From 6aa90fc15dd2fdd7035451bec3808d8008089d5a Mon Sep 17 00:00:00 2001
From: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Date: Mon, 26 Feb 2024 10:25:15 -0600
Subject: [PATCH] :chore: fixed the dangerous workflow

```
Warn: script injection with untrusted input ' github.event.pull_request.title ': .github/workflows/commitlint.yml:28
```

- https://securityscorecards.dev/viewer/?uri=github.com/defenseunicorns/pepr
- https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
- https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---
 .github/workflows/commitlint.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
index 6d338222..b2b2964c 100644
--- a/.github/workflows/commitlint.yaml
+++ b/.github/workflows/commitlint.yaml
@@ -27,4 +27,7 @@ jobs:
         run: npm install --save-dev @commitlint/{config-conventional,cli}
 
       - name: Lint PR title
-        run: echo "${{ github.event.pull_request.title }}" | npx commitlint
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        run: |
+          echo "$PR_TITLE" | npx commitlint