From 1a462d6939868c0697901c0909e6557872026951 Mon Sep 17 00:00:00 2001
From: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Date: Thu, 15 Feb 2024 12:08:03 -0600
Subject: [PATCH] Fixed the Dangerous-Workflow

Fixed the dangerous workflow
Warn: script injection with untrusted input ' github.event.pull_request.title ': .github/workflows/commitlint.yml:28

https://securityscorecards.dev/viewer/?uri=github.com/defenseunicorns/pepr

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---
 .github/workflows/commitlint.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/commitlint.yml b/.github/workflows/commitlint.yml
index b4f3d4cc..a951d44f 100644
--- a/.github/workflows/commitlint.yml
+++ b/.github/workflows/commitlint.yml
@@ -25,4 +25,6 @@ jobs:
         run: npm install --save-dev @commitlint/{config-conventional,cli}
 
       - name: Lint PR title
-        run: echo "${{ github.event.pull_request.title }}" | npx commitlint
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        run: echo "$PR_TITLE" | npx commitlint