Fix Security Vulnerability with the cherry-pick bot and update-lockfiles workflow PiperOrigin-RevId: 674202509 Change-Id: I1ae99629cdbd2bf26df8893cebe8e6631681d4cd

commit: 55535cbb9a97d6be66e41a78f66ffeee678d4fb1 [log] [tgz]
author: Googler <noreply@google.com> Fri Sep 13 01:55:21 2024 -0700
committer: Copybara-Service <copybara-worker@google.com> Fri Sep 13 01:57:23 2024 -0700
tree: 2b1514167296834eb388160041e331d7704d4f93
parent: b3e14fe376740f69ce1f74e9a24e7e4a3cefc706 [diff]
diff --git a/.github/workflows/cherry-picker.yml b/.github/workflows/cherry-picker.yml
index 2e9f1c2..04ed7d1 100644
--- a/.github/workflows/cherry-picker.yml
+++ b/.github/workflows/cherry-picker.yml

@@ -1,8 +1,9 @@
 name: cherry-picker
 
 on:
-  pull_request_target:
+  pull_request:
     types: [closed]
+    branches: [master]
   issues:
     types: [closed, milestoned]
 

diff --git a/.github/workflows/update-lockfiles.yml b/.github/workflows/update-lockfiles.yml
index 3446d2d..d1c18fe 100644
--- a/.github/workflows/update-lockfiles.yml
+++ b/.github/workflows/update-lockfiles.yml

@@ -1,7 +1,7 @@
 name: update-lockfiles
 
 on:
-  pull_request_target:
+  pull_request:
     branches:
       - "release-**"
     types:
commit	55535cbb9a97d6be66e41a78f66ffeee678d4fb1	[log] [tgz]
author	Googler <noreply@google.com>	Fri Sep 13 01:55:21 2024 -0700
committer	Copybara-Service <copybara-worker@google.com>	Fri Sep 13 01:57:23 2024 -0700
tree	2b1514167296834eb388160041e331d7704d4f93
parent	b3e14fe376740f69ce1f74e9a24e7e4a3cefc706 [diff]