From 3fb8c861a325308a011eb1eab3a1bcf18729810c Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 13:21:21 -0400
Subject: [PATCH 1/2] ci: scope down permissions for release.yml

---
 .github/workflows/release.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 99efd0a..ec4a9b2 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,6 +8,9 @@ on:
         type: string
 env:
   NEW_VERSION: ${{ github.event.inputs.release_tag }}
+permissions:
+  contents: write
+
 jobs:
   release:
     runs-on: ubuntu-latest

From f8e6e6f8cfc980d6a818c838e2d48c3370e78b7e Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 13:21:23 -0400
Subject: [PATCH 2/2] ci: scope down permissions for test.yml

---
 .github/workflows/test.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 246cbb5..4231e01 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ "main" ]
 
+permissions:
+  contents: read
+
 jobs:
   code-test:
     name: Test in ${{ matrix.testMode }}