workflows/vendor-version: fix template-injection warnings

Fixes https://github.com/Homebrew/brew/security/code-scanning/40
Fixes https://github.com/Homebrew/brew/security/code-scanning/41

.github/workflows/vendor-version.yml

@@ -37,7 +37,7 @@ jobs:
         working-directory: ${{ steps.set-up-homebrew.outputs.gems-path }}/${{ steps.ruby-abi.outputs.version }}/gems
         run: |
           {
-            echo "vendor-version=$(cat ../.homebrew_vendor_version)"
+            echo "vendor-version=$(<../.homebrew_vendor_version)"
             echo "ignored<<EOS"
             git check-ignore -- *
             echo "EOS"
@@ -45,12 +45,14 @@ jobs:
 
       - name: Compare to base ref
         working-directory: ${{ steps.set-up-homebrew.outputs.gems-path }}/${{ steps.ruby-abi.outputs.version }}
+        env:
+          VENDOR_VERSION: ${{ steps.gem-info.outputs.vendor-version }}
+          IGNORED_GEMS: ${{ steps.gem-info.outputs.ignored }}
         run: |
           git checkout "origin/${GITHUB_BASE_REF}"
           rm .homebrew_vendor_version
           brew install-bundler-gems --groups=all
-          if [[ "$(cat .homebrew_vendor_version)" == "${{ steps.gem-info.outputs.vendor-version }}" ]]; then
+          if [[ "$(<.homebrew_vendor_version)" == "${VENDOR_VERSION}" ]]; then
-            ignored_gems="${{ steps.gem-info.outputs.ignored }}"
             while IFS= read -r gem; do
               gem_dir="./gems/${gem}"
               [[ -d "${gem_dir}" ]] || continue
@@ -64,5 +66,5 @@ jobs:
                 fi
                 exit "${exit_code}"
               fi
-            done <<< "${ignored_gems}"
+            done <<< "${IGNORED_GEMS}"
           fi