From 0bce5e51598fb603419504f114296e05265769d2 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 17:09:40 -0400
Subject: [PATCH 1/2] ci: scope down permissions for run-tests.yml

---
 .github/workflows/run-tests.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
index 9f9b261a9..4364538d8 100644
--- a/.github/workflows/run-tests.yml
+++ b/.github/workflows/run-tests.yml
@@ -8,6 +8,9 @@ on:
     branches:
       - master
       - "feature/**"
+permissions:
+  contents: read
+
 jobs:
   prcheck:
     runs-on: ${{ matrix.os }}

From 7736c98678b0ffd6bb67dfe4c0a2ddd8207d6106 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Tue, 21 Oct 2025 17:09:42 -0400
Subject: [PATCH 2/2] ci: scope down permissions for stale-issue.yml

---
 .github/workflows/stale-issue.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/stale-issue.yml b/.github/workflows/stale-issue.yml
index add756523..98dbbc660 100644
--- a/.github/workflows/stale-issue.yml
+++ b/.github/workflows/stale-issue.yml
@@ -4,6 +4,9 @@ on:
   schedule:
     - cron: "*/60 * * * *"
 
+permissions:
+  issues: write
+
 jobs:
   cleanup:
     runs-on: ubuntu-latest