From 33d5cfad1f341b84b0d29e6dcd95ae76ad7cec24 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Mon, 20 Oct 2025 18:00:34 -0400
Subject: [PATCH 1/2] Scope down GitHub token permissions for release.yml

---
 .github/workflows/release.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5ce2cfe..48bdc11 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,6 +6,10 @@ on:
   release:
     types: [published]
 
+
+permissions:
+  contents: read
+
 jobs:
   release:
     runs-on: "ubuntu-latest"

From ab725e4ace066509b634b11fe4843311d782495a Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Mon, 20 Oct 2025 18:00:39 -0400
Subject: [PATCH 2/2] Scope down GitHub token permissions for stale.yml

---
 .github/workflows/stale.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 0be2718..0497657 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -4,6 +4,11 @@ on:
   schedule:
     - cron: "14 1 * * *"
 
+
+permissions:
+  issues: write
+  pull-requests: write
+
 jobs:
   stale:
     runs-on: ubuntu-latest