From 7fe08dfa322333b065e561dbccf2fbefdfaf24ce Mon Sep 17 00:00:00 2001
From: Ashish Bijlani <ashish.bijlani@gmail.com>
Date: Tue, 15 Aug 2023 10:08:36 -0500
Subject: [PATCH] Update packj.yml

---
 .github/workflows/packj.yml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/packj.yml b/.github/workflows/packj.yml
index 51be6ed..00745d7 100644
--- a/.github/workflows/packj.yml
+++ b/.github/workflows/packj.yml
@@ -5,17 +5,20 @@ name: Packj security audit
 on:
   pull_request:
     branches: main
-  
-permissions:  # principle of least privilege (only code READ perms)
-  contents: read
-  pull-requests: write
-  
+
+# Declare default permissions as read only.
+permissions: read-all
+
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
-
+  
   # This workflow contains a single job called "packj-audit"
   packj-security-audit:
 
+    # write perms
+    permissions:
+      pull-requests: write
+
     # The type of runner that the job will run on
     runs-on: ubuntu-latest