Add warning regarding pull_request_target event#1354
Conversation
|
Thanks for opening this pull request! A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines. |
|
@ylemkimon Thanks so much for opening a PR! I'll get this triaged for review ✨ |
janiceilene
added
actions
|
This PR is stale because it has been open 7 days with no activity and will be automatically closed in 3 days. To keep this PR open, update the PR by adding a comment or pushing a commit. |
github-actions
Bot
added
the
stale
This comment has been minimized.
This comment has been minimized.
janiceilene
removed
the
stale
|
Thanks for your patience @ylemkimon! Our small team is working our way through all the amazing contributions ✨ |
|
This PR is stale because it has been open 7 days with no activity and will be automatically closed in 3 days. To keep this PR open, update the PR by adding a comment or pushing a commit. |
github-actions
Bot
added
the
stale
janiceilene
removed
the
stale
Co-authored-by: Martin Lopes <54248166+martin389@users.noreply.github.com>
|
@martin389 It looks like @ylemkimon incorporated your suggestions 🎉 Can you add a |
|
Thanks @janiceilene! For the next step, I'm checking that support approves this guidance 👍 |
elstudio
left a comment
elstudio
left a comment
There was a problem hiding this comment.
Looks good -- and a very very good thing to warn folks about!
|
Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. |
|
Thank you @ylemkimon! 👍 |
|
Thank you everyone for your reviews and the great work at GitHub! |
5 participants
Why:
pull_request_targetevent runs in the context of the base repository, which could be potentially dangerous if it is used to test untrusted code from public forks. It also shares the same scope of cache with the base branch. Closes #1353.What's being changed:
Check off the following: