Closed jeffwidman closed 5 months ago
I don't think this is a big deal either way, but it can't hurt and since I saw the note about it while merging #442, thought I'd throw this up there as well.
CI won't check this, we'll only find out if it's working when we try to build/do a release... but again, not a big risk because easy to revert if we run into problems.
https://github.com/dependabot/fetch-metadata/pull/442 bumped to a new version of this action which now supports a
"repositories"
key that scopes the token to the designated repositories.