Potential fix for code scanning alert no. 1: Workflow does not contain permissions

[mindedal]

Potential fix for https://github.com/mindedal/pyfetch/security/code-scanning/1

In general, the fix is to explicitly declare a minimal permissions block in the workflow so that the GITHUB_TOKEN has only the scopes needed. For this workflow, which only checks out code and runs Python tests, contents: read is sufficient. We can place permissions at the workflow root so it applies to all jobs, or under the test job specifically; using the root keeps the file concise and ensures future jobs inherit least-privilege by default.

The best fix without changing existing behavior is to add a root-level permissions section with contents: read just after the name: (or after on:; placement among top-level keys is flexible). No additional imports, actions, or steps are required. Only .github/workflows/python-tests.yml needs modification, and only by inserting a small permissions block without changing any existing lines.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[Copilot]

Pull request overview

This PR addresses a security code scanning alert by adding explicit permissions to the GitHub Actions workflow, following the principle of least privilege for the GITHUB_TOKEN.

• Adds a permissions block at the workflow root level with contents: read
• Restricts the workflow to only the permissions it needs for checking out code and running tests

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.