Add recommended permissions section to readme #1193

benwells · 2025-01-16T14:25:21Z

Description:

Add new Recommended permissions section to the README file.

@aparnajyothi-y

| datasource | package | from | to | | ----------- | ------------------ | ------ | ------ | | github-tags | actions/setup-node | v4.0.3 | v4.3.0 | ## [vv4.3.0](actions/setup-node@v4.2.0...v4.3.0) ## [vv4.2.0](https://github.com/actions/setup-node/releases/tag/v4.2.0) #### What's Changed - Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1174 - Add recommended permissions section to readme by [@benwells](https://github.com/benwells) in actions/setup-node#1193 - Configure Dependabot settings by [@HarithaVattikuti](https://github.com/HarithaVattikuti) in actions/setup-node#1192 - Upgrade `@actions/cache` to `^4.0.0` by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1191 - Upgrade pnpm/action-setup from 2 to 4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1194 - Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1195 - Upgrade semver from 7.6.0 to 7.6.3 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1196 - Upgrade [@types/jest](https://github.com/types/jest) from 29.5.12 to 29.5.14 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1201 - Upgrade undici from 5.28.4 to 5.28.5 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1205 #### New Contributors - [@benwells](https://github.com/benwells) made their first contribution in actions/setup-node#1193 **Full Changelog**: actions/setup-node@v4...v4.2.0 ## [vv4.1.0](https://github.com/actions/setup-node/releases/tag/v4.1.0) #### What's Changed - Resolve High Security Alerts by upgrading Dependencies by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1132 - Upgrade IA Publish by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1134 - Revise `isGhes` logic by [@jww3](https://github.com/jww3) in actions/setup-node#1148 - Add architecture to cache key by [@pengx17](https://github.com/pengx17) in actions/setup-node#843 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format. #### New Contributors - [@jww3](https://github.com/jww3) made their first contribution in actions/setup-node#1148 - [@pengx17](https://github.com/pengx17) made their first contribution in actions/setup-node#843 **Full Changelog**: actions/setup-node@v4...v4.1.0 ## [vv4.0.4](https://github.com/actions/setup-node/releases/tag/v4.0.4) #### What's Changed - Add workflow file for publishing releases to immutable action package by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1125 - Enhance Windows ARM64 Setup and Update micromatch Dependency by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1126 ##### Documentation changes: - Documentation update in the README file by [@suyashgaonkar](https://github.com/suyashgaonkar) in actions/setup-node#1106 - Correct invalid 'lts' version string reference by [@fulldecent](https://github.com/fulldecent) in actions/setup-node#1124 #### New Contributors - [@suyashgaonkar](https://github.com/suyashgaonkar) made their first contribution in actions/setup-node#1106 - [@priyagupta108](https://github.com/priyagupta108) made their first contribution in actions/setup-node#1126 - [@Jcambass](https://github.com/Jcambass) made their first contribution in actions/setup-node#1125 - [@fulldecent](https://github.com/fulldecent) made their first contribution in actions/setup-node#1124 **Full Changelog**: actions/setup-node@v4...v4.0.4

@aparnajyothi-y

| datasource | package | from | to | | ----------- | ------------------ | ------ | ------ | | github-tags | actions/setup-node | v4.0.3 | v4.4.0 | ## [vv4.4.0](actions/setup-node@v4.3.0...v4.4.0) ## [vv4.3.0](actions/setup-node@v4.2.0...v4.3.0) ## [vv4.2.0](https://github.com/actions/setup-node/releases/tag/v4.2.0) #### What's Changed - Enhance workflows and upgrade publish-actions from 0.2.2 to 0.3.0 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1174 - Add recommended permissions section to readme by [@benwells](https://github.com/benwells) in actions/setup-node#1193 - Configure Dependabot settings by [@HarithaVattikuti](https://github.com/HarithaVattikuti) in actions/setup-node#1192 - Upgrade `@actions/cache` to `^4.0.0` by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1191 - Upgrade pnpm/action-setup from 2 to 4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1194 - Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1195 - Upgrade semver from 7.6.0 to 7.6.3 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1196 - Upgrade [@types/jest](https://github.com/types/jest) from 29.5.12 to 29.5.14 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1201 - Upgrade undici from 5.28.4 to 5.28.5 by [@dependabot](https://github.com/dependabot) in actions/setup-node#1205 #### New Contributors - [@benwells](https://github.com/benwells) made their first contribution in actions/setup-node#1193 **Full Changelog**: actions/setup-node@v4...v4.2.0 ## [vv4.1.0](https://github.com/actions/setup-node/releases/tag/v4.1.0) #### What's Changed - Resolve High Security Alerts by upgrading Dependencies by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in actions/setup-node#1132 - Upgrade IA Publish by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1134 - Revise `isGhes` logic by [@jww3](https://github.com/jww3) in actions/setup-node#1148 - Add architecture to cache key by [@pengx17](https://github.com/pengx17) in actions/setup-node#843 This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format. #### New Contributors - [@jww3](https://github.com/jww3) made their first contribution in actions/setup-node#1148 - [@pengx17](https://github.com/pengx17) made their first contribution in actions/setup-node#843 **Full Changelog**: actions/setup-node@v4...v4.1.0 ## [vv4.0.4](https://github.com/actions/setup-node/releases/tag/v4.0.4) #### What's Changed - Add workflow file for publishing releases to immutable action package by [@Jcambass](https://github.com/Jcambass) in actions/setup-node#1125 - Enhance Windows ARM64 Setup and Update micromatch Dependency by [@priyagupta108](https://github.com/priyagupta108) in actions/setup-node#1126 ##### Documentation changes: - Documentation update in the README file by [@suyashgaonkar](https://github.com/suyashgaonkar) in actions/setup-node#1106 - Correct invalid 'lts' version string reference by [@fulldecent](https://github.com/fulldecent) in actions/setup-node#1124 #### New Contributors - [@suyashgaonkar](https://github.com/suyashgaonkar) made their first contribution in actions/setup-node#1106 - [@priyagupta108](https://github.com/priyagupta108) made their first contribution in actions/setup-node#1126 - [@Jcambass](https://github.com/Jcambass) made their first contribution in actions/setup-node#1125 - [@fulldecent](https://github.com/fulldecent) made their first contribution in actions/setup-node#1124 **Full Changelog**: actions/setup-node@v4...v4.0.4

* Fix macos latest check failures (actions#1041) * Update latest node versions * Update latest node versions * Update test data * Update test data * Update test data * Update test data * Update test data * macos lts failure fix * Update macos-13 * Bump braces from 3.0.2 to 3.0.3 (actions#1087) * Bump braces from 3.0.2 to 3.0.3 Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump undici from 5.28.3 to 5.28.4 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com> * Documentation update in the README file (actions#1106) * first commit on using setup node * Delete .github/workflows/helloWorld.yml * Create main.yml * Rename main.yml to helloworld.yml * goodbye world added * name changed to goodbye * updated README --------- Co-authored-by: Suyash Gaonkar <39784472+suyashrg18@users.noreply.github.com> * Fix: windows arm64 setup (actions#1126) * Add condition to ensure ZIP extraction targets only Windows ARM64 official archives * Bumps micromatch from 4.0.5 to 4.0.8 * Create publish-immutable-action.yml * Upgrade IA Publish * Correct version string (actions#1124) * Resolve High Security Alerts by upgrading Dependencies (actions#1132) * db-alerts-fix * npm run format * db-alert-fix * failure check fix * check- filaure fix * Revise `isGhes` logic (actions#1148) * Revise `isGhes` logic * ran 'npm run format' * added unit test * fix: add arch to cached path (actions#843) * fix: add arch to cached path * fix: change from using env to os module * fix: use process.env.RUNNER_OS instead of os.platform() * fix: remove unused var * Add macos-13 to the workflows and upgrade publish-actions from 0.2.2 to 0.3.0 (actions#1174) * Update versions.yml * Update versions.yml * ubuntu-24, macos-13 updates * check -failure fix * Update README.md (actions#1193) * Create dependabot.yml (actions#1192) * Use the new cache service: upgrade `@actions/cache` to `^4.0.0` (actions#1191) * upgrade `@actions/cache` to `^4.0.0` * Review licenses & update types * updated package-lock.json * Bump pnpm/action-setup from 2 to 4 (actions#1194) Bumps [pnpm/action-setup](https://github.com/pnpm/action-setup) from 2 to 4. - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](pnpm/action-setup@v2...v4) --- updated-dependencies: - dependency-name: pnpm/action-setup dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (actions#1195) Bumps [actions/publish-immutable-action](https://github.com/actions/publish-immutable-action) from 0.0.3 to 0.0.4. - [Release notes](https://github.com/actions/publish-immutable-action/releases) - [Commits](actions/publish-immutable-action@0.0.3...v0.0.4) --- updated-dependencies: - dependency-name: actions/publish-immutable-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump semver from 7.6.0 to 7.6.3 (actions#1196) * Bump semver from 7.6.0 to 7.6.3 Bumps [semver](https://github.com/npm/node-semver) from 7.6.0 to 7.6.3. - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md) - [Commits](npm/node-semver@v7.6.0...v7.6.3) --- updated-dependencies: - dependency-name: semver dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check-dist & license check failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * Bump @types/jest from 29.5.12 to 29.5.14 (actions#1201) Bumps [@types/jest](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jest) from 29.5.12 to 29.5.14. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jest) --- updated-dependencies: - dependency-name: "@types/jest" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump undici from 5.28.4 to 5.28.5 (actions#1205) * Bump undici from 5.28.4 to 5.28.5 Bumps [undici](https://github.com/nodejs/undici) from 5.28.4 to 5.28.5. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.28.4...v5.28.5) --- updated-dependencies: - dependency-name: undici dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check-dist and license failures * npm run updates --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * Bump @actions/glob from 0.4.0 to 0.5.0 (actions#1200) * Bump @actions/glob from 0.4.0 to 0.5.0 Bumps [@actions/glob](https://github.com/actions/toolkit/tree/HEAD/packages/glob) from 0.4.0 to 0.5.0. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/glob/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/glob) --- updated-dependencies: - dependency-name: "@actions/glob" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check-dist and license failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * actions/cache upgrade (actions#1251) Co-authored-by: “gowridurgad” <“hgowridurgad@github.com> * Bump @vercel/ncc from 0.38.1 to 0.38.3 (actions#1203) * Bump @vercel/ncc from 0.38.1 to 0.38.3 Bumps [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.38.3. - [Release notes](https://github.com/vercel/ncc/releases) - [Commits](vercel/ncc@0.38.1...0.38.3) --- updated-dependencies: - dependency-name: "@vercel/ncc" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * fix for check failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * Bump @actions/tool-cache from 2.0.1 to 2.0.2 (actions#1220) * Bump @actions/tool-cache from 2.0.1 to 2.0.2 Bumps [@actions/tool-cache](https://github.com/actions/toolkit/tree/HEAD/packages/tool-cache) from 2.0.1 to 2.0.2. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/tool-cache/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/tool-cache) --- updated-dependencies: - dependency-name: "@actions/tool-cache" dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * check failures fix --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> * Make eslint-compact matcher compatible with Stylelint (actions#98) * Add support for indented eslint output (actions#1245) * feat: support private mirrors (actions#1240) * feat: support private mirrors * chore: change fallback message with mirrors * Bump @action/cache from 4.0.2 to 4.0.3 (actions#1262) * Update versions.yml * Update versions.yml * actions/cache upgrade to 4.0.3 * events update * npm audit fix revert * npm adit fix revert * Bump @octokit/request-error and @actions/github (actions#1227) * Bump @octokit/request-error and @actions/github Bumps [@octokit/request-error](https://github.com/octokit/request-error.js) to 5.1.1 and updates ancestor dependency [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github). These dependencies need to be updated together. Updates `@octokit/request-error` from 2.1.0 to 5.1.1 - [Release notes](https://github.com/octokit/request-error.js/releases) - [Commits](octokit/request-error.js@v2.1.0...v5.1.1) Updates `@actions/github` from 5.1.1 to 6.0.0 - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) --- updated-dependencies: - dependency-name: "@octokit/request-error" dependency-type: indirect - dependency-name: "@actions/github" dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * Fix failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com> * Bump uuid from 9.0.1 to 11.1.0 (actions#1273) * Bump uuid from 9.0.1 to 11.1.0 Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v11.1.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 11.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Bump uuid from 9.0.1 to 11.1.0 Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 11.1.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v9.0.1...v11.1.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 11.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Fix failures --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com> * fix: build --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: HarithaVattikuti <73516759+HarithaVattikuti@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: suyashgaonkar <suyashgaonkar@github.com> Co-authored-by: Suyash Gaonkar <39784472+suyashrg18@users.noreply.github.com> Co-authored-by: Priya Gupta <147705955+priyagupta108@users.noreply.github.com> Co-authored-by: Joel Ambass <Jcambass@users.noreply.github.com> Co-authored-by: William Entriken <github.com@phor.net> Co-authored-by: aparnajyothi-y <147696841+aparnajyothi-y@users.noreply.github.com> Co-authored-by: John Wesley Walker III <81404201+jww3@users.noreply.github.com> Co-authored-by: Peng Xiao <pengxiao@outlook.com> Co-authored-by: Ben Wells <benwells@github.com> Co-authored-by: Aparna Jyothi <aparnajyothi-y@github.com> Co-authored-by: gowridurgad <159780674+gowridurgad@users.noreply.github.com> Co-authored-by: “gowridurgad” <“hgowridurgad@github.com> Co-authored-by: Flo Edelmann <git@flo-edelmann.de> Co-authored-by: fregante <me@fregante.com> Co-authored-by: Marco Ippolito <marcoippolito54@gmail.com>

Update README.md

25f8cb6

benwells requested a review from a team as a code owner January 16, 2025 14:25

HarithaVattikuti approved these changes Jan 16, 2025

View reviewed changes

HarithaVattikuti merged commit fbeca22 into main Jan 16, 2025
3 checks passed

HarithaVattikuti deleted the benwells/permissions-readme-update branch January 16, 2025 14:49

renovate bot mentioned this pull request Apr 4, 2025

fix(deps): update all non-major dependencies koralle/front-end-tech-memo#17

Open

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Add recommended permissions section to readme #1193

Add recommended permissions section to readme #1193

Uh oh!

benwells commented Jan 16, 2025

Uh oh!

Uh oh!

Uh oh!

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Add recommended permissions section to readme #1193

Add recommended permissions section to readme #1193

Uh oh!

Conversation

benwells commented Jan 16, 2025

Uh oh!

Uh oh!

Uh oh!

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.