Bump github/codeql-action from 4.34.1 to 4.35.1 by dependabot[bot] · Pull Request #590 · some-natalie/kubernoodles

dependabot · 2026-03-30T16:48:17Z

Bumps github/codeql-action from 4.34.1 to 4.35.1.

Release notes

Sourced from github/codeql-action's releases.

v4.35.1

Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

v4.35.0

Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #3767

Update default CodeQL bundle version to 2.25.1. #3773

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.35.1 - 27 Mar 2026

Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

4.35.0 - 27 Mar 2026

Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #3767

Update default CodeQL bundle version to 2.25.1. #3773

4.34.1 - 20 Mar 2026

Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #3762

4.34.0 - 20 Mar 2026

Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #3569

We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #3584

Update default CodeQL bundle version to 2.25.0. #3585

4.33.0 - 16 Mar 2026

Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562

To opt out of this change:

Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557

The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #3559

Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563

Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564

A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570

4.32.6 - 05 Mar 2026

Update default CodeQL bundle version to 2.24.3. #3548

4.32.5 - 02 Mar 2026

Repositories owned by an organization can now set up the github-codeql-disable-overlay custom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the name github-codeql-disable-overlay and the type "True/false" in the organization's settings. Then in the repository's settings, set this property to true to disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507

Added an experimental change so that when improved incremental analysis fails on a runner — potentially due to insufficient disk space — the failure is recorded in the Actions cache so that subsequent runs will automatically skip improved incremental analysis until something changes (e.g. a larger runner is provisioned or a new CodeQL version is released). We expect to roll this change out to everyone in March. #3487

The minimum memory check for improved incremental analysis is now skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage. #3515

... (truncated)

Commits

c10b806 Merge pull request #3782 from github/update-v4.35.1-d6d1743b8
c5ffd06 Update changelog for v4.35.1
d6d1743 Merge pull request #3781 from github/henrymercer/update-git-minimum-version
65d2efa Add changelog note
2437b20 Update minimum git version for overlay to 2.36.0
ea5f719 Merge pull request #3775 from github/dependabot/npm_and_yarn/node-forge-1.4.0
45ceeea Merge pull request #3777 from github/mergeback/v4.35.0-to-main-b8bb9f28
24448c9 Rebuild
7c51060 Update changelog and version after v4.35.0
b8bb9f2 Merge pull request #3776 from github/update-v4.35.0-0078ad667
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.34.1 to 4.35.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@3869755...c10b806) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-03-30T16:50:26Z

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/.github/actions/release-branches/release-branches.py [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	data/encoding/json_encode	encodes JSON	import dumps json
-LOW	exec/imports/python	imports python modules	import configparser import argparse import json import os
-LOW	fs/file/open	opens files	open(
-LOW	fs/symlink_resolve	resolves symbolic links	realpath
-LOW	os/env/get	Retrieve environment variable values	os.environ
-LOW	os/fd/read	reads from a file handle	stream.read()

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/.github/workflows/script/update-required-checks.sh [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	exec/shell/ignore_output	Runs shell commands but throws output away	>/dev/null 2>&1
-LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env
-LOW	os/fd/multiplex	monitor multiple file descriptors	select
-LOW	process/chdir	changes working directory	cd "$

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(page + 1) parseInt
-LOW	data/encoding/int	parses integers	parseInt(
-LOW	net/url/parse	Handles URL strings	new URL

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js.map [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	data/encoding/int	parses integers	parseInt(
-LOW	net/url/parse	Handles URL strings	new URL

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/compose-paginate.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./iterator ./paginate

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compose-paginate ./iterator ./paginate ./version

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/iterator.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(page + 1) parseInt
-LOW	data/encoding/int	parses integers	parseInt(
-LOW	net/url/parse	Handles URL strings	new URL

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/paginate.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./iterator

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/paginating-endpoints.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./generated

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/compose-paginate.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./types

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/generated/paginating-endpoints.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/js	contains large number of static map lookups	["configurations"] ["devcontainers"] ["installations"] ["attestations"] ["environments"] ["repositories"] ["codespaces"] ["parameters"] ["artifacts"] ["variables"] ["workflows"] ["response"] ["statuses"] ["commits"] ["runners"] ["secrets"] ["items"] ["names"] ["seats"] ["data"] ["jobs"]
-MEDIUM	net/http/webhook	supports webhooks	webhooks
-LOW	crypto/public_key	references a 'public key'	public-key
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://docs.github.com/rest/enterprise-teams/enterprise-team-organizatio https://docs.github.com/rest/private-registries/organization-configuratio https://docs.github.com/rest/security-advisories/repository-advisories https://docs.github.com/rest/enterprise-teams/enterprise-team-members https://docs.github.com/rest/security-advisories/global-advisories https://docs.github.com/rest/actions/self-hosted-runner-groups https://docs.github.com/rest/enterprise-teams/enterprise-teams https://docs.github.com/enterprise-server@3.9/rest/apps/apps https://docs.github.com/rest/codespaces/organization-secrets https://docs.github.com/rest/copilot/copilot-user-management https://docs.github.com/rest/secret-scanning/secret-scanning https://docs.github.com/rest/projects-classic/collaborators https://docs.github.com/rest/codespaces/repository-secrets https://docs.github.com/rest/code-security/configurations https://docs.github.com/rest/dependabot/repository-access https://docs.github.com/rest/deployments/protection-rules https://docs.github.com/rest/actions/self-hosted-runners https://docs.github.com/rest/code-scanning/code-scanning https://docs.github.com/rest/collaborators/collaborators https://docs.github.com/rest/deployments/branch-policies https://docs.github.com/rest/orgs/network-configurations https://docs.github.com/rest/orgs/personal-access-tokens https://docs.github.com/rest/orgs/outside-collaborators https://docs.github.com/rest/collaborators/invitations https://docs.github.com/rest/issues/issue-dependencies https://docs.github.com/rest/projects-classic/projects https://docs.github.com/rest/teams/discussion-comments https://docs.github.com/rest/codespaces/organizations https://docs.github.com/rest/deployments/environments https://docs.github.com/rest/copilot/copilot-metrics https://docs.github.com/rest/deploy-keys/deploy-keys https://docs.github.com/rest/deployments/deployments https://docs.github.com/rest/orgs/organization-roles https://docs.github.com/rest/reference/code-scanning https://docs.github.com/rest/actions/hosted-runners https://docs.github.com/rest/activity/notifications https://docs.github.com/rest/orgs/custom-properties https://docs.github.com/rest/users/ssh-signing-keys https://docs.github.com/rest/actions/workflow-jobs https://docs.github.com/rest/actions/workflow-runs https://docs.github.com/rest/codespaces/codespaces https://docs.github.com/rest/users/social-accounts https://docs.github.com/rest/deployments/statuses https://docs.github.com/rest/actions/permissions https://docs.github.com/rest/campaigns/campaigns https://docs.github.com/rest/classroom/classroom https://docs.github.com/rest/reactions/reactions https://docs.github.com/rest/apps/installations https://docs.github.com/rest/codespaces/secrets https://docs.github.com/rest/dependabot/secrets https://docs.github.com/rest/users/attestations https://docs.github.com/rest/actions/artifacts https://docs.github.com/rest/actions/variables https://docs.github.com/rest/actions/workflows https://docs.github.com/rest/activity/starring https://docs.github.com/rest/activity/watching https://docs.github.com/rest/branches/branches https://docs.github.com/rest/dependabot/alerts https://docs.github.com/rest/issues/milestones https://docs.github.com/rest/issues/sub-issues https://docs.github.com/rest/licenses/licenses https://docs.github.com/rest/orgs/api-insights https://docs.github.com/rest/orgs/attestations https://docs.github.com/rest/packages/packages https://docs.github.com/rest/projects/projects https://docs.github.com/rest/releases/releases https://docs.github.com/rest/repos/rule-suites https://docs.github.com/rest/teams/discussions https://docs.github.com/rest/apps/marketplace https://docs.github.com/rest/commits/comments https://docs.github.com/rest/commits/statuses https://docs.github.com/rest/issues/assignees https://docs.github.com/rest/migrations/users https://docs.github.com/rest/orgs/rule-suites https://docs.github.com/rest/actions/secrets https://docs.github.com/rest/activity/events https://docs.github.com/rest/commits/commits https://docs.github.com/rest/issues/comments https://docs.github.com/rest/issues/timeline https://docs.github.com/rest/migrations/orgs https://docs.github.com/rest/projects/fields https://docs.github.com/rest/reference/repos https://docs.github.com/rest/releases/assets https://docs.github.com/rest/users/followers https://docs.github.com/rest/gists/comments https://docs.github.com/rest/projects/items https://docs.github.com/rest/pulls/comments https://docs.github.com/rest/repos/webhooks https://docs.github.com/rest/users/blocking https://docs.github.com/rest/users/gpg-keys https://docs.github.com/rest/actions/cache https://docs.github.com/rest/apps/webhooks https://docs.github.com/rest/checks/suites https://docs.github.com/rest/issues/events https://docs.github.com/rest/issues/issues https://docs.github.com/rest/issues/labels https://docs.github.com/rest/orgs/blocking https://docs.github.com/rest/orgs/webhooks https://docs.github.com/rest/pulls/reviews https://docs.github.com/rest/search/search https://docs.github.com/rest/teams/members https://docs.github.com/rest/orgs/members https://docs.github.com/rest/users/emails https://docs.github.com/rest/checks/runs https://docs.github.com/rest/gists/gists https://docs.github.com/rest/pages/pages https://docs.github.com/rest/pulls/pulls https://docs.github.com/rest/repos/forks https://docs.github.com/rest/repos/repos https://docs.github.com/rest/repos/rules https://docs.github.com/rest/teams/teams https://docs.github.com/rest/users/users https://docs.github.com/rest/orgs/rules https://docs.github.com/rest/users/keys https://docs.github.com/rest/apps/apps https://docs.github.com/rest/orgs/orgs

