From 3f96a09031fe2c6760de9dc35c4acb5a59c89877 Mon Sep 17 00:00:00 2001
From: Oliver Ford <dev@ojford.com>
Date: Fri, 27 Jun 2025 10:43:19 +0100
Subject: [PATCH 1/2] Permission workflows explicitly

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/check.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 1a5e942..0dea84d 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -1,5 +1,9 @@
 name: Check
 
+permissions:
+  contents: read
+  pull-requests: write
+
 on:
   push:
     branches:

From 08eb8e5fc9184d18c41c924c0593bfeba41da5cb Mon Sep 17 00:00:00 2001
From: Oliver Ford <dev@ojford.com>
Date: Fri, 27 Jun 2025 11:00:17 +0100
Subject: [PATCH 2/2] Permission workflow explicitly

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/release.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5201350..6735997 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,6 +5,10 @@ on:
     tags:
       - 'v*'
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
   goreleaser:
     runs-on: ubuntu-latest