From 6781ccea9e55f040b0c0b02b9e9452275de26480 Mon Sep 17 00:00:00 2001 From: "aikido-autofix[bot]" <119856028+aikido-autofix[bot]@users.noreply.github.com> Date: Tue, 7 Jul 2026 03:03:52 +0000 Subject: [PATCH] fix(security): autofix Overly Broad Permissions in GitHub Actions Workflows is risky --- .github/workflows/release.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 637124c..89010db 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,13 +5,14 @@ on: tags: - 'v*' -permissions: - id-token: write # Required for OIDC trusted publishing - contents: write # Required for creating GitHub releases +permissions: {} jobs: publish: runs-on: ubuntu-latest + permissions: + contents: write # Required for creating GitHub releases + id-token: write # Required for OIDC trusted publishing steps: - name: Checkout uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2