One of this repositories workflow's uses pull_request_target:
Please see the GitHub documentation for a list of risks associated with the target. I see the workflow is currently quite careful, but IMO it is still better to split it into two, one for building and one for posting.
It is now disallowed by actions/checkout (see blog post). We are also considering disabling it across the organisation (new feature), but it would break this workflow.
One of this repositories workflow's uses
pull_request_target:python-docs-es/.github/workflows/pr-comment.yml
Line 4 in 9b99734
Please see the GitHub documentation for a list of risks associated with the target. I see the workflow is currently quite careful, but IMO it is still better to split it into two, one for building and one for posting.
It is now disallowed by
actions/checkout(see blog post). We are also considering disabling it across the organisation (new feature), but it would break this workflow.