From 04a25d1ef409e596d414f0d8cf5082435bcd0e4e Mon Sep 17 00:00:00 2001
From: Austin Seipp <aseipp@pobox.com>
Date: Wed, 11 Dec 2024 08:33:21 -0600
Subject: [PATCH] github: narrow perms in dependabot workflow

The dependabot workflow already specifies the exact permissions it needs within
the workflow steps, so there's no need to enable any default permissions.

Found by `zizmor`.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
---
 .github/workflows/dependabot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dependabot.yml b/.github/workflows/dependabot.yml
index 654bb9154..99acb2d96 100644
--- a/.github/workflows/dependabot.yml
+++ b/.github/workflows/dependabot.yml
@@ -8,7 +8,7 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 
-permissions: read-all
+permissions: {}
 
 jobs:
   dependabot-auto-merge: