Parzivalhack

**Name of the Vulnerable Software and Affected Versions** Black versions prior to 26.3.0 **Description** Black is a Python code formatter that provides a GitHub action for code formatting. The action supports an option, `use pyproject: true`, to read the Black version from the repository's `pyproject.toml` file. A malicious pull request could modify `pyproject.toml` to reference a malicious repository directly. This could result in arbitrary code execution within the GitHub Action's context, potentially allowing attackers to access secrets or permissions available to the action. **Recommendations** Versions prior to 26.3.0 should be updated to version 26.3.0 or later. Do not use the `use pyproject: true` option in the `psf/black` GitHub Action.