From 12a3a4b42ce16995789b74a4659f17435d7f7dca Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 27 Jun 2026 00:34:56 +0000
Subject: [PATCH 1/4] Initial plan


From 1341398f116f25ad3d33cf6fa135524e130011e4 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 27 Jun 2026 00:42:34 +0000
Subject: [PATCH 2/4] Apply remaining changes

---
 ghcookies.txt | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 ghcookies.txt

diff --git a/ghcookies.txt b/ghcookies.txt
new file mode 100644
index 0000000..a6e4f5e
--- /dev/null
+++ b/ghcookies.txt
@@ -0,0 +1,7 @@
+# Netscape HTTP Cookie File
+# https://curl.se/docs/http-cookies.html
+# This file was generated by libcurl! Edit at your own risk.
+
+#HttpOnly_.github.com	TRUE	/	TRUE	1814056653	logged_in	no
+.github.com	TRUE	/	TRUE	1814056653	_octo	GH1.1.1464862683.1782520653
+#HttpOnly_github.com	FALSE	/	TRUE	0	_gh_sess	Po%2FXbkSsuXM5otORZ63lSPecnnRRMe8%2FgdJ6lWIBmel56TK6zCqBVk0MtcB3rOgw%2BkrmhpwW8iel4WqI%2BS4nPFJZ7zhsi2sEuSt0koVZMOUS%2FCXN%2FPv0tvNo5o5SVNwAg77rDtICfr6oy5Dx6rOQ5lq0LxgTWtTCF%2BFEotP9P5GXUMNKouzUCdQKuiZs8akSG%2B1hmYC7wjRWfmmsRGno%2Fm80sEmYKXiIXCFjw8EqONDiiaU%2BfjxQMCYv4clAjDfb763rJiIyyJQsRMQTX4H4%2Fw%3D%3D--Ov3I2XKrFd6kK4Rz--w0chTqqb7N3gCJcQpOt9Zg%3D%3D

From 29bb43dd07d71121c1e4bb08a24e52d3cb91a7d7 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 27 Jun 2026 01:11:45 +0000
Subject: [PATCH 3/4] Apply remaining changes

---
 .github/workflows/codeql.yml | 32 ++++++++++++++++++++++++++++++++
 .gitignore                   |  2 ++
 ghcookies.txt                |  7 -------
 3 files changed, 34 insertions(+), 7 deletions(-)
 create mode 100644 .github/workflows/codeql.yml
 delete mode 100644 ghcookies.txt

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..a37aa4d
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,32 @@
+name: CodeQL
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  schedule:
+    - cron: '27 6 * * 1'
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  analyze:
+    name: Analyze (actions)
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: actions
+          build-mode: none
+
+      - name: Perform CodeQL analysis
+        uses: github/codeql-action/analyze@v3
diff --git a/.gitignore b/.gitignore
index ee2c3d7..a02378e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -64,3 +64,5 @@ crash-*
 *.pptx
 
 .venv-pycore/mssql-py-core/pytest-smoke-results.xml
+
+ghcookies.txt
diff --git a/ghcookies.txt b/ghcookies.txt
deleted file mode 100644
index a6e4f5e..0000000
--- a/ghcookies.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-# Netscape HTTP Cookie File
-# https://curl.se/docs/http-cookies.html
-# This file was generated by libcurl! Edit at your own risk.
-
-#HttpOnly_.github.com	TRUE	/	TRUE	1814056653	logged_in	no
-.github.com	TRUE	/	TRUE	1814056653	_octo	GH1.1.1464862683.1782520653
-#HttpOnly_github.com	FALSE	/	TRUE	0	_gh_sess	Po%2FXbkSsuXM5otORZ63lSPecnnRRMe8%2FgdJ6lWIBmel56TK6zCqBVk0MtcB3rOgw%2BkrmhpwW8iel4WqI%2BS4nPFJZ7zhsi2sEuSt0koVZMOUS%2FCXN%2FPv0tvNo5o5SVNwAg77rDtICfr6oy5Dx6rOQ5lq0LxgTWtTCF%2BFEotP9P5GXUMNKouzUCdQKuiZs8akSG%2B1hmYC7wjRWfmmsRGno%2Fm80sEmYKXiIXCFjw8EqONDiiaU%2BfjxQMCYv4clAjDfb763rJiIyyJQsRMQTX4H4%2Fw%3D%3D--Ov3I2XKrFd6kK4Rz--w0chTqqb7N3gCJcQpOt9Zg%3D%3D

From d2dd6fcc574491bc7dee7f1ad40137821e443797 Mon Sep 17 00:00:00 2001
From: Saurabh Singh <saurabh500@gmail.com>
Date: Fri, 26 Jun 2026 18:44:57 -0700
Subject: [PATCH 4/4] Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
---
 .github/workflows/codeql.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index a37aa4d..de5a515 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -10,14 +10,15 @@ on:
   schedule:
     - cron: '27 6 * * 1'
 
-permissions:
-  contents: read
-  security-events: write
+permissions: {}
 
 jobs:
   analyze:
     name: Analyze (actions)
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4