Since [GitLab v13.12.2 release](https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/), this security fix has been introduced: - [Unauthenticated CI lint API may lead to information disclosure and SSRF](https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/#unauthenticated-ci-lint-api-may-lead-to-information-disclosure-and-ssrf) Now the CI lint API requires authentication. This is not yet documented [into the lint API](https://docs.gitlab.com/ee/api/lint.html) [Issue on `gitlab-ci-lint` repository](https://gitlab.com/devopshq/gitlab-ci-linter/-/issues/3) --- To circumvent this issue, I see three solution now. - We could [set-up a token access to read and write on the API via an option or via an environment variable](https://gitlab.com/devopshq/gitlab-ci-linter/-/blob/21f94fce8d7580f8775acc90df74b5cddb186a02/gitlab_ci_linter/__init__.py#L31-35): - We could store this token into `.pre-commit-config.yml`: anyone could access in read/write DuniterPy API - Use an environment variable that we would share among trusts contributors. Tested, it's working. Would prevent new contributor to do new commits with this check which would fail. - Delete this hook. We would loose this useful check. --- There might be a solution in between. We could disable this check in the meantime to find a middle solution to this issue. @vtexier, any opinion on that?