CVE-2023-2138: fix: do not expose token in public runtime config (#41) · nuxtlabs/github-module@5490c43

@@ -69,7 +69,6 @@ export default defineNuxtModule<ModuleOptions>({ owner: options.owner || process.env.GITHUB_OWNER, branch: options.branch || process.env.GITHUB_BRANCH, repo: options.repo || process.env.GITHUB_REPO, token: options.token || process.env.GITHUB_TOKEN, disableCache: options.disableCache, parseContents: options.parseContents, maxContributors: options.maxContributors @@ -79,7 +78,9 @@ export default defineNuxtModule<ModuleOptions>({ // @ts-ignore nuxt.options.runtimeConfig.public.github = defu(nuxt.options.runtimeConfig.public.github, config) // @ts-ignore nuxt.options.runtimeConfig.github = defu(nuxt.options.runtimeConfig.github, config) nuxt.options.runtimeConfig.github = defu(nuxt.options.runtimeConfig.github, { token: options.token || process.env.GITHUB_TOKEN }, config)
// Autolink issue/PR/commit links using `remark-github` plugin if (options.remarkPlugin) {