Skip to content

Commit

Permalink
Merge pull request #813 from thomasnordquist/chore/dont-use-pull-requ…
Browse files Browse the repository at this point in the history 
…est-target-for-untrusted-code

dont use pull_request_target as it opens the repo for pwnage..
  • Loading branch information
@bj00rn
bj00rn authored Jun 17, 2024
2 parents f539e03 + efc9fb9 commit 8975e7b
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions .github/workflows/tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,6 @@ jobs:
options: --user root
steps:
- uses: actions/checkout@v4
with:
ref: '${{ github.event.pull_request.merge_commit_sha }}' # since event is pull_request_target
- name: Install Packages
run: yarn install --frozen-lockfile
- name: Build
Expand Down

0 comments on commit 8975e7b

Please sign in to comment.