Update broken-link-checker.yml to avoid code injection vulnerability (#…

…243) * Update broken-link-checker.yml to avoid code injection vulnerability Updated workflow to use environment variables to avoid code injection vulnerability. * Update broken-link-checker.yml with correct package name
toss · Sep 13, 2024 · 3a97440 · 3a97440
1 parent bd3417d
commit 3a97440
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/.github/workflows/broken-link-checker.yml b/.github/workflows/broken-link-checker.yml
@@ -18,4 +18,7 @@ jobs:
           cache-dependency-path: 'yarn.lock'
           node-version-file: '.nvmrc'
       - run: yarn install
-      - run: yarn blc ${{ github.event.inputs.url }} --ro
+      - name: Check broken link
+        env:
+          url: ${{ github.event.inputs.url || 'https://es-hangul.slash.page' }}
+        run: yarn blc $url --ro