Skip to content
Security (PR)

Update api spec #16

Sign in to view logs

Update api spec

Update api spec #16

Triggered via pull request December 9, 2025 19:44
@zoo-github-actions-authzoo-github-actions-auth[bot]
synchronize #544
update-spec
Status Success
Total duration 12m 37s
Artifacts

security-pr.yml Required

on: pull_request
semgrep-oss/scan
12m 34s
semgrep-oss/scan
zizmor
2m 31s
zizmor
Fit to window
Zoom out
Zoom in

Annotations

4 errors, 10 warnings, and 1 notice
cache-poisoning: .github/workflows/update-spec-for-docs.yml#L32
update-spec-for-docs.yml:32: runtime artifacts potentially vulnerable to a cache poisoning attack: opt-in for caching here
cache-poisoning: .github/workflows/make-release.yml#L19
make-release.yml:19: runtime artifacts potentially vulnerable to a cache poisoning attack: opt-in for caching here
excessive-permissions: .github/workflows/docs.yml#L5
docs.yml:5: overly broad permissions: id-token: write is overly broad at the workflow level
excessive-permissions: .github/workflows/docs.yml#L4
docs.yml:4: overly broad permissions: pages: write is overly broad at the workflow level
excessive-permissions: .github/workflows/ruff.yml#L11
ruff.yml:11: overly broad permissions: default permissions used due to no permissions: block
artipacked: .github/workflows/ruff.yml#L14
ruff.yml:14: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
excessive-permissions: .github/workflows/mypy.yml#L11
mypy.yml:11: overly broad permissions: default permissions used due to no permissions: block
artipacked: .github/workflows/mypy.yml#L14
mypy.yml:14: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
artipacked: .github/workflows/make-release.yml#L13
make-release.yml:13: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
artipacked: .github/workflows/generate.yml#L18
generate.yml:18: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
artipacked: .github/workflows/docs.yml#L32
docs.yml:32: credential persistence through GitHub Actions artifacts: does not set persist-credentials: false
dependabot-cooldown: .github/dependabot.yml#L66
dependabot.yml:66: insufficient cooldown in Dependabot updates: missing cooldown configuration
dependabot-cooldown: .github/dependabot.yml#L35
dependabot.yml:35: insufficient cooldown in Dependabot updates: missing cooldown configuration
dependabot-cooldown: .github/dependabot.yml#L7
dependabot.yml:7: insufficient cooldown in Dependabot updates: missing cooldown configuration
use-trusted-publishing: .github/workflows/make-release.yml#L28
make-release.yml:28: prefer trusted publishing for authentication: this command