From 0b39f9f4ecbe6b467c00ffef978f0b0aa178c806 Mon Sep 17 00:00:00 2001
From: Rebecca Sutton Koeser <rlskoeser@users.noreply.github.com>
Date: Tue, 27 May 2025 15:56:28 -0400
Subject: [PATCH 1/2] Potential fix for code scanning alert no. 2: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/unit_tests.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index 31e01ed..655967e 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -1,5 +1,9 @@
 name: unit tests
 
+permissions:
+  contents: read
+  id-token: write
+
 on:
   push:
     branches:

From f615ea1ef6a751909840d5374f7446a72b04c354 Mon Sep 17 00:00:00 2001
From: Rebecca Sutton Koeser <rlskoeser@users.noreply.github.com>
Date: Tue, 27 May 2025 15:57:14 -0400
Subject: [PATCH 2/2] Potential fix for code scanning alert no. 1: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/check.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index ae450b4..9a373b6 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -3,6 +3,9 @@ name: Check style + docs + types
 on:
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   check:
     runs-on: ubuntu-latest