Add CodeQL analysis workflow configuration#18592
Add CodeQL analysis workflow configuration#18592krsjenmt wants to merge 0 commit intogoogle-gemini:mainfrom
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
|
Note Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
.github/workflows/webpack.yml
Outdated
| runs-on: ubuntu-latest | ||
|
|
||
| strategy: | ||
| matrix: | ||
| node-version: [18.x, 20.x, 22.x] | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Use Node.js ${{ matrix.node-version }} | ||
| uses: actions/setup-node@v4 | ||
| with: | ||
| node-version: ${{ matrix.node-version }} | ||
|
|
||
| - name: Build | ||
| run: | | ||
| npm install | ||
| npx webpack |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions
gemini-cli
bot
added
the
priority/p1
packages/devtools/client/src/App.tsx
Outdated
| Object.keys(groupedLogs).forEach((key) => { | ||
| if (next[key] === undefined) { | ||
| // Collapse play.googleapis.com by default | ||
| next[key] = !key.includes('play.googleapis.com'); |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization
packages/devtools/client/src/App.tsx
Outdated
| const unescaped = full | ||
| .slice(1, -1) | ||
| .replace(/\\n/g, '\n') | ||
| .replace(/\\t/g, '\t') | ||
| .replace(/\\r/g, '\r') | ||
| .replace(/\\\\/g, '\\') |
Check failure
Code scanning / CodeQL
Double escaping or unescaping
1 participant
Summary
Details
Related Issues
How to Validate
Pre-Merge Checklist