From 2aa2b414ce5d2cfa27d8ea365ea1fa3169c4533c Mon Sep 17 00:00:00 2001
From: Malik <malik.hassanaly@gmail.com>
Date: Mon, 9 Mar 2026 18:00:03 -0600
Subject: [PATCH] explicit permissions

---
 .github/workflows/build_docs.yml  | 6 +++++-
 .github/workflows/ci.yml          | 3 +++
 .github/workflows/codecov.yml     | 3 +++
 .github/workflows/deploy_docs.yml | 5 ++++-
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build_docs.yml b/.github/workflows/build_docs.yml
index d27a4653..72af0c95 100644
--- a/.github/workflows/build_docs.yml
+++ b/.github/workflows/build_docs.yml
@@ -6,7 +6,11 @@ on:
      paths:
       - 'docs/**'
       - '.github/workflows/build_docs.yml'
- 
+
+
+permissions:
+  contents: read
+
 jobs:
  
   build_docs:
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e7fa0a11..d7bf185c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -19,6 +19,9 @@ on:
       - 'LICENSE'
       - 'docs/**'
 
+permissions:
+  contents: read
+
 jobs:
   Lint:
     name: Lint (${{ matrix.python-version }}, ${{ matrix.os }})
diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml
index 9637bb73..f488b03b 100644
--- a/.github/workflows/codecov.yml
+++ b/.github/workflows/codecov.yml
@@ -10,6 +10,9 @@ on:
       - 'LICENSE'
       - 'docs/**'
 
+permissions:
+  contents: read
+
 jobs:
   codecov:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/deploy_docs.yml b/.github/workflows/deploy_docs.yml
index 7c60ad74..a5b3fde4 100644
--- a/.github/workflows/deploy_docs.yml
+++ b/.github/workflows/deploy_docs.yml
@@ -6,7 +6,10 @@ on:
     paths:
       - 'docs/**'
       - '.github/workflows/deploy_docs.yml'
- 
+
+permissions:
+  contents: write
+
 jobs:
  
   build_deploy_docs: