|
|
|
|
|
|
by prepend
1750 days ago
|
|
|
GP, and I agree, wants tokens to be scoped to repos, not to activities. Your link describes how you can limit the things you can do with a token. But GitHub doesn’t allow limiting where you can do those things. It’s annoying and I wish they would fix this. If you work on lots of repos across lots of orgs, this is a big vulnerability. I get the heebee-jeebies whenever I have to grant permission on something because if I make a mistake it could hose lots of things. |
|
|