Hunter Bown efa00ff69b security(ci): harden sync-cnb.yml — permissions, checkout v4, narrow trigger ...

- Add explicit permissions: contents: read (least-privilege)
- Bump actions/checkout@v3 → @v4
- Narrow trigger from on: [push] to on: push: branches: [main] + tags: ['v*']

Matches the hardening convention used by every other workflow in the repo.

2026-05-10 19:29:05 -05:00

..

auto-tag.yml

ci: switch npm publish to NPM_TOKEN + add auto-tag workflow

2026-04-26 12:22:15 -05:00

ci.yml

fix(security): tighten paths and output handling

2026-05-08 14:13:55 -05:00

nightly.yml

ci: add nightly build artifacts (#1013)

2026-05-07 05:01:06 -05:00

release.yml

fix(security): tighten paths and output handling

2026-05-08 14:13:55 -05:00

spam-lockdown.yml

docs+ci(v0.8.12): Resume by UUID, triage workflows, CHANGELOG refresh

2026-05-05 02:03:16 -05:00

stale.yml

docs+ci(v0.8.12): Resume by UUID, triage workflows, CHANGELOG refresh

2026-05-05 02:03:16 -05:00

sync-cnb.yml

security(ci): harden sync-cnb.yml — permissions, checkout v4, narrow trigger

2026-05-10 19:29:05 -05:00

triage.yml

docs+ci(v0.8.12): Resume by UUID, triage workflows, CHANGELOG refresh

2026-05-05 02:03:16 -05:00