From 140c5059f1dc0f84d115b25d51e6ed2839d73f85 Mon Sep 17 00:00:00 2001 From: AI Review Bot Date: Fri, 15 May 2026 15:07:27 +0000 Subject: [PATCH] chore: update ai-review findings [ai-review-bot][failure] --- .gitea/ai-review/findings.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitea/ai-review/findings.json b/.gitea/ai-review/findings.json index 42f678e..2ee2b5d 100644 --- a/.gitea/ai-review/findings.json +++ b/.gitea/ai-review/findings.json @@ -23,8 +23,8 @@ { "level": "info", "role": "Rex", - "location": "action.yaml:7-9, app/gitea.js:100-104", - "suggestion": "引入 `GITEA_COMMENT_TOKEN` 並在 `postComment` 函數中優先使用它,這是一個很好的安全實踐,遵循最小權限原則。建議為此 token 配置僅限於發布評論的權限,以降低潛在洩漏的風險。", - "is_new": false + "location": "action.yaml:18", + "suggestion": "引入 GITEA_COMMENT_TOKEN 是一個很好的實踐,遵循最小權限原則。請確保為此 token 配置的權限確實僅限於發布評論。同時,與 GITEA_TOKEN 類似,建議使用者始終從 workflow 的 secrets context 傳遞此 token,以避免硬編碼敏感資料。", + "is_new": true } ]