Skip to content

Potential fix for code scanning alert no. 3: Workflow does not contain permissions#246

Merged
projectedanx merged 1 commit into
masterfrom
alert-autofix-3
Jul 6, 2026
Merged

Potential fix for code scanning alert no. 3: Workflow does not contain permissions#246
projectedanx merged 1 commit into
masterfrom
alert-autofix-3

Conversation

@projectedanx

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/projectedanx/YOURLS/security/code-scanning/3

Add explicit permissions blocks to the workflow so each job has only the minimum required GITHUB_TOKEN scopes.

Best minimal, non-functional-change fix in this file:

  1. Add a root-level permissions block with contents: read so all jobs default to read-only repository content access.
  2. Add a job-level permissions block for translations-submit that elevates only what that job needs for PR creation/merge workflows:
    • contents: write
    • pull-requests: write

This preserves behavior while documenting and constraining token scope. No imports, methods, or dependency changes are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Daniel Hart | ALifeInArtifyAI <238904666+projectedanx@users.noreply.github.com>
@gemini-code-assist

Copy link
Copy Markdown

Note

Gemini is unable to generate a review for this pull request due to the file types involved not being currently supported.

@projectedanx projectedanx marked this pull request as ready for review July 6, 2026 14:47
@projectedanx projectedanx merged commit 77aa122 into master Jul 6, 2026
11 of 12 checks passed
@projectedanx projectedanx deleted the alert-autofix-3 branch July 6, 2026 14:47
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant