Fix creating release

[yoavain]

PR Type

Bug fix

---

Description

• Update GitHub Actions workflow permissions for release creation

• Change contents permission from read to write

• Enable workflow to publish releases with proper authorization

---

Diagram Walkthrough

flowchart LR
  A["GitHub Actions Workflow"] -- "requires write access" --> B["Release Creation"]
  C["contents: read"] -- "changed to" --> D["contents: write"]
  D -- "enables" --> B

Loading

File Walkthrough

	Relevant files
Bug fix	nodejs.yml Update workflow permissions for release publishing              .github/workflows/nodejs.yml Changed contents permission from read to write in workflow permissions Allows GitHub Actions workflow to create and publish releases Fixes authorization issue preventing release creation on tag push +1/-1

---

[yoavain]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Elevated workflow permissions Description: The workflow permission change to contents: write grants the job the ability to modify repository contents (e.g., create/modify releases, tags, and potentially push commits depending on checkout/push steps), which increases blast radius if the workflow or any referenced actions are compromised. nodejs.yml [11-14] Referred Code permissions: id-token: write contents: write
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Expanded permissions: The workflow changes contents permission to write, which increases token capabilities and should be verified as least-privilege and appropriately constrained to only the required release-creation scope. Referred Code permissions: id-token: write contents: write Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Security	Scope write permissions to specific jobs To mitigate a security risk, move the contents: write permission from the workflow level to the specific job responsible for creating releases. This follows the principle of least privilege, preventing potentially malicious pull requests from gaining write access to the repository. .github/workflows/nodejs.yml [11-13] permissions: id-token: write - contents: write + contents: read Apply / Chat Suggestion importance[1-10]: 9 __ Why: This suggestion correctly identifies a critical security risk by granting contents: write at the workflow level, which could be exploited by malicious pull requests. Scoping this permission to only the release job is a crucial security improvement.	High
More

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.04%. Comparing base (6d34b4e) to head (cc6941c).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2368   +/-   ##
=======================================
  Coverage   94.04%   94.04%           
=======================================
  Files          19       19           
  Lines         336      336           
  Branches       52       52           
=======================================
  Hits          316      316           
  Misses         20       20           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.