A web application to visualize and manage open source project data from the Ecosyste.ms API.

github.com/github/codeql-action

Actions for running CodeQL analysis
https://github.com/github/codeql-action

Remove `update-proxy-release` workflow

aac66ec793240cfdd3037a81faa5b4d823045bc2 authored 9 months ago
Remove `undefined` values from results of `unsafeEntriesInvariant`

91a63dc72c2c4c97e141018269495a7b62608d09 authored 9 months ago
ESLint: Disable `no-unused-vars` for parameters starting with `_`

d25fa60a90ddfe309a83dd8606d2f3e0e5de15a7 authored 9 months ago
Reorder supported tags in descending order

Co-authored-by: Henry Mercer <henrymercer@github.com>

3adb1ff7b88abf82e97c2c42d9ac29a62769ba63 authored 9 months ago
Document Node.js 24 change in CHANGELOG.md.

d4b5380db47e283a94c5a85c4c6cf1f677d2530e authored 9 months ago
Rename `keys` and `entries` helpers and update docs

9a0b46abff129d5f6ef420d856e068b5f82e17ac authored 9 months ago
Rename variables in `getGroupedSarifFilePaths`

b8c496644d9494d63f2c26ae9085a48c728cee5a authored 9 months ago
Use `path.extname` for some extension checks

ad086e4d90cd2469a6059514596e520d7232895c authored 9 months ago
Add changelog note

47b5ac77ee7ed44880c47b745aa52a0e8ec7c1d7 authored 9 months ago
Update default bundle to codeql-bundle-v2.23.2

b5caf1196ec4d8558bd0de2e3ea0c8fc30abd208 authored 9 months ago
Implement simultaneous PR checks for Node.js v20, v24.

Copied from #2006.

d4bbcb74ca9400cb92146ef4ea5e441eafd2edce authored 9 months ago
Specify Node.js v24 in actions/setup-node steps.

180438161ed057dbe254fbe4b9e065448fbe1c40 authored 9 months ago
Merge pull request #3136 from github/mbg/dep-caching/telemetry

Add telemetry for dependency caching

80cb6b56b93de3e779c7d476d9100d06fb87c877 authored 9 months ago
Fix comments

d44c8b3e185a4cc2068b99d018ce6a237caabd85 authored 9 months ago
Merge pull request #3166 from github/mbg/upload-sarif/add-tests

Add tests for `upload-sarif`

36adfa7b0f5334b69b6ccdc55e94eefc75cd3279 authored 9 months ago
Fix condition in test workflow

97159624c37c670e79265faed8b4deedf323aa33 authored 9 months ago
Print a warning when there are `sarifFiles` in `getGroupedSarifFilePaths` that don't belong to an analysis kind

93711d3d89e7f15ed51f7c4e80ac48d21fd66470 authored 9 months ago
Call `fixCategory` in `uploadSpecifiedFiles`

Since `fixCategory` is now part of `AnalysisConfig`, we don't have to remember to do it at the c...

056fb86575b67fab2ce40184bf81847e34fa17f3 authored 9 months ago
Use `getGroupedSarifFilePaths` for `upload-sarif` Action

63d1b25e974e149ae85c4e6b10d3004b7b17a2d8 authored 9 months ago
Add `fixCategory` to `AnalysisConfig`

717d581574abb1db67faeacd9d1c8ea63dbf3830 authored 9 months ago
Add `keysTyped` and `entriesTyped` helpers

04175316333cf39f5c6a365fb82e5d33ab2d2718 authored 9 months ago
Add and use `getAnalysisConfig`

13ae3d432806d8c6203882a815962b8302e96c54 authored 9 months ago
Add `getGroupedSarifFilePaths` with tests

fe0376ed1f08e19edee56b6f1dc6fc3cf2eb6b9f authored 9 months ago
Merge pull request #3159 from github/oscarsj/update-brace-expansion-dep

Update vulnerable dependency brace-expansion

f0a08a4bf5e88a33ee3316a867fc8f9cc17bcaee authored 9 months ago
Update src/upload-sarif.test.ts

