robojerk/codeql-action
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
4568 commits 0 branches 1 tag 471 MiB
Find a file
dependabot[bot] 1d83e52e9a
Bump the npm group with 5 updates (#1951) 
* Bump the npm group with 5 updates

Bumps the npm group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [@types/js-yaml](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/js-yaml) | `4.0.6` | `4.0.7` |
| [@types/sinon](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sinon) | `10.0.17` | `10.0.19` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `6.7.5` | `6.8.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `6.7.5` | `6.8.0` |
| [nock](https://github.com/nock/nock) | `13.3.3` | `13.3.4` |


Updates `@types/js-yaml` from 4.0.6 to 4.0.7
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/js-yaml)

Updates `@types/sinon` from 10.0.17 to 10.0.19
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sinon)

Updates `@typescript-eslint/eslint-plugin` from 6.7.5 to 6.8.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.8.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 6.7.5 to 6.8.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v6.8.0/packages/parser)

Updates `nock` from 13.3.3 to 13.3.4
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v13.3.3...v13.3.4)

---
updated-dependencies:
- dependency-name: "@types/js-yaml"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@types/sinon"
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: nock
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>

* Update checked-in dependencies

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2023-10-17 19:41:41 +00:00
.github Test sub-language file coverage in file baseline information check 2023-10-12 11:58:09 +01:00
.vscode Use vendored TypeScript version for VS Code 2023-08-07 15:08:32 +01:00
analyze Add output for analyze action output path 2023-07-25 16:03:16 -04:00
autobuild C++: simplify CppDependencyInstallation interface 2023-09-20 14:05:12 +02:00
init Improve description of codeql-action/init languages input (#1919) 2023-10-04 12:01:23 -07:00
lib Make Go binary path check unconditional 2023-10-13 10:26:39 +01:00
node_modules Bump the npm group with 5 updates (#1951) 2023-10-17 19:41:41 +00:00
pr-checks Test sub-language file coverage in file baseline information check 2023-10-12 11:58:09 +01:00
python-setup Add integration test 2023-10-06 13:52:34 -07:00
queries Add RUNNER_ENVIRONMENT to the list of known default setup variables 2023-09-20 14:08:00 +02:00
resolve-environment Update working-directory description 2023-06-13 20:46:00 +01:00
src Make Go binary path check unconditional 2023-10-13 10:26:39 +01:00
tests Move to the codeql-testing org 2023-04-04 13:39:56 -07:00
upload-sarif Re-enable waiting for processing by default, using the new API semantics. 2022-03-30 12:24:59 +01:00
.editorconfig Add a .editorconfig with our chosen formatting options. 2020-06-23 14:38:30 +01:00
.eslintignore Delete the runner 2022-11-14 16:23:14 +00:00
.eslintrc.json Enable no cyclic dependencies eslint rule 2023-07-19 15:53:39 +01:00
.git-blame-ignore-revs Ignore prior commit in git blame 2023-07-25 17:59:56 +02:00
.gitattributes Refactor PR checks 2021-09-08 13:59:52 +01:00
.gitignore Delete the runner 2022-11-14 16:23:14 +00:00
.npmrc Add config file to support npm v8 and v9 simultaneously 2022-11-14 22:15:08 +00:00
CHANGELOG.md Update changelog and version after v2.22.3 2023-10-13 13:02:57 +00:00
CODE_OF_CONDUCT.md Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f) 2020-04-28 17:23:37 +02:00
CODEOWNERS Update CODEOWNERS 2022-04-12 16:34:35 +02:00
CONTRIBUTING.md Document CodeQL deprecation process 2023-09-27 19:10:31 +01:00
LICENSE Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f) 2020-04-28 17:23:37 +02:00
package-lock.json Bump the npm group with 5 updates (#1951) 2023-10-17 19:41:41 +00:00
package.json Bump the npm group with 5 updates (#1951) 2023-10-17 19:41:41 +00:00
README.md Update README.md 2023-08-21 11:37:17 -04:00
tsconfig.json Upgrade TypeScript to 9.2.0 2023-01-18 20:59:57 +00:00

README.md

CodeQL Action

This action runs GitHub's industry-leading semantic code analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed on pull requests and in the repository's security tab. CodeQL runs an extensible set of queries, which have been developed by the community and the GitHub Security Lab to find common vulnerabilities in your code.

For a list of recent changes, see the CodeQL Action's changelog.

License

This project is released under the MIT License.

The underlying CodeQL CLI, used in this action, is licensed under the GitHub CodeQL Terms and Conditions. As such, this action may be used on open source projects hosted on GitHub, and on private repositories that are owned by an organisation with GitHub Advanced Security enabled.

Usage

We recommend using default setup to configure CodeQL analysis for your repository. For more information, see "Configuring default setup for code scanning."

You can also configure advanced setup for a repository to find security vulnerabilities in your code using a highly customizable code scanning configuration. For more information, see "Configuring advanced setup for code scanning" and "Customizing your advanced setup for code scanning."

Troubleshooting

Read about troubleshooting code scanning.

Contributing

This project welcomes contributions. See CONTRIBUTING.md for details on how to build, install, and contribute.