From 01fa01c1c50d2827f269ea70d34af4d2914525fa Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 1 Aug 2025 18:38:52 -0700
Subject: [PATCH 1/6] ci: check for correct spellings and secure practices in
 actions

---
 .github/workflows/test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b5f07302..60c27046 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,6 +1,6 @@
 name: Tests
 on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers]
+  pull_request:
   push:
     branches:
       - main
@@ -245,7 +245,7 @@ jobs:
           PAYLOAD_FILE_OUTPUT_TIME: ${{ steps.payload_file.outputs.time }}
 
       - name: "chore(health): check up on recent changes to the health score"
-        uses: slackapi/slack-health-score@d58a419f15cdaff97e9aa7f09f95772830ab66f7 # v0.1.1
+        uses: slackapi/slack-health-score@c91046376017c5feaf0578e62cbc1a89a82d3ab6 # v0.2.0-rc.1
         with:
           codecov_token: ${{ secrets.CODECOV_API_TOKEN }}
           github_token: ${{ secrets.GITHUB_TOKEN }}

From 7b0675faa76b38d6f15d0475ec252b0981aacdeb Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 1 Aug 2025 19:49:00 -0700
Subject: [PATCH 2/6] build(deps): bump slack-health-score to v0.2.0-rc.2

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 60c27046..618c5649 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -245,7 +245,7 @@ jobs:
           PAYLOAD_FILE_OUTPUT_TIME: ${{ steps.payload_file.outputs.time }}
 
       - name: "chore(health): check up on recent changes to the health score"
-        uses: slackapi/slack-health-score@c91046376017c5feaf0578e62cbc1a89a82d3ab6 # v0.2.0-rc.1
+        uses: slackapi/slack-health-score@0706d9f5b3047abdc549d380cb1587177c0bdbc7 # v0.2.0-rc.2
         with:
           codecov_token: ${{ secrets.CODECOV_API_TOKEN }}
           github_token: ${{ secrets.GITHUB_TOKEN }}

From a9499956a3c82e5a8d1812eb6223b2c21ee7f51c Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 1 Aug 2025 20:04:26 -0700
Subject: [PATCH 3/6] build(deps): bump slack-health-score to v0.2.0-rc.3

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 618c5649..0a2afaed 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -245,7 +245,7 @@ jobs:
           PAYLOAD_FILE_OUTPUT_TIME: ${{ steps.payload_file.outputs.time }}
 
       - name: "chore(health): check up on recent changes to the health score"
-        uses: slackapi/slack-health-score@0706d9f5b3047abdc549d380cb1587177c0bdbc7 # v0.2.0-rc.2
+        uses: slackapi/slack-health-score@7ef97f525b05e302318caf5a2a7f1ac661f54933 # v0.2.0-rc.3
         with:
           codecov_token: ${{ secrets.CODECOV_API_TOKEN }}
           github_token: ${{ secrets.GITHUB_TOKEN }}

From 412cd2bc704a461ea2eda679706a9e863c7d996d Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 1 Aug 2025 20:14:00 -0700
Subject: [PATCH 4/6] build(deps): bump slack-health-score to v0.2.0-rc.4

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 0a2afaed..47088657 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -245,7 +245,7 @@ jobs:
           PAYLOAD_FILE_OUTPUT_TIME: ${{ steps.payload_file.outputs.time }}
 
       - name: "chore(health): check up on recent changes to the health score"
-        uses: slackapi/slack-health-score@7ef97f525b05e302318caf5a2a7f1ac661f54933 # v0.2.0-rc.3
+        uses: slackapi/slack-health-score@7d824ba405309fab4fc02e94c1c899103d82edb8 # v0.2.0-rc.4
         with:
           codecov_token: ${{ secrets.CODECOV_API_TOKEN }}
           github_token: ${{ secrets.GITHUB_TOKEN }}

From 04fd8043f2dbdcc8a2f50a783017b52566c4f671 Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 1 Aug 2025 20:39:45 -0700
Subject: [PATCH 5/6] build(deps): bump slack-health-score to v0.2.0-rc.5

---
 .github/workflows/test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 47088657..18d5cf49 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -245,7 +245,7 @@ jobs:
           PAYLOAD_FILE_OUTPUT_TIME: ${{ steps.payload_file.outputs.time }}
 
       - name: "chore(health): check up on recent changes to the health score"
-        uses: slackapi/slack-health-score@7d824ba405309fab4fc02e94c1c899103d82edb8 # v0.2.0-rc.4
+        uses: slackapi/slack-health-score@5f8af1380f3d43084c3a99d03dbb844fe0fb3ab9 # v0.2.0-rc.5
         with:
           codecov_token: ${{ secrets.CODECOV_API_TOKEN }}
           github_token: ${{ secrets.GITHUB_TOKEN }}

From a958b2c525e5ef726d755b541600e7b5f6848326 Mon Sep 17 00:00:00 2001
From: Eden Zimbelman <eden.zimbelman@salesforce.com>
Date: Fri, 1 Aug 2025 20:48:32 -0700
Subject: [PATCH 6/6] ci: add permission to write security events

---
 .github/workflows/test.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 18d5cf49..601d7247 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -13,6 +13,8 @@ jobs:
     environment: staging
     permissions:
       checks: write
+      contents: read
+      security-events: write
     steps:
       - name: "build: checkout the latest changes"
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2