From efc9fb97362ec540c8a76c4d21a8348daecda852 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Dalfors?= <bjorn@binovi.se>
Date: Mon, 17 Jun 2024 11:25:07 +0200
Subject: [PATCH] dont use pull_request_target as it opens the repo for
 pwnage..

---
 .github/workflows/tests.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index a16c5141..5b842345 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -12,8 +12,6 @@ jobs:
       options: --user root
     steps:
       - uses: actions/checkout@v4
-        with:
-          ref: '${{ github.event.pull_request.merge_commit_sha }}' # since event is pull_request_target
       - name: Install Packages
         run: yarn install --frozen-lockfile
       - name: Build