Branch: refs/heads/master Home: https://github.com/pmd/pmd Commit: 57dfc7fb40d315106d6882b0b132db82ce55fa4c https://github.com/pmd/pmd/commit/57dfc7fb40d315106d6882b0b132db82ce55fa4c Author: naveen <172697+naveensriniva...@users.noreply.github.com> Date: 2022-04-29 (Fri, 29 Apr 2022)
Changed paths: M .github/workflows/troubleshooting.yml Log Message: ----------- chore: Set permissions for GitHub actions Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Signed-off-by: naveen <172697+naveensriniva...@users.noreply.github.com> Commit: 94057f688d041ad140604bb1fb1249bad54adb31 https://github.com/pmd/pmd/commit/94057f688d041ad140604bb1fb1249bad54adb31 Author: Andreas Dangel <andreas.dan...@pmd-code.org> Date: 2022-04-29 (Fri, 29 Apr 2022) Changed paths: M docs/pages/release_notes.md Log Message: ----------- [doc] Update release notes (#3943) Commit: 47beb1c3cdcb8af1a0334c1c16bf589e760a3077 https://github.com/pmd/pmd/commit/47beb1c3cdcb8af1a0334c1c16bf589e760a3077 Author: Andreas Dangel <andreas.dan...@pmd-code.org> Date: 2022-04-29 (Fri, 29 Apr 2022) Changed paths: M .all-contributorsrc M docs/pages/pmd/projectdocs/credits.md Log Message: ----------- Add @naveensrinivasan as a contributor Commit: e110a8447381a003e81b4212ddbf0e721b5bcb2e https://github.com/pmd/pmd/commit/e110a8447381a003e81b4212ddbf0e721b5bcb2e Author: Andreas Dangel <andreas.dan...@pmd-code.org> Date: 2022-04-29 (Fri, 29 Apr 2022) Changed paths: M .all-contributorsrc M .github/workflows/troubleshooting.yml M docs/pages/pmd/projectdocs/credits.md M docs/pages/release_notes.md Log Message: ----------- Merge pull request #3943 from turrisxyz:setup-permissions chore: Set permissions for GitHub actions #3943 Commit: 4eb2471939d49fe325fb2af1f60bf8b7b31c733d https://github.com/pmd/pmd/commit/4eb2471939d49fe325fb2af1f60bf8b7b31c733d Author: Andreas Dangel <andreas.dan...@pmd-code.org> Date: 2022-04-29 (Fri, 29 Apr 2022) Changed paths: M Gemfile.lock Log Message: ----------- Update gems Fixes Command injection in ruby-git (https://github.com/pmd/pmd/security/dependabot/21) Compare: https://github.com/pmd/pmd/compare/c224209d7fe1...4eb2471939d4 _______________________________________________ Pmd-commits mailing list Pmd-commits@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/pmd-commits