Audit fix

Add permissions section
2026-01-12 13:52:03 +08:00 · 2025-01-16 08:43:27 -06:00 · 2025-01-16 08:27:22 -06:00
2 changed files with 13 additions and 3 deletions
--- a/README.md
+++ b/README.md
@@ -20,6 +20,15 @@ Read more about action versioning notation in [action-versioning.md](https://git

 To roll back a release in case of customer impact, start the workflow manually and specify the previous stable tag.

+## Recommended permissions
+
+When using the `publish-action` in your GitHub Actions workflow, it is recommended to set the following permissions to ensure proper functionality:
+
+```yaml
+permissions:
+  contents: write # access to publish release
+```
+
 ## Conributions

 We don't accept contributions until the action is ready for production.
--- a/package-lock.json
+++ b/package-lock.json
@@ -2533,10 +2533,11 @@
      }
    },
    "node_modules/cross-spawn": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
-      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "version": "7.0.6",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
+      "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==",
      "dev": true,
+      "license": "MIT",
      "dependencies": {
        "path-key": "^3.1.0",
        "shebang-command": "^2.0.0",
Author	SHA1	Message	Date
HarithaVattikuti	5d0a8ceaea	Audit fix	2025-01-16 08:43:27 -06:00
HarithaVattikuti	0a555c8d11	Add permissions section	2025-01-16 08:27:22 -06:00