Branch: refs/heads/master
Home: https://github.com/pmd/pmd
Commit: 57dfc7fb40d315106d6882b0b132db82ce55fa4c
https://github.com/pmd/pmd/commit/57dfc7fb40d315106d6882b0b132db82ce55fa4c
Author: naveen <[email protected]>
Date: 2022-04-29 (Fri, 29 Apr 2022)
Changed paths:
M .github/workflows/troubleshooting.yml
Log Message:
-----------
chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way,
even if the attackers will succeed in compromising your workflow, they won’t be
able to do much.
- Included permissions for the action.
https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn
requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)
Signed-off-by: naveen <[email protected]>
Commit: 94057f688d041ad140604bb1fb1249bad54adb31
https://github.com/pmd/pmd/commit/94057f688d041ad140604bb1fb1249bad54adb31
Author: Andreas Dangel <[email protected]>
Date: 2022-04-29 (Fri, 29 Apr 2022)
Changed paths:
M docs/pages/release_notes.md
Log Message:
-----------
[doc] Update release notes (#3943)
Commit: 47beb1c3cdcb8af1a0334c1c16bf589e760a3077
https://github.com/pmd/pmd/commit/47beb1c3cdcb8af1a0334c1c16bf589e760a3077
Author: Andreas Dangel <[email protected]>
Date: 2022-04-29 (Fri, 29 Apr 2022)
Changed paths:
M .all-contributorsrc
M docs/pages/pmd/projectdocs/credits.md
Log Message:
-----------
Add @naveensrinivasan as a contributor
Commit: e110a8447381a003e81b4212ddbf0e721b5bcb2e
https://github.com/pmd/pmd/commit/e110a8447381a003e81b4212ddbf0e721b5bcb2e
Author: Andreas Dangel <[email protected]>
Date: 2022-04-29 (Fri, 29 Apr 2022)
Changed paths:
M .all-contributorsrc
M .github/workflows/troubleshooting.yml
M docs/pages/pmd/projectdocs/credits.md
M docs/pages/release_notes.md
Log Message:
-----------
Merge pull request #3943 from turrisxyz:setup-permissions
chore: Set permissions for GitHub actions #3943
Commit: 4eb2471939d49fe325fb2af1f60bf8b7b31c733d
https://github.com/pmd/pmd/commit/4eb2471939d49fe325fb2af1f60bf8b7b31c733d
Author: Andreas Dangel <[email protected]>
Date: 2022-04-29 (Fri, 29 Apr 2022)
Changed paths:
M Gemfile.lock
Log Message:
-----------
Update gems
Fixes Command injection in ruby-git
(https://github.com/pmd/pmd/security/dependabot/21)
Compare: https://github.com/pmd/pmd/compare/c224209d7fe1...4eb2471939d4
_______________________________________________
Pmd-commits mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/pmd-commits
