fix: address security vulnerabilities and add CodeQL workflow #1911
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jcscottiii
commented
Oct 8, 2025
jcscottiii
force-pushed
the
jcscottiii/gemini-fixes-october-2025
branch
2 times, most recently
from
8a702e4 to
dc58d8c
Compare
This commit addresses multiple security vulnerabilities and improves the CI workflow.
- Security:
- Patches a high-severity vulnerability in the tar-fs npm package by updating dependencies.
See: https://github.com/GoogleChrome/webstatus.dev/security/dependabot
- Adds explicit permissions to GitHub Actions workflows to mitigate potential security risks.
See: https://github.com/GoogleChrome/webstatus.dev/security/code-scanning
- CI/CodeQL:
- Integrates CodeQL analysis directly into the main build job in the ci.yml workflow for Go, JavaScript/TypeScript, and Actions.
- The CodeQL analysis now leverages the devcontainer, ensuring a consistent and accurate build environment.
- This resolves previous CodeQL failures by ensuring generated code is available for analysis.
See: https://github.com/GoogleChrome/webstatus.dev/security/code-scanning/tools/CodeQL/status/configurations/automatic/50b81ab7aa14a07a66df525212035d409a54427fca55f64790c4765d94a09359
Generated with Gemini.
jcscottiii
force-pushed
the
jcscottiii/gemini-fixes-october-2025
branch
from
dc58d8c to
a053276
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
fix: address security vulnerabilities and improve CI
This commit addresses multiple security vulnerabilities and improves the CI workflow.
Security:
See: https://github.com/GoogleChrome/webstatus.dev/security/dependabot
See: https://github.com/GoogleChrome/webstatus.dev/security/code-scanning
CI/CodeQL:
See: https://github.com/GoogleChrome/webstatus.dev/security/code-scanning/tools/CodeQL/status/configurations/automatic/50b81ab7aa14a07a66df525212035d409a54427fca55f64790c4765d94a09359
Generated with Gemini.