From 7d39eaa1ca6a8b634b3571f7e9a3dd34ca185956 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Tue, 4 Feb 2025 00:07:01 +0000
Subject: [PATCH 1/2] [pre-commit.ci] pre-commit autoupdate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

updates:
- [github.com/pre-commit/pre-commit: v4.0.1 → v4.1.0](https://github.com/pre-commit/pre-commit/compare/v4.0.1...v4.1.0)
- [github.com/astral-sh/ruff-pre-commit: v0.9.1 → v0.9.4](https://github.com/astral-sh/ruff-pre-commit/compare/v0.9.1...v0.9.4)
- [github.com/woodruffw/zizmor-pre-commit: v1.1.1 → v1.3.0](https://github.com/woodruffw/zizmor-pre-commit/compare/v1.1.1...v1.3.0)
---
 .pre-commit-config.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 4b9d926..e3c5cf6 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -22,17 +22,17 @@ repos:
       - id: check-docstring-first
 
   - repo: https://github.com/pre-commit/pre-commit
-    rev: v4.0.1
+    rev: v4.1.0
     hooks:
       - id: validate_manifest
 
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.9.1
+    rev: v0.9.5
     hooks:
       - id: ruff
       - id: ruff-format
 
   - repo: https://github.com/woodruffw/zizmor-pre-commit
-    rev: v1.1.1
+    rev: v1.3.0
     hooks:
       - id: zizmor

From 51cb397696488d3ee63644ffd814a0a8b4a41613 Mon Sep 17 00:00:00 2001
From: Branch Vincent <branchevincent@gmail.com>
Date: Sat, 8 Feb 2025 14:48:34 -0800
Subject: [PATCH 2/2] chore: fix zizmor findings

---
 .github/workflows/main.yml    | 2 ++
 .github/workflows/release.yml | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 4c6c6e1..350044a 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -10,6 +10,8 @@ concurrency:
   group: tests-${{ github.head_ref || github.ref }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
+permissions: {}
+
 jobs:
   tests:
     name: ${{ matrix.os }} / ${{ matrix.python-version }} ${{ matrix.suffix }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ea1de48..ea9aead 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,6 +4,8 @@ on:
   release:
     types: [published]
 
+permissions: {}
+
 jobs:
   build:
     name: Build