SARIF Patching fix

[GeekMasher]

No description provided.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA a2d96f4.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

Scanned Files

None

[Copilot]

Pull Request Overview

This PR centralizes SARIF post-processing into a new helper and bumps the action’s version.

• Removed inline SARIF parsing/patching in main.rs in favor of extractors::update_sarif
• Introduced update_sarif in extractors.rs to update runs[0].tool.driver.name
• Updated version tags across Dockerfile, README, Cargo.toml, and release config

Reviewed Changes

Copilot reviewed 6 out of 7 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
src/main.rs	Replaced manual SARIF post-processing with extractors::update_sarif
src/extractors.rs	Added update_sarif function for SARIF tool name patching
action.Dockerfile	Bumped extractor-action image from v0.0.15 to v0.0.16
README.md	Updated example usage to v0.0.16
Cargo.toml	Bumped crate version to 0.0.16
.release.yml	Bumped release version to 0.0.16

Comments suppressed due to low confidence (2)

src/extractors.rs:152

• Add unit tests for update_sarif covering cases where runs, tool, or driver fields are missing and successful name updates to ensure correct behavior.

/// Update the SARIF file with the extractor information (CodeQL ${language})

src/extractors.rs:161

• The log::debug! call uses {sarif_json:#?} without passing sarif_json as an argument, leading to a compile error. Consider log::debug!("SARIF JSON :: {:#?}", sarif_json) or named args like log::debug!("SARIF JSON :: {sarif_json:#?}", sarif_json=sarif_json).

    log::debug!("SARIF JSON :: {sarif_json:#?}");