From 5ad426388ad7a431028d45ae7f0056e4a8881536 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Duarte?= <jsvd@users.noreply.github.com>
Date: Thu, 28 Mar 2024 10:56:42 +0000
Subject: [PATCH] Update critical_vulnerability_scan.yml

Change trigger from pull_request_target to pull_request, as the former uses the base branch instead of the PR source code.
This allows simplification of the checkout action (also took the opportunity to bump from v2 to v4).
---
 .github/workflows/critical_vulnerability_scan.yml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/critical_vulnerability_scan.yml b/.github/workflows/critical_vulnerability_scan.yml
index d083300310c..14e7eab72f7 100644
--- a/.github/workflows/critical_vulnerability_scan.yml
+++ b/.github/workflows/critical_vulnerability_scan.yml
@@ -1,7 +1,7 @@
 name: Scan for vulnerabilities
 
 on:
-  pull_request_target:
+  pull_request:
     types: [opened, synchronize]
   workflow_dispatch:
 
@@ -10,10 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps: 
       - name: checkout repo content
-        uses: actions/checkout@v2
-        with:
-          fetch-depth: 0
-          ref: ${{ github.head_ref }}
+        uses: actions/checkout@v4
       - name: build tar distribution
         run: ./gradlew clean assembleTarDistribution
       - run: mkdir scan