Skip to content

net 10 upgrade complete#517

Merged
StuartFerguson merged 1 commit intomasterfrom
task/#505_net_10_upgrade
Dec 11, 2025
Merged

net 10 upgrade complete#517
StuartFerguson merged 1 commit intomasterfrom
task/#505_net_10_upgrade

Conversation

@StuartFerguson
Copy link
Member

@StuartFerguson StuartFerguson commented Dec 11, 2025

closes #505
closes #507
closes #511

github-advanced-security[bot]
github-advanced-security bot found potential problems Dec 11, 2025
View reviewed changes
.github/workflows/createrelease.yml Outdated
Comment on lines 104 to 134

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI about 2 months ago

To fix this problem, you should add an explicit permissions: block either at the workflow root (recommended, since all jobs do not need to elevate permissions beyond artifact download/upload and release code deployment) or within each job if different jobs require different levels. For this workflow, adding to the root will suffice and makes the minimal necessary permissions clear to all jobs. For most build and deployment pipelines, contents: read should be sufficient. Artifact upload/download and NuGet publishing do not need write access to repo contents or administration unless you use actions that interact with pull requests, issues, or workflow runs (which you do not). If in future you add steps that require further permission, you can granularly elevate privileges for those jobs only.

Implementation steps:

  • Insert a permissions: block at the root (after or before on:), specifying least-privilege settings—generally contents: read is the safest default.
  • Ensure not to grant more than necessary: do not include contents: write unless you actually push changes to the repository, which you do not.
  • No additional imports or definitions are required for YAML workflows.
Suggested changeset 1
.github/workflows/createrelease.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/createrelease.yml b/.github/workflows/createrelease.yml
--- a/.github/workflows/createrelease.yml
+++ b/.github/workflows/createrelease.yml
@@ -1,5 +1,8 @@
 name: Release
 
+permissions:
+  contents: read
+
 on:
   release:
     types: [published]
EOF
@@ -1,5 +1,8 @@
name: Release

permissions:
contents: read

on:
release:
types: [published]
Copilot is powered by AI and may make mistakes. Always verify output.
@StuartFerguson StuartFerguson merged commit 01fb869 into master Dec 11, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

maintenance

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update Shared Nugets Move to Windows Release Workflow Net 10 Upgrade

1 participant

@StuartFerguson