From 0e109668f1202d558b875812ce81e347cf5ba660 Mon Sep 17 00:00:00 2001
From: Sai Venkat Desu <venkat.desu@okta.com>
Date: Fri, 30 Aug 2024 15:38:42 +0530
Subject: [PATCH] ci: changed pull_request_target to pull_request and removed
 the authorize step

---
 .github/workflows/browserstack.yml | 9 +--------
 .github/workflows/semgrep.yml      | 9 +--------
 .github/workflows/snyk.yml         | 9 +--------
 3 files changed, 3 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/browserstack.yml b/.github/workflows/browserstack.yml
index e39d3920..712aadc8 100644
--- a/.github/workflows/browserstack.yml
+++ b/.github/workflows/browserstack.yml
@@ -3,7 +3,7 @@ name: Browserstack
 on:
   merge_group:
   workflow_dispatch:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -23,15 +23,8 @@ env:
   CACHE_KEY: '${{ github.event.pull_request.head.sha || github.ref }}-${{ github.run_id }}-${{ github.run_attempt }}'
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.event.pull_request.user.login != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
 
   build:
-    needs: authorize # Require approval before running on forked pull requests
 
     name: Build Package
     runs-on: ubuntu-latest
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index fc7d2eeb..18fbb7d5 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -2,7 +2,7 @@ name: Semgrep
 
 on:
   merge_group:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -20,15 +20,8 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
 
   run:
-    needs: authorize # Require approval before running on forked pull requests
 
     name: Check for Vulnerabilities
     runs-on: ubuntu-latest
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
index 48d3174f..485e0f72 100644
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -3,7 +3,7 @@ name: Snyk
 on:
   merge_group:
   workflow_dispatch:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -21,15 +21,8 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
 
   check:
-    needs: authorize
 
     name: Check for Vulnerabilities
     runs-on: ubuntu-latest