Skip to content

Pin mitlibraries/.github action to 6886f95#330

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/pin-dependencies
Open

Pin mitlibraries/.github action to 6886f95#330
renovate[bot] wants to merge 1 commit intomainfrom
renovate/pin-dependencies

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Mar 27, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
mitlibraries/.github action pinDigest 6886f95

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
    • Only on Sunday and Saturday (* * * * 0,6)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-advanced-security[bot]
github-advanced-security AI found potential problems Mar 27, 2026
View reviewed changes
@mitlib mitlib temporarily deployed to tacos-api-pipeline-pr-330 March 27, 2026 01:50 Inactive
@renovate renovate bot changed the title Pin mitlibraries/.github action to c758f3f Pin mitlibraries/.github action to 935e2fa Apr 3, 2026
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from d2f863e to c16a8ab Compare April 3, 2026 17:42
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 3, 2026
View reviewed changes
@renovate renovate bot changed the title Pin mitlibraries/.github action to 935e2fa Pin mitlibraries/.github action to 5ac3905 Apr 7, 2026
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from c16a8ab to 5839d01 Compare April 7, 2026 21:16
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 7, 2026
View reviewed changes
@renovate renovate bot changed the title Pin mitlibraries/.github action to 5ac3905 Pin mitlibraries/.github action to 187a36e Apr 13, 2026
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from 5839d01 to ea77106 Compare April 13, 2026 22:52
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 13, 2026
View reviewed changes
@renovate renovate bot changed the title Pin mitlibraries/.github action to 187a36e Pin mitlibraries/.github action to 6886f95 Apr 15, 2026
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from ea77106 to 93c22f0 Compare April 15, 2026 00:50
github-advanced-security[bot]
github-advanced-security AI found potential problems Apr 15, 2026
View reviewed changes
.github/workflows/mit-libraries-ruby-ci.yml
jobs:
shared:
uses: mitlibraries/.github/.github/workflows/ruby-shared-ci.yml@main
uses: mitlibraries/.github/.github/workflows/ruby-shared-ci.yml@6886f9574e40fab796c127d7e14d8db356c99124 # main

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {}

Copilot Autofix

AI about 14 hours ago

Add an explicit top-level permissions block in .github/workflows/mit-libraries-ruby-ci.yml so the workflow does not rely on ambient defaults. For this CI workflow, the minimal safe baseline is typically read-only repository contents access: contents: read. Placing it at the workflow root applies to all jobs (including the reusable workflow call job) unless overridden, and preserves existing behavior while reducing risk.

Change location:

  • File: .github/workflows/mit-libraries-ruby-ci.yml
  • Region: after the on: trigger block and before jobs:.

No imports, methods, or additional definitions are required.

Suggested changeset 1
.github/workflows/mit-libraries-ruby-ci.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/mit-libraries-ruby-ci.yml b/.github/workflows/mit-libraries-ruby-ci.yml
--- a/.github/workflows/mit-libraries-ruby-ci.yml
+++ b/.github/workflows/mit-libraries-ruby-ci.yml
@@ -5,6 +5,9 @@
   pull_request:
     branches: [main]
 
+permissions:
+  contents: read
+
 jobs:
   shared:
     uses: mitlibraries/.github/.github/workflows/ruby-shared-ci.yml@6886f9574e40fab796c127d7e14d8db356c99124 # main
EOF
@@ -5,6 +5,9 @@
pull_request:
branches: [main]

permissions:
contents: read

jobs:
shared:
uses: mitlibraries/.github/.github/workflows/ruby-shared-ci.yml@6886f9574e40fab796c127d7e14d8db356c99124 # main
Copilot is powered by AI and may make mistakes. Always verify output.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@github-advanced-security @mitlib