Comment by pengaru
This third party app gets write access to your repository, so it can do automated reviews of PRs?
Why would you even grant it such permissions? this is ridiculous.
This third party app gets write access to your repository, so it can do automated reviews of PRs?
Why would you even grant it such permissions? this is ridiculous.
Besides that this was clearly a security f*ckup, in my mind it's almost equivalent to running those third party liters in our Internet-connection-enabled editors and IDEs. Other than one banking project, I don't think I ever had to sandbox my editor in any way.
Scary.