From 517259361aa59b2fda302ea4db04b305bf720213 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Robert?= Date: Mon, 9 Mar 2026 11:54:05 +0100 Subject: [PATCH] SEC: disable default gha permissions --- .github/workflows/test_publish.yml | 2 ++ .github/workflows/test_publish_pure_python.yml | 2 ++ .github/workflows/test_tox.yml | 2 ++ .github/workflows/update_tag.yml | 2 ++ 4 files changed, 8 insertions(+) diff --git a/.github/workflows/test_publish.yml b/.github/workflows/test_publish.yml index 76c1d0c..bfc2247 100644 --- a/.github/workflows/test_publish.yml +++ b/.github/workflows/test_publish.yml @@ -15,6 +15,8 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: {} + jobs: release_default: uses: ./.github/workflows/publish.yml diff --git a/.github/workflows/test_publish_pure_python.yml b/.github/workflows/test_publish_pure_python.yml index c45e135..81823a3 100644 --- a/.github/workflows/test_publish_pure_python.yml +++ b/.github/workflows/test_publish_pure_python.yml @@ -15,6 +15,8 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: {} + jobs: release: uses: ./.github/workflows/publish_pure_python.yml diff --git a/.github/workflows/test_tox.yml b/.github/workflows/test_tox.yml index 86cdc56..5b63f66 100644 --- a/.github/workflows/test_tox.yml +++ b/.github/workflows/test_tox.yml @@ -19,6 +19,8 @@ concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true +permissions: {} + jobs: test_pyos: uses: ./.github/workflows/tox.yml diff --git a/.github/workflows/update_tag.yml b/.github/workflows/update_tag.yml index be4ca6b..cfa4b3c 100644 --- a/.github/workflows/update_tag.yml +++ b/.github/workflows/update_tag.yml @@ -5,6 +5,8 @@ on: tags: - "v*" +permissions: {} + jobs: update-majorver: name: Update Major Version Tag