Commit d6e222b
authored
ci: declare workflow-level contents: read on 1 workflow (#852)
Declares an explicit workflow-level permissions: contents: read on 1 workflow that currently inherit the default broad read-write GITHUB_TOKEN. Each file was inspected and only reads the checkout; none publish, push, or write via the GitHub API. Post-CVE-2025-30066 hardening default.
Signed-off-by: Arpit Jain <arpitjain099@gmail.com>1 parent 24c2e8d commit d6e222b
1 file changed
Lines changed: 4 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
| 8 | + | |
| 9 | + | |
| 10 | + | |
| 11 | + | |
8 | 12 | | |
9 | 13 | | |
10 | 14 | | |
| |||
0 commit comments