Skip to content

Commit cb15ea9

Browse files
committed
chore: update config
1 parent d92962d commit cb15ea9

2 files changed

Lines changed: 35 additions & 33 deletions

File tree

.github/codeql/codeql-config.yml

Lines changed: 21 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,8 @@ paths-ignore:
2121
queries:
2222
- uses: security-extended
2323
- uses: security-and-quality
24+
- uses: codeql/javascript-queries/Security
25+
- uses: codeql/typescript-queries/Security
2426

2527
query-filters:
2628
- exclude:
@@ -32,36 +34,30 @@ query-filters:
3234
- security
3335
- correctness
3436

35-
output:
36-
sarif:
37-
category: "/language:javascript-typescript"
38-
level: "error"
39-
add-snippets: true
40-
4137
database:
4238
analyze-builtin-pretrained-model: true
43-
44-
trap:
45-
typescript:
46-
enabled: true
47-
extractor:
48-
typescript:
49-
experimental:
50-
type-tracking: true
51-
parse-error-recovery: true
52-
skip-parsing-on-error: false
53-
max-parse-errors: 10
39+
max-disk: 1024
40+
max-ram: 4096
5441

5542
extraction:
5643
javascript:
5744
index-typescript: true
58-
typescript-tracing: true
5945
typescript:
60-
diagnostic-mode: true
61-
experimental-features: true
46+
version: 5.x
47+
features:
48+
- decorators
49+
- modules
50+
dependencies:
51+
typescript: '*'
52+
source-type: module
53+
file-types:
54+
- .js
55+
- .ts
56+
- .mts
57+
- .cts
6258

63-
diagnostics:
64-
debug:
65-
- typescript-extractor
66-
- trap-errors
67-
export-diagnostics: true
59+
output:
60+
sarif:
61+
category: "/language:javascript-typescript"
62+
level: "error"
63+
add-snippets: true

.github/workflows/codeql.yml

Lines changed: 14 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,16 @@ name: "CodeQL Security Scan"
33
on:
44
push:
55
branches: [ "main" ]
6+
paths:
7+
- 'packages/**'
8+
- '.github/workflows/codeql.yml'
9+
- '.github/codeql/**'
610
pull_request:
711
branches: [ "main" ]
12+
paths:
13+
- 'packages/**'
14+
- '.github/workflows/codeql.yml'
15+
- '.github/codeql/**'
816
schedule:
917
- cron: '30 1 * * 0' # Runs at 01:30 UTC every Sunday
1018

@@ -34,21 +42,19 @@ jobs:
3442
uses: actions/checkout@v4
3543

3644
- name: Setup Deno
37-
uses: denoland/setup-deno@v1
45+
uses: denoland/setup-deno@v2
3846
with:
39-
deno-version: v1.x
47+
deno-version: v1`.x
4048

4149
- name: Initialize CodeQL
4250
uses: github/codeql-action/init@v3
4351
with:
4452
languages: ${{ matrix.language }}
4553
config-file: .github/codeql/codeql-config.yml
46-
queries: +security-extended,security-and-quality
47-
setup-python-dependencies: false
54+
queries: security-extended,security-and-quality
55+
packs: +codeql/javascript-queries:recommended
4856
tools: latest
49-
init: |
50-
config:
51-
disable-default-queries: true
57+
debug: true
5258

5359
- name: Autobuild
5460
uses: github/codeql-action/autobuild@v3
@@ -60,4 +66,4 @@ jobs:
6066
upload: true
6167
output: sarif-results
6268
ram: 4096
63-
threads: auto
69+
threads: 4

0 commit comments

Comments
 (0)