From e66c23312e44606caa5f5f27490716b9b7ac9beb Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Mon, 20 Oct 2025 21:30:38 -0400
Subject: [PATCH 1/2] Scope down GitHub token permissions for runtimes-ci.yaml

---
 .github/workflows/runtimes-ci.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/runtimes-ci.yaml b/.github/workflows/runtimes-ci.yaml
index 658cf714..a476cf5c 100644
--- a/.github/workflows/runtimes-ci.yaml
+++ b/.github/workflows/runtimes-ci.yaml
@@ -5,6 +5,10 @@ on:
     pull_request:
         branches: [main]
 
+
+permissions:
+  contents: read
+
 jobs:
     test:
         name: Test

From 6eae5005db4d0a3dc3ead7595b820df32664114f Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Mon, 20 Oct 2025 21:30:42 -0400
Subject: [PATCH 2/2] Scope down GitHub token permissions for
 license-check.yaml

---
 .github/workflows/license-check.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/license-check.yaml b/.github/workflows/license-check.yaml
index db7c3eb0..1956dd85 100644
--- a/.github/workflows/license-check.yaml
+++ b/.github/workflows/license-check.yaml
@@ -4,6 +4,10 @@ on:
   pull_request:
     branches: [main]
 
+
+permissions:
+  contents: read
+
 jobs:
   license-check:
     runs-on: ubuntu-latest