Skip to content

run prettier #995

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 2, 2025
Merged

run prettier #995

merged 1 commit into from
Oct 2, 2025
+32,176 −33,684

Conversation

ihrpr
Copy link
Contributor

@ihrpr ihrpr commented Oct 2, 2025

run prettier after #976

@ihrpr ihrpr requested review from a team, pcarleton and dsp-ant October 2, 2025 17:19
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 2, 2025
View reviewed changes
.github/workflows/main.yml
Comment on lines +15 to +29
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with:
node-version: 18
cache: npm

- run: npm ci
- run: npm run build
- run: npm test
- run: npm run lint

publish:

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 3 days ago

To fix the issue, we should explicitly set a permissions block so that the build job receives only those privileges necessary for its steps—in this case, likely just read access to repository contents. Following least privilege principles, we should set permissions: contents: read at the build job level (since the publish job already has a tighter block) to ensure both jobs use the minimum required scope. No changes elsewhere are needed.

  • Add the following block under build: in .github/workflows/main.yml, above runs-on: 
        permissions:
      contents: read
  • No imports, methods, or definitions needed.
Suggested changeset 1
.github/workflows/main.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -12,6 +12,8 @@
 
 jobs:
     build:
+        permissions:
+            contents: read
         runs-on: ubuntu-latest
 
         steps:
EOF
@@ -12,6 +12,8 @@

jobs:
build:
permissions:
contents: read
runs-on: ubuntu-latest

steps:
Copilot is powered by AI and may make mistakes. Always verify output.
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 2, 2025
View reviewed changes
src/examples/server/jsonResponseStreamableHttp.ts
}));
app.use(
cors({
origin: '*', // Allow all origins - adjust as needed for production

Check warning

Code scanning / CodeQL

Permissive CORS configuration Medium

CORS Origin allows broad access due to
permissive or user controlled value
Loading
.
@ihrpr ihrpr merged commit 1150b1d into main Oct 2, 2025
5 checks passed
@ihrpr ihrpr deleted the ihrpr/prettier branch October 2, 2025 17:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pcarleton pcarleton Awaiting requested review from pcarleton

@dsp-ant dsp-ant Awaiting requested review from dsp-ant

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ihrpr