From ff4a162d94232ffb9e36733e8f147a18b301f378 Mon Sep 17 00:00:00 2001
From: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date: Mon, 8 Jul 2024 10:11:51 -0400
Subject: [PATCH 1/2] codeql: Update checkout action

---
 .github/workflows/codeql.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index cf0217154..6e460d0a8 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -13,7 +13,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
       with:
         # We must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head.

From 26127a8f937114a16ca25338cb21e4ddf1506e03 Mon Sep 17 00:00:00 2001
From: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date: Mon, 8 Jul 2024 10:12:13 -0400
Subject: [PATCH 2/2] codeql: Add security-events permissions

See https://github.com/actions/starter-workflows/blob/889ae22e02c117e9e5329d250059a96f136a4983/code-scanning/codeql.yml#L33-L34
---
 .github/workflows/codeql.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 6e460d0a8..94fe4917d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -1,5 +1,9 @@
 name: "Code scanning - action"
 
+permissions:
+  contents: read
+  security-events: write
+
 on:
   pull_request:
   schedule: