Edit: make sure to check my security issue comment here:#54 (comment)

When using pull_request_target, the action compares master against master, instead of comparing master against the PR.

This bug repo PR demonstrates the problem:
#53

I expect changes to be reported in comments according to my changes but no changes were reported.

We can also see the problem in the Action logs:

https://github.com/preactjs/compressed-size-action/runs/1929330272?check_suite_focus=true

The commit hash is used 2 times and is the current HEAD of master:

cc@developit