Skip to content

Potential fix for code scanning alert no. 14: Workflow does not contain permissions #1613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
priyankarpal merged 1 commit into from
Oct 6, 2025
Merged

Potential fix for code scanning alert no. 14: Workflow does not contain permissions #1613

priyankarpal merged 1 commit into from
Oct 6, 2025

Conversation

@priyankarpal
Copy link
Member

@priyankarpal priyankarpal commented Oct 6, 2025

Potential fix for https://github.com/reactplay/react-play/security/code-scanning/14

To address the problem, add a permissions block specifying the least privilege required. At the root level of .github/workflows/contributions.yml, add:

permissions:
  issues: write

This limits the workflow’s GITHUB_TOKEN so it can only write/read issue and PR comments, which is all that’s needed for this workflow (which creates comments on issues/PRs). Add this block directly beneath the name: and above the on: key to affect all jobs in the workflow (since there’s only one job).

No further changes or imports are required.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@priyankarpal @github-advanced-security
Potential fix for code scanning alert no. 14: Workflow does not conta…
9d27fa8 
…in permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Priyankar Pal  <88102392+priyankarpal@users.noreply.github.com>
@netlify
Copy link

netlify bot commented Oct 6, 2025
edited
Loading

Deploy Preview for reactplayio ready!

Name Link
🔨 Latest commit 9d27fa8
🔍 Latest deploy log https://app.netlify.com/projects/reactplayio/deploys/68e40135ac7a1e00078c68ca
😎 Deploy Preview https://deploy-preview-1613--reactplayio.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

github-actions[bot]
github-actions bot reviewed Oct 6, 2025
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey! contributor, thank you for opening a Pull Request 🎉.

@reactplay/maintainers will review your submission soon and give you helpful feedback. If you're interested in continuing your contributions to open source and want to be a part of a welcoming and fantastic community, we invite you to join our ReactPlay Discord Community.
Show your support by starring ⭐ this repository. Thank you and we appreciate your contribution to open source!
Stale Marking : After 30 days of inactivity this issue/PR will be marked as stale issue/PR and it will be closed and locked in 7 days if no further activity occurs.

@priyankarpal priyankarpal marked this pull request as ready for review October 6, 2025 17:51
@priyankarpal priyankarpal merged commit 0c5805e into main Oct 6, 2025
10 checks passed
@priyankarpal priyankarpal deleted the alert-autofix-14 branch October 6, 2025 17:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

@priyankarpal priyankarpal

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@priyankarpal