nodejs
Add CodeQL Action
- [ ] See if everyone's OK with the cron job
- [ ] Tackle the errors
About this error: https://github.com/nodejs/nodejs.org/security/code-scanning/1?query=ref%3Arefs%2Fpull%2F4315%2Fmerge, I still do not get why we need this client side. I'm pretty sure I expressed my objection in the relevant PR, but due to lack of time, I couldn't spend more time then.
Does anybody recall why we need this client side and why we don't generate the Edit on GitHub links on build time?
EDIT: I see now it was done #3971. I still don't quite get what the issue was and why we can't fix it on build time...
Does anybody recall why we need this client side and why we don't generate the Edit on GitHub links on build time?
I agree that there's no evident reason for it to be client side and not done at build time. If you want to move it to a build step, I'd 👍 that.
TBH I was hoping someone else would make the changes since I didn't really follow them and I don't have a lot of time this period :/
This alert won't accept the input from the browser, and anyway, it will convert each word splitted by '-', so it cannot be a risk here. I ignored it and merge it.
This alert won't accept the input from the browser, and anyway, it will convert each word splitted by '-', so it cannot be a risk here. I ignored it and merge it.
We're now going to get that alert on every pull request, aren't we?
Not if it's ignored in the repository security tab.
On Sat, Nov 12, 2022, 18:49 Rich Trott @.***> wrote:
This alert won't accept the input from the browser, and anyway, it will convert each word splitted by '-', so it cannot be a risk here. I ignored it and merge it.
We're now going to get that alert on every pull request, aren't we?
— Reply to this email directly, view it on GitHub https://github.com/nodejs/nodejs.org/pull/4315#issuecomment-1312525266, or unsubscribe https://github.com/notifications/unsubscribe-auth/AACVLNP7UEPHH5L2TBWGBP3WH7DCBANCNFSM5KNIDLRQ . You are receiving this because you were mentioned.Message ID: @.***>