From 7035c6f85347de2a05a57d86090b9ab42bd7cfa1 Mon Sep 17 00:00:00 2001
From: Gauvino <contact@uruk.dev>
Date: Fri, 5 Jun 2026 13:16:18 +0200
Subject: [PATCH] chore(security): bump merge-conflict labeler to v3.1.0 and
 default-deny perms

Pin eps1lon/actions-label-merge-conflict to v3.1.0 (0273be7) and add a
top-level permissions: {} so the workflow defaults to no permissions and the
job grants only contents:read and pull-requests:write.
---
 .github/workflows/conflict.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/conflict.yml b/.github/workflows/conflict.yml
index 9f2e68a50..375f17479 100644
--- a/.github/workflows/conflict.yml
+++ b/.github/workflows/conflict.yml
@@ -12,6 +12,8 @@ on:
     branches: [develop]
     types: [synchronize]
 
+permissions: {}
+
 jobs:
   label:
     name: 🏷️ Labeling Merge Conflicts
@@ -22,7 +24,7 @@ jobs:
       pull-requests: write
     steps:
       - name: 🚩 Apply merge conflict label
-        uses: eps1lon/actions-label-merge-conflict@1df065ebe6e3310545d4f4c4e862e43bdca146f0 # v3.0.3
+        uses: eps1lon/actions-label-merge-conflict@0273be72a0bbd58fcd71d0d6c02c209b50d1e5e1 # v3.1.0
         with:
           dirtyLabel: '⚔️ merge-conflict'
           commentOnDirty: 'This pull request has merge conflicts. Please resolve the conflicts so the PR can be successfully reviewed and merged.'