Alois Klink dc22189eef docs(ci/pr-labeler): warn about security issues
Using `pull_request_target` is pretty dangerous, since it heavily
increases the risk of malicious PRs getting access to the mermaid-js
repo.

What we're doing currently is safe, but we should add a warning
message just to ensure that we're very careful when we make changes.

See: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target
See: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
2023-09-24 19:17:03 +01:00
..
2023-07-02 10:14:35 +05:30
2023-07-02 10:14:35 +05:30
2023-07-02 10:14:35 +05:30
2022-09-03 13:41:25 +05:30
2023-07-02 10:14:35 +05:30
2023-07-07 15:56:30 +05:30
2022-09-03 13:41:25 +05:30
2023-08-03 19:04:24 +00:00
2023-08-22 11:42:12 +05:30
2023-07-06 11:32:37 +05:30
2022-09-03 13:41:25 +05:30
2023-07-02 10:14:35 +05:30