- GitHub Actions now issues read‑only cache tokens for workflow events triggered without write permissions.
- The read‑only tokens are scoped to the default branch, enforcing least‑privilege access for untrusted triggers.
Community impact
Community ratings: 0 Useful, 0 Noise, 0 Risky, 0 Broke, 0 Try.