From 284fb246f30c7c5b391b8546d746fc79d2c9d5c3 Mon Sep 17 00:00:00 2001
From: Alex Gaynor <alex.gaynor@gmail.com>
Date: Fri, 3 Jan 2025 15:01:01 -0500
Subject: [PATCH] fix a theoretical code injection issue

---
 .github/actions/cache/action.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/actions/cache/action.yml b/.github/actions/cache/action.yml
index 5a52a859e873..e851c10dc820 100644
--- a/.github/actions/cache/action.yml
+++ b/.github/actions/cache/action.yml
@@ -13,8 +13,10 @@ runs:
   steps:
     - name: Normalize key
       id: normalized-key
-      run: echo "key=$(echo "${{ inputs.key }}" | tr -d ',')" >> $GITHUB_OUTPUT
+      run: echo "key=$(echo "${KEY}" | tr -d ',')" >> $GITHUB_OUTPUT
       shell: bash
+      env:
+        KEY: "${{ inputs.key }}"
     - uses: Swatinem/rust-cache@f0deed1e0edfc6a9be95417288c0e1099b1eeec3  # v2.7.7
       with:
         key: ${{ steps.normalized-key.outputs.key }}-3