Ashish Kurmi

Thanks @davidism for the feedback. We have been working with maintainers of critical open-source projects since April (the first PR on this issue) to address security issues related to elevated...

This is a good idea. The problem is that if workflows that need write access are not fixed by adding explicit permissions, and this change it made at the repo/org...

@Tom-Ski / @Frosty-J / @PokeMMO : could you please review this PR?

Thanks @Frosty-J for your response! Based on my analysis, this shouldn't break anything.

Thanks @MobiDevelop for approving the PR. Is there anything else I need to do before the PR is merged?

Thanks for flagging the gap @hoffie! I have incorporated your requested change, please take a look again.

@MysterAitch could you please review this PR?

Thanks for reviewing the PR @sobolevn ! I just addressed your comment, please take a look when you get a chance.

Thank you so much @srkgupta for reviewing the PR! Is there anything else needed before the PR could be merged?

Hello @bblommers, I am a maintainer of secure-workflows. I would love to understand the reasons for closing this PR. Any feedback you can provide would help us improve our open-source...