From 69ce08f49fb1672817726413d7351b7cddda6b96 Mon Sep 17 00:00:00 2001
From: "hf-security-analysis[bot]"
 <265538906+hf-security-analysis[bot]@users.noreply.github.com>
Date: Wed, 6 May 2026 12:02:19 +0000
Subject: [PATCH] fix(security): remediate workflow vulnerability in
 .github/workflows/pr_labeler.yml

---
 .github/workflows/pr_labeler.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/pr_labeler.yml b/.github/workflows/pr_labeler.yml
index 3159979c1bfe..190e3ef8b921 100644
--- a/.github/workflows/pr_labeler.yml
+++ b/.github/workflows/pr_labeler.yml
@@ -20,6 +20,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
+        with:
+          ref: ${{ github.event.pull_request.base.sha }}
       - name: Check for missing tests
         id: check
         env: