From e3ed4754bace59f889edaab6d3a30b0e39ba072f Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 14:50:48 -0400
Subject: [PATCH 1/2] ci: scope down permissions for build-test-mac.yml

---
 .github/workflows/build-test-mac.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/build-test-mac.yml b/.github/workflows/build-test-mac.yml
index 6a0e910024..f91f7497cf 100644
--- a/.github/workflows/build-test-mac.yml
+++ b/.github/workflows/build-test-mac.yml
@@ -8,6 +8,9 @@ on:
 env:
   NODE_OPTIONS: --max-old-space-size=8096
 
+permissions:
+  contents: read
+
 jobs:
   build-and-test:
     runs-on: macos-latest-xlarge

From a40cf41924caefdef3a8f743a3c9c8f3a2f9d749 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 14:50:50 -0400
Subject: [PATCH 2/2] ci: scope down permissions for closed-issue-message.yml

---
 .github/workflows/closed-issue-message.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/closed-issue-message.yml b/.github/workflows/closed-issue-message.yml
index 8cb2db494c..7a792941c8 100644
--- a/.github/workflows/closed-issue-message.yml
+++ b/.github/workflows/closed-issue-message.yml
@@ -2,6 +2,9 @@ name: Closed Issue Message
 on:
   issues:
     types: [closed]
+permissions:
+  issues: write
+
 jobs:
   auto_comment:
     runs-on: ubuntu-latest