Add 'contents: read' to workflow permissions to increase the OpenSSF scorecard of the repo#1880
Merged
lukebakken merged 1 commit intorabbitmq:mainfrom Nov 17, 2025
Conversation
…level for all main workflows of the repository.
Collaborator
|
@pavlofilatov1 thanks. Ping me when this is ready for review. |
michaelklishin
changed the title
michaelklishin
changed the title
Contributor
Author
|
@lukebakken the PR is ready for review. |
Contributor
|
@pavlofilatov1 don't worry about the checklist, the contribution process is very straightforward. You are welcome to sign the RabbitMQ CLA but it's not currently required for client libraries. |
Contributor
Author
@lukebakken Since it is not required I would skip that. Otherwise I have to discuss that Broadcom CLA sign that is required from a company inside my company and that might take some time, unfortunately. |
Contributor
|
This contribution likely counts for a trivial one anyway, it's not even a functional change in the library. |
lukebakken
approved these changes
Nov 17, 2025
This was referenced Feb 26, 2026
This was referenced Mar 2, 2026
hwinther
pushed a commit
to hwinther/test
that referenced
this pull request
Mar 7, 2026
[//]: # (dependabot-start)⚠️ **Dependabot is rebasing this PR**⚠️ Rebasing might not happen immediately, so don't worry if this takes some time. Note: if you make any changes to this PR yourself, they will take precedence over the rebase. --- [//]: # (dependabot-end) Updated [RabbitMQ.Client](https://github.com/rabbitmq/rabbitmq-dotnet-client) from 7.2.0 to 7.2.1. <details> <summary>Release notes</summary> _Sourced from [RabbitMQ.Client's releases](https://github.com/rabbitmq/rabbitmq-dotnet-client/releases)._ ## 7.2.1 [GitHub milestone](https://github.com/rabbitmq/rabbitmq-dotnet-client/milestone/77?closed=1) ## What's Changed * Add 'contents: read' to workflow permissions to increase the OpenSSF scorecard of the repo by @pavlofilatov1 in rabbitmq/rabbitmq-dotnet-client#1880 * Add workflow to check for GHA updates by @lukebakken in rabbitmq/rabbitmq-dotnet-client#1887 * Update GHA via `actions-up` by @lukebakken in rabbitmq/rabbitmq-dotnet-client#1886 * Added TryComplete instead of comple during channel shutdown by @patriktiain in rabbitmq/rabbitmq-dotnet-client#1885 * Catch all exceptions in HeartbeatWriteTimerCallback and HeartbeatReadTimerCallback to avoid crash by @klettier in rabbitmq/rabbitmq-dotnet-client#1876 * Use dependabot to update actions refs by @lukebakken in rabbitmq/rabbitmq-dotnet-client#1896 * Bump github/codeql-action from 3 to 4 by @dependabot[bot] in rabbitmq/rabbitmq-dotnet-client#1898 * Bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in rabbitmq/rabbitmq-dotnet-client#1897 * Bump actions/cache from 5.0.2 to 5.0.3 by @dependabot[bot] in rabbitmq/rabbitmq-dotnet-client#1899 * Fix unconditional semaphore release in BasicPublishAsync when Cancell… by @EvheniyHlushko in rabbitmq/rabbitmq-dotnet-client#1901 * Connection recovery: remove recorded bindings of auto-delete entities by @michaelklishin in rabbitmq/rabbitmq-dotnet-client#1906 * Pre-7.2.1 release preparation by @lukebakken in rabbitmq/rabbitmq-dotnet-client#1909 ## New Contributors * @pavlofilatov1 made their first contribution in rabbitmq/rabbitmq-dotnet-client#1880 * @patriktiain made their first contribution in rabbitmq/rabbitmq-dotnet-client#1885 * @klettier made their first contribution in rabbitmq/rabbitmq-dotnet-client#1876 * @dependabot[bot] made their first contribution in rabbitmq/rabbitmq-dotnet-client#1898 * @EvheniyHlushko made their first contribution in rabbitmq/rabbitmq-dotnet-client#1901 **Full Changelog**: rabbitmq/rabbitmq-dotnet-client@v7.2.0...v7.2.1 Commits viewable in [compare view](rabbitmq/rabbitmq-dotnet-client@v7.2.0...v7.2.1). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: dependabot[bot] <dependabot[bot]@users.noreply.github.com>
This was referenced Mar 16, 2026
This was referenced Mar 23, 2026
This was referenced Mar 30, 2026
This was referenced Apr 7, 2026
This was referenced Apr 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed Changes
These changes are being introduced to increase the repository's score that is calculated by the OpenSSF Scorecard (GitHub repo) tool.
This Pull Request updates the top-level permissions configuration within repo's GitHub workflows. It sets the default contents permission to read for the workflow token. The changes were done according to the recommendations from Scorecard regarding the token permissions and the discussion of this repository.
Types of Changes
Marked it as Other, but it is not the best choice. I would appreciate a recommendation regarding the right type.
Checklist
CONTRIBUTING.mddocument