github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-28 02:00:12 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,674 Commits 297 Branches 500 Tags
5bddbeb2bf2a508a17d60e15c201284c56ffc2aa
Commit Graph

6674 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
5bddbeb2bf Update checked-in dependencies 2025-04-07 17:59:50 +00:00
dependabot[bot]
c7102cdca1 build(deps-dev): bump the npm group with 3 updates 
Bumps the npm group with 3 updates: [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js), [nock](https://github.com/nock/nock) and [typescript](https://github.com/microsoft/TypeScript).


Updates `@eslint/js` from 9.23.0 to 9.24.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.24.0/packages/js)

Updates `nock` from 14.0.2 to 14.0.3
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v14.0.2...v14.0.3)

Updates `typescript` from 5.8.2 to 5.8.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Changelog](https://github.com/microsoft/TypeScript/blob/main/azure-pipelines.release-publish.yml)
- [Commits](https://github.com/microsoft/TypeScript/commits)

---
updated-dependencies:
- dependency-name: "@eslint/js"
  dependency-version: 9.24.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: nock
  dependency-version: 14.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: typescript
  dependency-version: 5.8.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-07 17:59:17 +00:00
Arthur Baars
4b508f5964 Merge pull request #2845 from github/mergeback/v3.28.14-to-main-fc7e4a0f 
Mergeback v3.28.14 refs/heads/releases/v3 into main
 2025-04-07 13:04:29 +02:00
github-actions[bot]
ca00afb5f1 Update checked-in dependencies 2025-04-07 09:33:21 +00:00
github-actions[bot]
2969c78ce0 Update changelog and version after v3.28.14 2025-04-07 09:27:28 +00:00
Arthur Baars
fc7e4a0fa0 Merge pull request #2844 from github/update-v3.28.14-362ef4ce2 
Merge main into releases/v3
v3.28.14 		2025-04-07 11:26:56 +02:00
github-actions[bot]
be0175c800 Update changelog for v3.28.14 2025-04-07 09:09:01 +00:00
Arthur Baars
362ef4ce20 Merge pull request #2838 from github/update-bundle/codeql-bundle-v2.21.0 
Update default bundle to 2.21.0
 2025-04-03 15:40:24 +02:00
Arthur Baars
2b85c00718 Merge branch 'main' into update-bundle/codeql-bundle-v2.21.0 2025-04-03 15:28:09 +02:00
Angela P Wen
41aa437638 Merge pull request #2841 from github/angelapwen/log-init-post-telemetry 
Add logs around status report telemetry in `init-post` step
 2025-04-03 14:51:03 +02:00
Angela P Wen
92864f48b0 Add logs around status report telemetry in init-post step 2025-04-03 14:37:27 +02:00
Fotis Koutoulakis
e13fe0dd2d Merge pull request #2833 from github/NlightNFotis/reclassify_upload_sarif_issues 
feat: further error re-classification
 2025-04-02 20:09:36 +01:00
Fotis Koutoulakis
06703ce3e5 Merge branch 'main' into NlightNFotis/reclassify_upload_sarif_issues 2025-04-02 19:06:45 +01:00
Fotis Koutoulakis (@NlightNFotis)
676a422916 review-comments: nest validateSariFileSchema into try-catch block to better discriminate error thrown 2025-04-02 19:06:31 +01:00
Fotis Koutoulakis (@NlightNFotis)
498c7f37e8 review-comments: unwrap error in upload-sarif-action and re-classify as ConfigurationError if in known error category 2025-04-02 15:20:03 +01:00
Fotis Koutoulakis (@NlightNFotis)
efd29bef22 refactor: revert getActionsStatus taking an extra argument 2025-04-02 15:13:00 +01:00
Angela P Wen
dab8a02091 Merge pull request #2836 from github/dependabot/github_actions/actions-02c935407f 
build(deps): bump the actions group with 2 updates
 2025-04-02 14:57:29 +02:00
Angela P Wen
10771737a9 Merge pull request #2840 from github/dependabot/npm_and_yarn/npm-05c8aca45e 
build(deps-dev): bump the npm group across 1 directory with 4 updates
 2025-04-02 14:56:55 +02:00
Angela P Wen
17379bcd20 Manually update PR check workflow 2025-04-02 14:43:55 +02:00
github-actions[bot]
dbb232a3d8 Update checked-in dependencies 2025-04-02 12:43:14 +00:00
dependabot[bot]
4b72bef651 build(deps-dev): bump the npm group across 1 directory with 4 updates 
Bumps the npm group with 4 updates in the / directory: [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver), [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [nock](https://github.com/nock/nock).


Updates `@types/semver` from 7.5.8 to 7.7.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver)

Updates `@typescript-eslint/eslint-plugin` from 8.28.0 to 8.29.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.29.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.28.0 to 8.29.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.29.0/packages/parser)

Updates `nock` from 14.0.1 to 14.0.2
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v14.0.1...v14.0.2)

---
updated-dependencies:
- dependency-name: "@types/semver"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: nock
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-02 12:42:37 +00:00
Fotis Koutoulakis (@NlightNFotis)
b53826d56d review-comments: remove syntax-error handling for SARIF from upload-lib 2025-04-01 15:10:16 +01:00
Fotis Koutoulakis (@NlightNFotis)
55ee663d5f review-comments: refactor getActionsStatus to accept an extra parameter designating if the analysis is third-party 2025-04-01 14:58:59 +01:00
github-actions[bot]
a27e401674 Add changelog note 2025-04-01 13:51:07 +00:00
github-actions[bot]
a69f5113b7 Update default bundle to codeql-bundle-v2.21.0 2025-04-01 13:51:03 +00:00
dependabot[bot]
b6f76bd566 build(deps): bump the actions group with 2 updates 
Bumps the actions group with 2 updates: [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [actions/create-github-app-token](https://github.com/actions/create-github-app-token).


Updates `ruby/setup-ruby` from 1.227.0 to 1.229.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](1a615958ad...354a1ad156)

Updates `actions/create-github-app-token` from 1.11.7 to 1.12.0
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Commits](https://github.com/actions/create-github-app-token/compare/v1.11.7...v1.12.0)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/create-github-app-token
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-31 17:16:14 +00:00
Fotis Koutoulakis (@NlightNFotis)
01f1a1f2c9 Merge branch 'main' into NlightNFotis/reclassify_upload_sarif_issues 2025-03-31 16:29:02 +01:00
Chuan-kai Lin
efffb483ec Merge pull request #2831 from github/cklin/diff-informed-query-filtering 
Respect `exclude-from-incremental` query tag for diff-informed analysis
codeql-bundle-v2.21.0 		2025-03-31 08:00:50 -07:00
Fotis Koutoulakis (@NlightNFotis)
f21cf0bbd7 feat: reclassify InvalidSarifUploadError as a user-error when final status report is produced 2025-03-31 12:22:18 +01:00
Fotis Koutoulakis (@NlightNFotis)
72a2b1295e feat: classify some observed SARIF errors as InvalidSarifUploadError 2025-03-31 12:17:23 +01:00
Fotis Koutoulakis (@NlightNFotis)
a022653e2d feat: classify more HTTP errors as configuration errors in api-client 2025-03-31 11:54:16 +01:00
Fotis Koutoulakis (@NlightNFotis)
3c42562190 fix: update comment for test to state correct expected outcome 2025-03-31 11:51:11 +01:00
Chuan-kai Lin
e4ca874973 build: refresh js files 2025-03-28 12:30:40 -07:00
Chuan-kai Lin
e7f67e2e61 Redefine shouldPerformDiffInformedAnalysis() 
This commit renames the original shouldPerformDiffInformedAnalysis(),
which returns `PullRequestBranches | undefined`, to
getDiffInformedAnalysisBranches(). It also adds a new
shouldPerformDiffInformedAnalysis() function that returns boolean.

Separating these two functions makes it clear what the intended uses and
return values should be for each.
 2025-03-28 12:29:28 -07:00
Fotis Koutoulakis
9f45e7498b Merge pull request #2832 from github/NlightNFotis/fix_config_error_classification 
fix: change regex matching for API error to not contain regex boundaries
 2025-03-28 15:18:02 +00:00
Fotis Koutoulakis (@NlightNFotis)
73c938dbc0 fix: fix issue where wrapApiConfigurationError would fail to regex match a string due to boundary constraints on the regex 2025-03-28 14:38:06 +00:00
Fotis Koutoulakis (@NlightNFotis)
2be6da694a test: add tests for the wrapApiConfigurationError function 2025-03-28 14:37:10 +00:00
Fotis Koutoulakis (@NlightNFotis)
76f9ed9cd9 test: add tests to validate getActionsStatus' behaviour 2025-03-28 14:37:10 +00:00
Chuan-kai Lin
71ab101d38 Set default query filter for diff-informed analysis 2025-03-27 14:06:40 -07:00
Chuan-kai Lin
da967b1ade AugmentationProperties: add defaultQueryFilters 
This commit adds a defaultQueryFilters field to AugmentationProperties
and incorporates its value into the augmented Code Scanning config.
However, in this commit defaultQueryFilters is always empty, so there is
not yet any actual behavior change.
 2025-03-27 13:44:47 -07:00
Chuan-kai Lin
3c4533916b Call shouldPerformDiffInformedAnalysis() outside setupDiffInformedQueryRun() 2025-03-27 10:27:24 -07:00
Chuan-kai Lin
1994ea768e Move shouldPerformDiffInformedAnalysis() 2025-03-27 10:27:24 -07:00
Chuan-kai Lin
534bc63d5e Rename diff-filtering-utils.ts to diff-informed-analysis-utils.ts 2025-03-27 10:27:23 -07:00
Chuan-kai Lin
3fbee52426 Extract shouldPerformDiffInformedAnalysis() 2025-03-27 10:27:23 -07:00
Chuan-kai Lin
9bd18b486f Merge pull request #2830 from github/cklin/code-scanning-repo 
getFileDiffsWithBasehead(): use CODE_SCANNING_REPOSITORY if present
 2025-03-27 10:25:27 -07:00
Chuan-kai Lin
0afd488dc1 build: refresh js files 2025-03-27 08:50:55 -07:00
Chuan-kai Lin
c1fc897eb2 getFileDiffsWithBasehead(): use CODE_SCANNING_REPOSITORY if present 2025-03-27 08:50:31 -07:00
Chuan-kai Lin
f88459c0a3 Use getRepositoryNwo() 2025-03-26 10:18:40 -07:00
Chuan-kai Lin
b22f3341fe Add getRepositoryNwo() helper functions 2025-03-26 08:11:16 -07:00
Henry Mercer
486ab5a292 Merge pull request #2827 from github/dependabot/npm_and_yarn/npm-6956921c2d 
build(deps): bump the npm group with 8 updates
 2025-03-24 21:40:41 +00:00