Use read permissions in pull_request_target CI to mitigate vulnerability

2021-04-22 08:04:39 +02:00 · 2021-04-22 08:04:39 +02:00 · a709493273
commit a709493273
parent bea8bd38f1
1 changed files with 2 additions and 0 deletions
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@ -5,6 +5,8 @@ on:
    paths-ignore:
      - 'docs/**'

+permissions: read-all
+
 jobs:
  server_tests:
    strategy: