From a5ebd5e14b87fa3f623d9d0f6a8b65b6232f3c30 Mon Sep 17 00:00:00 2001 From: DevelopmentCats Date: Thu, 8 Jan 2026 14:10:43 -0600 Subject: [PATCH] chore: address copilot comments --- .github/workflows/version-bump.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/version-bump.yaml b/.github/workflows/version-bump.yaml index 47f34e53..4c925165 100644 --- a/.github/workflows/version-bump.yaml +++ b/.github/workflows/version-bump.yaml @@ -1,14 +1,14 @@ name: Version Bump # Using pull_request_target to allow commenting on PRs from forks. -# SECURITY: This workflow only checks out and runs code from the BASE branch, -# never from the PR. The PR's changes are only used for git diff comparison. +# SECURITY: Executable code (scripts, package.json) comes from the BASE branch only. +# Only the registry/ directory (data files) is checked out from the PR for version checking. on: pull_request_target: types: [labeled] concurrency: - group: ${{ github.workflow }}-${{ github.ref }} + group: ${{ github.workflow }}-${{ github.event.pull_request.number }} cancel-in-progress: true jobs: