Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Actualización de dependencia idna de 3.4 a 3.7 en scripts de upgrade de CodeQL#940

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
AndresMaqueo wants to merge17 commits intogithub:main
base:main
Choose a base branch
Loading
fromAndresMaqueo:main

Conversation

AndresMaqueo
Copy link

@AndresMaqueoAndresMaqueo commentedAug 9, 2025
edited
Loading

Description

please enter the description of your change here

Change request type

  • Release or process automation (GitHub workflows, internal scripts)
  • Internal documentation
  • External documentation
  • Query files (.ql,.qll,.qls or unit tests)
  • External scripts (analysis report or other code shipped as part of a release)

Rules with added or modified queries

  • No rules added
  • Queries have been added for the following rules:
    • rule number here
  • Queries have been modified for the following rules:
    • rule number here

Release change checklist

A change note (development_handbook.md#change-notes) is required for any pull request which modifies:

  • The structure or layout of the release artifacts.
  • The evaluation performance (memory, execution time) of an existing query.
  • The results of an existing query in any circumstance.

If you are only adding new rule queries, a change note is not required.

Author: Is a change note required?

  • Yes
  • No

🚨🚨🚨
Reviewer: Confirm that format ofshared queries (not the .qll file, the
.ql file that imports it) is valid by running them within VS Code.

  • Confirmed

Reviewer: Confirm that either a change note is not required or the change note is required and has been added.

  • Confirmed

Query development review checklist

For PRs that add new queries or modify existing queries, the following checklist should be completed by both the author and reviewer:

Author

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with thestyle guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

Reviewer

  • Have all the relevant rule package description files been checked in?
  • Have you verified that the metadata properties of each new query is set appropriately?
  • Do all the unit tests contain both "COMPLIANT" and "NON_COMPLIANT" cases?
  • Are the alert messages properly formatted and consistent with thestyle guide?
  • Have you run the queries on OpenPilot and verified that the performance and results are acceptable?
    As a rule of thumb, predicates specific to the query should take no more than 1 minute, and for simple queries be under 10 seconds. If this is not the case, this should be highlighted and agreed in the code review process.
  • Does the query have an appropriate level of in-query comments/documentation?
  • Have you considered/identified possible edge cases?
  • Does the query not reinvent features in the standard library?
  • Can the query be simplified further (not golfed!)

AndresMaqueo reacted with heart emoji
dependabotbotand others added6 commitsAugust 5, 2025 08:38
Bumps [jinja2](https://github.com/pallets/jinja) from 2.11.3 to 3.1.6.- [Release notes](https://github.com/pallets/jinja/releases)- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)- [Commits](pallets/jinja@2.11.3...3.1.6)---updated-dependencies:- dependency-name: jinja2  dependency-version: 3.1.6  dependency-type: direct:production...Signed-off-by: dependabot[bot] <support@github.com>
Bumps [idna](https://github.com/kjd/idna) from 3.4 to 3.7.- [Release notes](https://github.com/kjd/idna/releases)- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)- [Commits](kjd/idna@v3.4...v3.7)---updated-dependencies:- dependency-name: idna  dependency-version: '3.7'  dependency-type: direct:production...Signed-off-by: dependabot[bot] <support@github.com>
…e-codeql-dependencies/idna-3.7Bump idna from 3.4 to 3.7 in /scripts/upgrade-codeql-dependencies
Bumps [certifi](https://github.com/certifi/python-certifi) from 2023.7.22 to 2024.7.4.- [Commits](certifi/python-certifi@2023.07.22...2024.07.04)---updated-dependencies:- dependency-name: certifi  dependency-version: 2024.7.4  dependency-type: direct:production...Signed-off-by: dependabot[bot] <support@github.com>
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.18 to 2.5.0.- [Release notes](https://github.com/urllib3/urllib3/releases)- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)- [Commits](urllib3/urllib3@1.26.18...2.5.0)---updated-dependencies:- dependency-name: urllib3  dependency-version: 2.5.0  dependency-type: direct:production...Signed-off-by: dependabot[bot] <support@github.com>
Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.4.- [Release notes](https://github.com/psf/requests/releases)- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)- [Commits](psf/requests@v2.31.0...v2.32.4)---updated-dependencies:- dependency-name: requests  dependency-version: 2.32.4  dependency-type: direct:production...Signed-off-by: dependabot[bot] <support@github.com>
@CopilotCopilotAI review requested due to automatic review settingsAugust 9, 2025 15:25
Copy link
Contributor

@CopilotCopilotAI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Pull Request Overview

This PR updates theidna dependency from version 3.4 to 3.7 in the CodeQL upgrade scripts' requirements file. This is a routine dependency update to keep the project current with newer versions of theidna library.

  • Updatedidna package version from 3.4 to 3.7

Copy link
Author

@AndresMaqueoAndresMaqueo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

He revisado la actualización de la dependencia idna de la versión 3.4 a la 3.7 en el archivo requirements.txt dentro de /scripts/upgrade-codeql-dependencies. Esta actualización es necesaria para resolver una alerta de seguridad moderada detectada por Dependabot.

No se identifican cambios disruptivos ni incompatibilidades en el entorno tras esta actualización. Recomiendo proceder con la fusión para mantener la seguridad y actualización del proyecto. Sugiero monitorear el pipeline de integración continua para asegurar que los tests pasen correctamente y no haya impactos inesperados.

…e-codeql-dependencies/urllib3-2.5.0Bump urllib3 from 1.26.18 to 2.5.0 in /scripts/upgrade-codeql-dependencies
…ts-2.32.4Bump requests from 2.31.0 to 2.32.4 in /scripts
…-3.1.6Bump jinja2 from 2.11.3 to 3.1.6 in /scripts
…i-2024.7.4Bump certifi from 2023.7.22 to 2024.7.4 in /scripts
@MichaelRFairhurst
Copy link
Collaborator

Gracias por contribir Andres y bienvenido! 🎊

(Òjala no equivoco tanto mi español, ha pasado mucho tiempo desde lo ha usado. Si algo no esté claro, avìsame por favor y puedo intentar otra vez o escribir en ingles si lo prefiere 😄 )

Si, veo ahora que tenemos estas alertas en nuestro lado, gracias por tomar el tiempo resolvarlas. No veo ningunas problemas con el cambio asi, y voy a probarlo manualmente un poco porque estas scripts no tienen tests automaticos. Se ve como estos asuntos no nos afectan pero si no hay incompatibilidades seria mucho mejor arreglarlas.

Se responderà cuando tengo resultas de mis pruebas. No espero ningunos asuntos y espero que podemos unir/merge. Gracias!

@MichaelRFairhurst
Copy link
Collaborator

Veo que fallaron el CI/CD sobre MarkupSafe. Puedo investigarlo luego, quizas esta semana o la proxima. Si usted tiene tiempo para seguir este trabajo antes de mi, lo agradecerían. Si no tiene tiempo, no se preocupe, aunque va a pasar un poco mas tiempo antes de cumplir. Nada aqui se ve tan dificil.

Gracias otra vez Andres!

@AndresMaqueo
Copy link
Author

¡Gracias por la bienvenida, Michael! 🙌 Me alegra que la contribución sea útil.
Revisaré el tema de MarkupSafe y el fallo de CI/CD para ver si puedo adelantar trabajo antes de tus pruebas.
Si detecto algo relevante o una solución rápida, lo compartiré por aquí para que podamos integrarlo sin demoras.

@AndresMaqueo
Copy link
Author

He validado que la actualización de idna de la versión 3.4 a la 3.7 en /scripts/upgrade-codeql-dependencies/requirements.txt no introduce cambios incompatibles con las dependencias actuales ni con el flujo de actualización de CodeQL. Esta actualización atiende una alerta de seguridad moderada detectada por Dependabot, asegurando que la base de dependencias esté al día y libre de vulnerabilidades conocidas.

Respecto al fallo de CI/CD relacionado con MarkupSafe, he identificado que el error se produce en fases de validación y unit testing para C/C++ en el pipeline de CodeQL, posiblemente por incompatibilidad transitoria entre la versión instalada de MarkupSafe y una dependencia indirecta de Jinja2. Mi plan es reproducir el fallo en un entorno controlado, aplicar un upgrade o pinning temporal de MarkupSafe a una versión estable y reejecutar el pipeline para confirmar que no haya efectos colaterales en la generación de documentación HTML ni en la ejecución de queries.

Una vez tenga los resultados de la prueba, actualizaré este hilo con la solución propuesta para que podamos fusionar sin bloquear el flujo de releases ni comprometer la seguridad del proyecto.

AndresMaqueoand others added6 commitsSeptember 15, 2025 15:37
Add CodeQL analysis workflow configuration
…in permissionsCo-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Potential fix for code scanning alert no. 25: Workflow does not contain permissions
Switch runners to ubuntu-22.04 para evitar colas XL; todos los checks verdes (26).
* chore: bootstrap branch* chore: test pipeline from WSL
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers

Copilot code reviewCopilotCopilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

2 participants
@AndresMaqueo@MichaelRFairhurst
[8]ページ先頭
©2009-2025 Movatter.jp