From 828b68cd03bd4d73e2afc627283114001fea59b0 Mon Sep 17 00:00:00 2001 From: "firstof9@gmail.com" Date: Thu, 14 May 2026 10:20:02 -0700 Subject: [PATCH] chore: add explicit permissions to all workflows to resolve security alerts --- .github/workflows/publish-to-pypi.yml | 3 +++ .github/workflows/test.yml | 2 ++ 2 files changed, 5 insertions(+) diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml index 6409197..b5d9d3b 100644 --- a/.github/workflows/publish-to-pypi.yml +++ b/.github/workflows/publish-to-pypi.yml @@ -4,6 +4,9 @@ on: release: types: [published, prereleased] +permissions: + contents: read + jobs: build-and-publish: name: Builds and publishes releases to PyPI diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0da3e57..25f740b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,6 +12,8 @@ on: - main - dev +permissions: read-all + jobs: prek: runs-on: ubuntu-latest