Charon

akanealw/Charon

Fork 0

Commit Graph

Author	SHA1	Message	Date
GitHub Actions	cbd9bb48f5	chore: remove unused pull-requests permission from auto-versioning workflow Remove unused pull-requests: write permission from auto-versioning workflow. The workflow uses GitHub Release API which only requires contents: write permission. This follows the principle of least privilege. Changes: - Removed unused pull-requests: write permission - Added documentation for cancel-in-progress: false setting - Created backup of original workflow file - QA verification complete with all security checks passing Security Impact: - Reduces attack surface by removing unnecessary permission - Maintains functionality (no breaking changes) - Follows OWASP and CIS security best practices Related Issues: - Fixes GH013 repository rule violation on tag creation - CVE-2024-45337 in build cache (fix available, not in production) - CVE-2025-68156 in CrowdSec awaiting upstream fix QA Report: docs/reports/qa_report.md	2026-01-16 02:34:44 +00:00

Author

SHA1

Message

Date

GitHub Actions

cbd9bb48f5

chore: remove unused pull-requests permission from auto-versioning workflow

Remove unused pull-requests: write permission from auto-versioning workflow.
The workflow uses GitHub Release API which only requires contents: write
permission. This follows the principle of least privilege.

Changes:
- Removed unused pull-requests: write permission
- Added documentation for cancel-in-progress: false setting
- Created backup of original workflow file
- QA verification complete with all security checks passing

Security Impact:
- Reduces attack surface by removing unnecessary permission
- Maintains functionality (no breaking changes)
- Follows OWASP and CIS security best practices

Related Issues:
- Fixes GH013 repository rule violation on tag creation
- CVE-2024-45337 in build cache (fix available, not in production)
- CVE-2025-68156 in CrowdSec awaiting upstream fix

QA Report: docs/reports/qa_report.md

2026-01-16 02:34:44 +00:00

1 Commits