Skip to content

Add recommended permissions section to readme #1193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 16, 2025

Conversation

benwells
Copy link

Description:

Add new Recommended permissions section to the README file.

@benwells benwells requested a review from a team as a code owner January 16, 2025 14:25
@HarithaVattikuti HarithaVattikuti merged commit fbeca22 into main Jan 16, 2025
3 checks passed
@HarithaVattikuti HarithaVattikuti deleted the benwells/permissions-readme-update branch January 16, 2025 14:49
renovate bot added a commit to andrei-picus-tink/auto-renovate that referenced this pull request Mar 18, 2025
| datasource  | package            | from   | to     |
| ----------- | ------------------ | ------ | ------ |
| github-tags | actions/setup-node | v4.0.3 | v4.3.0 |


## [vv4.3.0](actions/setup-node@v4.2.0...v4.3.0)



## [vv4.2.0](https://github.com/actions/setup-node/releases/tag/v4.2.0)

#### What's Changed

-   Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1174
-   Add recommended permissions section to readme by [@benwells](https://github.com/benwells) in actions/setup-node#1193
-   Configure Dependabot settings by [@HarithaVattikuti](https://github.com/HarithaVattikuti) in actions/setup-node#1192
-   Upgrade `@actions/cache` to `^4.0.0` by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1191
-   Upgrade pnpm/action-setup from 2 to 4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1194
-   Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1195
-   Upgrade semver from 7.6.0 to 7.6.3 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1196
-   Upgrade [@types/jest](https://github.com/types/jest) from 29.5.12 to 29.5.14 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1201
-   Upgrade undici from 5.28.4 to 5.28.5 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1205

#### New Contributors

-   [@benwells](https://github.com/benwells) made their first contribution in actions/setup-node#1193

**Full Changelog**: actions/setup-node@v4...v4.2.0


## [vv4.1.0](https://github.com/actions/setup-node/releases/tag/v4.1.0)

#### What's Changed

-   Resolve High Security Alerts by upgrading Dependencies by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1132
-   Upgrade IA Publish by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1134
-   Revise `isGhes` logic by [@jww3](https://github.com/jww3) in actions/setup-node#1148
-   Add architecture to cache key by [@pengx17](https://github.com/pengx17) in actions/setup-node#843
    This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
    Note: This change may break previous cache keys as they will no longer be compatible with the new format.

#### New Contributors

-   [@jww3](https://github.com/jww3) made their first contribution in actions/setup-node#1148
-   [@pengx17](https://github.com/pengx17) made their first contribution in actions/setup-node#843

**Full Changelog**: actions/setup-node@v4...v4.1.0


## [vv4.0.4](https://github.com/actions/setup-node/releases/tag/v4.0.4)

#### What's Changed

-   Add workflow file for publishing releases to immutable action package by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1125
-   Enhance Windows ARM64 Setup and Update micromatch Dependency by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1126

##### Documentation changes:

-   Documentation update in the README file by [@suyashgaonkar](https://github.com/suyashgaonkar) in actions/setup-node#1106
-   Correct invalid 'lts' version string reference by [@fulldecent](https://github.com/fulldecent) in actions/setup-node#1124

#### New Contributors

-   [@suyashgaonkar](https://github.com/suyashgaonkar) made their first contribution in actions/setup-node#1106
-   [@priyagupta108](https://github.com/priyagupta108) made their first contribution in actions/setup-node#1126
-   [@Jcambass](https://github.com/Jcambass) made their first contribution in actions/setup-node#1125
-   [@fulldecent](https://github.com/fulldecent) made their first contribution in actions/setup-node#1124

**Full Changelog**: actions/setup-node@v4...v4.0.4
renovate bot added a commit to andrei-picus-tink/auto-renovate that referenced this pull request Apr 17, 2025
| datasource  | package            | from   | to     |
| ----------- | ------------------ | ------ | ------ |
| github-tags | actions/setup-node | v4.0.3 | v4.4.0 |


## [vv4.4.0](actions/setup-node@v4.3.0...v4.4.0)



## [vv4.3.0](actions/setup-node@v4.2.0...v4.3.0)



## [vv4.2.0](https://github.com/actions/setup-node/releases/tag/v4.2.0)

#### What's Changed

-   Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1174
-   Add recommended permissions section to readme by [@benwells](https://github.com/benwells) in actions/setup-node#1193
-   Configure Dependabot settings by [@HarithaVattikuti](https://github.com/HarithaVattikuti) in actions/setup-node#1192
-   Upgrade `@actions/cache` to `^4.0.0` by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1191
-   Upgrade pnpm/action-setup from 2 to 4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1194
-   Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1195
-   Upgrade semver from 7.6.0 to 7.6.3 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1196
-   Upgrade [@types/jest](https://github.com/types/jest) from 29.5.12 to 29.5.14 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1201
-   Upgrade undici from 5.28.4 to 5.28.5 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1205

