In this particular case bandit was complaining about potential path
escape exploits on urlopen. However the urls are safe enough, because
all template parameters inserted into the url are from:
* config.yml - malicious changes to config.yml are possible that's
already a lot bigger issue than this than redirecting github api
calls.
* git tags witch are present in bot the local index-v2.json file (as
versionName) and the remote github API. (git tags don't allow the
string '..')
Use whatsNew text (if available) as release notes text when deploying to
Github releases. This feature will always use 'en-US' locale texts,
since English is the lingua franka on GitHub. Additionally this change
also adds a config option to preprend a static text to those release
notes.
