From 295a82288907beda1349a146feafe4a3cf1b1b43 Mon Sep 17 00:00:00 2001 From: Nikita Date: Tue, 22 Jul 2025 10:57:43 -0700 Subject: [PATCH] put quotes around arguments to prevent command injection --- .github/workflows/builds.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index 12613392..f9263756 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -31,7 +31,7 @@ jobs: shell: cmd run: | call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvarsall.bat" x64 - call build ${{ matrix.target }} ${{ matrix.compiler }} ${{ matrix.mode }} || exit /b 1 + call build "${{ matrix.target }}" "${{ matrix.compiler }}" "${{ matrix.mode }}" || exit /b 1 run-torture: runs-on: windows-2022