open-telemetry
diff --git a/‎.github/actions/test_gem/action.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/actions/test_gem/action.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/check-spelling.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/check-spelling.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/ci-contrib.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/ci-contrib.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/ci-instrumentation-with-services.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/ci-instrumentation-with-services.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/ci-instrumentation.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/ci-instrumentation.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/ci-markdown-link.yml‎
Lines changed: 5 additions & 0 deletions b/‎.github/workflows/ci-markdown-link.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.github/workflows/ci-markdownlint.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/workflows/ci-markdownlint.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/workflows/conventional-commits.yaml‎
Lines changed: 1 addition & 2 deletions b/‎.github/workflows/conventional-commits.yaml‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎.github/workflows/installation-tests.yml‎
Lines changed: 4 additions & 1 deletion b/‎.github/workflows/installation-tests.yml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎.github/workflows/ossf-scorecard.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/ossf-scorecard.yml‎
Lines changed: 1 addition & 1 deletion
@@ -84,7 +84,7 @@ runs:
     # ...but not for appraisals, sadly.
     - name: Install Ruby ${{ inputs.ruby }} with dependencies
       if: "${{ steps.setup.outputs.appraisals == 'false' }}"
-      uses: ruby/setup-ruby@v1.245.0
+      uses: ruby/setup-ruby@v1.247.0
       with:
         ruby-version: "${{ inputs.ruby }}"
         working-directory: "${{ steps.setup.outputs.gem_dir }}"
@@ -95,7 +95,7 @@ runs:
     # If we're using appraisals, do it all manually.
     - name: Install Ruby ${{ inputs.ruby }} without dependencies
       if: "${{ steps.setup.outputs.appraisals == 'true' }}"
-      uses: ruby/setup-ruby@v1.245.0
+      uses: ruby/setup-ruby@v1.247.0
       with:
         ruby-version: "${{ inputs.ruby }}"
         bundler:  "latest"
 
@@ -3,6 +3,9 @@ name: Spelling
 on:
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   spelling-check:
     name: SPELLING check
 
@@ -11,6 +11,9 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number }}  # Ensure that only one instance of this workflow is running per Pull Request
   cancel-in-progress: true  # Cancel any previous runs of this workflow
 
@@ -11,6 +11,9 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number }}  # Ensure that only one instance of this workflow is running per Pull Request
   cancel-in-progress: true  # Cancel any previous runs of this workflow
 
@@ -11,6 +11,9 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number }}  # Ensure that only one instance of this workflow is running per Pull Request
   cancel-in-progress: true  # Cancel any previous runs of this workflow
 
@@ -5,8 +5,13 @@ on:
     paths:
       - '**/*.md'
 
+permissions:
+  contents: read
+
 jobs:
   markdown-link-check:
+    permissions:
+      pull-requests: write # required for posting PR review comments
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
 
@@ -3,6 +3,9 @@ name: Markdown Lint Check
 on:
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   markdownlint-check:
     runs-on: ubuntu-latest
 
@@ -11,7 +11,6 @@ on:
 
 permissions:
   contents: read
-  pull-requests: read
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number }}  # Ensure that only one instance of this workflow is running per Pull Request
@@ -22,7 +21,7 @@ jobs:
     name: Conventional Commits Validation
     runs-on: ubuntu-latest
     steps:
-      - uses: dev-build-deploy/[email protected].0
+      - uses: dev-build-deploy/[email protected].3
         env:
           FORCE_COLOR: 3
         with:
 
@@ -9,6 +9,9 @@ on:
     # Everyday at 2 PM UTC
     - cron: "0 14 * * *"
 
+permissions:
+  contents: read
+
 jobs:
   installation-tests:
     strategy:
@@ -25,7 +28,7 @@ jobs:
       - uses: actions/checkout@v4
         # ATTENTION: Dependabot does not know how to update shared actions file.
         # If you see it update setup-ruby here also update it as part of actions/test_gem/action.yml
-      - uses: ruby/setup-ruby@v1.245.0
+      - uses: ruby/setup-ruby@v1.247.0
         with:
           ruby-version: ${{ matrix.ruby-version }}
       - name: "Install Latest Gem Versions on ${{ matrix.ruby-version }}"
 
@@ -43,6 +43,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0
+        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
         with:
           sarif_file: results.sarif