Merge pull request from GHSA-r3gv-6fw7-hc52

Fix CI command injection vulnerability
TeamNewPipe · Apr 27, 2023 · ed17811 · ed17811
2 parents da30e53 + 43b0167
commit ed17811
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -42,7 +42,9 @@ jobs:
       - name: create and checkout branch
         # push events already checked out the branch
         if: github.event_name == 'pull_request'
-        run: git checkout -B ${{ github.head_ref }}
+        env:
+          BRANCH: ${{ github.head_ref }}
+        run: git checkout -B "$BRANCH"
 
       - name: set up JDK 17
         uses: actions/setup-java@v3