| ▲ | pengaru 6 days ago | |
This third party app gets write access to your repository, so it can do automated reviews of PRs? Why would you even grant it such permissions? this is ridiculous. | ||
| ▲ | kmarc 6 days ago | parent [-] | |
Besides that this was clearly a security f*ckup, in my mind it's almost equivalent to running those third party liters in our Internet-connection-enabled editors and IDEs. Other than one banking project, I don't think I ever had to sandbox my editor in any way. Scary. | ||