-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Add recommended permissions section to readme #1193
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HarithaVattikuti
approved these changes
Jan 16, 2025
This was referenced Jan 29, 2025
Merged
renovate bot
added a commit
to andrei-picus-tink/auto-renovate
that referenced
this pull request
Mar 18, 2025
| datasource | package | from | to | | ----------- | ------------------ | ------ | ------ | | github-tags | actions/setup-node | v4.0.3 | v4.3.0 | ## [vv4.3.0](actions/setup-node@v4.2.0...v4.3.0) ## [vv4.2.0](https://github.com/actions/setup-node/releases/tag/v4.2.0) #### What's Changed - Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1174 - Add recommended permissions section to readme by [@benwells](https://github.com/benwells) in actions/setup-node#1193 - Configure Dependabot settings by [@HarithaVattikuti](https://github.com/HarithaVattikuti) in actions/setup-node#1192 - Upgrade `@actions/cache` to `^4.0.0` by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1191 - Upgrade pnpm/action-setup from 2 to 4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1194 - Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1195 - Upgrade semver from 7.6.0 to 7.6.3 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1196 - Upgrade [@types/jest](https://github.com/types/jest) from 29.5.12 to 29.5.14 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1201 - Upgrade undici from 5.28.4 to 5.28.5 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1205 #### New Contributors - [@benwells](https://github.com/benwells) made their first contribution in actions/setup-node#1193 **Full Changelog**: actions/setup-node@v4...v4.2.0 ## [vv4.1.0](https://github.com/actions/setup-node/releases/tag/v4.1.0) #### What's Changed - Resolve High Security Alerts by upgrading Dependencies by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1132 - Upgrade IA Publish by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1134 - Revise `isGhes` logic by [@jww3](https://github.com/jww3) in actions/setup-node#1148 - Add architecture to cache key by [@pengx17](https://github.com/pengx17) in actions/setup-node#843 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format. #### New Contributors - [@jww3](https://github.com/jww3) made their first contribution in actions/setup-node#1148 - [@pengx17](https://github.com/pengx17) made their first contribution in actions/setup-node#843 **Full Changelog**: actions/setup-node@v4...v4.1.0 ## [vv4.0.4](https://github.com/actions/setup-node/releases/tag/v4.0.4) #### What's Changed - Add workflow file for publishing releases to immutable action package by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1125 - Enhance Windows ARM64 Setup and Update micromatch Dependency by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1126 ##### Documentation changes: - Documentation update in the README file by [@suyashgaonkar](https://github.com/suyashgaonkar) in actions/setup-node#1106 - Correct invalid 'lts' version string reference by [@fulldecent](https://github.com/fulldecent) in actions/setup-node#1124 #### New Contributors - [@suyashgaonkar](https://github.com/suyashgaonkar) made their first contribution in actions/setup-node#1106 - [@priyagupta108](https://github.com/priyagupta108) made their first contribution in actions/setup-node#1126 - [@Jcambass](https://github.com/Jcambass) made their first contribution in actions/setup-node#1125 - [@fulldecent](https://github.com/fulldecent) made their first contribution in actions/setup-node#1124 **Full Changelog**: actions/setup-node@v4...v4.0.4
1 task
renovate bot
added a commit
to andrei-picus-tink/auto-renovate
that referenced
this pull request
Apr 17, 2025
| datasource | package | from | to | | ----------- | ------------------ | ------ | ------ | | github-tags | actions/setup-node | v4.0.3 | v4.4.0 | ## [vv4.4.0](actions/setup-node@v4.3.0...v4.4.0) ## [vv4.3.0](actions/setup-node@v4.2.0...v4.3.0) ## [vv4.2.0](https://github.com/actions/setup-node/releases/tag/v4.2.0) #### What's Changed - Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1174 - Add recommended permissions section to readme by [@benwells](https://github.com/benwells) in actions/setup-node#1193 - Configure Dependabot settings by [@HarithaVattikuti](https://github.com/HarithaVattikuti) in actions/setup-node#1192 - Upgrade `@actions/cache` to `^4.0.0` by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1191 - Upgrade pnpm/action-setup from 2 to 4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1194 - Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1195 - Upgrade semver from 7.6.0 to 7.6.3 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1196 - Upgrade [@types/jest](https://github.com/types/jest) from 29.5.12 to 29.5.14 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1201 - Upgrade undici from 5.28.4 to 5.28.5 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1205 #### New Contributors - [@benwells](https://github.com/benwells) made their first contribution in actions/setup-node#1193 **Full Changelog**: actions/setup-node@v4...v4.2.0 ## [vv4.1.0](https://github.com/actions/setup-node/releases/tag/v4.1.0) #### What's Changed - Resolve High Security Alerts by upgrading Dependencies by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1132 - Upgrade IA Publish by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1134 - Revise `isGhes` logic by [@jww3](https://github.com/jww3) in actions/setup-node#1148 - Add architecture to cache key by [@pengx17](https://github.com/pengx17) in actions/setup-node#843 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format. #### New Contributors - [@jww3](https://github.com/jww3) made their first contribution in actions/setup-node#1148 - [@pengx17](https://github.com/pengx17) made their first contribution in actions/setup-node#843 **Full Changelog**: actions/setup-node@v4...v4.1.0 ## [vv4.0.4](https://github.com/actions/setup-node/releases/tag/v4.0.4) #### What's Changed - Add workflow file for publishing releases to immutable action package by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1125 - Enhance Windows ARM64 Setup and Update micromatch Dependency by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1126 ##### Documentation changes: - Documentation update in the README file by [@suyashgaonkar](https://github.com/suyashgaonkar) in actions/setup-node#1106 - Correct invalid 'lts' version string reference by [@fulldecent](https://github.com/fulldecent) in actions/setup-node#1124 #### New Contributors - [@suyashgaonkar](https://github.com/suyashgaonkar) made their first contribution in actions/setup-node#1106 - [@priyagupta108](https://github.com/priyagupta108) made their first contribution in actions/setup-node#1126 - [@Jcambass](https://github.com/Jcambass) made their first contribution in actions/setup-node#1125 - [@fulldecent](https://github.com/fulldecent) made their first contribution in actions/setup-node#1124 **Full Changelog**: actions/setup-node@v4...v4.0.4
mmatl
added a commit
to ambi-robotics/setup-node
that referenced
this pull request
Jul 23, 2025
* Fix macos latest check failures (actions#1041) * Update latest node versions * Update latest node versions * Update test data * Update test data * Update test data * Update test data * Update test data * macos lts failure fix * Update macos-13 * Bump braces from 3.0.2 to 3.0.3 (actions#1087) * Bump braces from 3.0.2 to 3.0.3 Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump undici from 5.28.3 to 5.28.4 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com> * Documentation update in the README file (actions#1106) * first commit on using setup node * Delete .github/workflows/helloWorld.yml * Create main.yml * Rename main.yml to helloworld.yml * goodbye world added * name changed to goodbye * updated README --------- Co-authored-by: Suyash Gaonkar <39784472+suyashrg18@users.noreply.github.com> * Fix: windows arm64 setup (actions#1126) * Add condition to ensure ZIP extraction targets only Windows ARM64 official archives * Bumps micromatch from 4.0.5 to 4.0.8 * Create publish-immutable-action.yml * Upgrade IA Publish * Correct version string (actions#1124) * Resolve High Security Alerts by upgrading Dependencies (actions#1132) * db-alerts-fix * npm run format * db-alert-fix * failure check fix * check- filaure fix * Revise `isGhes` logic (actions#1148) * Revise `isGhes` logic * ran 'npm run format' * added unit test * fix: add arch to cached path (actions#843) * fix: add arch to cached path * fix: change from using env to os module * fix: use process.env.RUNNER_OS instead of os.platform() * fix: remove unused var * Add macos-13 to the workflows and upgrade publish-actions from 0.2.2 to 0.3.0 (actions#1174) * Update versions.yml * Update versions.yml * ubuntu-24, macos-13 updates * check -failure fix * Update README.md (actions#1193) * Create dependabot.yml (actions#1192) * Use the new cache service: upgrade `@actions/cache` to `^4.0.0` (actions#1191) * upgrade `@actions/cache` to `^4.0.0` * Review licenses & update types * updated package-lock.json * Bump pnpm/action-setup from 2 to 4 (actions#1194) Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 2 to 4. - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](pnpm/action-setup@v2...v4) --- updated-dependencies: - dependency-name: pnpm/action-setup dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (actions#1195) Bumps [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action) from 0.0.3 to 0.0.4. - [Release notes](https://github.com/actions/publish-immutable-action/releases) - [Commits](actions/publish-immutable-action@0.0.3...v0.0.4) --- updated-dependencies: - dependency-name: actions/publish-immutable-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump semver from 7.6.0 to 7.6.3 (actions#1196) * Bump semver from 7.6.0 to 7.6.3 Bumps [semver](https://github.com/npm/node-semver) from 7.6.0 to 7.6.3. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.6.0...v7.6.3) --- updated-dependencies: - dependency-name: semver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check-dist & license check failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * Bump @types/jest from 29.5.12 to 29.5.14 (actions#1201) Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 29.5.12 to 29.5.14. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest) --- updated-dependencies: - dependency-name: "@types/jest" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump undici from 5.28.4 to 5.28.5 (actions#1205) * Bump undici from 5.28.4 to 5.28.5 Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.4...v5.28.5) --- updated-dependencies: - dependency-name: undici dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check-dist and license failures * npm run updates --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * Bump @actions/glob from 0.4.0 to 0.5.0 (actions#1200) * Bump @actions/glob from 0.4.0 to 0.5.0 Bumps [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) from 0.4.0 to 0.5.0. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/glob) --- updated-dependencies: - dependency-name: "@actions/glob" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check-dist and license failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * actions/cache upgrade (actions#1251) Co-authored-by: “gowridurgad” <“hgowridurgad@github.com> * Bump @vercel/ncc from 0.38.1 to 0.38.3 (actions#1203) * Bump @vercel/ncc from 0.38.1 to 0.38.3 Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.38.3. - [Release notes](https://github.com/vercel/ncc/releases) - [Commits](vercel/ncc@0.38.1...0.38.3) --- updated-dependencies: - dependency-name: "@vercel/ncc" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * Bump @actions/tool-cache from 2.0.1 to 2.0.2 (actions#1220) * Bump @actions/tool-cache from 2.0.1 to 2.0.2 Bumps [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache) from 2.0.1 to 2.0.2. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache) --- updated-dependencies: - dependency-name: "@actions/tool-cache" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * check failures fix --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * Make eslint-compact matcher compatible with Stylelint (actions#98) * Add support for indented eslint output (actions#1245) * feat: support private mirrors (actions#1240) * feat: support private mirrors * chore: change fallback message with mirrors * Bump @action/cache from 4.0.2 to 4.0.3 (actions#1262) * Update versions.yml * Update versions.yml * actions/cache upgrade to 4.0.3 * events update * npm audit fix revert * npm adit fix revert * Bump @octokit/request-error and @actions/github (actions#1227) * Bump @octokit/request-error and @actions/github Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) to 5.1.1 and updates ancestor dependency [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github). These dependencies need to be updated together. Updates `@octokit/request-error` from 2.1.0 to 5.1.1 - [Release notes](https://github.com/octokit/request-error.js/releases) - [Commits](octokit/request-error.js@v2.1.0...v5.1.1) Updates `@actions/github` from 5.1.1 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) --- updated-dependencies: - dependency-name: "@octokit/request-error" dependency-type: indirect - dependency-name: "@actions/github" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Fix failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com> * Bump uuid from 9.0.1 to 11.1.0 (actions#1273) * Bump uuid from 9.0.1 to 11.1.0 Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v11.1.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 11.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump uuid from 9.0.1 to 11.1.0 Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v11.1.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 11.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Fix failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com> * fix: build --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: suyashgaonkar <suyashgaonkar@github.com> Co-authored-by: Suyash Gaonkar <39784472+suyashrg18@users.noreply.github.com> Co-authored-by: Priya Gupta <147705955+priyagupta108@users.noreply.github.com> Co-authored-by: Joel Ambass <Jcambass@users.noreply.github.com> Co-authored-by: William Entriken <github.com@phor.net> Co-authored-by: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com> Co-authored-by: John Wesley Walker III <81404201+jww3@users.noreply.github.com> Co-authored-by: Peng Xiao <pengxiao@outlook.com> Co-authored-by: Ben Wells <benwells@github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> Co-authored-by: gowridurgad <159780674+gowridurgad@users.noreply.github.com> Co-authored-by: “gowridurgad” <“hgowridurgad@github.com> Co-authored-by: Flo Edelmann <git@flo-edelmann.de> Co-authored-by: fregante <me@fregante.com> Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description:
Add new Recommended permissions section to the README file.