You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Due to the dangers inherent to automatic processing of PRs, GitHub’s standard pull_request workflow trigger by default prevents write permissions and secrets access to the target repository.
We're looking for secrets in pull_request triggers, but should not.
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/:
Due to the dangers inherent to automatic processing of PRs, GitHub’s standard pull_request workflow trigger by default prevents write permissions and secrets access to the target repository.
We're looking for secrets in pull_request triggers, but should not.
Thanks @jeffmendoza and @sethvargo for flagging
The text was updated successfully, but these errors were encountered: