From b794e741296474955742a6af6f8ff86108e72df8 Mon Sep 17 00:00:00 2001
From: Jacob Walls <jacobtylerwalls@gmail.com>
Date: Fri, 14 Nov 2025 14:06:21 -0500
Subject: [PATCH] [4.2.x] Configured dangerous-triggers zizmor rule.

Backport of 846613e521104fa2f2e1c2023e4a1a9886a2ff48 from main.
---
 .github/workflows/new_contributor_pr.yml | 4 ++++
 zizmor.yml                               | 3 +++
 2 files changed, 7 insertions(+)

diff --git a/.github/workflows/new_contributor_pr.yml b/.github/workflows/new_contributor_pr.yml
index 3e0119ebdc..3602abf109 100644
--- a/.github/workflows/new_contributor_pr.yml
+++ b/.github/workflows/new_contributor_pr.yml
@@ -3,12 +3,16 @@ name: New contributor message
 on:
   pull_request_target:
     types: [opened]
+    branches:
+      - main
 
 permissions:
   pull-requests: write
 
 jobs:
   build:
+    # Only trigger on the main Django repository
+    if: github.repository == 'django/django'
     name: Hello new contributor
     runs-on: ubuntu-latest
     steps:
diff --git a/zizmor.yml b/zizmor.yml
index 8d1b34ed48..3fa168f3cf 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -1,4 +1,7 @@
 rules:
+  dangerous-triggers:
+    ignore:
+      - new_contributor_pr.yml
   unpinned-uses:
     config:
       policies: