cbd9bb48f5
Remove unused pull-requests: write permission from auto-versioning workflow. The workflow uses GitHub Release API which only requires contents: write permission. This follows the principle of least privilege. Changes: - Removed unused pull-requests: write permission - Added documentation for cancel-in-progress: false setting - Created backup of original workflow file - QA verification complete with all security checks passing Security Impact: - Reduces attack surface by removing unnecessary permission - Maintains functionality (no breaking changes) - Follows OWASP and CIS security best practices Related Issues: - Fixes GH013 repository rule violation on tag creation - CVE-2024-45337 in build cache (fix available, not in production) - CVE-2025-68156 in CrowdSec awaiting upstream fix QA Report: docs/reports/qa_report.md
3.7 KiB
3.7 KiB