Skip to content

Update README; Potential fix for code scanning alert no. 1: Workflow does not contain permissions #19

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kwong-yw merged 2 commits into from
Dec 17, 2025
Merged

Update README; Potential fix for code scanning alert no. 1: Workflow does not contain permissions #19

kwong-yw merged 2 commits into from
Dec 17, 2025

Conversation

@kwong-yw
Copy link
Collaborator

@kwong-yw kwong-yw commented Dec 15, 2025
edited
Loading

This pull fixes a security suggestion for our workflow, and also updates the README now that we no longer use Snowflake. Without a paid Snowflake account, we won't be able to run tests, so maintaining this gem is not possible.

Potential fix for https://github.com/vendasta/sequel-snowflake/security/code-scanning/1

To fix the workflow, explicitly limit the GITHUB_TOKEN permissions by adding a permissions block. As none of the steps require writing to the repo (e.g., creating releases, deploying, or opening pull requests), the correct minimal permissions are contents: read. This permissions block can be set at the workflow root (recommended, so it applies to all jobs by default), or within the specific jobs.test job. The best way is to add it immediately after the name: declaration and above the on: block.

What to change:

  • Edit .github/workflows/ruby.yml.
  • Insert: 
    permissions:
  contents: read
    after the name: Ruby line (line 8 or 9).

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

kwong-yw and others added 2 commits December 15, 2025 12:07
@kwong-yw @github-advanced-security
Potential fix for code scanning alert no. 1: Workflow does not contai…
aab20c9 
…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@kwong-yw
Update with warning
d260e3a
@kwong-yw kwong-yw changed the title Potential fix for code scanning alert no. 1: Workflow does not contain permissions Update README; Potential fix for code scanning alert no. 1: Workflow does not contain permissions Dec 15, 2025
@kwong-yw kwong-yw marked this pull request as ready for review December 15, 2025 17:16
@kwong-yw kwong-yw merged commit 2aeb74c into main Dec 17, 2025
5 checks passed
@kwong-yw kwong-yw deleted the alert-autofix-1 branch December 17, 2025 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@faustus7 faustus7 faustus7 approved these changes

@rileywiebe rileywiebe Awaiting requested review from rileywiebe

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kwong-yw @faustus7