ci: add minimum GitHub token permissions for workflows (#8169)

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
2023-11-10 05:14:29 -08:00
parent bb04915809
commit 9bdbaef105
3 changed files with 9 additions and 0 deletions
--- a/.github/workflows/dependabot-merge.yml
+++ b/.github/workflows/dependabot-merge.yml
@@ -4,6 +4,9 @@ on:
  pull_request_target:
    branches: [ master, next ]

+permissions:
+  contents: read
+
 jobs:
  merge-me:
    name: Merge me!