From 56bd1013818772037406465efc43727819701065 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:39:38 -0400 Subject: [PATCH 1/3] ci: scope down permissions for stale_issues.yml --- .github/workflows/stale_issues.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/stale_issues.yml b/.github/workflows/stale_issues.yml index 4741bcb..0ca9c92 100644 --- a/.github/workflows/stale_issues.yml +++ b/.github/workflows/stale_issues.yml @@ -5,6 +5,9 @@ on: schedule: - cron: "0 0 * * *" +permissions: + issues: write + jobs: cleanup: runs-on: ubuntu-latest From 006c9e077f2504b3e0326c6c7d5dacd56b76fdaf Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:39:40 -0400 Subject: [PATCH 2/3] ci: scope down permissions for closed-issue-message.yml --- .github/workflows/closed-issue-message.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/closed-issue-message.yml b/.github/workflows/closed-issue-message.yml index 3691dea..6b83fbb 100644 --- a/.github/workflows/closed-issue-message.yml +++ b/.github/workflows/closed-issue-message.yml @@ -2,6 +2,9 @@ name: Closed Issue Message on: issues: types: [closed] +permissions: + issues: write + jobs: auto_comment: runs-on: ubuntu-latest From 1a032986d1cf1ee15af8b804150debd821e66fd6 Mon Sep 17 00:00:00 2001 From: Adnan Khan Date: Tue, 21 Oct 2025 16:39:42 -0400 Subject: [PATCH 3/3] ci: scope down permissions for tests.yml --- .github/workflows/tests.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index aacf1e1..c490bf0 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -7,6 +7,9 @@ on: pull_request: branches: [ master ] +permissions: + contents: read + jobs: run: runs-on: ubuntu-latest