Add recommended permissions section to readme #1193
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HarithaVattikuti
approved these changes
Jan 16, 2025
This was referenced Jan 29, 2025
Merged
renovate bot
added a commit
to andrei-picus-tink/auto-renovate
that referenced
this pull request
Mar 18, 2025
| datasource | package | from | to | | ----------- | ------------------ | ------ | ------ | | github-tags | actions/setup-node | v4.0.3 | v4.3.0 | ## [vv4.3.0](actions/setup-node@v4.2.0...v4.3.0) ## [vv4.2.0](https://github.com/actions/setup-node/releases/tag/v4.2.0) #### What's Changed - Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1174 - Add recommended permissions section to readme by [@benwells](https://github.com/benwells) in actions/setup-node#1193 - Configure Dependabot settings by [@HarithaVattikuti](https://github.com/HarithaVattikuti) in actions/setup-node#1192 - Upgrade `@actions/cache` to `^4.0.0` by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1191 - Upgrade pnpm/action-setup from 2 to 4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1194 - Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1195 - Upgrade semver from 7.6.0 to 7.6.3 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1196 - Upgrade [@types/jest](https://github.com/types/jest) from 29.5.12 to 29.5.14 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1201 - Upgrade undici from 5.28.4 to 5.28.5 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1205 #### New Contributors - [@benwells](https://github.com/benwells) made their first contribution in actions/setup-node#1193 **Full Changelog**: actions/setup-node@v4...v4.2.0 ## [vv4.1.0](https://github.com/actions/setup-node/releases/tag/v4.1.0) #### What's Changed - Resolve High Security Alerts by upgrading Dependencies by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1132 - Upgrade IA Publish by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1134 - Revise `isGhes` logic by [@jww3](https://github.com/jww3) in actions/setup-node#1148 - Add architecture to cache key by [@pengx17](https://github.com/pengx17) in actions/setup-node#843 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format. #### New Contributors - [@jww3](https://github.com/jww3) made their first contribution in actions/setup-node#1148 - [@pengx17](https://github.com/pengx17) made their first contribution in actions/setup-node#843 **Full Changelog**: actions/setup-node@v4...v4.1.0 ## [vv4.0.4](https://github.com/actions/setup-node/releases/tag/v4.0.4) #### What's Changed - Add workflow file for publishing releases to immutable action package by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1125 - Enhance Windows ARM64 Setup and Update micromatch Dependency by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1126 ##### Documentation changes: - Documentation update in the README file by [@suyashgaonkar](https://github.com/suyashgaonkar) in actions/setup-node#1106 - Correct invalid 'lts' version string reference by [@fulldecent](https://github.com/fulldecent) in actions/setup-node#1124 #### New Contributors - [@suyashgaonkar](https://github.com/suyashgaonkar) made their first contribution in actions/setup-node#1106 - [@priyagupta108](https://github.com/priyagupta108) made their first contribution in actions/setup-node#1126 - [@Jcambass](https://github.com/Jcambass) made their first contribution in actions/setup-node#1125 - [@fulldecent](https://github.com/fulldecent) made their first contribution in actions/setup-node#1124 **Full Changelog**: actions/setup-node@v4...v4.0.4
1 task
renovate bot
added a commit
to andrei-picus-tink/auto-renovate
that referenced
this pull request
Apr 17, 2025
| datasource | package | from | to | | ----------- | ------------------ | ------ | ------ | | github-tags | actions/setup-node | v4.0.3 | v4.4.0 | ## [vv4.4.0](actions/setup-node@v4.3.0...v4.4.0) ## [vv4.3.0](actions/setup-node@v4.2.0...v4.3.0) ## [vv4.2.0](https://github.com/actions/setup-node/releases/tag/v4.2.0) #### What's Changed - Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1174 - Add recommended permissions section to readme by [@benwells](https://github.com/benwells) in actions/setup-node#1193 - Configure Dependabot settings by [@HarithaVattikuti](https://github.com/HarithaVattikuti) in actions/setup-node#1192 - Upgrade `@actions/cache` to `^4.0.0` by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1191 - Upgrade pnpm/action-setup from 2 to 4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1194 - Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1195 - Upgrade semver from 7.6.0 to 7.6.3 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1196 - Upgrade [@types/jest](https://github.com/types/jest) from 29.5.12 to 29.5.14 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1201 - Upgrade undici from 5.28.4 to 5.28.5 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1205 #### New Contributors - [@benwells](https://github.com/benwells) made their first contribution in actions/setup-node#1193 **Full Changelog**: actions/setup-node@v4...v4.2.0 ## [vv4.1.0](https://github.com/actions/setup-node/releases/tag/v4.1.0) #### What's Changed - Resolve High Security Alerts by upgrading Dependencies by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1132 - Upgrade IA Publish by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1134 - Revise `isGhes` logic by [@jww3](https://github.com/jww3) in actions/setup-node#1148 - Add architecture to cache key by [@pengx17](https://github.com/pengx17) in actions/setup-node#843 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format. #### New Contributors - [@jww3](https://github.com/jww3) made their first contribution in actions/setup-node#1148 - [@pengx17](https://github.com/pengx17) made their first contribution in actions/setup-node#843 **Full Changelog**: actions/setup-node@v4...v4.1.0 ## [vv4.0.4](https://github.com/actions/setup-node/releases/tag/v4.0.4) #### What's Changed - Add workflow file for publishing releases to immutable action package by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1125 - Enhance Windows ARM64 Setup and Update micromatch Dependency by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1126 ##### Documentation changes: - Documentation update in the README file by [@suyashgaonkar](https://github.com/suyashgaonkar) in actions/setup-node#1106 - Correct invalid 'lts' version string reference by [@fulldecent](https://github.com/fulldecent) in actions/setup-node#1124 #### New Contributors - [@suyashgaonkar](https://github.com/suyashgaonkar) made their first contribution in actions/setup-node#1106 - [@priyagupta108](https://github.com/priyagupta108) made their first contribution in actions/setup-node#1126 - [@Jcambass](https://github.com/Jcambass) made their first contribution in actions/setup-node#1125 - [@fulldecent](https://github.com/fulldecent) made their first contribution in actions/setup-node#1124 **Full Changelog**: actions/setup-node@v4...v4.0.4
mmatl
added a commit
to ambi-robotics/setup-node
that referenced
this pull request
Jul 23, 2025
* Fix macos latest check failures (actions#1041) * Update latest node versions * Update latest node versions * Update test data * Update test data * Update test data * Update test data * Update test data * macos lts failure fix * Update macos-13 * Bump braces from 3.0.2 to 3.0.3 (actions#1087) * Bump braces from 3.0.2 to 3.0.3 Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * Bump undici from 5.28.3 to 5.28.4 --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <[email protected]> * Documentation update in the README file (actions#1106) * first commit on using setup node * Delete .github/workflows/helloWorld.yml * Create main.yml * Rename main.yml to helloworld.yml * goodbye world added * name changed to goodbye * updated README --------- Co-authored-by: Suyash Gaonkar <[email protected]> * Fix: windows arm64 setup (actions#1126) * Add condition to ensure ZIP extraction targets only Windows ARM64 official archives * Bumps micromatch from 4.0.5 to 4.0.8 * Create publish-immutable-action.yml * Upgrade IA Publish * Correct version string (actions#1124) * Resolve High Security Alerts by upgrading Dependencies (actions#1132) * db-alerts-fix * npm run format * db-alert-fix * failure check fix * check- filaure fix * Revise `isGhes` logic (actions#1148) * Revise `isGhes` logic * ran 'npm run format' * added unit test * fix: add arch to cached path (actions#843) * fix: add arch to cached path * fix: change from using env to os module * fix: use process.env.RUNNER_OS instead of os.platform() * fix: remove unused var * Add macos-13 to the workflows and upgrade publish-actions from 0.2.2 to 0.3.0 (actions#1174) * Update versions.yml * Update versions.yml * ubuntu-24, macos-13 updates * check -failure fix * Update README.md (actions#1193) * Create dependabot.yml (actions#1192) * Use the new cache service: upgrade `@actions/cache` to `^4.0.0` (actions#1191) * upgrade `@actions/cache` to `^4.0.0` * Review licenses & update types * updated package-lock.json * Bump pnpm/action-setup from 2 to 4 (actions#1194) Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 2 to 4. - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](pnpm/action-setup@v2...v4) --- updated-dependencies: - dependency-name: pnpm/action-setup dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (actions#1195) Bumps [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action) from 0.0.3 to 0.0.4. - [Release notes](https://github.com/actions/publish-immutable-action/releases) - [Commits](actions/publish-immutable-action@0.0.3...v0.0.4) --- updated-dependencies: - dependency-name: actions/publish-immutable-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump semver from 7.6.0 to 7.6.3 (actions#1196) * Bump semver from 7.6.0 to 7.6.3 Bumps [semver](https://github.com/npm/node-semver) from 7.6.0 to 7.6.3. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.6.0...v7.6.3) --- updated-dependencies: - dependency-name: semver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * fix for check-dist & license check failures --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <[email protected]> * Bump @types/jest from 29.5.12 to 29.5.14 (actions#1201) Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 29.5.12 to 29.5.14. