Commit 2396ce3
committed
ci(precommit): cap GITHUB_TOKEN to contents: read
Workflow runs checks only; no GitHub API writes. Post-CVE-2025-30066 hardening pattern.
Signed-off-by: Arpit Jain <arpitjain099@gmail.com>1 parent a4defea commit 2396ce3
1 file changed
Lines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
| 10 | + | |
| 11 | + | |
| 12 | + | |
10 | 13 | | |
11 | 14 | | |
12 | 15 | | |
| |||
0 commit comments