From fece30f57aa77ff4ed515cf20b0f0e776f305e3f Mon Sep 17 00:00:00 2001
From: Ryan Fox-Tyler <60440289+ryanfoxtyler@users.noreply.github.com>
Date: Mon, 8 Apr 2024 09:32:25 -0400
Subject: [PATCH] fix(CI): Update to pull_request trigger (#2056)

## Problem
Using `pull_request_target` can expose secrets based on a quirk in how
GitHub applies permissions to forks. See
https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request_target

## Solution
Change trigger from `pull_request_target` to `pull_request`
---
 .github/workflows/ci-badger-tests-coverage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-badger-tests-coverage.yml b/.github/workflows/ci-badger-tests-coverage.yml
index c5dccb3da..2a1d66ba5 100644
--- a/.github/workflows/ci-badger-tests-coverage.yml
+++ b/.github/workflows/ci-badger-tests-coverage.yml
@@ -1,6 +1,6 @@
 name: ci-badger-tests-coverage
 on:
-  pull_request_target:
+  pull_request:
     branches:
       - main
       - 'release/v*'