From 227c4ecd56a3804f8ca0d6afe1fb311f5732ddfb Mon Sep 17 00:00:00 2001
From: Niklas Siemer <70580458+niklassiemer@users.noreply.github.com>
Date: Wed, 7 Jun 2023 16:51:37 +0200
Subject: [PATCH] Use intermediate PR_TITLE variable to secure workflow

---
 .github/workflows/UpdateDependabotPR.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/UpdateDependabotPR.yml b/.github/workflows/UpdateDependabotPR.yml
index 8786e66..5ad6856 100644
--- a/.github/workflows/UpdateDependabotPR.yml
+++ b/.github/workflows/UpdateDependabotPR.yml
@@ -15,9 +15,11 @@ jobs:
           fetch-depth: 0 # otherwise, you will fail to push refs to dest repo
           token: ${{ secrets.DEPENDABOT_WORKFLOW_TOKEN }}
       - name: UpdateEnvironmentFile
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
         shell: bash -l {0}
         run: |
-          python .ci_support/update_environment.py ${{ github.event.pull_request.title }}
+          python .ci_support/update_environment.py $PR_TITLE
       - name: UpdateDependabotPR commit
         run: |
           git config --local user.email "pyiron@mpie.de"