#### New Contributors

-   [@benwells](https://github.com/benwells) made their first contribution in actions/setup-node#1193

**Full Changelog**: actions/setup-node@v4...v4.2.0


## [vv4.1.0](https://github.com/actions/setup-node/releases/tag/v4.1.0)

#### What's Changed

-   Resolve High Security Alerts by upgrading Dependencies by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1132
-   Upgrade IA Publish by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1134
-   Revise `isGhes` logic by [@jww3](https://github.com/jww3) in actions/setup-node#1148
-   Add architecture to cache key by [@pengx17](https://github.com/pengx17) in actions/setup-node#843
    This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts.
    Note: This change may break previous cache keys as they will no longer be compatible with the new format.

#### New Contributors

-   [@jww3](https://github.com/jww3) made their first contribution in actions/setup-node#1148
-   [@pengx17](https://github.com/pengx17) made their first contribution in actions/setup-node#843

**Full Changelog**: actions/setup-node@v4...v4.1.0


## [vv4.0.4](https://github.com/actions/setup-node/releases/tag/v4.0.4)

#### What's Changed

-   Add workflow file for publishing releases to immutable action package by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1125
-   Enhance Windows ARM64 Setup and Update micromatch Dependency by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1126

##### Documentation changes:

-   Documentation update in the README file by [@suyashgaonkar](https://github.com/suyashgaonkar) in actions/setup-node#1106
-   Correct invalid 'lts' version string reference by [@fulldecent](https://github.com/fulldecent) in actions/setup-node#1124

#### New Contributors

-   [@suyashgaonkar](https://github.com/suyashgaonkar) made their first contribution in actions/setup-node#1106
-   [@priyagupta108](https://github.com/priyagupta108) made their first contribution in actions/setup-node#1126
-   [@Jcambass](https://github.com/Jcambass) made their first contribution in actions/setup-node#1125
-   [@fulldecent](https://github.com/fulldecent) made their first contribution in actions/setup-node#1124

**Full Changelog**: actions/setup-node@v4...v4.0.4
mmatl added a commit to ambi-robotics/setup-node that referenced this pull request Jul 23, 2025
* Fix macos latest check failures (actions#1041)

* Update latest node versions

* Update latest node versions

* Update test data

* Update test data

* Update test data

* Update test data

* Update test data

* macos lts failure fix

* Update macos-13

* Bump braces from 3.0.2 to 3.0.3 (actions#1087)

* Bump braces from 3.0.2 to 3.0.3

Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3.
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump undici from 5.28.3 to 5.28.4

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>

* Documentation update in the README file (actions#1106)

* first commit on using setup node

* Delete .github/workflows/helloWorld.yml

* Create main.yml

* Rename main.yml to helloworld.yml

* goodbye world added

* name changed to goodbye

* updated README

---------

Co-authored-by: Suyash Gaonkar <39784472+suyashrg18@users.noreply.github.com>

* Fix: windows arm64 setup (actions#1126)

* Add condition to ensure ZIP extraction targets only Windows ARM64 official archives

* Bumps micromatch from 4.0.5 to 4.0.8

* Create publish-immutable-action.yml

* Upgrade IA Publish

* Correct version string (actions#1124)

* Resolve High Security Alerts by upgrading Dependencies (actions#1132)

* db-alerts-fix

* npm run format

* db-alert-fix

* failure check fix

* check- filaure fix

* Revise `isGhes` logic (actions#1148)

* Revise `isGhes` logic

* ran 'npm run format'

* added unit test

* fix: add arch to cached path (actions#843)

* fix: add arch to cached path

* fix: change from using env to os module

* fix: use process.env.RUNNER_OS instead of os.platform()

* fix: remove unused var

* Add macos-13 to the workflows and upgrade publish-actions from 0.2.2 to 0.3.0 (actions#1174)

* Update versions.yml

* Update versions.yml

* ubuntu-24, macos-13 updates

* check -failure fix

* Update README.md (actions#1193)

* Create dependabot.yml (actions#1192)

* Use the new cache service: upgrade `@actions/cache` to `^4.0.0` (actions#1191)

* upgrade `@actions/cache` to `^4.0.0`

* Review licenses & update types

* updated package-lock.json

* Bump pnpm/action-setup from 2 to 4 (actions#1194)

Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 2 to 4.
- [Release notes](https://github.com/pnpm/action-setup/releases)
- [Commits](pnpm/action-setup@v2...v4)

---
updated-dependencies:
- dependency-name: pnpm/action-setup
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (actions#1195)

