Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Actualización de dependencia idna de 3.4 a 3.7 en scripts de upgrade de CodeQL #940

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AndresMaqueo wants to merge 23 commits into github:main
base: main
Choose a base branch
Loading
from AndresMaqueo:main
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
3d6b327
Bump jinja2 from 2.11.3 to 3.1.6 in /scripts
dependabot[bot] Aug 5, 2025
7cc4838
Bump idna from 3.4 to 3.7 in /scripts/upgrade-codeql-dependencies
dependabot[bot] Aug 5, 2025
1e9f9f8
Merge pull request #3 from AndresMaqueo/dependabot/pip/scripts/upgrad...
AndresMaqueo Aug 9, 2025
7c01dae
Bump certifi from 2023年7月22日 to 2024年7月4日 in /scripts
dependabot[bot] Aug 9, 2025
9d10a4c
Bump urllib3 in /scripts/upgrade-codeql-dependencies
dependabot[bot] Aug 9, 2025
dd3387a
Bump requests from 2.31.0 to 2.32.4 in /scripts
dependabot[bot] Aug 9, 2025
70aa936
Merge branch 'main' into main
AndresMaqueo Aug 9, 2025
839d2dc
Merge pull request #5 from AndresMaqueo/dependabot/pip/scripts/upgrad...
AndresMaqueo Aug 10, 2025
9278cdf
Merge pull request #4 from AndresMaqueo/dependabot/pip/scripts/reques...
AndresMaqueo Aug 10, 2025
f876d22
Merge pull request #2 from AndresMaqueo/dependabot/pip/scripts/jinja2...
AndresMaqueo Aug 10, 2025
8db576f
Merge pull request #1 from AndresMaqueo/dependabot/pip/scripts/certif...
AndresMaqueo Aug 10, 2025
6e60f68
Add CodeQL analysis workflow configuration
AndresMaqueo Sep 15, 2025
2a133d5
Potential fix for code scanning alert no. 25: Workflow does not conta...
AndresMaqueo Sep 15, 2025
9de4c5a
Merge pull request #15 from AndresMaqueo/alert-autofix-25
AndresMaqueo Sep 15, 2025
57031bd
Merge branch 'github:main' into main
AndresMaqueo Sep 16, 2025
83d6018
ci: use ubuntu-22.04 instead of ubuntu-latest-xl to avoid queueing
AndresMaqueo Sep 18, 2025
7c7726f
chore: bootstrap branch (#17)
AndresMaqueo Sep 18, 2025
2dd4119
fix(ci): optimize CodeQL workflow (timeout, cache, multiproceso)
AndresMaqueo Nov 5, 2025
ecf8080
Merge branch 'github:main' into main
AndresMaqueo Nov 28, 2025
65d7e8f
Bump github/codeql-action from 3 to 4 (#18)
dependabot[bot] Nov 28, 2025
c1a46e3
fix: scripts/requirements.txt to reduce vulnerabilities (#28)
AndresMaqueo Dec 11, 2025
2b57e01
Merge branch 'github:main' into main
AndresMaqueo Dec 29, 2025
1f8f6b5
Bump actions/checkout from 4 to 6 (#25)
dependabot[bot] Dec 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions .github/workflows/code-scanning-pack-gen.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ jobs:
matrix: ${{ steps.export-code-scanning-pack-matrix.outputs.matrix }}
steps:
- name: Checkout repository
uses: actions/checkout@v5
uses: actions/checkout@v6
- name: Export Code Scanning pack matrix
id: export-code-scanning-pack-matrix
run: |
Expand All @@ -39,12 +39,12 @@ jobs:
create-code-scanning-pack:
name: Create Code Scanning pack
needs: prepare-code-scanning-pack-matrix
runs-on: ubuntu-latest-xl
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.prepare-code-scanning-pack-matrix.outputs.matrix) }}
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v6

- name: Cache CodeQL
id: cache-codeql
Expand Down Expand Up @@ -84,7 +84,7 @@ jobs:
id: checkout-external-help-files
# PRs from forks and dependabot do not have access to an appropriate token for cloning the help files repos
if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
uses: actions/checkout@v5
uses: actions/checkout@v6
with:
ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }}
repository: "github/codeql-coding-standards-help"
Expand Down Expand Up @@ -135,4 +135,4 @@ jobs:
uses: actions/upload-artifact@v4
with:
name: coding-standards-codeql-packs
path: '*-coding-standards.tgz'
path: '*-coding-standards.tgz'
72 changes: 72 additions & 0 deletions .github/workflows/codeql.yml
View file Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
name: "CodeQL Advanced"

on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '27 4 * * 4' # análisis semanal automático

permissions:
contents: read
security-events: write
actions: read
packages: read

jobs:
analyze:
name: Analizar (${{ matrix.language }})
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
timeout-minutes: 30 # ⏱️ aumenta tiempo máximo
strategy:
fail-fast: false
matrix:
include:
- language: actions
build-mode: none
- language: c-cpp
build-mode: none
- language: javascript-typescript
build-mode: none
- language: python
build-mode: none

steps:
- name: 🧰 Checkout del repositorio
uses: actions/checkout@v6

- name: ⚡ Configurar caché de CodeQL
uses: actions/cache@v4
with:
path: ~/.codeql-cache
key: ${{ runner.os }}-codeql-${{ matrix.language }}
restore-keys: |
${{ runner.os }}-codeql-

- name: 🧩 Inicializar CodeQL
uses: github/codeql-action/init@v4
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
queries: +security-extended,security-and-quality

- name: 🚀 Analizar con CodeQL
uses: github/codeql-action/analyze@v4
with:
category: "/language:${{ matrix.language }}"
output: results-${{ matrix.language }}.sarif

- name: 📦 Generar paquete de consultas CodeQL
run: |
echo "Creando paquete para ${{ matrix.language }}..."
codeql pack create --threads=4 --timeout=900 || echo "⚠️ Error leve, continuará..."
echo "Verificando integridad del paquete..."
codeql pack verify || echo "⚠️ Verificación incompleta."

