Closed ljharb closed 3 weeks ago
This pull request is automatically built and testable in CodeSandbox.
To see build info of the built libraries, click here or the icon next to each commit SHA.
This is a Trojan horse pull request. The PR title clearly states that the purpose is to "test built code". In reality, the PR:
If you're making changes like this, at least be honest about it. There's nothing to be ashamed of, or is there?
To be fair, the actions are pinned to a commit. There isn't a risk of malicious code being added there. The deps are more dsngerous though, but there is always some trust in maintainers involved.
LGTM
I want to remind you that the previous Trojan pull request was accepted in the neighboring repository https://github.com/A11yance/axobject-query/pull/354
The more you allow someone, the more brazen they become
Doesn't look good to me.
These are all dev deps, and as such, it doesn’t make sense for anyone but maintainers to have an opinion on them.
@wojtekmaj there’s nothing dishonest here, and accusing me of doing something “sneaky” is an absurd accusation.
This is effectively the same PR as https://github.com/A11yance/axobject-query/pull/356.