Never heard of pull_request_target before today and I think I’m with him, I don’t know what I would possibly use it for that would justify the risk of unreviewed code getting access to build environments. Seems bananas.
You must log in or # to comment.
It was bound to happen, as github actions are mess.
Im just happy that AI bros got hit this time, instead of something important.