|
Some checks failed
gitleaks / scan (push) Failing after 3s
CI security audit finding. These are all inherited NewPipe GitHub workflows, none functional on Forgejo — the real pipeline is .forgejo/workflows/. Highest risk: pr-labeler.yml ran on pull_request_target with pull-requests:write and called a mutable @main third-party action with GITHUB_TOKEN — a textbook pwn-request on a public repo (base-repo write token, triggerable by any fork PR). image-minimizer.yml ran arbitrary JS with issues/PR write perms. The rest (no-response, backport-pr, ci, build-release-apk) are dead + were spamming a red X on every push. Removing the lot drops third-party supply-chain surface to zero. Also dropped changed-lines-count-labeler.yml (dead config for the deleted labeler). |
||
|---|---|---|
| .. | ||
| DISCUSSION_TEMPLATE | ||
| ISSUE_TEMPLATE | ||
| CONTRIBUTING.md | ||
| FUNDING.yml | ||
| PULL_REQUEST_TEMPLATE.md | ||