fix renovate key points listing (#418)

Author: frjcomp

docs/methodology/renovate.md

@@ -14,11 +14,10 @@ This guide explains how to use Pipeleek to discover and exploit common misconfig
 
 There are two key points to understand:
 
-1. **Code Execution by Renovated Repositories**
-
+**Code Execution by Renovated Repositories**
    > Every project renovated by the same bot must be considered equally trusted and exposed to the same attack level. If one project is compromised, all others processed by that bot can be affected. Code execution by the renovated repository in the bot context is assumed in Renovate's threat model.
 
-2. **GitLab Invite Auto-Acceptance**
+**GitLab Invite Auto-Acceptance**
    > GitLab project invites are auto-accepted. You can invite any bot directly to your repository. If it is then renovated by the invited bot, you can compromise the bot user.
 
 ## 1. Enumerate Renovate Bot Usage