From 51f42ee64c590540e10fcdf94aa2d3b4d2117502 Mon Sep 17 00:00:00 2001
From: jhongturney <jhongturney@github.com>
Date: Thu, 8 Aug 2024 08:21:35 -0500
Subject: [PATCH 1/2] set workflow permissions

---
 .github/workflows/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 17bb1461..c54fbf97 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -8,6 +8,8 @@ jobs:
       RUBOCOP_TEST: false
       RSPEC_TEST: true
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
       matrix:
@@ -27,6 +29,8 @@ jobs:
       RUBOCOP_TEST: false
       RSPEC_TEST: true
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
       matrix:
@@ -46,6 +50,8 @@ jobs:
       RUBOCOP_TEST: false
       RSPEC_TEST: true
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
       matrix:
@@ -65,6 +71,8 @@ jobs:
       RUBOCOP_TEST: false
       RSPEC_TEST: true
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     strategy:
       fail-fast: false
       matrix:

From 07f216751642ae970d2efb58fbdffcf19e32ce2a Mon Sep 17 00:00:00 2001
From: jhongturney <jhongturney@github.com>
Date: Thu, 8 Aug 2024 08:21:53 -0500
Subject: [PATCH 2/2] pin Action to SHA

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index cc3db366..be306ed7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
         with:
           ruby-version: '2.6'
       - run: bundle install