fix github action security issue

[hatemhosny]

Summary by CodeRabbit

• Chores
  • Updated internal workflow configuration for internationalization process improvements.

---

Note: This release contains no user-facing changes. The update addresses internal infrastructure used for managing internationalization updates.

[netlify]

✅ Deploy Preview for livecodes ready!

Name	Link
🔨 Latest commit	e151c64
🔍 Latest deploy log	https://app.netlify.com/projects/livecodes/deploys/699bf60146d8980008b8e275
😎 Deploy Preview	https://deploy-preview-952--livecodes.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Size Change: +62 B (+0.01%)

Total Size: 1.02 MB

ℹ️ View Unchanged

Filename	Size	Change
./build/404.html	1 kB	0 B
./build/app.html	250 B	0 B
./build/index.html	2.46 kB	0 B
./build/livecodes/app.css	22.6 kB	0 B
./build/livecodes/app.js	112 kB	-42 B (-0.04%)
./build/livecodes/assets.js	8.64 kB	+48 B (+0.56%)
./build/livecodes/assets/noop.js	18 B	0 B
./build/livecodes/assets/templates/diagrams-starter.html	2.19 kB	0 B
./build/livecodes/backup.js	3.73 kB	+2 B (+0.05%)
./build/livecodes/blockly.js	13.4 kB	0 B
./build/livecodes/broadcast.js	1.19 kB	+1 B (+0.08%)
./build/livecodes/bundle-types.js	4.36 kB	0 B
./build/livecodes/code-to-image.js	9.1 kB	-5 B (-0.05%)
./build/livecodes/codejar.js	17.6 kB	0 B
./build/livecodes/codemirror.js	6.29 kB	0 B
./build/livecodes/compile.page.js	2.4 kB	0 B
./build/livecodes/compile.worker.js	14.5 kB	0 B
./build/livecodes/compiler-utils.js	3.18 kB	0 B
./build/livecodes/custom-editor-utils.js	198 B	0 B
./build/livecodes/deploy.js	6.87 kB	-25 B (-0.36%)
./build/livecodes/editor-settings.js	17.7 kB	+12 B (+0.07%)
./build/livecodes/embed-ui.js	5.55 kB	-6 B (-0.11%)
./build/livecodes/embed.js	90.1 kB	+85 B (+0.09%)
./build/livecodes/export.js	3.89 kB	0 B
./build/livecodes/firebase.js	22.7 kB	0 B
./build/livecodes/format.worker.js	13.6 kB	0 B
./build/livecodes/google-fonts.js	7.12 kB	0 B
./build/livecodes/headless.js	78.5 kB	-50 B (-0.06%)
./build/livecodes/i18n-ar-language-info.json	5.34 kB	0 B
./build/livecodes/i18n-ar-translation.json	9.32 kB	0 B
./build/livecodes/i18n-bn-language-info.json	5.76 kB	0 B
./build/livecodes/i18n-bn-translation.json	9.66 kB	0 B
./build/livecodes/i18n-de-language-info.json	5.4 kB	0 B
./build/livecodes/i18n-de-translation.json	9.45 kB	0 B
./build/livecodes/i18n-en-language-info.json	4.63 kB	0 B
./build/livecodes/i18n-en-translation.json	8.04 kB	0 B
./build/livecodes/i18n-es-language-info.json	5.12 kB	0 B
./build/livecodes/i18n-es-translation.json	9.18 kB	0 B
./build/livecodes/i18n-fa-language-info.json	5.52 kB	0 B
./build/livecodes/i18n-fa-translation.json	9.47 kB	0 B
./build/livecodes/i18n-fr-language-info.json	5.31 kB	0 B
./build/livecodes/i18n-fr-translation.json	9.42 kB	0 B
./build/livecodes/i18n-hi-language-info.json	5.93 kB	0 B
./build/livecodes/i18n-hi-translation.json	9.97 kB	0 B
./build/livecodes/i18n-id-language-info.json	4.87 kB	0 B
./build/livecodes/i18n-id-translation.json	8.7 kB	0 B
./build/livecodes/i18n-it-language-info.json	5.17 kB	0 B
./build/livecodes/i18n-it-translation.json	9.25 kB	0 B
./build/livecodes/i18n-ja-language-info.json	5.72 kB	0 B
./build/livecodes/i18n-ja-translation.json	9.62 kB	0 B
./build/livecodes/i18n-nl-language-info.json	5.07 kB	0 B
./build/livecodes/i18n-nl-translation.json	8.9 kB	0 B
./build/livecodes/i18n-pt-language-info.json	5.16 kB	0 B
./build/livecodes/i18n-pt-translation.json	9.37 kB	0 B
./build/livecodes/i18n-ru-language-info.json	5.7 kB	0 B
./build/livecodes/i18n-ru-translation.json	10.3 kB	0 B
./build/livecodes/i18n-tr-language-info.json	5.3 kB	0 B
./build/livecodes/i18n-tr-translation.json	9.27 kB	0 B
./build/livecodes/i18n-ur-language-info.json	5.97 kB	0 B
./build/livecodes/i18n-ur-translation.json	9.8 kB	0 B
./build/livecodes/i18n-zh-CN-language-info.json	5.01 kB	0 B
./build/livecodes/i18n-zh-CN-translation.json	8.66 kB	0 B
./build/livecodes/i18n.js	20.3 kB	+18 B (+0.09%)
./build/livecodes/import-src.js	16.2 kB	0 B
./build/livecodes/import.js	14.6 kB	-1 B (-0.01%)
./build/livecodes/index.js	5.36 kB	+5 B (+0.09%)
./build/livecodes/lang-art-template-compiler.js	1.65 kB	0 B
./build/livecodes/lang-assemblyscript-compiler.js	290 B	0 B
./build/livecodes/lang-assemblyscript-script.js	386 B	0 B
./build/livecodes/lang-astro-compiler.js	2.34 kB	0 B
./build/livecodes/lang-clio-compiler.js	1.55 kB	0 B
./build/livecodes/lang-commonlisp-script.js	123 B	0 B
./build/livecodes/lang-cpp-script.js	1.74 kB	0 B
./build/livecodes/lang-cpp-wasm-script.js	2.84 kB	0 B
./build/livecodes/lang-csharp-wasm-script.js	2.18 kB	0 B
./build/livecodes/lang-diagrams-compiler-esm.js	5.09 kB	0 B
./build/livecodes/lang-dot-compiler.js	1.66 kB	0 B
./build/livecodes/lang-ejs-compiler.js	1.63 kB	0 B
./build/livecodes/lang-eta-compiler.js	1.65 kB	0 B
./build/livecodes/lang-fennel-compiler.js	1.61 kB	0 B
./build/livecodes/lang-gleam-compiler.js	3.09 kB	0 B
./build/livecodes/lang-go-wasm-script.js	3.25 kB	0 B
./build/livecodes/lang-haml-compiler.js	1.65 kB	0 B
./build/livecodes/lang-handlebars-compiler.js	1.95 kB	0 B
./build/livecodes/lang-imba-compiler.js	147 B	0 B
./build/livecodes/lang-java-script.js	4.05 kB	0 B
./build/livecodes/lang-jinja-compiler.js	1.65 kB	0 B
./build/livecodes/lang-julia-script.js	3.31 kB	0 B
./build/livecodes/lang-liquid-compiler.js	1.68 kB	0 B
./build/livecodes/lang-lua-wasm-script.js	205 B	0 B
./build/livecodes/lang-malina-compiler.js	2.96 kB	0 B
./build/livecodes/lang-minizinc-script.js	2.06 kB	0 B
./build/livecodes/lang-mustache-compiler.js	1.65 kB	0 B
./build/livecodes/lang-nunjucks-compiler.js	1.96 kB	0 B
./build/livecodes/lang-perl-script.js	268 B	0 B
./build/livecodes/lang-php-wasm-script.js	347 B	0 B
./build/livecodes/lang-postgresql-compiler-esm.js	1.73 kB	0 B
./build/livecodes/lang-prolog-script.js	204 B	0 B
./build/livecodes/lang-pug-compiler.js	371 B	0 B
./build/livecodes/lang-python-wasm-script.js	1.86 kB	0 B
./build/livecodes/lang-r-script-esm.js	2.44 kB	0 B
./build/livecodes/lang-rescript-compiler-esm.js	2.16 kB	0 B
./build/livecodes/lang-rescript-formatter.js	1.52 kB	0 B
./build/livecodes/lang-riot-compiler.js	2.81 kB	0 B
./build/livecodes/lang-ruby-wasm-script.js	1.71 kB	0 B
./build/livecodes/lang-scss-compiler.js	1.71 kB	0 B
./build/livecodes/lang-solid-compiler.js	263 B	0 B
./build/livecodes/lang-sql-compiler.js	1.64 kB	0 B
./build/livecodes/lang-sql-script.js	1.95 kB	0 B
./build/livecodes/lang-svelte-compiler.js	4.69 kB	0 B
./build/livecodes/lang-tcl-script.js	1.82 kB	0 B
./build/livecodes/lang-teal-compiler.js	1.72 kB	0 B
./build/livecodes/lang-twig-compiler.js	1.64 kB	0 B
./build/livecodes/lang-vento-compiler.js	1.68 kB	0 B
./build/livecodes/lang-vue-compiler.js	6.09 kB	0 B
./build/livecodes/lang-vue2-compiler.js	3.48 kB	0 B
./build/livecodes/lang-wat-compiler.js	348 B	0 B
./build/livecodes/lang-wat-script.js	1.58 kB	0 B
./build/livecodes/language-info.js	7.92 kB	+5 B (+0.06%)
./build/livecodes/monaco-lang-astro.js	947 B	0 B
./build/livecodes/monaco-lang-clio.js	639 B	0 B
./build/livecodes/monaco-lang-imba.js	7.35 kB	0 B
./build/livecodes/monaco-lang-minizinc.js	1.74 kB	0 B
./build/livecodes/monaco-lang-prolog.js	580 B	0 B
./build/livecodes/monaco-lang-wat.js	2.46 kB	0 B
./build/livecodes/monaco.js	10.1 kB	0 B
./build/livecodes/open.js	6.21 kB	+10 B (+0.16%)
./build/livecodes/processor-lightningcss-compiler.js	1.88 kB	0 B
./build/livecodes/processor-postcss-compiler.js	2.02 kB	0 B
./build/livecodes/processor-tailwindcss-compiler.js	5.24 kB	0 B
./build/livecodes/processor-unocss-compiler.js	355 B	0 B
./build/livecodes/processor-windicss-compiler.js	450 B	0 B
./build/livecodes/quill.css	697 B	0 B
./build/livecodes/quill.js	5.81 kB	0 B
./build/livecodes/resources.js	3.43 kB	+1 B (+0.03%)
./build/livecodes/result-utils.js	1.17 kB	0 B
./build/livecodes/share.js	3.81 kB	+2 B (+0.05%)
./build/livecodes/snippets.js	6.04 kB	+1 B (+0.02%)
./build/livecodes/sync-ui.js	3.25 kB	+1 B (+0.03%)
./build/livecodes/sync.js	3.54 kB	0 B
./build/livecodes/sync.worker.js	29.7 kB	0 B
./build/livecodes/templates.js	26.6 kB	0 B
./build/sdk/livecodes.js	3.95 kB	0 B
./build/sdk/livecodes.umd.js	4.02 kB	0 B
./build/sdk/package.json	292 B	0 B
./build/sdk/react.js	4.24 kB	0 B
./build/sdk/vue.js	4.36 kB	0 B

