From 94f0336bfec3091e71ea8c37267212a912604aa4 Mon Sep 17 00:00:00 2001
From: dhmlau <dhmlau@ca.ibm.com>
Date: Mon, 11 Aug 2025 14:32:58 -0400
Subject: [PATCH 1/4] fix: fix CodeQL

Signed-off-by: dhmlau <dhmlau@ca.ibm.com>
---
 .github/workflows/codeql-analysis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 1c605114..0303710f 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -28,7 +28,7 @@ jobs:
           api.github.com:443
           github.com:443
           objects.githubusercontent.com:443
-
+          github-releases.githubusercontent.com:443
     - name: Checkout repository
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:

From c3a57b0a5b4ade2917e184311bf4279783e8614d Mon Sep 17 00:00:00 2001
From: dhmlau <dhmlau@ca.ibm.com>
Date: Mon, 11 Aug 2025 14:58:21 -0400
Subject: [PATCH 2/4] fix: fix

Signed-off-by: dhmlau <dhmlau@ca.ibm.com>
---
 .github/workflows/codeql-analysis.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 0303710f..4929ab40 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -42,4 +42,5 @@ jobs:
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8
-
+      with:
+          wait-for-processing: false

From d4d5aaec2f75a64ce6cf9cd26f1be18b7ee62eec Mon Sep 17 00:00:00 2001
From: dhmlau <dhmlau@ca.ibm.com>
Date: Mon, 11 Aug 2025 15:06:37 -0400
Subject: [PATCH 3/4] fix: fix

Signed-off-by: dhmlau <dhmlau@ca.ibm.com>
---
 .github/workflows/codeql-analysis.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 4929ab40..9e933cd6 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -39,6 +39,16 @@ jobs:
       with:
         languages: javascript-typescript
         config-file: .github/codeql/codeql-config.yml
+    - name: StepSecurity - reapply egress restrictions
+      uses: step-security/harden-runner@v2.13.0
+      with:
+        disable-sudo: true
+        egress-policy: block
+        allowed-endpoints: >
+          api.github.com:443
+          github.com:443
+          objects.githubusercontent.com:443
+          github-releases.githubusercontent.com:443
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8

From 20940acc1ebbd201a84032460e67cf30397e957a Mon Sep 17 00:00:00 2001
From: dhmlau <dhmlau@ca.ibm.com>
Date: Mon, 18 Aug 2025 09:48:04 -0400
Subject: [PATCH 4/4] fix: fix

Signed-off-by: dhmlau <dhmlau@ca.ibm.com>
---
 .github/workflows/codeql-analysis.yml | 36 ++++-----------------------
 1 file changed, 5 insertions(+), 31 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 9e933cd6..7f61bdb7 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -20,37 +20,11 @@ jobs:
       actions: read
 
     steps:
-    - uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
-      with:
-        disable-sudo: true
-        egress-policy: block
-        allowed-endpoints: >
-          api.github.com:443
-          github.com:443
-          objects.githubusercontent.com:443
-          github-releases.githubusercontent.com:443
-    - name: Checkout repository
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      with:
-        persist-credentials: false
-
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8
+      uses: github/codeql-action/init@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9
       with:
-        languages: javascript-typescript
-        config-file: .github/codeql/codeql-config.yml
-    - name: StepSecurity - reapply egress restrictions
-      uses: step-security/harden-runner@v2.13.0
-      with:
-        disable-sudo: true
-        egress-policy: block
-        allowed-endpoints: >
-          api.github.com:443
-          github.com:443
-          objects.githubusercontent.com:443
-          github-releases.githubusercontent.com:443
-
+        languages: 'javascript'
+        config-file: ./.github/codeql/codeql-config.yaml
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.8
-      with:
-          wait-for-processing: false
+      uses: github/codeql-action/analyze@df559355d593797519d70b90fc8edd5db049e7a2 # v3.29.9