release: 0.1.0-alpha.2#7
Conversation
|
Review changes with Changed Files
|
|
🧪 Testing To try out this version of the SDK, run: Expires: Thu, 21 Aug 2025 04:42:39 GMT |
stainless-app
Bot
deleted the
release-please--branches--main--changes--next--components--nodes-sdk-alpha
branch
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: publish | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up Node | ||
| uses: actions/setup-node@v3 | ||
| with: | ||
| node-version: '20' | ||
|
|
||
| - name: Install dependencies | ||
| run: | | ||
| yarn install | ||
|
|
||
| - name: Publish to NPM | ||
| run: | | ||
| bash ./bin/publish-npm | ||
| env: | ||
| NPM_TOKEN: ${{ secrets.SFC_NODES_NPM_TOKEN || secrets.NPM_TOKEN }} |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 10 months ago
The optimal fix is to explicitly restrict the permissions granted to the GITHUB_TOKEN within this workflow. Since the workflow only requires read access to the repository contents (for the actions/checkout step), you can safely set permissions: contents: read at the top level of the workflow file (applies to all jobs). This ensures the workflow adheres to the principle of least privilege, reducing the risk of accidental or malicious repository changes via GITHUB_TOKEN. To implement this, add the following lines after the name field and before the on field in .github/workflows/publish-npm.yml:
permissions:
contents: readNo additional imports, methods, or definitions are required.
| @@ -2,6 +2,8 @@ | ||
| # It can also be run manually to re-publish to NPM in case it failed for some reason. | ||
| # You can run this workflow by navigating to https://www.github.com/sfcompute/nodes-typescript/actions/workflows/publish-npm.yml | ||
| name: Publish NPM | ||
| permissions: | ||
| contents: read | ||
| on: | ||
| workflow_dispatch: | ||
|
|
1 participant
Automated Release PR
0.1.0-alpha.2 (2025-07-22)
Full Changelog: v0.1.0-alpha.1...v0.1.0-alpha.2
Chores
This pull request is managed by Stainless's GitHub App.
The semver version number is based on included commit messages. Alternatively, you can manually set the version number in the title of this pull request.
For a better experience, it is recommended to use either rebase-merge or squash-merge when merging this pull request.
🔗 Stainless website
📚 Read the docs
🙋 Reach out for help or questions