Potential fix for code scanning alert no. 2: Workflow does not contain permissions

[glenn-jocher]

Potential fix for https://github.com/ultralytics/xview-yolov3/security/code-scanning/2

Add an explicit permissions block to .github/workflows/stale.yml so the GITHUB_TOKEN has only the scopes needed by this workflow.

Best fix here: define permissions at the workflow root (applies to all jobs unless overridden), with the minimum required for actions/stale behavior in this file:

• contents: read (safe baseline)
• issues: write (comment/label/close issues)
• pull-requests: write (comment/label/close PRs)

Edit region: near the top-level keys, immediately after on: (or before jobs:) to keep structure clear and avoid changing job logic.

No imports, methods, or additional definitions are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

🛠️ PR Summary

_{Made with ❤️ by Ultralytics Actions}

🌟 Summary

🧹 This PR mainly cleans up documentation and string formatting across the repo, while also improving GitHub automation permissions for stale issue/PR handling.

📊 Key Changes

• 🔐 Added explicit GitHub Actions permissions in .github/workflows/stale.yml:
  • contents: read
  • issues: write
  • pull-requests: write
• 📝 Reformatted and standardized many Python docstrings in:
  • scoring/evaluation.py
  • scoring/matching.py
  • scoring/score.py
  • utils/datasets.py
  • utils/utils.py
• ✨ Updated several f-strings for cleaner and more modern string conversion, including:
  • error messages
  • metric output writing
  • timing logs
• 🧼 Removed an unused variable pattern in utils/datasets.py by renaming shape values to _h, _w, _
• 📚 Improved readability of function descriptions and argument documentation, especially in scoring and evaluation utilities

🎯 Purpose & Impact

• ✅ Makes the codebase easier to read and maintain for contributors
• 🤖 Ensures the stale GitHub workflow has the correct permissions to manage inactive issues and pull requests reliably
• 🛠️ Reduces minor linting/style issues, which can help with tooling, reviews, and long-term upkeep
• 👀 Improves clarity for users and developers working with the scoring pipeline, without changing core model behavior
• 📦 Overall impact is low-risk and mostly non-functional, focused on cleanup, consistency, and repository maintenance

[UltralyticsAssistant]

👋 Hello @glenn-jocher, thank you for submitting a ultralytics/xview-yolov3 🚀 PR! This is an automated message to help streamline review, and an engineer will assist you soon. Please review the checklist below to help ensure a smooth integration 😊

• ✅ Define a Purpose: Clearly explain the purpose of your fix or feature in your PR description, and link to any relevant issues. Ensure your commit messages are clear, concise, and adhere to the project's conventions.
• ✅ Synchronize with Source: Confirm your PR is synchronized with the ultralytics/xview-yolov3 main branch. If it's behind, update it by clicking the 'Update branch' button or by running git pull and git merge main locally.
• ✅ Ensure CI Checks Pass: Verify all Ultralytics Continuous Integration (CI) checks are passing. If any checks fail, please address the issues.
• ✅ Update Documentation: Update the relevant documentation for any new or modified features.
• ✅ Add Tests: If applicable, include or update tests to cover your changes, and confirm that all tests are passing.
• ✅ Sign the CLA: Please ensure you have signed our Contributor License Agreement if this is your first Ultralytics PR by writing "I have read the CLA Document and I sign the CLA" in a new message.
• ✅ Minimize Changes: Limit your changes to the minimum necessary for your bug fix or feature addition. "It is not daily increase but daily decrease, hack away the unessential. The closer to the source, the less wastage there is." — Bruce Lee

For more guidance, please refer to our Contributing Guide. Don't hesitate to leave a comment if you have any questions. Thank you for contributing to Ultralytics! 🚀

[UltralyticsAssistant]

🔍 PR Review

_{Made with ❤️ by Ultralytics Actions}

Clean PR. The added top-level permissions block scopes the stale workflow to the expected minimum access for managing stale issues and pull requests, and I don't see any functional or security issues in this diff.

[UltralyticsAssistant]

Merged — thank you, @glenn-jocher! 🎉

As Leonardo da Vinci said, “Simplicity is the ultimate sophistication.” This PR reflects that well: cleaner docstrings, tidier string formatting, and clearer workflow permissions all strengthen the repo’s readability, maintainability, and day-to-day reliability without changing core behavior.

Really appreciate the thoughtful cleanup here — these low-risk improvements make a meaningful difference for both contributors and long-term project health.