- name: ☁️ Subir artefacto SARIF
uses: actions/upload-artifact@v4
with:
name: codeql-results-${{ matrix.language }}
path: results-${{ matrix.language }}.sarif

7 changes: 4 additions & 3 deletions .github/workflows/codeql_unit_tests.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
steps:
- name: Checkout repository
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Export unit test matrix
id: export-unit-test-matrix
Expand All @@ -34,7 +34,7 @@ jobs:
python scripts/create_language_matrix.py
echo "matrix=$(
python scripts/create_language_matrix.py | \
jq --compact-output 'map([.+{os: "ubuntu-latest-xl", codeql_standard_library_ident : .codeql_standard_library | sub("\/"; "_")}]) | flatten | {include: .}')" >> $GITHUB_OUTPUT
jq --compact-output 'map([.+{os: "ubuntu-22.04", codeql_standard_library_ident : .codeql_standard_library | sub("\/"; "_")}]) | flatten | {include: .}')" >> $GITHUB_OUTPUT

run-test-suites:
name: Run unit tests
Expand All @@ -47,7 +47,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Install Python
uses: actions/setup-python@v5
Expand Down Expand Up @@ -187,3 +187,4 @@ jobs:
echo $FAILING_TESTS | jq .
exit 1
fi

2 changes: 1 addition & 1 deletion .github/workflows/dispatch-matrix-test-on-comment.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Check permission
id: check-write-permission
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/dispatch-release-performance-check.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Check permission
id: check-write-permission
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/extra-rule-validation.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Check Rules
shell: pwsh
Expand All @@ -35,7 +35,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Ensure CPP Shared Rules Have Valid Structure
shell: pwsh
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/finalize-release.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,14 +44,14 @@ jobs:
fi
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6
with:
ref: ${{ env.REF }}
fetch-depth: 0
path: release

- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6
with:
ref: ${{ env.TOOL_REF }}
path: tooling
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/generate-html-docs.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Install Python
uses: actions/setup-python@v5
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/prepare-release.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6
with:
ref: ${{ inputs.ref }}

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/standard_library_upgrade_tests.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
steps:
- name: Checkout repository
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Export unit test matrix
id: export-unit-test-matrix
Expand All @@ -43,7 +43,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Setup Python 3
uses: actions/setup-python@v5
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/tooling-unit-tests.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
matrix: ${{ steps.export-supported-codeql-env-matrix.outputs.matrix }}
steps:
- name: Checkout repository
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Export supported CodeQL environment matrix
id: export-supported-codeql-env-matrix
Expand All @@ -42,7 +42,7 @@ jobs:
matrix: ${{ fromJSON(needs.prepare-supported-codeql-env-matrix.outputs.matrix) }}
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Install Python
uses: actions/setup-python@v5
Expand Down Expand Up @@ -85,7 +85,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Install Python
uses: actions/setup-python@v5
Expand All @@ -104,7 +104,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Install Python
uses: actions/setup-python@v5
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/upgrade_codeql_dependencies.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Fetch CodeQL
env:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/validate-package-files.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6
with:
ref: ${{ inputs.ref }}

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/validate-query-formatting.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6
with:
ref: ${{ inputs.ref }}

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/validate-query-help.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6
with:
ref: ${{ inputs.ref }}

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/validate-query-test-case-formatting.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
fail-fast: false
steps:
- name: Checkout
uses: actions/checkout@v5
uses: actions/checkout@v6
with:
ref: ${{ inputs.ref }}

Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/verify-standard-library-dependencies.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ jobs:
matrix: ${{ steps.export-matrix.outputs.matrix }}
steps:
- name: Checkout repository
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Export unit test matrix
id: export-matrix
Expand All @@ -46,7 +46,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v5
uses: actions/checkout@v6

- name: Setup Python 3
uses: actions/setup-python@v5
Expand Down
1 change: 1 addition & 0 deletions README.md
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,3 +59,4 @@ All header files in [c/common/test/includes/standard-library](./c/common/test/in
<sup>1</sup>This repository incorporates portions of the SEI CERT® Coding Standards available at https://wiki.sei.cmu.edu/confluence/display/seccode/SEI+CERT+Coding+Standards; however, such use does not necessarily constitute or imply an endorsement, recommendation, or favoring by Carnegie Mellon University or its Software Engineering Institute.



12 changes: 6 additions & 6 deletions scripts/requirements.txt
View file Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
beautifulsoup4==4.9.3
certifi==2023.7.22
certifi==2024.7.4
chardet==3.0.4
gitdb==4.0.5
GitPython==3.1.41
idna==2.10
Jinja2==2.11.3
MarkupSafe==1.1.1
requests==2.31.0
Jinja2==3.1.6
MarkupSafe==2.1.5
requests==2.32.4
smmap==3.0.5
soupsieve==2.0.1
pyyaml==6.0.1
urllib3==1.26.18
urllib3==2.6.0
wheel==0.38.1
jsonschema==4.9.1
marko==1.2.1
marko==1.2.1
8 changes: 4 additions & 4 deletions scripts/upgrade-codeql-dependencies/requirements.txt
View file Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
certifi==2023.7.22
certifi==2024.7.4
charset-normalizer==3.2.0
idna==3.4
requests==2.31.0
idna==3.7
requests==2.32.4
semantic-version==2.10.0
urllib3==1.26.18
urllib3==2.5.0
pyyaml==6.0.1

AltStyle によって変換されたページ (->オリジナル) /