From 5fd24116170a2c415720ddc449607945ade436a9 Mon Sep 17 00:00:00 2001
From: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Date: Wed, 20 May 2026 14:25:28 +0200
Subject: [PATCH] ci: scope the update dependency app token permissions

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
---
 .github/workflows/.update-deps.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/.update-deps.yml b/.github/workflows/.update-deps.yml
index 7557a06..db61b52 100644
--- a/.github/workflows/.update-deps.yml
+++ b/.github/workflows/.update-deps.yml
@@ -39,6 +39,9 @@ jobs:
           private-key: ${{ secrets.DOCKER_GITHUB_BUILDER_WRITE_PRIVATE_KEY }}
           owner: docker
           repositories: github-builder
+          permission-contents: write
+          permission-pull-requests: write
+          permission-workflows: write
       -
         name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2