Using GitHub with GITHUB_TOKEN without Prefix leaks token #233
Description
import * as core from '@actions/co[GitHub](https://github.com/actions/toolkit/tree/master/packages/github) [GitHub](https://github.com/actions/toolkit/tree/master/packages/github) re';
import { context, GitHub } from '@actions/github'
//comes from {{secrets.GITHUB_TOKEN}}
const repoToken = core.getInput('repo-token', { required: true })
core.setSecret(repoToken);
const client = new GitHub(repoToken)will leak the token on error:
"Could not resolve to a node with the global id of 'M....c='."
19-11-22T16:44:34.9046342Z (node:2404) UnhandledPromiseRejectionWarning: HttpError: Validation Failed: "Could not resolve to a node with the global id of 'M....c='."
2019-11-22T16:44:34.9047036Z at /home/runner/work/_actions/rowi1de/typescript-action/master/node_modules/@octokit/request/dist-node/index.js:66:23
2019-11-22T16:44:34.9047273Z at processTicksAndRejections (internal/process/task_queues.js:89:5)
201