From 5df79f0a86c9c082ff16dd76369abaaac034becc Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeff.paul@10up.com>
Date: Wed, 4 Feb 2026 17:35:51 -0600
Subject: [PATCH 01/13] Potential fix for code scanning alert no. 42: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/deploy_wp_plugin_develop.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/deploy_wp_plugin_develop.yml b/.github/workflows/deploy_wp_plugin_develop.yml
index 9987fa32d..26a6de9fe 100644
--- a/.github/workflows/deploy_wp_plugin_develop.yml
+++ b/.github/workflows/deploy_wp_plugin_develop.yml
@@ -2,6 +2,8 @@
 # this is disabled for now to avoid breaking projects using the older method of installation
 
 name: Release develop WP Plugin
+permissions:
+  contents: write
 
 on:
   push:

From 6cdf8a5cb0ab3c9ced8ca2c0fb221114895f148c Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeffpaul@hotmail.com>
Date: Wed, 4 Feb 2026 17:36:25 -0600
Subject: [PATCH 02/13] Update deploy_wp_plugin_develop.yml

---
 .github/workflows/deploy_wp_plugin_develop.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/deploy_wp_plugin_develop.yml b/.github/workflows/deploy_wp_plugin_develop.yml
index 26a6de9fe..0d77da987 100644
--- a/.github/workflows/deploy_wp_plugin_develop.yml
+++ b/.github/workflows/deploy_wp_plugin_develop.yml
@@ -2,6 +2,7 @@
 # this is disabled for now to avoid breaking projects using the older method of installation
 
 name: Release develop WP Plugin
+
 permissions:
   contents: write
 

From e23350318cfefc1fe5044ded2260240e18d6bd36 Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeff.paul@10up.com>
Date: Wed, 4 Feb 2026 17:36:49 -0600
Subject: [PATCH 03/13] Potential fix for code scanning alert no. 43: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/eslint.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml
index 38190afcf..64c53638b 100644
--- a/.github/workflows/eslint.yml
+++ b/.github/workflows/eslint.yml
@@ -1,5 +1,8 @@
 name: eslint
 
+permissions:
+  contents: read
+
 on: [pull_request]
 
 jobs:

From af0c3f2fca41842d5a6a0737ca3104153e3b9f0e Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeff.paul@10up.com>
Date: Wed, 4 Feb 2026 17:37:17 -0600
Subject: [PATCH 04/13] Potential fix for code scanning alert no. 46: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/nextjs_bundle_analysis.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/nextjs_bundle_analysis.yml b/.github/workflows/nextjs_bundle_analysis.yml
index b18ea15d2..2f29399b0 100644
--- a/.github/workflows/nextjs_bundle_analysis.yml
+++ b/.github/workflows/nextjs_bundle_analysis.yml
@@ -1,5 +1,11 @@
 name: '(Pages Router) Next.js Bundle Analysis'
 
+permissions:
+  contents: read
+  actions: read
+  pull-requests: write
+  issues: write
+
 on:
   pull_request:
   push:

From c0e88106bcc6f8f5ebac34981c2607a547af1514 Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeff.paul@10up.com>
Date: Wed, 4 Feb 2026 17:37:47 -0600
Subject: [PATCH 05/13] Potential fix for code scanning alert no. 50: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/unit-tests.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
index d1c78a786..e7f7460cd 100644
--- a/.github/workflows/unit-tests.yml
+++ b/.github/workflows/unit-tests.yml
@@ -1,5 +1,8 @@
 name: unit tests
 
+permissions:
+  contents: read
+
 on: [pull_request]
 
 jobs:

From 123b19b051186ecccda43530fc0f99155ff1d4d1 Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeffpaul@hotmail.com>
Date: Wed, 4 Feb 2026 17:39:03 -0600
Subject: [PATCH 06/13] Update deploy_wp_plugin_stable.yml

---
 .github/workflows/deploy_wp_plugin_stable.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/deploy_wp_plugin_stable.yml b/.github/workflows/deploy_wp_plugin_stable.yml
index 0440c299f..abd84a648 100644
--- a/.github/workflows/deploy_wp_plugin_stable.yml
+++ b/.github/workflows/deploy_wp_plugin_stable.yml
@@ -2,6 +2,9 @@ name: Release Stable WP Plugin
 
 ### This has been merged into release-latest-version action
 
+permissions:
+  contents: write
+
 on:
   push:
     branches:

From 9ff58bca12c354f14429563039e0b981e07b5c74 Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeffpaul@hotmail.com>
Date: Wed, 4 Feb 2026 17:39:43 -0600
Subject: [PATCH 07/13] Update nextjs_bundle_analysis-app-router.yml

