Commit 7fb5c5b
committed
ci(build-test): cap GITHUB_TOKEN to contents: read
Workflow runs checks only; no GitHub API writes. Post-CVE-2025-30066 hardening pattern.
Signed-off-by: Arpit Jain <arpitjain099@gmail.com>1 parent b5159a5 commit 7fb5c5b
1 file changed
Lines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
15 | 15 | | |
16 | 16 | | |
17 | 17 | | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
18 | 21 | | |
19 | 22 | | |
20 | 23 | | |
| |||
0 commit comments