This may be more of a question than a report. Since upgrading to v4, a token is required. However, the GitHub Action Target pull_request does not provide secrets to the action (and pull_request_target, which does, is inherently insecure for this reason). Is the expectation then that Codecov simply doesn’t work with pull requests anymore going forward? Or what is the proper, secure workaround for this, if any?