From: Kevin Deng 三咲智子 <sxzz@sxzz.moe>
Date: Mon, 20 May 2024 23:05:08 +0000 (+0800)
Subject: ci: fix RCE vulnerability in file overwrite (#10985)
X-Git-Tag: v3.4.28~88
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8bf1469df168f5b72e1fbb24752a6a4692e35b61;p=thirdparty%2Fvuejs%2Fcore.git

ci: fix RCE vulnerability in file overwrite (#10985)

Special thanks to @RedYetiDev
---

diff --git a/.github/workflows/size-report.yml b/.github/workflows/size-report.yml
index 5902372067..766462d6da 100644
--- a/.github/workflows/size-report.yml
+++ b/.github/workflows/size-report.yml
@@ -40,12 +40,13 @@ jobs:
         with:
           name: pr-number
           run_id: ${{ github.event.workflow_run.id }}
+          path: /tmp/pr-number
 
       - name: Read PR Number
         id: pr-number
         uses: juliangruber/read-file-action@v1
         with:
-          path: ./pr.txt
+          path: /tmp/pr-number/pr.txt
 
       - name: Download Size Data
         uses: dawidd6/action-download-artifact@v3