Before creating a feature request...
Description
Hi, after auditing the project I noticed that buildapp.yml and buildtweak.yml have supply chain risks:
GitHub Actions pinned to mutable tags (@v4) — these tags can be silently redirected to malicious code. GitHub recommends pinning to full commit SHAs.
pyzule-rw installed from main branch (line 97 of buildapp.yml) — no hash verification, so a compromised repo could inject code into every built IPA.
ipapatch downloaded without checksum verification (line 100) — the binary could be swapped without detection.
Describe the solution you'd like
Modifications in the project
Describe alternatives you've considered
Maybe include hash verification and direct link to insta official ipa
Before creating a feature request...
Description
Hi, after auditing the project I noticed that buildapp.yml and buildtweak.yml have supply chain risks:
GitHub Actions pinned to mutable tags (@v4) — these tags can be silently redirected to malicious code. GitHub recommends pinning to full commit SHAs.
pyzule-rw installed from main branch (line 97 of buildapp.yml) — no hash verification, so a compromised repo could inject code into every built IPA.
ipapatch downloaded without checksum verification (line 100) — the binary could be swapped without detection.
Describe the solution you'd like
Modifications in the project
Describe alternatives you've considered
Maybe include hash verification and direct link to insta official ipa