Skip to content

fix(api): scope holdings endpoints to accounts accessible by the token owner#2468

Closed
cleanjunc wants to merge 1 commit into
we-promise:mainfrom
cleanjunc:fix/holdings-api-account-scope
Closed

fix(api): scope holdings endpoints to accounts accessible by the token owner#2468
cleanjunc wants to merge 1 commit into
we-promise:mainfrom
cleanjunc:fix/holdings-api-account-scope

fix(api): scope holdings endpoints to accounts accessible by the toke…

9d35b6e
Select commit
Loading
Failed to load commit list.
Superagent Security / Contributor trust completed Jun 23, 2026 in 47s

Contributor trust inconclusive

No pull-request patches were hydrated (GitHub search returned zero authored PRs), so a patch-level adversarial review could not be performed. The contributor’s metadata shows a 66-day-old account with zero followers and a rapid burst of 20 PRs across five unrelated repositories (we-promise/sure, seroperson/jvm-live-reload, infiniflow/ragflow, entrius/gittensor-ui, MkDev11/gittensor-hub). All listed PRs reference issues and have plausible titles, but without inspecting code changes, file paths, dependencies, or execution paths, safety cannot be established. There is no concrete evidence of malicious intent, yet the broad cross-repo activity and lack of patch data prevent a safe determination.