From b71abdba2d7538880a0c0b0730edd890cfa16ffa Mon Sep 17 00:00:00 2001
From: Gyanesh Gouraw <gyanesh.gouraw@okta.com>
Date: Tue, 3 Sep 2024 13:04:32 +0530
Subject: [PATCH]  Changed the trigger from pull_request_target to pull_request
 for better security

---
 .github/workflows/browserstack.yml | 9 +--------
 .github/workflows/semgrep.yml      | 9 +--------
 .github/workflows/snyk.yml         | 9 +--------
 3 files changed, 3 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/browserstack.yml b/.github/workflows/browserstack.yml
index 168c35db9..55cb0d215 100644
--- a/.github/workflows/browserstack.yml
+++ b/.github/workflows/browserstack.yml
@@ -3,7 +3,7 @@ name: Browserstack
 on:
   merge_group:
   workflow_dispatch:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -22,15 +22,8 @@ env:
   NODE_VERSION: 18
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
 
   browserstack:
-    needs: authorize
 
     name: BrowserStack Tests
     runs-on: ubuntu-latest
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index a3aace780..8ecf94071 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -2,7 +2,7 @@ name: Semgrep
 
 on:
   merge_group:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -20,15 +20,8 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
 
   run:
-    needs: authorize # Require approval before running on forked pull requests
 
     name: Check for Vulnerabilities
     runs-on: ubuntu-latest
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
index 0ebacbece..74e00911c 100644
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -3,7 +3,7 @@ name: Snyk
 on:
   merge_group:
   workflow_dispatch:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -21,15 +21,8 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
 
   check:
-    needs: authorize
 
     name: Check for Vulnerabilities
     runs-on: ubuntu-latest