_{compressed-size-action}

[cloudflare-workers-and-pages]

Deploying livecodes with    Cloudflare Pages

Latest commit:	e151c64
Status:	✅  Deploy successful!
Preview URL:	https://7d575e3e.livecodes.pages.dev
Branch Preview URL:	https://fix-i18n-action.livecodes.pages.dev

View logs

[coderabbitai]

Walkthrough

A GitHub Actions workflow configuration is modified to source the PR title from an environment variable instead of accessing GitHub event context directly.

Changes

Cohort / File(s)	Summary
Workflow Configuration .github/workflows/i18n-update-pull.yml	Adds ISSUES_TITLE environment variable to a workflow step and updates PR title construction to use process.env.ISSUE_TITLE instead of github.event.issue.title.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix github action security issue' is directly related to the changeset, which addresses a security concern by shifting from direct GitHub context interpolation to an explicitly passed environment variable in the GitHub Actions workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix-i18n-action

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/i18n-update-pull.yml (1)

171-171: Consider using an env var for default_branch for consistency with the rest of the PR.

While github.event.repository.default_branch is admin-controlled and not on GitHub's list of untrusted inputs (unlike attacker-controlled variants from forked PRs), using an env: variable is still a reasonable consistency improvement that aligns with the pattern applied elsewhere in this PR.

Proposed pattern

         env:
           ISSUE_TITLE: ${{ github.event.issue.title }}
+          DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}

-              base: '${{ github.event.repository.default_branch }}'
+              base: process.env.DEFAULT_BRANCH,

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/i18n-update-pull.yml at line 171, Replace the hardcoded
reference to github.event.repository.default_branch in the job step that sets
base with an env var: add an env entry (e.g., DEFAULT_BRANCH) at the workflow or
job level and set it to '${{ github.event.repository.default_branch }}', then
change the base value to use '${{ env.DEFAULT_BRANCH }}' so the step uses the
env variable consistently with other steps; update any related step definitions
that reference base to consume the new env var.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/i18n-update-pull.yml:
- Line 171: Replace the hardcoded reference to
github.event.repository.default_branch in the job step that sets base with an
env var: add an env entry (e.g., DEFAULT_BRANCH) at the workflow or job level
and set it to '${{ github.event.repository.default_branch }}', then change the
base value to use '${{ env.DEFAULT_BRANCH }}' so the step uses the env variable
consistently with other steps; update any related step definitions that
reference base to consume the new env var.