From 37c12e76ed691371b968a02344edb22331135f2c Mon Sep 17 00:00:00 2001
From: Zack Koppert <zkoppert@github.com>
Date: Tue, 24 Sep 2024 09:46:51 -0700
Subject: [PATCH 1/3] fix: Remove more general part of duplicate actions
 permissions

---
 .github/workflows/major-version-updater.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml
index dafb6f2..5054528 100644
--- a/.github/workflows/major-version-updater.yml
+++ b/.github/workflows/major-version-updater.yml
@@ -5,9 +5,6 @@ on:
   release:
     types: [published]
 
-permissions:
-  contents: write
-
 jobs:
   update-major-version-tag:
     runs-on: ubuntu-latest

From 53c6eba9280cd5dc181c2c58939f84f283602cbf Mon Sep 17 00:00:00 2001
From: Zack Koppert <zkoppert@github.com>
Date: Tue, 24 Sep 2024 09:52:53 -0700
Subject: [PATCH 2/3] Looks like if we don't specify permissions, it defaults
 to write

---
 .github/workflows/major-version-updater.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml
index 5054528..0da7a65 100644
--- a/.github/workflows/major-version-updater.yml
+++ b/.github/workflows/major-version-updater.yml
@@ -5,6 +5,9 @@ on:
   release:
     types: [published]
 
+permissions:
+  contents: read-all
+
 jobs:
   update-major-version-tag:
     runs-on: ubuntu-latest

From 85733416dee7aeae725e37b7055be5affd808c73 Mon Sep 17 00:00:00 2001
From: Zack Koppert <zkoppert@github.com>
Date: Tue, 24 Sep 2024 09:55:58 -0700
Subject: [PATCH 3/3] following the docs rather than the security guidance

---
 .github/workflows/major-version-updater.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/major-version-updater.yml b/.github/workflows/major-version-updater.yml
index 0da7a65..0d242c8 100644
--- a/.github/workflows/major-version-updater.yml
+++ b/.github/workflows/major-version-updater.yml
@@ -6,7 +6,7 @@ on:
     types: [published]
 
 permissions:
-  contents: read-all
+  contents: read
 
 jobs:
   update-major-version-tag: