bito-code-review[bot] commented on PR #40780:
URL: https://github.com/apache/superset/pull/40780#issuecomment-4625677583
<!-- Bito Reply -->
The security warning regarding overly broad permissions in
`.github/workflows/superset-e2e.yml` refers to the newly added
`cypress-matrix-required` and `playwright-tests-required` jobs. These jobs
currently run with default permissions, which include broad access to the
repository. To address this, you should explicitly define the `permissions`
block for these jobs to follow the principle of least privilege, typically by
setting `permissions: contents: read`.
**.github/workflows/superset-e2e.yml**
```
cypress-matrix-required:
needs: [changes, cypress-matrix]
if: always()
runs-on: ubuntu-24.04
permissions:
contents: read
timeout-minutes: 5
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
