From a709493273bd0418e3add9f762007a26778364d6 Mon Sep 17 00:00:00 2001 From: Antonin Delpeuch Date: Thu, 22 Apr 2021 08:04:39 +0200 Subject: [PATCH] Use read permissions in pull_request_target CI to mitigate vulnerability --- .github/workflows/pull_request.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index e1b6a878e..e769967ec 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -5,6 +5,8 @@ on: paths-ignore: - 'docs/**' +permissions: read-all + jobs: server_tests: strategy: