Dev-267 Found Larger Images in Details #37
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: Run linters | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Check out Git repository | ||
| uses: actions/checkout@v5 | ||
|
|
||
| - name: Set up Node.js | ||
| uses: actions/setup-node@v5 | ||
| with: | ||
| node-version: 22 | ||
|
|
||
| # ESLint and Prettier must be in `package.json` | ||
| - name: Install Node.js dependencies | ||
| run: yarn install --frozen-lockfile | ||
|
|
||
| - name: Run linters | ||
| uses: wearerequired/lint-action@v2.3.0 | ||
| with: | ||
| eslint: true | ||
| prettier: true |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 21 days ago
The best way to fix the problem is to add the permissions key with the appropriate least-privilege value. Since this workflow only checks out code and runs linters (it does not write to the repository, open issues, or perform other administrative tasks), it only needs contents: read.
Add the following block at the workflow (top) level, right after the name: or before on: keys:
permissions:
contents: readAlternatively, the permissions block can be placed at the job level (inside run-linters:), but top-level is typically preferred so that all jobs get this default restriction.
This change is fully contained within .github/workflows/lint.yml and does not require imports or additional code elsewhere.
| @@ -1,4 +1,6 @@ | ||
| name: Lint | ||
| permissions: | ||
| contents: read | ||
| on: pull_request | ||
| jobs: | ||
| run-linters: |
No description provided.