Update dependabot config #35
zoo-github-actions-auth[bot]security-pr.yml Required
on: pull_request
semgrep-oss/scan
33s
zizmor
20s
Annotations
4 warnings
|
excessive-permissions:
.github/workflows/build.yml#L12
build.yml:12: overly broad permissions: default permissions used due to no permissions: block
|
|
artipacked:
.github/workflows/build.yml#L16
build.yml:16: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
|
|
excessive-permissions:
.github/workflows/boop-website.yml#L11
boop-website.yml:11: overly broad permissions: default permissions used due to no permissions: block
|
|
zizmor
No file matched to [/home/runner/work/documentation/documentation/**/*requirements*.txt,/home/runner/work/documentation/documentation/**/*requirements*.in,/home/runner/work/documentation/documentation/**/*constraints*.txt,/home/runner/work/documentation/documentation/**/*constraints*.in,/home/runner/work/documentation/documentation/**/pyproject.toml,/home/runner/work/documentation/documentation/**/uv.lock,/home/runner/work/documentation/documentation/**/*.py.lock]. The cache will never get invalidated. Make sure you have checked out the target repository and configured the cache-dependency-glob input correctly.
|