From a3b43a883e6551c0e531dc09c1dc2f02c04dddbb Mon Sep 17 00:00:00 2001
From: Akshay Aggarwal <akshay.aggarwal@smartcontract.com>
Date: Mon, 16 Feb 2026 13:51:02 +0000
Subject: [PATCH 1/4] Potential fix for code scanning alert no. 2: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/build-and-release.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 387d019f..eaf57d36 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -404,6 +404,8 @@ jobs:
     name: Release
     needs: [build-linux, build-darwin, build-windows]
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - name: Download Build Artifacts for linux/amd64
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # actions/download-artifact@v4.1.8

From ea03f69aed760133879801271cdd473209ee6f6d Mon Sep 17 00:00:00 2001
From: Akshay Aggarwal <akshay.aggarwal@smartcontract.com>
Date: Fri, 20 Feb 2026 18:18:30 +0000
Subject: [PATCH 2/4] Update perms

---
 .github/workflows/build-and-release.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index eaf57d36..7385f804 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -405,6 +405,8 @@ jobs:
     needs: [build-linux, build-darwin, build-windows]
     runs-on: ubuntu-latest
     permissions:
+      actions: read
+      id-token: write
       contents: write
     steps:
       - name: Download Build Artifacts for linux/amd64

From aa347abc2bcad11242844828ae9fe635b7793622 Mon Sep 17 00:00:00 2001
From: Akshay Aggarwal <akshay.aggarwal@smartcontract.com>
Date: Fri, 20 Feb 2026 18:21:09 +0000
Subject: [PATCH 3/4] uopdate

---
 .github/workflows/build-and-release.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 7385f804..86554205 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -406,7 +406,6 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       actions: read
-      id-token: write
       contents: write
     steps:
       - name: Download Build Artifacts for linux/amd64

From fd8187af5761a025a59c7288e323ce73558c9baf Mon Sep 17 00:00:00 2001
From: Akshay Aggarwal <71980293+infiloop2@users.noreply.github.com>
Date: Mon, 23 Feb 2026 11:50:13 +0000
Subject: [PATCH 4/4] Update .github/workflows/build-and-release.yml

Co-authored-by: Anirudh Warrier <12178754+anirudhwarrier@users.noreply.github.com>
---
 .github/workflows/build-and-release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/build-and-release.yml b/.github/workflows/build-and-release.yml
index 86554205..3136e632 100644
--- a/.github/workflows/build-and-release.yml
+++ b/.github/workflows/build-and-release.yml
@@ -407,6 +407,7 @@ jobs:
     permissions:
       actions: read
       contents: write
+      id-token: write
     steps:
       - name: Download Build Artifacts for linux/amd64
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # actions/download-artifact@v4.1.8