Coa teste

[sntooosk]

No description provided.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
qa-lite-service	Ready	Preview	Comment	Nov 30, 2025 11:33pm

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Avoid running fork code with privileged pull_request_target token

Using pull_request_target here means the workflow executes with the base repo’s GITHUB_TOKEN (granted pull-requests: write), but later in the job the head SHA from the fork is checked out and npm ci/npm run lint are executed. For a malicious fork, altering package.json scripts is enough to run arbitrary code with that elevated token and exfiltrate it or rewrite PR data, which GitHub explicitly warns against for pull_request_target when checking out forked code. Consider switching to the pull_request event or avoiding checkout of untrusted head commits.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Hooks call non-executable protected-branches script

The new hooks invoke .husky/utils/protected-branches.sh, but the script is checked in with mode 100644 and is executed directly rather than sourced. On commit/push the hook will attempt to run this file and immediately fail with Permission denied (exit 126), aborting the Git operation even on allowed branches. Marking the helper as executable or sourcing it is needed for the hook to work.

Useful? React with 👍 / 👎.