---
 .github/workflows/nextjs_bundle_analysis-app-router.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/nextjs_bundle_analysis-app-router.yml b/.github/workflows/nextjs_bundle_analysis-app-router.yml
index 988e550db..8348a33c9 100644
--- a/.github/workflows/nextjs_bundle_analysis-app-router.yml
+++ b/.github/workflows/nextjs_bundle_analysis-app-router.yml
@@ -1,5 +1,9 @@
 name: '(App Router) Next.js Bundle Analysis'
 
+permissions:
+  contents: read
+  pull-requests: write
+
 on:
   pull_request:
   push:

From 95a1409fcd6aee3e5f8b6d0f70cf69b12e038ce9 Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeffpaul@hotmail.com>
Date: Wed, 4 Feb 2026 17:40:05 -0600
Subject: [PATCH 08/13] Update phpcs.yml

---
 .github/workflows/phpcs.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/phpcs.yml b/.github/workflows/phpcs.yml
index a71c450e8..0e1134903 100644
--- a/.github/workflows/phpcs.yml
+++ b/.github/workflows/phpcs.yml
@@ -1,5 +1,8 @@
 name: PHPCS check
 
+permissions:
+  contents: read
+
 on: pull_request
 
 jobs:

From 35c95b3a67685b7bece10b406f63525e02a992e8 Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeffpaul@hotmail.com>
Date: Wed, 4 Feb 2026 17:40:23 -0600
Subject: [PATCH 09/13] Update phpunit.yml

---
 .github/workflows/phpunit.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml
index 0fbcfc9dc..5b238b282 100644
--- a/.github/workflows/phpunit.yml
+++ b/.github/workflows/phpunit.yml
@@ -1,5 +1,8 @@
 name: PHPUnit tests
 
+permissions:
+  contents: read
+
 on: pull_request
 
 jobs:

From 2b1b9556eb23d37ad43dbcf12bf21b0b21de6080 Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeffpaul@hotmail.com>
Date: Wed, 4 Feb 2026 17:40:39 -0600
Subject: [PATCH 10/13] Update build-test.yml

---
 .github/workflows/build-test.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
index 8337a692e..8c235fae5 100644
--- a/.github/workflows/build-test.yml
+++ b/.github/workflows/build-test.yml
@@ -1,5 +1,8 @@
 name: Build Test
 
+permissions:
+  contents: read
+
 on: [pull_request]
 
 jobs:

From 69c6a1ae35fe9478d327e75d9b407db0c8e79bbf Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeffpaul@hotmail.com>
Date: Wed, 4 Feb 2026 17:41:05 -0600
Subject: [PATCH 11/13] Update release-latest-version.yml

---
 .github/workflows/release-latest-version.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/release-latest-version.yml b/.github/workflows/release-latest-version.yml
index 9333501d1..c5aa9c9af 100644
--- a/.github/workflows/release-latest-version.yml
+++ b/.github/workflows/release-latest-version.yml
@@ -1,5 +1,9 @@
 name: Release @latest
 
+permissions:
+  contents: write
+  pull-requests: write
+
 on:
   push:
     branches:

From dcbc2568fffbf41354b3a0539f47e9faa7c3c14b Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeffpaul@hotmail.com>
Date: Wed, 4 Feb 2026 17:41:34 -0600
Subject: [PATCH 12/13] Update deploy-docs.yml

---
 .github/workflows/deploy-docs.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml
index 7fd9292f4..3e5ccf5f4 100644
--- a/.github/workflows/deploy-docs.yml
+++ b/.github/workflows/deploy-docs.yml
@@ -1,5 +1,8 @@
 name: Deploy to GitHub Pages
 
+permissions:
+  contents: write
+
 on:
   push:
     branches:

From 6db02429a503f6e5695047fdc5dce155c292ce17 Mon Sep 17 00:00:00 2001
From: Jeffrey Paul <jeffpaul@hotmail.com>
Date: Wed, 4 Feb 2026 17:41:57 -0600
Subject: [PATCH 13/13] Update npm-release-next-version.yml

---
 .github/workflows/npm-release-next-version.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/npm-release-next-version.yml b/.github/workflows/npm-release-next-version.yml
index f1a7a99ea..61e3d9ed9 100644
--- a/.github/workflows/npm-release-next-version.yml
+++ b/.github/workflows/npm-release-next-version.yml
@@ -1,5 +1,9 @@
 name: Release @next
 
+permissions:
+  contents: write
+  pull-requests: write
+
 on:
   push:
     branches: