zizmorcore/zizmor v1.0.1

on GitHub

v1.0.1

This is a small quality and bugfix release. Thank you to everybody
who helped by reporting and shaking out bugs from our first stable release!

Improved

• The github-env audit now detects dangerous writes to GITHUB_PATH,
  is more precise, and can produce multiple findings per run block (#391)

Fixed

• workflow_call.secrets keys with missing values are now parsed correctly (#388)
• The cache-poisoning audit no longer incorrectly treats docker/build-push-action as
  a publishing workflow is push: false is explicitly set (#389)
• The template-injection audit no longer considers github.action_path
  to be a potentially dangerous expansion (#402)
• The github-env audit no longer skips run: steps with non-trivial
  shell: stanzas (#403)