Bumps [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action) from 0.0.3 to 0.0.4.
- [Release notes](https://github.com/actions/publish-immutable-action/releases)
- [Commits](actions/publish-immutable-action@0.0.3...v0.0.4)

---
updated-dependencies:
- dependency-name: actions/publish-immutable-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump semver from 7.6.0 to 7.6.3 (actions#1196)

* Bump semver from 7.6.0 to 7.6.3

Bumps [semver](https://github.com/npm/node-semver) from 7.6.0 to 7.6.3.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.6.0...v7.6.3)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check-dist & license check failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>

* Bump @types/jest from 29.5.12 to 29.5.14 (actions#1201)

Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 29.5.12 to 29.5.14.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest)

---
updated-dependencies:
- dependency-name: "@types/jest"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump undici from 5.28.4 to 5.28.5 (actions#1205)

* Bump undici from 5.28.4 to 5.28.5

Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v5.28.4...v5.28.5)

---
updated-dependencies:
- dependency-name: undici
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check-dist and license failures

* npm run updates

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>

* Bump @actions/glob from 0.4.0 to 0.5.0 (actions#1200)

* Bump @actions/glob from 0.4.0 to 0.5.0

Bumps [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) from 0.4.0 to 0.5.0.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/glob)

---
updated-dependencies:
- dependency-name: "@actions/glob"
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check-dist and license failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>

* actions/cache upgrade (actions#1251)

Co-authored-by: “gowridurgad” <“hgowridurgad@github.com>

* Bump @vercel/ncc from 0.38.1 to 0.38.3 (actions#1203)

* Bump @vercel/ncc from 0.38.1 to 0.38.3

Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.38.3.
- [Release notes](https://github.com/vercel/ncc/releases)
- [Commits](vercel/ncc@0.38.1...0.38.3)

---
updated-dependencies:
- dependency-name: "@vercel/ncc"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix for check failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>

* Bump @actions/tool-cache from 2.0.1 to 2.0.2 (actions#1220)

* Bump @actions/tool-cache from 2.0.1 to 2.0.2

Bumps [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache) from 2.0.1 to 2.0.2.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache)

---
updated-dependencies:
- dependency-name: "@actions/tool-cache"
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* check failures fix

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>

* Make eslint-compact matcher compatible with Stylelint (actions#98)

* Add support for indented eslint output (actions#1245)

* feat: support private mirrors (actions#1240)

* feat: support private mirrors

* chore: change fallback message with mirrors

* Bump @action/cache from 4.0.2 to 4.0.3 (actions#1262)

* Update versions.yml

* Update versions.yml

* actions/cache upgrade to 4.0.3

* events update

* npm audit fix revert

* npm adit fix revert

* Bump @octokit/request-error and @actions/github (actions#1227)

* Bump @octokit/request-error and @actions/github

Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) to 5.1.1 and updates ancestor dependency [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github). These dependencies need to be updated together.


Updates `@octokit/request-error` from 2.1.0 to 5.1.1
- [Release notes](https://github.com/octokit/request-error.js/releases)
- [Commits](octokit/request-error.js@v2.1.0...v5.1.1)

Updates `@actions/github` from 5.1.1 to 6.0.0
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@octokit/request-error"
  dependency-type: indirect
- dependency-name: "@actions/github"
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>

* Bump uuid from 9.0.1 to 11.1.0 (actions#1273)

* Bump uuid from 9.0.1 to 11.1.0

Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v9.0.1...v11.1.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 11.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump uuid from 9.0.1 to 11.1.0

Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0.
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v9.0.1...v11.1.0)

---
updated-dependencies:
- dependency-name: uuid
  dependency-version: 11.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

* Fix failures

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>

* fix: build

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: suyashgaonkar <suyashgaonkar@github.com>
Co-authored-by: Suyash Gaonkar <39784472+suyashrg18@users.noreply.github.com>
Co-authored-by: Priya Gupta <147705955+priyagupta108@users.noreply.github.com>
Co-authored-by: Joel Ambass <Jcambass@users.noreply.github.com>
Co-authored-by: William Entriken <github.com@phor.net>
Co-authored-by: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com>
Co-authored-by: John Wesley Walker III <81404201+jww3@users.noreply.github.com>
Co-authored-by: Peng Xiao <pengxiao@outlook.com>
Co-authored-by: Ben Wells <benwells@github.com>
Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com>
Co-authored-by: gowridurgad <159780674+gowridurgad@users.noreply.github.com>
Co-authored-by: “gowridurgad” <“hgowridurgad@github.com>
Co-authored-by: Flo Edelmann <git@flo-edelmann.de>
Co-authored-by: fregante <me@fregante.com>
Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy