event.pull_request.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -xeo pipefail
BRANCH_NAME="$PR_AUTHOR"/advisory-improvement-"$PR_NUMBER"
git checkout -b "$BRANCH_NAME"
git push origin "$BRANCH_NAME"
gh pr edit --repo ${{ github.repository }} $PR_NUMBER --base "$BRANCH_NAME"