From e010378ef3be0df7709883fbd8a4c3b160f4d942 Mon Sep 17 00:00:00 2001
From: Michael Hucka <mhucka@google.com>
Date: Sat, 8 Mar 2025 11:01:37 -0800
Subject: [PATCH] Fix code scanning alerts by adding permissions decl.

This addressess the following code scanning alerts:
- https://github.com/quantumlib/OpenFermion-FQE/security/code-scanning/5
- https://github.com/quantumlib/OpenFermion-FQE/security/code-scanning/6
- https://github.com/quantumlib/OpenFermion-FQE/security/code-scanning/7
- https://github.com/quantumlib/OpenFermion-FQE/security/code-scanning/8
---
 .github/workflows/pythonpackage.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml
index 308d149..8b10a59 100644
--- a/.github/workflows/pythonpackage.yml
+++ b/.github/workflows/pythonpackage.yml
@@ -13,8 +13,9 @@
 #   limitations under the License.
 
 
-# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
-# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
+# This workflow will install Python dependencies, run tests and lint with a
+# variety of Python versions For more information see:
+# https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions
 
 name: Python package
 
@@ -24,6 +25,9 @@ on:
   pull_request:
     branches: [ master ]
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   format:
     name: Format check