Skip to content

Potential fix for code scanning alert no. 2: Workflow does not contain permissions#683

Merged
RomiC merged 1 commit into
mainfrom
alert-autofix-2
Jul 1, 2026
Merged

Potential fix for code scanning alert no. 2: Workflow does not contain permissions#683
RomiC merged 1 commit into
mainfrom
alert-autofix-2

Conversation

@RomiC

@RomiC RomiC commented Jul 1, 2026

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/RomiC/ya-disk/security/code-scanning/2

Add an explicit permissions block at the workflow root (top-level, alongside name and on) so it applies to all jobs unless overridden. For this workflow, the minimal safe baseline is:

  • contents: read (needed by actions/checkout)
  • pull-requests: read (safe for PR-context metadata access; does not grant write)

This addresses CodeQL’s complaint without changing job logic or execution flow.
Edit only .github/workflows/npm-test.yml, inserting the block after the trigger section (on) and before jobs.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@RomiC RomiC self-assigned this Jul 1, 2026
@RomiC RomiC added the security Pull requests that address a security vulnerability label Jul 1, 2026
@coveralls

Copy link
Copy Markdown

Coverage Status

coverage: 100.0%. remained the same — alert-autofix-2 into main

@RomiC RomiC marked this pull request as ready for review July 1, 2026 17:25
@RomiC RomiC merged commit 9d3f5b8 into main Jul 1, 2026
12 checks passed
@RomiC RomiC deleted the alert-autofix-2 branch July 1, 2026 17:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

security Pull requests that address a security vulnerability

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants