Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Actualización de dependencia idna de 3.4 a 3.7 en scripts de upgrade de CodeQL#940

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
AndresMaqueo wants to merge21 commits intogithub:main
base:main
Choose a base branch
Loading
fromAndresMaqueo:main
Open
Show file tree
Hide file tree
Changes fromall commits
Commits
Show all changes
21 commits
Select commitHold shift + click to select a range
3d6b327
Bump jinja2 from 2.11.3 to 3.1.6 in /scripts
dependabot[bot]Aug 5, 2025
7cc4838
Bump idna from 3.4 to 3.7 in /scripts/upgrade-codeql-dependencies
dependabot[bot]Aug 5, 2025
1e9f9f8
Merge pull request #3 from AndresMaqueo/dependabot/pip/scripts/upgrad…
AndresMaqueoAug 9, 2025
7c01dae
Bump certifi from 2023.7.22 to 2024.7.4 in /scripts
dependabot[bot]Aug 9, 2025
9d10a4c
Bump urllib3 in /scripts/upgrade-codeql-dependencies
dependabot[bot]Aug 9, 2025
dd3387a
Bump requests from 2.31.0 to 2.32.4 in /scripts
dependabot[bot]Aug 9, 2025
70aa936
Merge branch 'main' into main
AndresMaqueoAug 9, 2025
839d2dc
Merge pull request #5 from AndresMaqueo/dependabot/pip/scripts/upgrad…
AndresMaqueoAug 10, 2025
9278cdf
Merge pull request #4 from AndresMaqueo/dependabot/pip/scripts/reques…
AndresMaqueoAug 10, 2025
f876d22
Merge pull request #2 from AndresMaqueo/dependabot/pip/scripts/jinja2…
AndresMaqueoAug 10, 2025
8db576f
Merge pull request #1 from AndresMaqueo/dependabot/pip/scripts/certif…
AndresMaqueoAug 10, 2025
6e60f68
Add CodeQL analysis workflow configuration
AndresMaqueoSep 15, 2025
2a133d5
Potential fix for code scanning alert no. 25: Workflow does not conta…
AndresMaqueoSep 15, 2025
9de4c5a
Merge pull request #15 from AndresMaqueo/alert-autofix-25
AndresMaqueoSep 15, 2025
57031bd
Merge branch 'github:main' into main
AndresMaqueoSep 16, 2025
83d6018
ci: use ubuntu-22.04 instead of ubuntu-latest-xl to avoid queueing
AndresMaqueoSep 18, 2025
7c7726f
chore: bootstrap branch (#17)
AndresMaqueoSep 18, 2025
2dd4119
fix(ci): optimize CodeQL workflow (timeout, cache, multiproceso)
AndresMaqueoNov 5, 2025
ecf8080
Merge branch 'github:main' into main
AndresMaqueoNov 28, 2025
65d7e8f
Bump github/codeql-action from 3 to 4 (#18)
dependabot[bot]Nov 28, 2025
c1a46e3
fix: scripts/requirements.txt to reduce vulnerabilities (#28)
AndresMaqueoDec 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions.github/workflows/code-scanning-pack-gen.yml
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -37,7 +37,7 @@ jobs:
create-code-scanning-pack:
name: Create Code Scanning pack
needs: prepare-code-scanning-pack-matrix
runs-on: ubuntu-latest-xl
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.prepare-code-scanning-pack-matrix.outputs.matrix) }}
Expand DownExpand Up@@ -133,4 +133,4 @@ jobs:
uses: actions/upload-artifact@v4
with:
name: coding-standards-codeql-packs
path: '*-coding-standards.tgz'
path: '*-coding-standards.tgz'
72 changes: 72 additions & 0 deletions.github/workflows/codeql.yml
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
name: "CodeQL Advanced"

on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '27 4 * * 4' # análisis semanal automático

permissions:
contents: read
security-events: write
actions: read
packages: read

jobs:
analyze:
name: Analizar (${{ matrix.language }})
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
timeout-minutes: 30 # ⏱️ aumenta tiempo máximo
strategy:
fail-fast: false
matrix:
include:
- language: actions
build-mode: none
- language: c-cpp
build-mode: none
- language: javascript-typescript
build-mode: none
- language: python
build-mode: none

steps:
- name: 🧰 Checkout del repositorio
uses: actions/checkout@v4

- name: ⚡ Configurar caché de CodeQL
uses: actions/cache@v4
with:
path: ~/.codeql-cache
key: ${{ runner.os }}-codeql-${{ matrix.language }}
restore-keys: |
${{ runner.os }}-codeql-

