From b1c0c9d40edcf1877698afb865f46c7f498ce7d7 Mon Sep 17 00:00:00 2001
From: Jacek Kowalski <Jacek@jacekk.info>
Date: Thu, 27 Apr 2023 20:49:29 +0000
Subject: [PATCH] GitHub Actions: limit permissions of GITHUB_TOKEN

---
 .github/workflows/test.yml        |    2 ++
 .github/workflows/release.yml     |    2 ++
 .github/workflows/update-deps.yml |    4 ++++
 3 files changed, 8 insertions(+), 0 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9635403..6bd93ac 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,6 +5,8 @@
 
 name: Release
 
+permissions: {}
+
 jobs:
   build:
     name: Build
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 3e3a059..3f51b24 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -3,6 +3,8 @@
 
 name: Test
 
+permissions: {}
+
 jobs:
   build:
     name: Build
diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml
index 4bde49b..06beead 100644
--- a/.github/workflows/update-deps.yml
+++ b/.github/workflows/update-deps.yml
@@ -5,10 +5,14 @@
 
 name: Update dependencies
 
+permissions: {}
+
 jobs:
   update:
     name: Update dependencies
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     steps:
       - id: checkout
         name: Checkout code

--
Gitblit v1.9.1