Small CI hardening: declares an explicit workflow-level on 2 workflow(s) that currently inherit the default broad read-write GITHUB_TOKEN. I inspected each file before including it; none publish, push, comment on issues/PRs, or otherwise write via the GitHub API, so the read-only default does not change behavior. Workflows that need to write (stale, release, gh-pages-deploy, publish actions, etc.) are intentionally left out of this PR. This is the post-CVE-2025-30066 hardening pattern for default token scope.
Parsing a version like previously failed with the generic monch message , which gave no hint about what was actually wrong. The underlying problem is that is missing its patch component. This wraps the separators in (which backs / ) so a missing separator now reports the absent component, for example , with the code snippet pointing at the whole version rather than the empty tail. Only the missing-separator path changes; genuinely malformed input (bad characters, overflowing numbers, trailing junk) keeps its existing messages. This is the upstream half of denoland/deno#27226. The deno CLI side (adding the offending config file to the error) is handled separately in denoland/deno#34835; once this lands and is released, a deno bump picks up the improved diagnostic.
Repository: denoland/deno_semver. Description: Semver used in Deno's CLI. Stars: 12, Forks: 9. Primary language: Rust. License: MIT. Homepage: https://crates.io/crates/deno_semver Open PRs: 2, open issues: 2. Last activity: 3w ago. Top contributors: dsherret, denobot, crowlKats, ansemb, bartlomieju, lucacasonato, zllak, devsnek.