|
|
|
|
|
|
by alilleybrinker
564 days ago
|
|
|
The project maintainers had to both: 1) Decide to use the highly risky `pull_request_target` Actions trigger instead of the much safer `pull_request` trigger, 2) include in their Actions a script, executing in an environment with write access to the repo and access to repository secrets, which executes untrusted input (the branch name). |
|
|