Update 8hobbies/workflows digest to 2e83292 #217
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -22,4 +22,4 @@ | |||
|
|
|||
| jobs: | |||
| lint: | |||
| uses: 8hobbies/workflows/.github/workflows/npm-lint.yml@3a70e39b3b81c360c7e1bd1794c9834ef5650489 | |||
| uses: 8hobbies/workflows/.github/workflows/npm-lint.yml@2e83292d3d74551e5ea48dcd61ee7b905755c0b6 | |||
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 21 days ago
To fix the issue, add a permissions block to the root of the workflow. This block will define the least privileges required for the workflow to function correctly. Since the workflow is named "Lint" and uses a reusable workflow for linting, it likely only needs read access to the repository contents.
The permissions block should be added at the root level, ensuring it applies to all jobs in the workflow unless overridden. The recommended permissions are:
contents: read— Grants read-only access to the repository contents.
| @@ -16,2 +16,5 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| on: |
| @@ -22,4 +22,4 @@ | |||
|
|
|||
| jobs: | |||
| run: | |||
| uses: 8hobbies/workflows/.github/workflows/npm-publish-dry-run.yml@3a70e39b3b81c360c7e1bd1794c9834ef5650489 | |||
| uses: 8hobbies/workflows/.github/workflows/npm-publish-dry-run.yml@2e83292d3d74551e5ea48dcd61ee7b905755c0b6 | |||
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 21 days ago
To fix the issue, add a permissions block to the root of the workflow file. This block will explicitly define the permissions required for the workflow, ensuring that the GITHUB_TOKEN has the least privilege necessary. Based on the context, the workflow likely requires read access to repository contents and possibly write access for pull requests. If additional permissions are needed, they can be added after reviewing the requirements of the reusable workflow.
| @@ -16,2 +16,6 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
| pull-requests: write | ||
|
|
||
| on: |
| @@ -22,4 +22,4 @@ | |||
|
|
|||
| jobs: | |||
| test: | |||
| uses: 8hobbies/workflows/.github/workflows/npm-runtime.yml@3a70e39b3b81c360c7e1bd1794c9834ef5650489 | |||
| uses: 8hobbies/workflows/.github/workflows/npm-runtime.yml@2e83292d3d74551e5ea48dcd61ee7b905755c0b6 | |||
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 21 days ago
To fix the issue, add a permissions block to the root of the workflow file. This block will explicitly define the least privileges required for the workflow to function. Since the workflow uses a reusable workflow (npm-runtime.yml), the permissions should be set to contents: read as a minimal starting point, unless additional permissions are required for the reusable workflow.
The permissions block should be added after the name field and before the on field in the workflow file.
| @@ -15,2 +15,4 @@ | ||
| name: Runtime | ||
| permissions: | ||
| contents: read | ||
|
|
This PR contains the following updates:
3a70e39->2e83292Configuration
📅 Schedule: Branch creation - "on Sunday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.