From b2506497ada5d43713bd7e725cd93c8eef97555f Mon Sep 17 00:00:00 2001
From: Regina Yap <reyap@microsoft.com>
Date: Fri, 3 Apr 2026 11:26:56 -0700
Subject: [PATCH 1/2] Fix some Code ql errors

---
 .github/workflows/codeql-analysis.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 162954b85..0e202fd4f 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -13,6 +13,9 @@ on:
     branches:
       - master
 
+permissions:
+  security-events: read
+
 env:
   TargetNetNext: 'False'
 
@@ -51,7 +54,7 @@ jobs:
       uses: actions/setup-dotnet@v5
       with:
         dotnet-version: 8.x
-        
+
     - name: Setup .NET 9.0.x
       uses: actions/setup-dotnet@v5
       with:

From c7326924d1bb62b2ae2f5f338926e100f68eac67 Mon Sep 17 00:00:00 2001
From: Regina Yap <reyap@microsoft.com>
Date: Fri, 3 Apr 2026 11:53:57 -0700
Subject: [PATCH 2/2] fix: update CodeQL actions to v4 and fix permissions

- Upgrade codeql-action/init and codeql-action/analyze from v3 to v4
  to resolve Node.js 20 deprecation warning
- Update permissions: security-events to write, add actions: read
  and contents: read to resolve feature flags CLI version warning
- Update commented autobuild reference from v2 to v4 for consistency

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .github/workflows/codeql-analysis.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 0e202fd4f..39f391eb8 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -14,7 +14,9 @@ on:
       - master
 
 permissions:
-  security-events: read
+  security-events: write
+  actions: read
+  contents: read
 
 env:
   TargetNetNext: 'False'
@@ -34,7 +36,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       # Override language selection by uncommenting this and choosing your languages
       with:
          languages: csharp
@@ -42,7 +44,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     # - name: Autobuild
-    #   uses: github/codeql-action/autobuild@v2
+    #   uses: github/codeql-action/autobuild@v4
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -79,4 +81,4 @@ jobs:
       run: dotnet test Microsoft.Identity.Web.sln -f net10.0 -p:FROM_GITHUB_ACTION=true --configuration Release --filter "(FullyQualifiedName!~Microsoft.Identity.Web.Test.Integration)&(FullyQualifiedName!~WebAppUiTests)&(FullyQualifiedName=IntegrationTests)"
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4