mirror of
https://github.com/ether/etherpad-lite.git
synced 2026-07-18 00:57:55 +00:00
Adds an explicit `permissions: contents: read` block to update-plugins.yml. Cross-repo work (cloning ether/ep_* repos, pushing updates, merging Dependabot PRs) is authenticated via secrets.PLUGINS_PAT, so the default GITHUB_TOKEN only needs read access for actions/checkout. Addresses CodeQL code-scanning alert #115 ("Workflow does not contain permissions"). Matches the pattern already used by the other workflows under .github/workflows/. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| backend-tests.yml | ||
| build-and-deploy-docs.yml | ||
| codeql-analysis.yml | ||
| dependency-review.yml | ||
| docker.yml | ||
| frontend-admin-tests.yml | ||
| frontend-tests.yml | ||
| handleRelease.yml | ||
| installer-test.yml | ||
| load-test.yml | ||
| perform-type-check.yml | ||
| rate-limit.yml | ||
| release.yml | ||
| releaseEtherpad.yml | ||
| stale.yml | ||
| update-plugins.yml | ||
| upgrade-from-latest-release.yml | ||