Jaroslav Lobačevski

Looks like there is a collision with https://github.com/nothings/stb/pull/1454 Feel free to accept whichever you like.

Looks like it collided with https://github.com/nothings/stb/issues/1521 which has CVE-2023-43898 assigned to it. I'll request to withdraw the CVE-2023-45665.

Thank you for the feedback. I have created https://github.com/GitHubSecurityLab/actions-permissions/pull/29 for unknown permissions. As for `Do surface the api call(s)` have tried https://github.com/GitHubSecurityLab/actions-permissions/blob/f62d32cd684392a758c627a58e0756b734bd54fd/monitor/README.md?plain=1#L46? It provides much more logging.

Should be fixed with hosts filtering. Please try f62d32cd684392a758c627a58e0756b734bd54fd and reopen if still present.

Hi, thank you for the pull request! What is the value of [`GITHUB_SERVER_URL`](https://docs.github.com/en/actions/learn-github-actions/variables) in that case? I'm thinking maybe it can be just implemented as: ```js hosts.add(new URL(process.env.GITHUB_SERVER_URL).hostname); hosts.add(new URL(process.env.GITHUB_API_URL).hostname);...

Imlemented in f62d32cd684392a758c627a58e0756b734bd54fd

Good point, thank you for you feedback! If you could try applying the changes and try it with GHE (you can use `- uses: martincostello/actions-permissionsmonitor@your_branch`) I would merge that!

Implemented in f62d32cd684392a758c627a58e0756b734bd54fd

There is a [post step](https://github.com/GitHubSecurityLab/actions-permissions/blob/main/monitor/action.yml#L19) of the action that runs in the end of the job. You can read more about the GitHub Actions feature [here](https://docs.github.com/en/actions/creating-actions/metadata-syntax-for-github-actions#runspost). However it doesn't do...

That's odd. Thank you for the feedback! Indeed, it wasn't tested with self hosted runners, but I don't think there is a difference... There is a 10 sec timeout in...