Hi maintainers,
While reviewing the CI workflows, I noticed that none of them define explicit permissions: and therefore rely on GitHub’s default token permissions.
GitHub recommends defining the minimum required permissions explicitly to reduce the blast radius in case of compromised workflows.
Before proposing a change, I wanted to ask:
- Is this intentional due to specific workflow requirements?
- Would you be open to a PR that scopes permissions to the minimum
required for each workflow?
Happy to help with a proposal if this aligns with the project direction.
Hi maintainers,
While reviewing the CI workflows, I noticed that none of them define explicit
permissions:and therefore rely on GitHub’s default token permissions.GitHub recommends defining the minimum required permissions explicitly to reduce the blast radius in case of compromised workflows.
Before proposing a change, I wanted to ask:
required for each workflow?
Happy to help with a proposal if this aligns with the project direction.