Thank you, I've done this. I've discovered that many such repositories have been hit by spam and commits that inject RCE or Adware in the name of contributions.
As much as it's great to have a fully automated process, sometimes a thin audit layer is worth it's weight in gold. Seems like the volume on this repo wouldn't be too bad in this case.
[Update]: Surprisingly, both accounts are either gone or have changed their usernames. The closed PR has been deleted and is no longer available.
Close the PR, and if they open a new one, block them from the org.
There is a setting to prevent PRs from recently created accounts, you might want to turn that on too: https://docs.github.com/en/communities/moderating-comments-a...
Thank you, I've done this. I've discovered that many such repositories have been hit by spam and commits that inject RCE or Adware in the name of contributions.
You probably want to turn on manual approval for running ci on external prs
Yes, I'll set that up and establish some rules for communicating your change and contribution to the project.
As much as it's great to have a fully automated process, sometimes a thin audit layer is worth it's weight in gold. Seems like the volume on this repo wouldn't be too bad in this case.
> sometimes a thin audit layer is worth it's weight in gold.
Yes, 100%
Close it?
Yes, I've done that. Tried reaching out to those accounts again, but still no response.
just close it
Done