[pmd-commits] [pmd/pmd] 57dfc7: chore: Set permissions for GitHub actions

Fri, 29 Apr 2022 03:02:17 -0700 

  Branch: refs/heads/master
  Home:   https://github.com/pmd/pmd
  Commit: 57dfc7fb40d315106d6882b0b132db82ce55fa4c
      https://github.com/pmd/pmd/commit/57dfc7fb40d315106d6882b0b132db82ce55fa4c
  Author: naveen <172697+naveensriniva...@users.noreply.github.com>
  Date:   2022-04-29 (Fri, 29 Apr 2022)

  Changed paths:
    M .github/workflows/troubleshooting.yml

  Log Message:
  -----------
  chore: Set permissions for GitHub actions

 Restrict the GitHub token permissions only to the required ones; this way, 
even if the attackers will succeed in compromising your workflow, they won’t be 
able to do much.

- Included permissions for the action. 
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn 
requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensriniva...@users.noreply.github.com>


  Commit: 94057f688d041ad140604bb1fb1249bad54adb31
      https://github.com/pmd/pmd/commit/94057f688d041ad140604bb1fb1249bad54adb31
  Author: Andreas Dangel <andreas.dan...@pmd-code.org>
  Date:   2022-04-29 (Fri, 29 Apr 2022)

  Changed paths:
    M docs/pages/release_notes.md

  Log Message:
  -----------
  [doc] Update release notes (#3943)


  Commit: 47beb1c3cdcb8af1a0334c1c16bf589e760a3077
      https://github.com/pmd/pmd/commit/47beb1c3cdcb8af1a0334c1c16bf589e760a3077
  Author: Andreas Dangel <andreas.dan...@pmd-code.org>
  Date:   2022-04-29 (Fri, 29 Apr 2022)

  Changed paths:
    M .all-contributorsrc
    M docs/pages/pmd/projectdocs/credits.md

  Log Message:
  -----------
   Add @naveensrinivasan as a contributor


  Commit: e110a8447381a003e81b4212ddbf0e721b5bcb2e
      https://github.com/pmd/pmd/commit/e110a8447381a003e81b4212ddbf0e721b5bcb2e
  Author: Andreas Dangel <andreas.dan...@pmd-code.org>
  Date:   2022-04-29 (Fri, 29 Apr 2022)

  Changed paths:
    M .all-contributorsrc
    M .github/workflows/troubleshooting.yml
    M docs/pages/pmd/projectdocs/credits.md
    M docs/pages/release_notes.md

  Log Message:
  -----------
  Merge pull request #3943 from turrisxyz:setup-permissions

chore: Set permissions for GitHub actions #3943


  Commit: 4eb2471939d49fe325fb2af1f60bf8b7b31c733d
      https://github.com/pmd/pmd/commit/4eb2471939d49fe325fb2af1f60bf8b7b31c733d
  Author: Andreas Dangel <andreas.dan...@pmd-code.org>
  Date:   2022-04-29 (Fri, 29 Apr 2022)

  Changed paths:
    M Gemfile.lock

  Log Message:
  -----------
  Update gems

Fixes Command injection in ruby-git
(https://github.com/pmd/pmd/security/dependabot/21)


Compare: https://github.com/pmd/pmd/compare/c224209d7fe1...4eb2471939d4


_______________________________________________
Pmd-commits mailing list
Pmd-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/pmd-commits

Reply via email to