From 7b442739d6e209afe8cde0e3b78c89a3a7613a4d Mon Sep 17 00:00:00 2001
From: Eugene Fox <eugene@xfox111.net>
Date: Wed, 23 Jul 2025 08:54:25 +0000
Subject: [PATCH] fix(ci): code scanning alerts

---
 .github/workflows/audit.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index 0b608c8..f18debb 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -30,6 +30,9 @@ jobs:
     runs-on: ubuntu-latest
     container: node:24
 
+    permissions:
+      contents: read
+
     steps:
       - uses: actions/checkout@v3
       - run: corepack enable
@@ -39,6 +42,9 @@ jobs:
   build:
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+
     steps:
       - uses: actions/checkout@v3
       - uses: docker/build-push-action@v6