hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-30 09:05:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,310 Commits 1,788 Branches 169 Tags
18d4082a5fe014b5efa356eb70fcab35596cf0cc
Commit Graph

402 Commits

Author SHA1 Message Date
github-actions[bot]
456e33773b Post-release preparation for codeql-cli-2.26.0 2026-06-25 16:24:06 +00:00
github-actions[bot]
237c5639e2 Release preparation for version 2.26.0 2026-06-25 15:27:00 +00:00
Paolo Tranquilli
b67644c127 Merge pull request #21986 from JarLob/userpermissions 
Actions: Fix dominates() false positive in reusable workflows
 2026-06-25 14:44:17 +02:00
Jaroslav Lobačevski
7fc4b4856e Fix formatting 2026-06-24 17:17:16 +00:00
Paolo Tranquilli
4b8cb3ffac Fix false negative for branching nested reusable workflows 
The previous fix required all outermost callers of a reusable workflow to
be protected, which collapsed distinct safe/unsafe inner paths that share
the same outermost caller. Track protection per caller chain instead: a
node inside a reusable workflow is only considered protected if there is
no unprotected caller path up to an outer workflow.

Adds a branching nested regression test where one inner job is protected
by a permission check and a sibling inner job is not.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-24 18:22:01 +02:00
Jaroslav Lobačevski
31f6e713c5 Fix "The variable event is only used in one side of disjunct." 2026-06-23 12:06:01 +00:00
Jaroslav Lobačevski
e2347a5c7d Fix for independent checks 2026-06-23 11:52:11 +00:00
Jaroslav Lobačevski
7f16853715 Remove trailing white space 2026-06-18 12:11:18 +00:00
Jaroslav Lobačevski
2d6feb1255 Fix false negatives when one of the jobs had proper checks and the other didn't 2026-06-18 12:02:56 +00:00
Michael B. Gale
1cb5be52d0 Merge branch 'add-yaml-comments' 2026-06-17 13:59:08 +01:00
Henry Mercer
1d11151135 Merge rc/3.22 into main 2026-06-17 10:41:44 +01:00
Mathias Vorreiter Pedersen
c12cf88c52 Merge branch 'main' into add-yaml-comments 2026-06-17 10:17:06 +01:00
Jon Janego
72f34c2b3b Merge pull request #21971 from github/mario-campos/fix-changenote-grammar 
Fix changelog copy errors in change-notes and CHANGELOG.md files
 2026-06-16 10:15:25 -05:00
Jaroslav Lobačevski
d51a9a3e1a Support nested reusable workflows 2026-06-15 06:52:13 +00:00
Jaroslav Lobačevski
048884bb78 Remove redundant cast 2026-06-15 06:12:45 +00:00
Jaroslav Lobačevski
2eed6c1736 Fix dominates() false positive in reusable workflows 2026-06-15 05:42:59 +00:00
Jaroslav Lobačevski
bea5522473 rename change note 2026-06-12 07:52:34 +00:00
Jaroslav Lobačevski
eedef515f7 Updated regex. Added test and change note. 2026-06-12 07:50:02 +00:00
Jaroslav Lobačevski
9078b511c6 Update regex for GitHub hosted runner matching 
Fixes false positives (of critical severity). New label naming conventions were introduced since the query was initially written.
 2026-06-12 09:37:18 +03:00
copilot-swe-agent[bot]
838d06c53f Fix changelog copy errors in change-notes and CHANGELOG.md files (codeql-cli-2.25.6) 2026-06-11 22:45:33 +02:00
Henry Mercer
f4dc86e645 Correct query metadata for actions/untrusted-checkout/medium 2026-06-04 19:12:02 +01:00
Mathias Vorreiter Pedersen
b6521e7c0e Actions: Support YAML comments. 2026-06-04 17:54:46 +01:00
github-actions[bot]
cfb18c2477 Post-release preparation for codeql-cli-2.25.6 2026-05-29 12:04:35 +00:00
github-actions[bot]
8b6f969cdb Release preparation for version 2.25.6 2026-05-29 11:27:54 +00:00
Henry Mercer
9bc0c1b1ab Revert "Release preparation for version 2.25.6" 2026-05-29 12:13:50 +01:00
github-actions[bot]
44a914e40f Release preparation for version 2.25.6 2026-05-25 10:23:26 +00:00
Óscar San José
996e79131e Merge branch 'main' into post-release-prep/codeql-cli-2.25.5 2026-05-22 16:32:30 +02:00
Kristen Newbury
5503140318 Merge branch 'main' into knewbury01/adjust-actions-queries-untrusted-checkout-second-iteration 2026-05-21 10:49:36 -04:00
Kristen Newbury
a094a8e460 Fix merge conflicts 2026-05-21 10:48:24 -04:00
Kristen Newbury
2f8c0df537 Address review feedback 2026-05-21 10:40:52 -04:00
Owen Mansel-Chan
2280955136 Merge pull request #21800 from knewbury01/knewbury01/adjust-actions-queries-untrusted-checkout-critical-alert 
Actions: Adjust alert location UntrustedCheckoutCritical
 2026-05-21 12:40:29 +01:00
Kristen Newbury
bfc6deeb9b Adjust wording helpfiles UntrustedCheckoutX all three files 2026-05-19 10:19:00 -04:00
Kristen Newbury
0a876583e5 Adjust name UntrustedCheckoutHigh wording trusted to privileged 2026-05-19 10:12:04 -04:00
Owen Mansel-Chan
ad69cfb721 Merge pull request #21838 from github/copilot/widen-regex-for-pinned-actions 
Align `alphaNumericRegex()` with the documented grouped SHA pattern
 2026-05-18 17:35:27 +01:00
github-actions[bot]
9f64000962 Post-release preparation for codeql-cli-2.25.5 2026-05-18 15:20:31 +00:00
github-actions[bot]
e38616a2ef Release preparation for version 2.25.5 2026-05-18 12:05:32 +00:00
Óscar San José
8a199f963d Merge pull request #21692 from github/copilot/update-codeql-query-for-composite-actions 
Extend `actions/unpinned-tag` to analyze composite action metadata (`action.yml` / `action.yaml`)
 2026-05-18 12:17:13 +02:00
Kristen Newbury
3eaf04ef72 Fix expected files for changes to alert messages UntrustedCheckoutCritical and UntrustedCheckoutHigh 2026-05-14 15:05:08 -04:00
Kristen Newbury
914c7e1a7b Improve UntrustedCheckoutX helpfiles 2026-05-14 13:34:59 -04:00
Kristen Newbury
29ffd87bf8 Add full stop to alert messages in UntrustedCheckoutHigh and UntrustedCheckoutCritical 2026-05-14 12:58:20 -04:00
Kristen Newbury
eae9c0ef0e Add one missing changenote actions-queries-untrusted-checkout 2026-05-14 12:06:55 -04:00
Kristen Newbury
c36ad7be37 Adjust untrusted checkout actions queries 2026-05-14 11:59:55 -04:00
Owen Mansel-Chan
b49b8ff6bd Give slightly more detail in change note 2026-05-13 13:47:53 +01:00
Owen Mansel-Chan
ea29986c4f Fix non-US english by using "parentheses" instead of "brackets" 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-05-12 22:40:03 +01:00
Owen Mansel-Chan
f58268064e Add change note for alphanumeric regex change 2026-05-12 22:40:03 +01:00
Owen Mansel-Chan
2067113177 Update expected test output 2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]
562f415f64 Tidy Bash alphaNumericRegex comment spacing 2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]
0620d348b2 Update Bash alphaNumericRegex to match grouped quantified forms 2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]
48b1dad959 Add change note for SHA-256 pinned actions support 2026-05-12 22:40:03 +01:00
copilot-swe-agent[bot]
ef1bde7565 Widen pinned SHA regex to support SHA-256 (64-char hex) and add tests 2026-05-12 22:40:03 +01:00