From 39d3dd873ab8fd066e1a383ac7bc14ca32e25924 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 24 Jan 2025 22:18:34 +0000
Subject: [PATCH 1/2] chore(deps): update pre-commit hook
 woodruffw/zizmor-pre-commit to v1

---
 .pre-commit-config.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 9fbf8c3..70104cb 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -16,7 +16,7 @@ repos:
     hooks:
       - id: validate_manifest
   - repo: https://github.com/woodruffw/zizmor-pre-commit
-    rev: v0.10.0
+    rev: v1.2.2
     hooks:
       - id: zizmor
         args: [--persona=pedantic]

From 4904be6b769df950568c99a34fe66eabcc72737c Mon Sep 17 00:00:00 2001
From: Eric Berquist <eric.berquist@gmail.com>
Date: Fri, 24 Jan 2025 17:38:24 -0500
Subject: [PATCH 2/2] zizmor: apply fixes

---
 .github/workflows/auto-tag.yml   | 3 +++
 .github/workflows/ci.yml         | 2 ++
 .github/workflows/pre-commit.yml | 2 ++
 3 files changed, 7 insertions(+)

diff --git a/.github/workflows/auto-tag.yml b/.github/workflows/auto-tag.yml
index d167ff6..fdf9cd8 100644
--- a/.github/workflows/auto-tag.yml
+++ b/.github/workflows/auto-tag.yml
@@ -1,3 +1,4 @@
+---
 name: Release
 
 on:
@@ -5,6 +6,8 @@ on:
     branches:
       - master
 
+permissions: {}
+
 jobs:
   release:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0a79149..4dac859 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,6 +10,8 @@ concurrency:
   group: ci-${{github.ref}}-${{github.event.pull_request.number || github.run_number}}
   cancel-in-progress: true
 
+permissions: {}
+
 jobs:
   prechecks:
     uses: ./.github/workflows/pre-commit.yml
diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml
index 1892c22..f16b20c 100644
--- a/.github/workflows/pre-commit.yml
+++ b/.github/workflows/pre-commit.yml
@@ -9,6 +9,8 @@ concurrency:
   group: style-${{github.ref}}-${{github.event.pull_request.number || github.run_number}}
   cancel-in-progress: true
 
+permissions: {}
+
 jobs:
   pre-commit:
     runs-on: ubuntu-latest