From ec0be220ea0274d13908905f1514e54a3a957098 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A1n=20Constante?= Date: Tue, 25 Nov 2025 15:55:53 -0700 Subject: [PATCH 1/4] fix(security): fix workflow does not contain permissions alert MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Adrián Constante --- .github/workflows/tag-protection.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/tag-protection.yml b/.github/workflows/tag-protection.yml index 87a7690..a91262a 100644 --- a/.github/workflows/tag-protection.yml +++ b/.github/workflows/tag-protection.yml @@ -1,4 +1,6 @@ name: Protect Version Tags +permissions: + contents: read on: push: From 06907eaa3050388b35dfe9758ccc6c553677de3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A1n=20Constante?= Date: Tue, 25 Nov 2025 15:57:57 -0700 Subject: [PATCH 2/4] fix(security): potential fix for code scanning alert no. 6: Workflow does not contain permissions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Adrián Constante --- .github/workflows/pr-status-check.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/pr-status-check.yml b/.github/workflows/pr-status-check.yml index 7e85c2b..7ee0850 100644 --- a/.github/workflows/pr-status-check.yml +++ b/.github/workflows/pr-status-check.yml @@ -1,4 +1,7 @@ name: PR Status Dashboard +permissions: + contents: read + issues: write on: schedule: - cron: '0 9 * * 1' # Lunes a las 9 AM From c9805e2b7be3e02bcb13e98cd616a18816120dff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A1n=20Constante?= Date: Tue, 25 Nov 2025 15:58:39 -0700 Subject: [PATCH 3/4] fix(security): potential fix for code scanning alert no. 3: Workflow does not contain permissions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Adrián Constante --- .github/workflows/examples.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/examples.yml b/.github/workflows/examples.yml index c70d313..39f4d19 100644 --- a/.github/workflows/examples.yml +++ b/.github/workflows/examples.yml @@ -1,4 +1,6 @@ name: Test Examples +permissions: + contents: read on: push: From 07c7f22b2bd6e7f561d91c10587ce3daa8037a6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adri=C3=A1n=20Constante?= Date: Tue, 25 Nov 2025 23:05:25 +0000 Subject: [PATCH 4/4] fix(security): add missing scopes for semantic pull request validation --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7601521..8b38594 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -68,6 +68,9 @@ jobs: gh-actions poster tables + security + twodimensional + miscellaneous # NOTE: Changing requireScope from false to true is a breaking change. # This will reject any PR titles without a scope that were previously valid. # Please ensure your PR titles follow the "(): " format.