From a05dbe501b80abdbf556fa43908895d0d9c80ed3 Mon Sep 17 00:00:00 2001
From: Jesse Houwing <jesse.houwing@gmail.com>
Date: Thu, 4 Apr 2024 14:10:41 +0200
Subject: [PATCH] Allowing actions to update pull requests is dangarous

---
 profiles/github/workflow_security.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/profiles/github/workflow_security.yaml b/profiles/github/workflow_security.yaml
index 4a24120..8dae00f 100644
--- a/profiles/github/workflow_security.yaml
+++ b/profiles/github/workflow_security.yaml
@@ -15,4 +15,4 @@ repository:
   - type: default_workflow_permissions
     def:
       default_workflow_permissions: read
-      can_approve_pull_request_reviews: true
\ No newline at end of file
+      can_approve_pull_request_reviews: false