codeql-action
codeql-action copied to clipboard
github
Actions for running CodeQL analysis
- When #18 landed, it included: https://github.com/github/codeql-action/blob/d7b9f5a097fc0f44469c524a720c4e1a53c79210/package.json#L44 https://github.com/github/codeql-action/blob/d7b9f5a097fc0f44469c524a720c4e1a53c79210/package.json#L36-L38 - That dependency was fixed in https://github.com/avajs/ava/commit/fd92b4a368aac600e0b1f95b514179db8316771c which was released in https://github.com/avajs/ava/releases/tag/v3.8.2 - ava was upgraded a while ago to pull in...
https://github.com/check-spelling-sandbox/rancher-desktop/actions/runs/20089313767/job/57633334730#step:7:27 ```js Download action repository 'github/codeql-action@v4' (SHA:cf1bb45a277cb3c205638b2cd5c984db1c46a412) ``` ```js Post-processing sarif files: ["/tmp/tmp.sDnlfIczKq"] Validating /tmp/tmp.sDnlfIczKq Adding fingerprints to SARIF file. See https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs for more information. (node:10154) [DEP0169] DeprecationWarning: `url.parse()` behavior...
Bumps the actions-minor group with 2 updates in the /.github/workflows directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token). Updates `ruby/setup-ruby` from 1.268.0 to 1.269.0 Release notes Sourced from ruby/setup-ruby's releases. v1.269.0 What's Changed Account...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps the npm-minor group with 5 updates: | Package | From | To | | --- | --- | --- | | [node-forge](https://github.com/digitalbazaar/forge) | `1.3.2` | `1.3.3` | | [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin)...
This PR adds experimental support for excluding files that are marked as `linguist-generated=true` in a `.gitattributes` file from analysis. ### Risk assessment For internal use only. Please select the risk...
This reduces the likelihood of publishing a tag but not a release. ### Risk assessment For internal use only. Please select the risk level of this change: - **Low risk:**...
Removes the FF introduced in https://github.com/github/codeql-action/pull/3206 and makes the behaviour that was gated behind it the default. ### Risk assessment For internal use only. Please select the risk level of...
## Notice of v3 deprecation Node.js 20.x (the runtime used by CodeQL Action v3) reaches end-of-life on 30 April 2026: https://nodejs.org/en/blog/release/v20.9.0. To keep the Action running on a supported runtime,...
When I look at the advanced security settings on https://github.com/blowdart/idunno.Bluesky I get a nice warning: Code scanning with GitHub Actions is not available for this repository. GitHub Actions policy is...
Diff-informed analysis expects paths in the diff-range extension pack to be absolute paths. The conversion to absolute paths currently happens within `getDiffRanges` in `diff-informed-analysis-utils.ts`. This PR moves the conversion to...
