ci: set write permissions on job level by Uzlopak · Pull Request #4537 · nodejs/undici
Pull Request Overview
This PR addresses security vulnerabilities by moving GitHub workflow permissions from the workflow level to the job level, following security best practices to limit permission scope.
- Relocates permissions from workflow-level to job-level in three GitHub Actions workflows
- Removes workflow-level permissions in triggered-autobahn.yml (read-only workflow)
- Adds minor formatting improvement in autobahn.yml
Reviewed Changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| .github/workflows/update-submodules.yml | Moves write permissions from workflow to job level |
| .github/workflows/triggered-autobahn.yml | Removes workflow-level permissions (job uses defaults) |
| .github/workflows/backport.yml | Moves write permissions from workflow to job level |
| .github/workflows/autobahn.yml | Adds blank line for formatting consistency |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.