From b4c0bf319d7dde9293d18f7763c2c1823780cb8c Mon Sep 17 00:00:00 2001 From: "hf-security-analysis[bot]" <265538906+hf-security-analysis[bot]@users.noreply.github.com> Date: Tue, 30 Jun 2026 12:59:45 +0000 Subject: [PATCH] fix(security): remediate workflow vulnerability in .github/workflows/sync_space.yml --- .github/workflows/sync_space.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sync_space.yml b/.github/workflows/sync_space.yml index 6484c44..64b8f1c 100644 --- a/.github/workflows/sync_space.yml +++ b/.github/workflows/sync_space.yml @@ -31,5 +31,6 @@ jobs: git config user.name "GitHub CI" git add -A git commit -m "Sync from leLab @ ${GITHUB_SHA}" - git remote add hf https://Nico-robot:$HF_TOKEN@huggingface.co/spaces/lerobot/LeLab + git remote add hf https://huggingface.co/spaces/lerobot/LeLab + git config credential.helper '!f() { echo "username=Nico-robot"; echo "password=$HF_TOKEN"; }; f' git push -f hf main