Details
-
Suggestion
-
Resolution: Won't Fix
Description
We have found that the PR Merge Check process for Approvals can be subverted by a non-author of the PR.
How to recreate
- Set minimum approvals to 1;
- User 1 creates a pull request (User 1 is the Author);
- User 2 updates the PR with subversive changes;
- User 2 approves the PR and is then able to merge.
Why is this bad?
User 2 can add subversive changes, approve and merge.
What should happen?
The approval of a commit author should not count towards the merge check approval count.