Hi all,
Please replace insecure usage of pull_request_target. Here is at least one instance:
We have pull_request_target guidance and suggested alternatives on the OSDO site at go/github-pull-request-target.
I have limited pull requests to internal QC members only for the time being until this is addressed. Reach out to go/ossops if you have questions or concerns.
Thanks,
OSSOps.
Hi all,
Please replace insecure usage of pull_request_target. Here is at least one instance:
llama.cpp/.github/workflows/labeler.yml
Line 3 in ff5ef82
We have pull_request_target guidance and suggested alternatives on the OSDO site at go/github-pull-request-target.
I have limited pull requests to internal QC members only for the time being until this is addressed. Reach out to go/ossops if you have questions or concerns.
Thanks,
OSSOps.