repo sync

Octomerger · web-flow · commit 3aa8419416b5 · 2020-12-15T20:47:47.000+10:00
diff --git a/content/actions/reference/environment-variables.md b/content/actions/reference/environment-variables.md
@@ -51,8 +51,8 @@ We strongly recommend that actions use environment variables to access the files
 | `GITHUB_WORKSPACE` | The {% data variables.product.prodname_dotcom %} workspace directory path. The workspace directory is a copy of your repository if your workflow uses the [actions/checkout](https://github.com/actions/checkout) action. If you don't use the `actions/checkout` action, the directory will be empty. For example, `/home/runner/work/my-repo-name/my-repo-name`. |
 | `GITHUB_SHA` | The commit SHA that triggered the workflow. For example, `ffac537e6cbbf934b08745a378932722df287a53`. |
 | `GITHUB_REF` | The branch or tag ref that triggered the workflow. For example, `refs/heads/feature-branch-1`. If neither a branch or tag is available for the event type, the variable will not exist. |
-| `GITHUB_HEAD_REF` | Only set for forked repositories. The branch of the head repository.
-| `GITHUB_BASE_REF` | Only set for forked repositories. The branch of the base repository.
+| `GITHUB_HEAD_REF` | Only set for pull request events. The name of the head branch.
+| `GITHUB_BASE_REF` | Only set for pull request events. The name of the base branch.
 | `GITHUB_SERVER_URL`| Returns the URL of the {% data variables.product.product_name %} server. For example: `https://{% data variables.product.product_url %}`.
 | `GITHUB_API_URL` | Returns the API URL. For example: `{% data variables.product.api_url_code %}`.
 | `GITHUB_GRAPHQL_URL` | Returns the GraphQL API URL. For example: `{% data variables.product.graphql_url_code %}`.
diff --git a/content/actions/reference/events-that-trigger-workflows.md b/content/actions/reference/events-that-trigger-workflows.md
@@ -578,6 +578,12 @@ on:
 
 This event is similar to `pull_request`, except that it runs in the context of the base repository of the pull request, rather than in the merge commit. This means that you can more safely make your secrets available to the workflows triggered by the pull request, because only workflows defined in the commit on the base repository are run. For example, this event allows you to create workflows that label and comment on pull requests, based on the contents of the event payload. 
 
+{% warning %}
+
+**Warning**: When using the `pull_request_target` event, be aware that it runs in the context of the base repository. This means that the `GITHUB_TOKEN` has write access to the repository, and the cache shares the same scope as the base branch. As a result, do not run untrusted code in the same context, as there is a risk that it may access sensitive information and unexpectedly manipulate the workflow environment. In addition, to help prevent cache poisoning, do not save the cache if there is a possibility that the cache contents were altered.
+
+{% endwarning %}
+
 | Webhook event payload | Activity types | `GITHUB_SHA` | `GITHUB_REF` |
 | --------------------- | -------------- | ------------ | -------------|
 | [`pull_request`](/webhooks/event-payloads/#pull_request) | - `assigned`<br/>- `unassigned`<br/>- `labeled`<br/>- `unlabeled`<br/>- `opened`<br/>- `edited`<br/>- `closed`<br/>- `reopened`<br/>- `synchronize`<br/>- `ready_for_review`<br/>- `locked`<br/>- `unlocked` <br/>- `review_requested` <br/>- `review_request_removed` | Last commit on the PR base branch | PR base branch |
diff --git a/content/developers/apps/authorizing-oauth-apps.md b/content/developers/apps/authorizing-oauth-apps.md
@@ -272,7 +272,9 @@ The optional `redirect_uri` parameter can also be used for localhost URLs. If th
 
 For the `http://localhost/path` callback URL, you can use this `redirect_uri`:
 
-   http://localhost:1234/path
+```
+http://localhost:1234/path
+```
 
 ### Creating multiple tokens for OAuth Apps
 
diff --git a/content/developers/apps/using-content-attachments.md b/content/developers/apps/using-content-attachments.md
@@ -166,7 +166,7 @@ To create a Probot App, follow these steps:
     }
     ```
 
-4. [Run the GitHub App locally](https://probot.github.io/docs/development/#running-the-app-locally). Navigate to [localhost:3000](http://localhost:3000), and click the **Register GitHub App** button:
+4. [Run the GitHub App locally](https://probot.github.io/docs/development/#running-the-app-locally). Navigate to `http://localhost:3000`, and click the **Register GitHub App** button:
 
    ![Register a Probot GitHub App](/assets/images/github-apps/github_apps_probot-registration.png)
 
diff --git a/lib/excluded-links.js b/lib/excluded-links.js
@@ -9,10 +9,6 @@ module.exports = [
   'https://github.com/github/docs/edit',
   'https://github.com/github/insights-releases/releases/latest',
 
-  // Developer content uses these for examples; they should not be checked.
-  'http://localhost:1234',
-  'localhost:3000',
-
   // Oneoff links that link checkers think are broken but are not.
   'https://haveibeenpwned.com/',
   'https://www.ilo.org/dyn/normlex/en/f\\?p=NORMLEXPUB:12100:0::NO::P12100_ILO_CODE:P029'

Original file line number	Diff line number	Diff line change
`@@ -166,7 +166,7 @@ To create a Probot App, follow these steps:`
`166`	`166`	`}`
`167`	`167`	```
`168`	`168`
`169`		`-4. [Run the GitHub App locally](https://probot.github.io/docs/development/#running-the-app-locally). Navigate to [localhost:3000](http://localhost:3000), and click the Register GitHub App button:`
	`169`	+4. [Run the GitHub App locally](https://probot.github.io/docs/development/#running-the-app-locally). Navigate to `http://localhost:3000`, and click the Register GitHub App button:
`170`	`170`
`171`	`171`	`![Register a Probot GitHub App](/assets/images/github-apps/github_apps_probot-registration.png)`
`172`	`172`