Hi all,
Please replace insecure usage of pull_request_target. Here is at least one instance:
We have pull_request_target guidance and suggested alternatives on the OSDO site at go/github-pull-request-target.
I have limited pull requests to internal QC members only for the time being until this is addressed. Reach out to go/ossops if you have questions or concerns.
Thanks,
Mark
Hi all,
Please replace insecure usage of pull_request_target. Here is at least one instance:
video-driver/.github/workflows/pre_merge.yml
Line 11 in 631c564
We have pull_request_target guidance and suggested alternatives on the OSDO site at go/github-pull-request-target.
I have limited pull requests to internal QC members only for the time being until this is addressed. Reach out to go/ossops if you have questions or concerns.
Thanks,
Mark