mirror of
https://github.com/Bubberstation/Bubberstation.git
synced 2026-01-05 22:43:46 +00:00
09a0f00456
I already use this, but it occurred to me that without hooksecret, that somebody could craft a fake event with a "changelog" and a `$payload['pull_request']['base']['repo']['url']` set to a script they controlled, and use that to extract the private key.
12 KiB
12 KiB