-
Notifications
You must be signed in to change notification settings - Fork 47.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update danger.js token #26066
Update danger.js token #26066
Conversation
0d19e8b
to
96bfb2c
Compare
Pipeline secrets are usually excluded from PRs from forks. We could expose Pipeline secrets to forks which would at least show use once they got leaked. Hard-coding secrets into code has the downside of not knowing when secrets get leaked. Either way, we have to pass these secrets to untrusted sources (forks). The only decision we can make is wether we're ok with accidentally leaking (hard-coding) or leaking to "malicious" actors (pipeline secrets). |
This reverts commit 5e600f0.
6e1bb69
to
4166084
Compare
Comparing: 0652bdb...4166084 Critical size changesIncludes critical production bundles, as well as any change greater than 2%:
Significant size changesIncludes any change greater than 0.2%: (No significant changes) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm thanks for switching back to public token for forks
The old token was revoked, this updates the token by reading from CI secrets instead, I'm not sure there's benefit in making it publicly visible. DiffTrain build for [cb16201](cb16201) [View git log for this commit](https://github.com/facebook/react/commits/cb16201180a2642696303d4aac3a04e5fd348512)
The old token was revoked, this updates the token by reading from CI secrets instead, I'm not sure there's benefit in making it publicly visible.