run prettier #995
run prettier #995
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
| - uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: 18 | ||
| cache: npm | ||
|
|
||
| - run: npm ci | ||
| - run: npm run build | ||
| - run: npm test | ||
| - run: npm run lint | ||
|
|
||
| publish: |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 9 days ago
To fix the issue, we should explicitly set a permissions block so that the build job receives only those privileges necessary for its steps—in this case, likely just read access to repository contents. Following least privilege principles, we should set permissions: contents: read at the build job level (since the publish job already has a tighter block) to ensure both jobs use the minimum required scope. No changes elsewhere are needed.
- Add the following block under
build:in.github/workflows/main.yml, aboveruns-on:permissions: contents: read
- No imports, methods, or definitions needed.
| @@ -12,6 +12,8 @@ | ||
|
|
||
| jobs: | ||
| build: | ||
| permissions: | ||
| contents: read | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: |
| })); | ||
| app.use( | ||
| cors({ | ||
| origin: '*', // Allow all origins - adjust as needed for production |
Check warning
Code scanning / CodeQL
Permissive CORS configuration Medium
2 participants
run prettier after #976