From 8f1ad399a81a80e2cea4859d3b9a3a735f81de48 Mon Sep 17 00:00:00 2001
From: Andrew Pollock <andrewpollock@users.noreply.github.com>
Date: Fri, 9 Aug 2024 16:04:12 +1000
Subject: [PATCH] Add explicit permissions to stale workflow (#2464)

Address https://github.com/google/osv.dev/security/code-scanning/468
---
 .github/workflows/staleness.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/staleness.yml b/.github/workflows/staleness.yml
index 2b90973ad75..2e37d576e05 100644
--- a/.github/workflows/staleness.yml
+++ b/.github/workflows/staleness.yml
@@ -1,10 +1,16 @@
 name: "Close stale issues and PRs"
+
+permissions: read-all
+
 on:
   schedule:
     - cron: "0 * * * *"
 
 jobs:
   stale:
+    permissions:
+      issues: write
+      pull-requests: write
     runs-on: ubuntu-latest
     steps:
       - uses: actions/stale@v9