shreemaan-abhishek opened a new pull request, #12813: URL: https://github.com/apache/apisix/pull/12813
### Description This PR explicitly defines the permissions block for several GitHub Actions workflows that were previously relying on the default (potentially permissive) settings. By setting permissions: contents: read (and pull-requests: read where necessary), we ensure that the GITHUB_TOKEN used in these workflows follows the principle of least privilege. this acts as a security measure to limit the impact of a compromised workflow step. With a compromised github token, a bad actor can: - Push malicious code directly to the master branch. - Create or delete releases and tags. - Modify repository settings or secrets (if applicable). ### Checklist - [x] I have explained the need for this PR and the problem it solves - [x] I have explained the changes or the new features added to this PR - [ ] I have added tests corresponding to this change - [ ] I have updated the documentation to reflect this change - [x] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first) <!-- Note 1. Mark the PR as draft until it's ready to be reviewed. 2. Always add/update tests for any changes unless you have a good reason. 3. Always update the documentation to reflect the changes made in the PR. 4. Make a new commit to resolve conversations instead of `push -f`. 5. To resolve merge conflicts, merge master instead of rebasing. 6. Use "request review" to notify the reviewer after making changes. 7. Only a reviewer can mark a conversation as resolved. --> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
