fix(cla): Harden action (#867)

The CLA action does not need contents: write permission. Limit it to read for security.
2025-10-23 07:11:56 +00:00 · 2025-08-26 12:41:29 +02:00
parent 215d57979d
commit ad8e34483f
1 changed files with 1 additions and 1 deletions
--- a/.github/workflows/cla.yaml
+++ b/.github/workflows/cla.yaml
@@ -7,7 +7,7 @@ on:

 permissions:
  actions: write
-  contents: write # this can be 'read' if the signatures are in remote repository
+  contents: read
  pull-requests: write
  statuses: write