Update 8hobbies/workflows digest to 616ac68 #206
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -22,4 +22,4 @@ | |||
|
|
|||
| jobs: | |||
| lint: | |||
| uses: 8hobbies/workflows/.github/workflows/npm-lint.yml@54ddf1fd51ecf0cbeacf0a05b4994d2a082b70b1 | |||
| uses: 8hobbies/workflows/.github/workflows/npm-lint.yml@616ac6826b5e5cde9be46d78f98c2fe17e1234c2 | |||
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 days ago
To fix the issue, add a permissions block at the root of the workflow to explicitly define the permissions required. Since this is a linting workflow, it likely only needs read access to the repository contents. The minimal permissions block would be:
permissions:
contents: readThis ensures that the GITHUB_TOKEN has only the necessary permissions to perform the linting task, adhering to the principle of least privilege.
| @@ -16,2 +16,5 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| on: |
| @@ -22,4 +22,4 @@ | |||
|
|
|||
| jobs: | |||
| run: | |||
| uses: 8hobbies/workflows/.github/workflows/npm-publish-dry-run.yml@54ddf1fd51ecf0cbeacf0a05b4994d2a082b70b1 | |||
| uses: 8hobbies/workflows/.github/workflows/npm-publish-dry-run.yml@616ac6826b5e5cde9be46d78f98c2fe17e1234c2 | |||
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 days ago
To fix the issue, we will add a permissions block at the root level of the workflow. This block will define the minimal permissions required for the workflow to function. Since the workflow is a "Publish Dry Run," it likely only needs read access to the repository contents. We will set contents: read as the default permission. If additional permissions are required by the reusable workflow, they can be added explicitly.
| @@ -16,2 +16,5 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| on: |
| @@ -22,4 +22,4 @@ | |||
|
|
|||
| jobs: | |||
| test: | |||
| uses: 8hobbies/workflows/.github/workflows/npm-runtime.yml@54ddf1fd51ecf0cbeacf0a05b4994d2a082b70b1 | |||
| uses: 8hobbies/workflows/.github/workflows/npm-runtime.yml@616ac6826b5e5cde9be46d78f98c2fe17e1234c2 | |||
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 days ago
To fix the issue, add a permissions block at the root of the workflow file. This block will explicitly define the permissions granted to the GITHUB_TOKEN. Based on the principle of least privilege, the minimal required permission for most workflows is contents: read. If additional permissions are required by the reusable workflow, they should be added explicitly.
The permissions block should be added after the name field and before the on field in the workflow file.
| @@ -15,2 +15,4 @@ | ||
| name: Runtime | ||
| permissions: | ||
| contents: read | ||
|
|
This PR contains the following updates:
54ddf1f->616ac68Configuration
📅 Schedule: Branch creation - "on Sunday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.