File tree Expand file tree Collapse file tree 2 files changed +6
-2
lines changed
Expand file tree Collapse file tree 2 files changed +6
-2
lines changed Original file line number Diff line number Diff line change @@ -4,7 +4,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
44
55## [ UNRELEASED]
66
7- No user facing changes.
7+ - Fix bug in PR analysis where user-provided ` include ` query filter fails to exclude non-included queries. [ # 2938 ] ( https://github.com/github/codeql-action/pull/2938 )
88
99## 3.29.0 - 11 Jun 2025
1010
Original file line number Diff line number Diff line change @@ -1266,8 +1266,12 @@ async function generateCodeScanningConfig(
12661266 }
12671267
12681268 augmentedConfig [ "query-filters" ] = [
1269- ...( config . augmentationProperties . extraQueryExclusions || [ ] ) ,
1269+ // Ordering matters. If the first filter is an inclusion, it implicitly
1270+ // excludes all queries that are not included. If it is an exclusion,
1271+ // it implicitly includes all queries that are not excluded. So user
1272+ // filters (if any) should always be first to preserve intent.
12701273 ...( augmentedConfig [ "query-filters" ] || [ ] ) ,
1274+ ...( config . augmentationProperties . extraQueryExclusions || [ ] ) ,
12711275 ] ;
12721276 if ( augmentedConfig [ "query-filters" ] ?. length === 0 ) {
12731277 delete augmentedConfig [ "query-filters" ] ;
You can’t perform that action at this time.
0 commit comments