- name: 🧩 Inicializar CodeQL
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
queries: +security-extended,security-and-quality

- name: 🚀 Analizar con CodeQL
uses: github/codeql-action/analyze@v4
with:
category: "/language:${{ matrix.language }}"
output: results-${{ matrix.language }}.sarif

- name: 📦 Generar paquete de consultas CodeQL
run: |
echo "Creando paquete para ${{ matrix.language }}..."
codeql pack create --threads=4 --timeout=900 || echo "⚠️ Error leve, continuará..."
echo "Verificando integridad del paquete..."
codeql pack verify || echo "⚠️ Verificación incompleta."

- name: ☁️ Subir artefacto SARIF
uses: actions/upload-artifact@v4
with:
name: codeql-results-${{ matrix.language }}
path: results-${{ matrix.language }}.sarif

3 changes: 2 additions & 1 deletion.github/workflows/codeql_unit_tests.yml
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -32,7 +32,7 @@ jobs:
python scripts/create_language_matrix.py
echo "matrix=$(
python scripts/create_language_matrix.py | \
jq --compact-output 'map([.+{os: "ubuntu-latest-xl", codeql_standard_library_ident : .codeql_standard_library | sub("\/"; "_")}]) | flatten | {include: .}')" >> $GITHUB_OUTPUT
jq --compact-output 'map([.+{os: "ubuntu-22.04", codeql_standard_library_ident : .codeql_standard_library | sub("\/"; "_")}]) | flatten | {include: .}')" >> $GITHUB_OUTPUT

run-test-suites:
name: Run unit tests
Expand DownExpand Up@@ -185,3 +185,4 @@ jobs:
echo $FAILING_TESTS | jq .
exit 1
fi

View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,6 @@
name: Verify Standard Library Dependencies
permissions:
contents: read

# Run this workflow every time the "supported_codeql_configs.json" file or a "qlpack.yml" file is changed
on:
Expand Down
1 change: 1 addition & 0 deletionsREADME.md
View file
Open in desktop
Original file line numberDiff line numberDiff line change
Expand Up@@ -59,3 +59,4 @@ All header files in [c/common/test/includes/standard-library](./c/common/test/in
<sup>1</sup>This repository incorporates portions of the SEI CERT® Coding Standards available athttps://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards; however, such use does not necessarily constitute or imply an endorsement, recommendation, or favoring by Carnegie Mellon University or its Software Engineering Institute.



12 changes: 6 additions & 6 deletionsscripts/requirements.txt
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,16 @@
beautifulsoup4==4.9.3
certifi==2023.7.22
certifi==2024.7.4
chardet==3.0.4
gitdb==4.0.5
GitPython==3.1.41
idna==2.10
Jinja2==2.11.3
MarkupSafe==1.1.1
requests==2.31.0
Jinja2==3.1.6
MarkupSafe==2.1.5
requests==2.32.4
smmap==3.0.5
soupsieve==2.0.1
pyyaml==6.0.1
urllib3==1.26.18
urllib3==2.6.0
wheel==0.38.1
jsonschema==4.9.1
marko==1.2.1
marko==1.2.1
8 changes: 4 additions & 4 deletionsscripts/upgrade-codeql-dependencies/requirements.txt
View file
Open in desktop
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
certifi==2023.7.22
certifi==2024.7.4
charset-normalizer==3.2.0
idna==3.4
requests==2.31.0
idna==3.7
requests==2.32.4
semantic-version==2.10.0
urllib3==1.26.18
urllib3==2.5.0
pyyaml==6.0.1
[8]ページ先頭
©2009-2025 Movatter.jp