lupyuen commented on issue #18359: URL: https://github.com/apache/nuttx/issues/18359#issuecomment-3863549938
Thanks to Tomek: https://issues.apache.org/jira/browse/INFRA-27602 ```text FYI: We (Grails) received a similar. For https://github.com/apache/beam/blob/master/.github/workflows/label_prs.yml, I'd like to point out that the secret in question is "${{ secrets.GITHUB_TOKEN }}" This token is given access to contents: read & pull-requests: write. So indeed it seems like your instance may be safe. In our case, we had content: write and we decided to just remove auto-labeling functionality by removing pull)request_target. It would be good to see if infrastructure would allow an exemption for workflows that only target the PR & do not have write permissions. ``` My Action List: (1) Verify that pr-size-labeler works with (safer) pull_request, instead of (unsafe) pull_request_target (2) Chat with ASF Infra Team on Slack -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
