alt Hacker Newspull_request_target is criminally negligent -- github should simply disable it.
The security risk for running unvalidated code on any random PR with access to account secrets has no legitimate use case which outweighs its unbounded risk.
pull_request_target is criminally negligent -- github should simply disable it.
The security risk for running unvalidated code on any random PR with access to account secrets has no legitimate use case which outweighs its unbounded risk.