Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: Set permissions for GitHub actions #4765

Merged
merged 2 commits into from Jun 2, 2022

Conversation

neilnaveen
Copy link
Contributor

@neilnaveen neilnaveen commented Jun 2, 2022

neilnaveen and others added 2 commits Jun 2, 2022
 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
@jasonsaayman jasonsaayman merged commit ef6064c into axios:v1.x Jun 2, 2022
4 checks passed
jasonsaayman added a commit that referenced this pull request Jun 2, 2022
* Update base with master (#4755)

* docs: updated code of conduct to the lates version of the contributors covenant

* docs: fixed markdown issues in changelog

* docs: updated contributors guide

* docs: fixed linting errors in docs

* docs: removed cookbook as this is mostly irrelevant

* docs: updated contributing guide to no longer contain the release section as this is not needed

* docs: updated code of coduct, contributing gude and license for latest release version

* docs: upgrade guide and changelog updated

* fix(Tests): updating regex to allow for pre-releases

* chore(release): v1 alpha 1

* chore(Utils): added docs for utils functions

* chore(helpers/validator): added docs for validator function

* chore(helpers/toFormData): added docs for to form data functions

* chore(helpers/spread): added docs for spread functions

* docs(helpers/parseHeaders)

* docs(helpers/isAxiosError)

* docs(helpers/isAbsoluteURL)

* docs(helpers/fromDataURI)

* docs(helpers/formDataToJSON)

* docs(helpers/deprecatedMethod)

* docs(helpers/combineURLs)

* docs(helpers/buildURL)

* docs(helpers/AxiosURLSearchParams)

* docs(defaults/index)

* docs(core/transformData)

* docs(core/settle)

* docs(core/mergeConfig)

* docs(core/dispatchRequest)

* docs(core/buildFullPath)

* docs(core/InterceptorManager)

* docs(core/AxiosError)

* docs(core/Axios)

* docs(cancel/CanceledError)

* docs(cancel/CancelToken)

* docs(axios.js)

* docs(adapters/http)

* Bump eventsource from 1.1.0 to 1.1.1 (#4764)

Bumps [eventsource](https://github.com/EventSource/eventsource) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/EventSource/eventsource/releases)
- [Changelog](https://github.com/EventSource/eventsource/blob/master/HISTORY.md)
- [Commits](EventSource/eventsource@v1.1.0...v1.1.1)

---
updated-dependencies:
- dependency-name: eventsource
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jay <jasonsaayman@gmail.com>

* chore: Set permissions for GitHub actions (#4765)

Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>

Co-authored-by: Jay <jasonsaayman@gmail.com>

* chore(GitHub Actions): rename master to main, added protections

* fixed(ci): removed wrkflow permissions that are wrong

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants