github-commenter icon indicating copy to clipboard operation
github-commenter copied to clipboard
verified publisher icon cloudposse

Feature request: Restrict deletion of previous comments to current user

Open darend opened this issue 7 years ago • 2 comments

GITHUB_DELETE_COMMENT_REGEX can be used to delete previous comments before posting the new one. The current implementation will delete matching comments regardless of who they were posted by. This can easily lead to false positives where someone happens to post comment that matches your regex (due to loose regex, or quoting, etc).

I do not see a use case to delete comments by others, and recommend restricting it to the user that the tool is running as.

darend avatar Jan 09 '19 23:01 darend

It seems like this can be fixed by reducing scope/permissions of the github access keys?

osterman avatar Jan 10 '19 01:01 osterman

Also, fwiw, I've seen other bots update existing comments rather than delete. That would be a safer implementation.

I think dependabot does this.

osterman avatar Jan 10 '19 01:01 osterman