From 1c9a47ce63d501e88f35e7bf3bb87ae1b0b42dea Mon Sep 17 00:00:00 2001
From: NexusOne23 <nexus235@pm.me>
Date: Mon, 8 Dec 2025 10:40:17 +0100
Subject: [PATCH] Fix: Add explicit permissions to workflow (CodeQL security)

---
 .github/workflows/pester-tests.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/pester-tests.yml b/.github/workflows/pester-tests.yml
index 04333be..60b007c 100644
--- a/.github/workflows/pester-tests.yml
+++ b/.github/workflows/pester-tests.yml
@@ -7,6 +7,12 @@ on:
     branches: [ main ]
   workflow_dispatch:
 
+# Security: Explicit permissions (Principle of Least Privilege)
+permissions:
+  contents: read          # Required for checkout
+  checks: write           # Required for publish-unit-test-result-action
+  pull-requests: write    # Required for PR comments by test action
+
 jobs:
   test:
     runs-on: windows-latest