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest) --- updated-dependencies: - dependency-name: "@types/jest" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump undici from 5.28.4 to 5.28.5 (actions#1205) * Bump undici from 5.28.4 to 5.28.5 Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.4...v5.28.5) --- updated-dependencies: - dependency-name: undici dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * fix for check-dist and license failures * npm run updates --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <[email protected]> * Bump @actions/glob from 0.4.0 to 0.5.0 (actions#1200) * Bump @actions/glob from 0.4.0 to 0.5.0 Bumps [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) from 0.4.0 to 0.5.0. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/glob) --- updated-dependencies: - dependency-name: "@actions/glob" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> * fix for check-dist and license failures --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <[email protected]> * actions/cache upgrade (actions#1251) Co-authored-by: “gowridurgad” <“[email protected]> * Bump @vercel/ncc from 0.38.1 to 0.38.3 (actions#1203) * Bump @vercel/ncc from 0.38.1 to 0.38.3 Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.38.3. - [Release notes](https://github.com/vercel/ncc/releases) - [Commits](vercel/ncc@0.38.1...0.38.3) --- updated-dependencies: - dependency-name: "@vercel/ncc" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * fix for check failures --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <[email protected]> * Bump @actions/tool-cache from 2.0.1 to 2.0.2 (actions#1220) * Bump @actions/tool-cache from 2.0.1 to 2.0.2 Bumps [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache) from 2.0.1 to 2.0.2. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache) --- updated-dependencies: - dependency-name: "@actions/tool-cache" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> * check failures fix --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <[email protected]> * Make eslint-compact matcher compatible with Stylelint (actions#98) * Add support for indented eslint output (actions#1245) * feat: support private mirrors (actions#1240) * feat: support private mirrors * chore: change fallback message with mirrors * Bump @action/cache from 4.0.2 to 4.0.3 (actions#1262) * Update versions.yml * Update versions.yml * actions/cache upgrade to 4.0.3 * events update * npm audit fix revert * npm adit fix revert * Bump @octokit/request-error and @actions/github (actions#1227) * Bump @octokit/request-error and @actions/github Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) to 5.1.1 and updates ancestor dependency [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github). These dependencies need to be updated together. Updates `@octokit/request-error` from 2.1.0 to 5.1.1 - [Release notes](https://github.com/octokit/request-error.js/releases) - [Commits](octokit/request-error.js@v2.1.0...v5.1.1) Updates `@actions/github` from 5.1.1 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) --- updated-dependencies: - dependency-name: "@octokit/request-error" dependency-type: indirect - dependency-name: "@actions/github" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> * Fix failures --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <[email protected]> * Bump uuid from 9.0.1 to 11.1.0 (actions#1273) * Bump uuid from 9.0.1 to 11.1.0 Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v11.1.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 11.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Bump uuid from 9.0.1 to 11.1.0 Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v11.1.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 11.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> * Fix failures --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <[email protected]> * fix: build --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: HarithaVattikuti <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: suyashgaonkar <[email protected]> Co-authored-by: Suyash Gaonkar <[email protected]> Co-authored-by: Priya Gupta <[email protected]> Co-authored-by: Joel Ambass <[email protected]> Co-authored-by: William Entriken <[email protected]> Co-authored-by: aparnajyothi-y <[email protected]> Co-authored-by: John Wesley Walker III <[email protected]> Co-authored-by: Peng Xiao <[email protected]> Co-authored-by: Ben Wells <[email protected]> Co-authored-by: Aparna Jyothi <[email protected]> Co-authored-by: gowridurgad <[email protected]> Co-authored-by: “gowridurgad” <“[email protected]> Co-authored-by: Flo Edelmann <[email protected]> Co-authored-by: fregante <[email protected]> Co-authored-by: Marco Ippolito <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Add new Recommended permissions section to the README file.