[Auto release] release 2.0.7#4276
Merged
xuefei1313 merged 61 commits intomainfrom Nov 3, 2025
Merged
Conversation
[Auto changelog] changlog of v2.0.6
…field Fix/water fall total stack by field
[Auto Sync] Sync the code from branch main to branch develop after release 2.0.6
fix: fix issue of waterfall stack total
fix: check if stackData is empty
feat: add regression-lines in vchart-extension
fix: support regression line for grouped scatter
add issue auto translate by Dromara
Add permissions for issues and pull requests in workflow
Add translate-issues workflow configuration
Set IS_MODIFY_TITLE to false for translation action.
Update translate-issues.yml to include permissions
Add translate-issues workflow configuration
Fix/logistic regression line
fix: upgrade-vutil to 1.0.12
feat: upgrade vrender to 1.0.21
docs(layout-item): add noOuterPadding property docs
Feat/register transform boxplot
fix: fix issue of layout
feat: support resize zoom chart plugin
Fix/crosshair not hide
fix: fix the vchart-extension packaged artifacts contained an extra v…
fix: fix the vchart-extension packaged artifacts contained an extra v…
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+11
to
+15
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: dromara/issues-translate-action@v2.7 | ||
| with: | ||
| IS_MODIFY_TITLE: false |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 6 months ago
The best way to fix the problem is to add a permissions block to the workflow file to restrict the default permissions of the GITHUB_TOKEN. Best (and safest) practice is to set minimal or appropriate permissions at the workflow or job level. In this context, the workflow likely needs permission to read the issue (for comments, events, etc.) and possibly write permission for issue comments (if the translation action posts results).
Steps to fix:
- Insert a
permissionsblock at the top level of the workflow (belowname:and/oron:), applying to all jobs. - As a minimal starting point, set
contents: read,issues: writeand (optionally, if the action comments)pull-requests: write. If only issues are used,issues: writesuffices. - Insert this block after the
nameand theonsections for clarity and visibility, beforejobs:.
No new methods, imports, or external resources are needed; just YAML modifications in .github/workflows/translate-issues.yml.
Suggested changeset
1
.github/workflows/translate-issues.yml
| @@ -6,6 +6,10 @@ | ||
| issues: | ||
| types: [opened] | ||
|
|
||
| permissions: | ||
| contents: read | ||
| issues: write | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest |
Copilot is powered by AI and may make mistakes. Always verify output.
xuefei1313
approved these changes
Nov 3, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.