Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 18 | ||
| cache: npm | ||
|
|
||
| - run: npm ci | ||
| - run: npm run build | ||
| - run: npm test | ||
| - run: npm run lint | ||
|
|
||
| publish: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
To fix this problem, add a minimal permissions block to the build job in the .github/workflows/main.yml file, restricting the GITHUB_TOKEN permissions for that job to only what is required. Based on the steps in the build job, no operations require write access to repository contents, so setting contents: read will adhere to the principle of least privilege. Add the following block under the build: job definition before the runs-on: line:
permissions:
contents: readNo imports or additional method definitions are required. Only the YAML job configuration needs to be updated.
| @@ -12,6 +12,8 @@ | ||
|
|
||
| jobs: | ||
| build: | ||
| permissions: | ||
| contents: read | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: |
| })); | ||
| app.use( | ||
| cors({ | ||
| origin: '*', // Allow all origins - adjust as needed for production |
Check warning
Code scanning / CodeQL
Permissive CORS configuration Medium
2 participants
Run prettier after #976