Bump pre-commit and fix zizmor's excessive-permissions warnings #217

hugovk · 2025-02-11T20:45:37Z

warning[excessive-permissions]: overly broad permissions
   --> .github/workflows/source-and-docs-release.yml:1:1
    |
  1 | / on:
  2 | |   push:
...   |
179 | |           cd ../installation
180 | |           ./bin/python3 -m test -uall
    | |______________________________________- default permissions used due to no permissions: block
    |
    = note: audit confidence → Medium

warning[excessive-permissions]: overly broad permissions
  --> .github/workflows/source-and-docs-release.yml:47:3
   |
47 | /   verify-input:
48 | |     runs-on: ubuntu-24.04
...  |
71 | |             exit 1
72 | |           fi
   | |            -
   | |____________|
   |              this job
   |              default permissions used due to no permissions: block
   |
   = note: audit confidence → Medium

warning[excessive-permissions]: overly broad permissions
   --> .github/workflows/source-and-docs-release.yml:74:3
    |
 74 | /   build-source:
 75 | |     runs-on: ubuntu-24.04
...   |
111 | |           path: |
112 | |             cpython/${{ env.CPYTHON_RELEASE }}/src
    | |                                                  -
    | |__________________________________________________|
    |                                                    this job
    |                                                    default permissions used due to no permissions: block
    |
    = note: audit confidence → Medium

warning[excessive-permissions]: overly broad permissions
   --> .github/workflows/source-and-docs-release.yml:114:3
    |
114 | /   build-docs:
115 | |     runs-on: ubuntu-24.04
...   |
154 | |           path: |
155 | |             Doc/dist/
    | |                     -
    | |_____________________|
    |                       this job
    |                       default permissions used due to no permissions: block
    |
    = note: audit confidence → Medium

warning[excessive-permissions]: overly broad permissions
   --> .github/workflows/source-and-docs-release.yml:157:3
    |
157 | /   test-source:
158 | |     runs-on: ubuntu-24.04
...   |
179 | |           cd ../installation
180 | |           ./bin/python3 -m test -uall
    | |                                      -
    | |______________________________________|
    |                                        this job
    |                                        default permissions used due to no permissions: block
    |
    = note: audit confidence → Medium

warning[excessive-permissions]: overly broad permissions
  --> .github/workflows/test.yml:9:3
   |
 9 | /   tests:
10 | |     name: "Tests"
...  |
33 | |         with:
34 | |           token: ${{ secrets.CODECOV_ORG_TOKEN }}
   | |                                                  -
   | |__________________________________________________|
   |                                                    this job
   |                                                    default permissions used due to no permissions: block
   |
   = note: audit confidence → Medium

11 findings (5 suppressed): 0 unknown, 0 informational, 0 low, 6 medium, 0 high

https://woodruffw.github.io/zizmor/audits/#excessive-permissions

Also remove the config for https://pre-commit.ci/ because we haven't enabled it for this repo, and perhaps we shouldn't, as we need to be extra careful with this one?

ci:	
  autoupdate_schedule: quarterly

Bump pre-commit and fix zizmor's excessive-permissions warnings

79961f0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump pre-commit and fix zizmor's excessive-permissions warnings #217

Bump pre-commit and fix zizmor's excessive-permissions warnings #217

hugovk commented Feb 11, 2025

Bump pre-commit and fix zizmor's excessive-permissions warnings #217

Are you sure you want to change the base?

Bump pre-commit and fix zizmor's excessive-permissions warnings #217

Conversation

hugovk commented Feb 11, 2025