search

FasterXML / jackson-dataformat-xml

Extension for Jackson JSON processor that adds support for serializing POJOs as XML (and deserializing from XML) as an alternative to JSON
Apache License 2.0
562 stars 221 forks source link

chore: Set permissions for GitHub actions #526

Closed neilnaveen closed 1 year ago

neilnaveen commented 2 years ago

Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests

Signed-off-by: neilnaveen 42328488+neilnaveen@users.noreply.github.com

cowtowncoder commented 1 year ago

Thanks! I made the same change earlier, not noticing this PR. Closing.