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

73fbfb0bbfdd42819e32878ba8bf878614028339 authored 9 months ago
Fail if no SARIF files were uploaded

5fd2cfe1eff886f8e9f600900eb0a9511ceda7d1 authored 9 months ago
Move core `upload-sarif` logic to `upload-sarif` module

Note that this also fixes the format of the `sarif-ids` outputs to match what is documented

9f452fad0f9ce6172a69b8e024ac62b9bf057c0e authored 9 months ago
Move `findAndUpload` to a new module

5fc9e66105b444f1ef097d1a09900e4d0d0b5270 authored 9 months ago
Merge branch 'main' into mbg/dep-caching/telemetry

e6768a18cfc29d32ff022a343647f9ffaca511c1 authored 9 months ago
Downgrade upload-sarif@v4 -> v3

I got ahead of myself; v4 hasn't been tagged yet.

d7ada03e0280f776b82f810731bcbec65691d7b4 authored 9 months ago
Rebuild JS after upgrading to Node.js 24.

30445af89f63da37c830d906b47c90c6e94e8d3c authored 9 months ago
Upgrade Node.js version to 24.

This requires creating a new major-version (v4) of codeql-action.

7434149006143a4d75b82a2f411ef15b03ccc2d7 authored 9 months ago
Merge pull request #3162 from github/mergeback/v3.30.5-to-main-3599b3ba

Mergeback v3.30.5 refs/heads/releases/v3 into main

6a87ebe42bbd3423c818b3d15ce9803ba45bd522 authored 9 months ago
Rebuild

b66e847aaf78454aea16e9ebcd3065ee0ca0015e authored 9 months ago
Update changelog and version after v3.30.5

1733a23b20f51f5ea8d0a3f3a9738e59b8cda4c5 authored 9 months ago
Merge pull request #3161 from github/update-v3.30.5-0a67bd46a

Merge main into releases/v3

3599b3baa15b485a2e49ef411a7a4bb2452e7f93 authored 9 months ago
Update changelog for v3.30.5

2ca0085e584affd600efbd3930bc90e48dbacb46 authored 9 months ago
Merge pull request #3160 from github/mbg/fix/upload-sarif

Hotfix `upload-sarif` not uploading non-`.sarif` files

0a67bd46a0f456ddad9e4b732137f519280275db authored 9 months ago
Add changelog

8e34f2f3bf0f3f0b192913b0e0f234372329699b authored 9 months ago
Fix `upload-sarif` not uploading non-`.sarif` files

0b7fc5664842c1a6bb23c4ef64b85438afcb76c5 authored 9 months ago
Build lib

2f0649510ecb09d22208f598e44d5765e0a6d800 authored 9 months ago
Update vulnerable dependencies brace-expansion

f19a3e769f415c441901bf1ffabaa94f65215284 authored 9 months ago
Tests: ensure `uploadSpecifiedFiles` wasn't called if we don't expect it to be

2adc894410deceb53c0abc0883f9c32f1e809cdd authored 9 months ago
Test that uploaded files match expectations for each analysis kind

5b3f0ded910bd2f8ff610cf0bf8d2b657fe657ab authored 9 months ago
Do not use stringified objects for dependency caching telemetry

31bfb99f0d18cdaf5bda03699c3acaa8401c5a26 authored 9 months ago
Add some tests for `findAndUpload` and `uploadSarif`

6e0b0872fa9da5b0a5442ecfcfecebb8e3fa79c5 authored 9 months ago
Merge pull request #3155 from github/mbg/node/no-install-in-actions

Don't run `npm install` when in an Actions workflow

94a9b7a1101a1320dcadcbda5e7fd9a1e6abaaca authored 9 months ago
Don't measure size of downloaded cache

ed577678982fff91b9ccd2f8bfd78a20744c6a49 authored 9 months ago
Rename `CacheHitResult` and `hit`

2ff902e1f1619b6569d7d000985300490f3f3962 authored 9 months ago
Log what the script is doing

a0ae9ba2026911d58db9df06e6b074d8ef6c24c9 authored 9 months ago
Exit if running in an Actions workflow

b27a8ef21f72b5c541232d50400874a3f0a374b9 authored 9 months ago
Merge pull request #3139 from github/henrymercer/fix-log-message

Fix `tools: linked` log message

65925679a36e83b45b5f1673869dabf891669742 authored 9 months ago
Merge pull request #3154 from github/mbg/node/check-up-to-date-deps

Add script to check whether `npm i` needs to be run

fa64a7dee67e389b18445aa15d26426512d9ab97 authored 9 months ago
Merge pull request #3152 from github/mbg/node/individual-test-cmd

Add `npm run ava` command, update instructions, and exclude files from VSCode search

853decd26bc355ef4af8ad6ff5e467f26dcb626b authored 9 months ago
Merge pull request #3153 from github/mbg/ci/improve-unit-tests

Improve `pr-checks` workflow

8fca38155efc7cedd2aa4a1d530b251b6b3ec91d authored 9 months ago
Add script to check whether `npm i` needs to be run

and add it to the `build` command

455038c8a7196eb98da2e14af7ee12f16afb042b authored 9 months ago
Add generated workflow diff to job summary if changed

4e65cda8c2d89fa176f6f3cbd94dbcd238bd7ec7 authored 9 months ago
Reset working directory before failing in `check-js.sh`

b4db1860cd5c764a128deefd38d53e7521cd0417 authored 9 months ago
Merge branch 'main' into henrymercer/fix-log-message

b1d32cf35661fef9e7d87cdb9569b97d4b2dda48 authored 9 months ago
Add transpiled JS to job summary if changed

9cf3a96f631b621a1c5c6182316dad71c651eb70 authored 9 months ago
Run more checks in `unit-tests` job, even when previous checks failed

6a72568b19e19de80199f03a61072469476cfac7 authored 9 months ago
Merge pull request #3137 from github/henrymercer/slim-pr-checks

Only run PR checks on Ubuntu by default

5235174f0e1f00ada1335f41e2f56875b9dfae92 authored 9 months ago
Merge pull request #3151 from github/mbg/ci/rollback-test-triggers

Don't dry-run `rollback-release` workflow on release branches

f3bf6463e1f409859fb6ac65bafbf498ac2d49f7 authored 9 months ago
Use `npm run ava` in `justfile`

48be21c31e49b7f7e9eff3faeb80181955f64cbb authored 9 months ago
Exclude transpiled code and dependencies from VSCode search

77a92597617510db41350515489014b0b8067d26 authored 9 months ago
Update `CONTRIBUTING.md` with `npm run ava`

e2e1db3e4e0d1c9bd8d7fdac3ea940623f37c41f authored 9 months ago
Add `npm run ava` command (for `ava` without a specific path)

a645d167d6cc46378b74f2e63dda29f94dd7c2b5 authored 9 months ago
Don't dry-run `rollback-release` workflow on release branches

c5ce5e5d1c11324097adc5a2c65c9d8cf97755be authored 9 months ago
Merge pull request #3150 from github/mergeback/v3.30.4-to-main-303c0aef

Mergeback v3.30.4 refs/heads/releases/v3 into main

79dc6cc78cbc088daba1a0f49c687f8cc5e9fd68 authored 9 months ago
Rebuild

4d32274da69afda36c1c37b0343e38fa77cb0ece authored 9 months ago
Update changelog and version after v3.30.4

0a3e31778d645861be7b47588d40429f308bcf3b authored 9 months ago
Merge pull request #3149 from github/update-v3.30.4-e4b85ab65

Merge main into releases/v3

303c0aef88fc2fe5ff6d63d3b1596bfd83dfa1f9 authored 9 months ago
Update changelog for v3.30.4

333a6738095d79d08551002eec9df209a4c120d7 authored 9 months ago
Merge branch 'main' into henrymercer/slim-pr-checks

5445d1a09cee829ca740536a3bddbb074869de1f authored 9 months ago
Merge pull request #3148 from github/cklin/just-test_file-serial

build: use --serial in 'just test_file'

e4b85ab654a244f420e4d9a9ca6305cf2d3fdc90 authored 9 months ago
Add overlay-base database cache key tests

c4b73722ba8ba8ec348bbde3983582e97cd353ff authored 9 months ago
build: use --serial in 'just test_file'

Some tests require the --serial flag to pass.

1e725567143ebc7888f891e70a71aab18d8d126c authored 9 months ago
Merge pull request #3146 from github/mbg/start-proxy/authenticate

Provide `Authorization` header when downloading `update-job-proxy`

39842d8f8308005b922ecce0850ce570fabaa903 authored 9 months ago
Remove `url` from log messages

6ccec2ac145855dc9503368583b43c58419687af authored 9 months ago
Merge pull request #3147 from github/dependabot/npm_and_yarn/npm-76d2ab1078

Bump @actions/cache from 4.0.5 to 4.1.0 in the npm group

435f474d1e244a9d1d002fc65d29f961ff2da3b5 authored 9 months ago
Merge branch 'main' into henrymercer/slim-pr-checks

a34e1cd60b147c80ef61f330ea5852806db0a69f authored 9 months ago
Rebuild

f134e09015e4a98da6c6918634d096f45d8a50e3 authored 9 months ago
Bump @actions/cache from 4.0.5 to 4.1.0 in the npm group

Bumps the npm group with 1 update: [@actions/cache](https://github.com/actions/toolkit/tree/HEAD...

50a31df6baea8e050bfa318999ff195f93878cfc authored 9 months ago
Merge pull request #3144 from github/henrymercer/dependabot

Update Dependabot configuration for GitHub Actions

8e25b3435df01d49a07539e85807b9467349247f authored 9 months ago
Apply review feedback

4e820a4ca43a039f7a611deeaee1e484f9abd9f2 authored 9 months ago
Merge pull request #3145 from github/mbg/ci/skip-checks-for-dependabot

Skip PR checks for events triggered by Dependabot

5a9c44b3b2caaa6b9532d4463f1b4deb03fe66d6 authored 9 months ago
Skip non-generated workflows for Dependabot

3183e6b8f9f9369721c45c67f1e70bce07e6b96c authored 9 months ago
Set `Authorization` header for downloading `update-job-proxy`

d43f46c39ce20fce7bfa131dd6a604a1ca4009eb authored 9 months ago
Refactor assembling `Authorization` header value into its own function

efcf614b5d8a11ca5489349120abc6d31c9e16a4 authored 9 months ago
Install yq

4082f8c39f733490d46a4f6effa3e7caa9d565c2 authored 9 months ago
Skip PR checks for events triggered by Dependabot

cec0b17b931a0d2976715952f40ae08890f2fa5b authored 9 months ago
Merge branch 'main' into henrymercer/slim-pr-checks

83fdfaf3fcf3be899d262f767bcff94d6f77f223 authored 9 months ago
Update Dependabot configuration for GitHub Actions

86de17c44dbfa3a3dc49064b207eb1e9e22036e3 authored 9 months ago
Run resolve environment test against Ubuntu only

There isn't really anything platform-specific at the moment.

ba58de7d6180a03bc7550e8149bbc9746327c10e authored 9 months ago
Remove unnecessary "test" prefix from check names

8633a151d578ff89ce2a5cc58e0c2c2dfdfc172c authored 9 months ago
Remove PR checks that are now duplicated

Direct tracing is now enabled by default.

79bbb1744e64f7d47524ad3ea64f8cdda0087b5c authored 9 months ago
Test all-platform bundle on all platforms

67a00809333bd1a0e6f33b9185ba2b6dee33600e authored 9 months ago
Merge pull request #3143 from github/dependabot/npm_and_yarn/npm-1a46694d8a

Bump the npm group with 3 updates

a8eeef929125972632fb1ae82db2010057b27ee6 authored 9 months ago
Rebuild

f54c1c0b3338f53d976746c9d4fe60264dd89fd4 authored 9 months ago
Bump the npm group with 3 updates

Bumps the npm group with 3 updates: [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD...

c6674f9abda66198b5c68f06c35c6ed3be7ba60c authored 9 months ago