assignUser opened a new issue, #810: URL: https://github.com/apache/linkis-website/issues/810
Hello, I work with ASF Infra on managing the GitHub Actions allow list and came across an issue in your repo. The [workflow](https://github.com/apache/linkis-website/blob/dev/.github/workflows/auto-close-issue.yml) uses an unmaintained action and is not required. Additionally the workflow does not limit the permissions of the GITHUB_TOKEN which is a considerable security issue, especially with an unmaintained action. Github provides functionality that makes this workflow superflous, just use one of the [documented keywords](https://docs.github.com/en/get-started/writing-on-github/working-with-advanced-formatting/using-keywords-in-issues-and-pull-requests#linking-a-pull-request-to-an-issue) to link a PR to an issue and GitHub will close it when the PR is merged. Due to the security issue I will remove the peter-evans/close-issue action from the allow list today. (you are it's only user in apache/) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@linkis.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@linkis.apache.org For additional commands, e-mail: commits-h...@linkis.apache.org
