Hi all,

Our Verify Change Log action in GitHub is failing on every PR now with a 
permissions error:

"Error: Refusing to check out fork pull request code from a 
'pull_request_target' workflow. This workflow runs with the base repository's 
GITHUB_TOKEN, secrets, default-branch cache scope, and runner access. Fetching 
and executing a fork's code in that trusted context commonly leads to "pwn 
request" vulnerabilities. To opt in, review the risks at 
https://gh.io/securely-using-pull_request_target and set 
'allow-unsafe-pr-checkout: true' on the actions/checkout step.”

I don’t know enough about how actions work to know if changing 
`allow-unsafe-pr-checkout` is the right solution here, or if we need to change 
the access for this action somehow?

- Alan
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to