From e243ec10ba748d0fb0396e713c15839257f7d2ba Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 4 Apr 2022 03:00:42 +0000
Subject: [PATCH 1/2] Bump psr/log from 2.0.0 to 3.0.0

Bumps [psr/log](https://github.com/php-fig/log) from 2.0.0 to 3.0.0.
- [Release notes](https://github.com/php-fig/log/releases)
- [Commits](https://github.com/php-fig/log/compare/2.0.0...3.0.0)

---
updated-dependencies:
- dependency-name: psr/log
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 composer.json |  2 +-
 composer.lock | 16 ++++++++--------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/composer.json b/composer.json
index f66df744d2..50bbb00665 100644
--- a/composer.json
+++ b/composer.json
@@ -99,7 +99,7 @@
     "nunomaduro/collision": "^6.1",
     "pragmarx/google2fa": "^8.0",
     "predis/predis": "^1.1",
-    "psr/log": "<3",
+    "psr/log": "<4",
     "ramsey/uuid": "^4.3",
     "rcrowe/twigbridge": "^0.14",
     "spatie/data-transfer-object": "^3.7",
diff --git a/composer.lock b/composer.lock
index 0d6dce87cd..b24952c9d3 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "1c676a0a4c48460c6fcd9800be95736b",
+    "content-hash": "a5240b2bca6890f8c42914d5d19b2a10",
     "packages": [
         {
             "name": "bacon/bacon-qr-code",
@@ -4545,16 +4545,16 @@
         },
         {
             "name": "psr/log",
-            "version": "2.0.0",
+            "version": "3.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/log.git",
-                "reference": "ef29f6d262798707a9edd554e2b82517ef3a9376"
+                "reference": "fe5ea303b0887d5caefd3d431c3e61ad47037001"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/log/zipball/ef29f6d262798707a9edd554e2b82517ef3a9376",
-                "reference": "ef29f6d262798707a9edd554e2b82517ef3a9376",
+                "url": "https://api.github.com/repos/php-fig/log/zipball/fe5ea303b0887d5caefd3d431c3e61ad47037001",
+                "reference": "fe5ea303b0887d5caefd3d431c3e61ad47037001",
                 "shasum": ""
             },
             "require": {
@@ -4563,7 +4563,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "2.0.x-dev"
+                    "dev-master": "3.x-dev"
                 }
             },
             "autoload": {
@@ -4589,9 +4589,9 @@
                 "psr-3"
             ],
             "support": {
-                "source": "https://github.com/php-fig/log/tree/2.0.0"
+                "source": "https://github.com/php-fig/log/tree/3.0.0"
             },
-            "time": "2021-07-14T16:41:46+00:00"
+            "time": "2021-07-14T16:46:02+00:00"
         },
         {
             "name": "psr/simple-cache",

From a963e1bc0375edd6a24955b28a0e1ba1d58e082c Mon Sep 17 00:00:00 2001
From: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
Date: Thu, 7 Apr 2022 22:58:30 +0000
Subject: [PATCH 2/2] Set permissions for GitHub actions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
---
 .github/workflows/lock.yml  | 6 ++++++
 .github/workflows/stale.yml | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/.github/workflows/lock.yml b/.github/workflows/lock.yml
index b547716a88..48367b8949 100644
--- a/.github/workflows/lock.yml
+++ b/.github/workflows/lock.yml
@@ -5,8 +5,14 @@ on:
   schedule:
     - cron: '0 0 * * *'
 
+permissions:
+  contents: read
+
 jobs:
   lock:
+    permissions:
+      issues: write  # for dessant/lock-threads to lock issues
+      pull-requests: write  # for dessant/lock-threads to lock PRs
     runs-on: ubuntu-latest
     steps:
       - uses: dessant/lock-threads@v2
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 5803759d18..93d15e94cc 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -3,8 +3,14 @@ on:
   schedule:
     - cron: "30 1 * * *"
 
+permissions:
+  contents: read
+
 jobs:
   stale:
+    permissions:
+      issues: write  # for actions/stale to close stale issues
+      pull-requests: write  # for actions/stale to close stale PRs
     runs-on: ubuntu-latest
     steps:
       - uses: actions/stale@v3