fix(security): add permissions block to PR security check workflow

KofTwentyTwo · KofTwentyTwo · commit f66af062e55d · 2025-12-25T20:32:27.000-06:00
diff --git a/.github/workflows/pr-security-check.yml b/.github/workflows/pr-security-check.yml
@@ -4,11 +4,18 @@ on:
   pull_request:
     branches: [ main, develop ]
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   # Quick security scan for PRs
   security-scan:
     name: 🔍 Security Scan
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -38,13 +45,13 @@ jobs:
           script: |
             const fs = require('fs');
             const path = require('path');
-            
+
             try {
               const reportPath = path.join(process.env.GITHUB_WORKSPACE, 'target');
               if (fs.existsSync(reportPath)) {
                 const files = fs.readdirSync(reportPath);
                 const htmlFile = files.find(f => f.includes('dependency-check-report') && f.endsWith('.html'));
-                
+
                 if (htmlFile) {
                   github.rest.issues.createComment({
                     issue_number: context.issue.number,
