From 7db5a572022b20c737b0dda09be5acc2ba540094 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Mon, 20 Oct 2025 21:12:20 -0400 Subject: [PATCH 1/3] Scope down GitHub token permissions for release.yml --- .github/workflows/release.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d2ebfb7..f46acae 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -3,6 +3,10 @@ on: push: branches: - main + +permissions: + contents: write + jobs: release: runs-on: ubuntu-latest From 3e98a1df87dddba641356523ab0661ba18badb2d Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Mon, 20 Oct 2025 21:12:24 -0400 Subject: [PATCH 2/3] Scope down GitHub token permissions for codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 7c2e5a3..d225545 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -20,6 +20,11 @@ on: schedule: - cron: "15 22 * * 6" + +permissions: + contents: read + security-events: write + jobs: analyze: name: Analyze From f2692bd1c4a4fa35f5f53f9295637b8ec2c5aaf4 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Mon, 20 Oct 2025 21:12:30 -0400 Subject: [PATCH 3/3] Scope down GitHub token permissions for test.yml --- .github/workflows/test.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e1c904e..d1429a3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -4,6 +4,10 @@ on: branches: - main pull_request: + +permissions: + contents: read + jobs: unit: name: npm test