Skip to content

🌿 Fern Regeneration -- August 29, 2025 #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

🌿 Fern Regeneration -- August 29, 2025 #14

wants to merge 1 commit into from

Conversation

fern-api[bot]
Copy link
Contributor

@fern-api fern-api bot commented Aug 29, 2025

This PR regenerates code to match the latest API Definition.

github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 29, 2025
View reviewed changes
.github/workflows/ci.yml
Comment on lines +22 to +37
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

- name: Install Rye
- name: Checkout repo
uses: actions/checkout@v4
- name: Set up python
uses: actions/setup-python@v4
with:
python-version: 3.8
- name: Bootstrap poetry
run: |
curl -sSf https://rye.astral.sh/get | bash
echo "$HOME/.rye/shims" >> $GITHUB_PATH
env:
RYE_VERSION: '0.44.0'
RYE_INSTALL_OPTION: '--yes'

- name: Bootstrap
run: ./scripts/bootstrap
curl -sSL https://install.python-poetry.org | python - -y --version 1.5.1
- name: Install dependencies
run: poetry install

- name: Run tests
run: ./scripts/test
- name: Test
run: poetry run pytest -rP .

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 22 days ago

To fix the problem, you should add a permissions block restricting GITHUB_TOKEN access at either the workflow level (for all jobs) or at each job individually (for fine-grained control). For standard CI jobs involving checkout and running tests/static analysis, the least privilege necessary is usually contents: read. Since the workflow does not appear to require any write operations, adding this block at the top (after name: and before on:) is preferred and is concise, enforcing least privilege for all jobs.
File to edit: .github/workflows/ci.yml
Where to add: Immediately after the workflow name (name: ci), before the on: key.
What to add:

permissions:
  contents: read

No import or definition changes are needed, as this is a YAML configuration change.

Suggested changeset 1
.github/workflows/ci.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,4 +1,6 @@
 name: ci
+permissions:
+  contents: read
 
 on: [push]
 jobs:
EOF
@@ -1,4 +1,6 @@
name: ci
permissions:
contents: read

on: [push]
jobs:
Copilot is powered by AI and may make mistakes. Always verify output.
@maticzav maticzav closed this Sep 2, 2025
@maticzav maticzav deleted the fern-bot/2025-08-29T21-17Z branch September 2, 2025 07:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@maticzav