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/index.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./compose-paginate ./types

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/iterator.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./types

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/normalize-paginated-list-response.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./types
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.github.com/v3/repos/statuses/

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/paginate.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./types

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/paginating-endpoints.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./generated

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/types.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./generated
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Stateme

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/package.json [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./dist-bundle ./dist-types ./types
-LOW	exec/plugin	references a 'plugin'	plugin

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./generated

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js.map [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	exec/plugin	references a 'plugin'	plugin
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/octokit/plugin-rest-endpoint-methods.js/pull/622 https://github.com/microsoft/TypeScript/issues/25488

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	c2/client	contains a client ID	client_id
-MEDIUM	net/download	download files	downloadWorkflowRunLogs downloadTarballArchive downloadZipballArchive downloadArchiveForOrg downloadArtifact downloads
-MEDIUM	net/http/post	submits content to websites	POST http
-MEDIUM	net/http/webhook	supports webhooks	updateWebhookConfigForRepo updateWebhookConfigForApp updateWebhookConfigForOrg redeliverWebhookDelivery getWebhookConfigForRepo getWebhookConfigForApp getWebhookConfigForOrg listWebhookDeliveries getWebhookDelivery testPushWebhook createWebhook deleteWebhook listWebhooks pingWebhook
-LOW	crypto/public_key	references a 'public key'	public-key PublicKey
-LOW	fs/file/delete	deletes files	deleteFile
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://docs.github.com/rest/orgs/security-managers https://uploads.github.com

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js.map [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	c2/client	contains a client ID	client_id
-MEDIUM	net/download	download files	n downloadWorkflowRunLogs n downloadTarballArchive n downloadZipballArchive n downloadArchiveForOrg n downloadArtifact downloads
-MEDIUM	net/http/post	submits content to websites	POST http
-MEDIUM	net/http/webhook	supports webhooks	updateWebhookConfigForRepo updateWebhookConfigForApp updateWebhookConfigForOrg redeliverWebhookDelivery getWebhookConfigForRepo getWebhookConfigForApp getWebhookConfigForOrg listWebhookDeliveries getWebhookDelivery testPushWebhook createWebhook deleteWebhook listWebhooks pingWebhook
-LOW	crypto/public_key	references a 'public key'	public-key PublicKey
-LOW	fs/file/delete	deletes files	deleteFile
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://docs.github.com/rest/orgs/security-managers https://uploads.github.com

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./version

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js.map [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
-LOW	exec/plugin	references a 'plugin'	plugin

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/endpoints-to-methods.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./generated

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/generated/method-types.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/js	contains large number of static map lookups	["interactions"] ["credentials"] ["codespaces"] ["dependabot"] ["migrations"] ["parameters"] ["campaigns"] ["gitignore"] ["reactions"] ["activity"] ["defaults"] ["licenses"] ["markdown"] ["packages"] ["projects"] ["response"] ["transfer"] ["unfollow"] ["actions"] ["billing"] ["commits"] ["copilot"] ["unblock"] ["checks"] ["create"] ["delete"] ["emojis"] ["follow"] ["issues"] ["labels"] ["remove"] ["render"] ["revoke"] ["search"] ["topics"] ["unlock"] ["unstar"] ["update"] ["block"] ["gists"] ["merge"] ["pulls"] ["repos"] ["teams"] ["users"] ["apps"] ["code"] ["fork"] ["html"] ["list"] ["lock"] ["meta"] ["oidc"] ["orgs"] ["root"] ["star"] ["add"] ["get"] ["git"]
-MEDIUM	c2/tool_transfer/os	references multiple operating systems	https:// Windows http:// windows macOS
-MEDIUM	crypto/encrypt	encrypts data	Encrypt a Unicode strin Encrypt using LibSodium Encrypt your secret usi Encrypting secrets for
-MEDIUM	data/base64/external	calls base64 command to encode strings	base64_shell_encode::base64 -w [base64_shell_encode::
-MEDIUM	fs/path/relative	references and possibly executes relative path	./config
-MEDIUM	malware/ref	mentions 'malware'	because malware are not standar es that are not malware advisories for malware
-MEDIUM	net/download	download files	that you can download and run - Download URLs expire and the URL for the download downloadWorkflowRunLogs downloadTarballArchive downloadZipballArchive To download the asset URL for each download downloadArchiveForOrg browser_download_url downloadArtifact downloads
-MEDIUM	net/http/accept	accepts binary files via HTTP	application/octet-stream Accept
-MEDIUM	net/http/post	submits content to websites	Content-Type HTTP POST http
-MEDIUM	net/http/webhook	supports webhooks	updateWebhookConfigForRepo updateWebhookConfigForApp updateWebhookConfigForOrg redeliverWebhookDelivery getWebhookConfigForRepo getWebhookConfigForApp getWebhookConfigForOrg listWebhookDeliveries getWebhookDelivery testPushWebhook webhook_secret createWebhook deleteWebhook listWebhooks pingWebhook webhooks
-MEDIUM	net/ip/addr	mentions an 'IP address'	IP address
-MEDIUM	net/ip/icmp	Uses the ping tool to generate ICMP packets	ping event
-MEDIUM	net/tcp/ssh	Supports SSH (secure shell)	SSH
-LOW	anti-behavior/random_behavior	uses a random number generator	random
-LOW	crypto/public_key	references a 'public key'	public key public-key public_key PublicKey publicKey
-LOW	data/compression/gzip	works with gzip files	gzip
-LOW	data/encoding/base64	Supports base64 encoded strings	base64
-LOW	fs/file/delete	deletes files	deleteFile
-LOW	net/http	Uses the HTTP protocol	HTTP http
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.github.com/changes/2019-12-03-internal-visibility-chang https://docs.github.com/actions/deployment/targeting-different-environmen https://docs.github.com/actions/managing-workflow-runs-and-deployments/ma https://docs.github.com/actions/managing-workflow-runs/approving-workflow https://docs.github.com/actions/security-guides/using-artifact-attestatio https://docs.github.com/admin/policies/enforcing-policies-for-your-enterp https://docs.github.com/apps/building-github-apps/authenticating-with-git https://docs.github.com/apps/building-github-apps/creating-github-apps-fr https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app https://docs.github.com/articles/about-security-alerts-for-vulnerable-dep https://docs.github.com/articles/assigning-issues-and-pull-requests-to-ot https://docs.github.com/articles/converting-an-organization-member-to-an- https://docs.github.com/articles/publicizing-or-concealing-organization-m https://docs.github.com/articles/securing-your-account-with-two-factor-au https://docs.github.com/articles/setting-team-creation-permissions-in-you https://docs.github.com/articles/synchronizing-teams-between-your-identit https://docs.github.com/articles/transferring-an-issue-to-another-reposit https://docs.github.com/code-security/code-scanning/integrating-with-code https://docs.github.com/code-security/code-scanning/troubleshooting-sarif https://docs.github.com/code-security/codeql-for-vs-code/getting-started- https://docs.github.com/code-security/security-advisories/global-security https://docs.github.com/code-security/security-advisories/guidance-on-rep https://docs.github.com/code-security/security-advisories/repository-secu https://docs.github.com/code-security/security-advisories/working-with-re https://docs.github.com/communities/setting-up-your-project-for-healthy-c https://docs.github.com/copilot/managing-copilot/managing-github-copilot- https://docs.github.com/copilot/managing-copilot/managing-policies-for-co https://docs.github.com/enterprise-cloud@latest/admin/managing-iam/unders https://docs.github.com/enterprise-server@3.9/apps/building-github-apps/a https://docs.github.com/get-started/learning-about-github/about-github-ad https://docs.github.com/github/administering-a-repository/renaming-a-bran https://docs.github.com/github/getting-started-with-github/githubs-produc https://docs.github.com/github/managing-subscriptions-and-notifications-o https://docs.github.com/github/searching-for-information-on-github/search https://docs.github.com/github/setting-up-and-managing-billing-and-paymen https://docs.github.com/github/setting-up-and-managing-organizations-and- https://docs.github.com/issues/tracking-your-work-with-issues/configuring https://docs.github.com/organizations/managing-organization-settings/disa https://docs.github.com/organizations/managing-organization-settings/mana https://docs.github.com/organizations/managing-organization-settings/sett https://docs.github.com/organizations/managing-peoples-access-to-your-org https://docs.github.com/organizations/managing-user-access-to-your-organi https://docs.github.com/packages/learn-github-packages/about-permissions- https://docs.github.com/pull-requests/collaborating-with-pull-requests/wo https://docs.github.com/repositories/configuring-branches-and-merges-in-y https://docs.github.com/repositories/managing-your-repositorys-settings-a https://docs.github.com/repositories/viewing-activity-and-data-for-your-r https://docs.github.com/rest/authentication/authenticating-to-the-rest-ap https://docs.github.com/rest/guides/best-practices-for-using-the-rest-api https://docs.github.com/rest/guides/getting-started-with-the-git-database https://docs.github.com/rest/using-the-rest-api/getting-started-with-the- https://docs.github.com/rest/using-the-rest-api/rate-limits-for-the-rest- https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.htm https://github.blog/changelog/2024-07-09-sunsetting-security-settings-def https://github.blog/changelog/2025-02-02-actions-get-workflow-usage-and-g https://docs.github.com/site-policy/github-terms/github-terms-of-service https://docs.github.com/rest/guides/encrypting-secrets-for-the-rest-api https://docs.github.com/articles/configuring-automated-security-fixes https://docs.github.com/rest/guides/getting-started-with-the-rest-api https://docs.github.com/rest/guides/using-pagination-in-the-rest-api https://docs.github.com/rest/guides/best-practices-for-integrators https://docs.github.com/articles/about-merge-methods-on-github/ https://docs.github.com/rest/overview/resources-in-the-rest-api https://docs.github.com/billing/using-the-new-billing-platform https://www.iana.org/assignments/media-types/media-types.xhtml https://docs.github.com/articles/about-github-s-ip-addresses/ https://docs.github.com/graphql/overview/resource-limitations https://libsodium.gitbook.io/doc/bindings_for_other_languages https://docs.github.com/articles/about-repository-transfers/ https://docs.github.com/rest/about-the-rest-api/api-versions https://docs.github.com/rest/codespaces/organization-secrets https://git-scm.com/book/en/v2/Git-Internals-Git-References https://docs.github.com/articles/signing-commits-with-gpg https://docs.github.com/rest/code-security/configurations https://docs.github.com/rest/actions/self-hosted-runners https://git-scm.com/book/en/v2/Git-Internals-Git-Objects https://docs.github.com/rest/branches/branch-protection https://support.github.com/contact?tags=dotcom-rest-api https://docs.github.com/copilot/reference/metrics-data https://docs.github.com/rest/collaborators/invitations https://docs.github.com/rest/teams/discussion-comments https://docs.github.com/rest/deployments/deployments/ https://docs.github.com/rest/orgs/organization-roles https://cli.github.com/manual/gh_attestation_verify https://docs.github.com/rest/activity/notifications https://docs.github.com/rest/orgs/security-managers https://docs.github.com/articles/disabling-issues/ https://docs.github.com/articles/searching-topics/ https://docs.github.com/rest/actions/workflow-runs https://docs.github.com/rest/overview/media-types/ https://docs.github.com/graphql/reference/queries https://docs.github.com/rest/deployments/statuses https://docs.github.com/webhooks/event-payloads/ https://docs.github.com/rest/dependabot/secrets https://pynacl.readthedocs.io/en/latest/public/ https://docs.github.com/rest/activity/watching https://docs.github.com/rest/releases/releases https://docs.github.com/rest/teams/discussions https://docs.github.com/rest/commits/comments https://docs.github.com/rest/commits/statuses https://docs.github.com/rest/dependency-graph https://docs.github.com/rest/migrations/users https://docs.github.com/rest/reference/checks https://docs.github.com/rest/actions/secrets https://docs.github.com/rest/commits/commits https://docs.github.com/rest/issues/comments https://docs.github.com/rest/releases/assets https://docs.github.com/rest/repos/contents/ https://docs.github.com/rest/pulls/comments https://www.nuget.org/packages/Sodium.Core/ https://docs.github.com/rest/checks/suites https://docs.github.com/rest/issues/issues https://docs.github.com/rest/pulls/reviews https://docs.github.com/rest/search/search https://docs.github.com/rest/orgs/members https://docs.github.com/rest/pulls/pulls/ https://docs.github.com/rest/users/emails https://docs.github.com/rest/checks/runs https://docs.github.com/rest/git/commits https://docs.github.com/rest/repos/repos https://docs.github.com/rest/teams/teams https://github.com/settings/applications https://en.wikipedia.org/wiki/Unix_time https://docs.github.com/rest/apps/apps https://docs.github.com/rest/git/trees https://docs.github.com/rest/orgs/orgs https://github.com/octocat/Spoon-Knife https://docs.github.com/rest/git/refs https://github.com/github/tweetsodium https://github.com/RubyCrypto/rbnacl https://github.com/settings/profile https://git-scm.com/docs/git-diff https://github.com/actions/attest https://github.com/notifications. https://github.com/settings/apps/ https://github.com/github/markup https://github.com/jquery/jquery https://github.com/search?utf8= https://github.github.com/gfm/ https://github.com/octo-org https://github.com/topics. https://git.io/v1YCW

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/generated/parameters-and-response-types.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	anti-static/obfuscation/js	contains large number of static map lookups	["parameters"] ["response"]
-MEDIUM	c2/client	contains a client ID	client_id
-MEDIUM	net/download	download files	downloadWorkflowRunLogs downloadTarballArchive downloadZipballArchive downloadArchiveForOrg downloadArtifact downloads
-MEDIUM	net/http/webhook	supports webhooks	updateWebhookConfigForRepo updateWebhookConfigForApp updateWebhookConfigForOrg redeliverWebhookDelivery getWebhookConfigForRepo getWebhookConfigForApp getWebhookConfigForOrg listWebhookDeliveries getWebhookDelivery testPushWebhook createWebhook deleteWebhook listWebhooks pingWebhook
-LOW	crypto/public_key	references a 'public key'	public-key PublicKey
-LOW	fs/file/delete	deletes files	deleteFile

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/index.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./generated ./types

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/types.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./generated

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/package.json [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./dist-types ./dist-src
-LOW	collect/code/github_api	access GitHub API	api.github.com
-LOW	exec/plugin	references a 'plugin'	plugin
-LOW	net/url/embedded	contains embedded HTTPS URLs	https://twitter.com/gr2m

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/strnum/strnum.test.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./strnum

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/strnum/test.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
-MEDIUM	fs/path/relative	references and possibly executes relative path	./strnum

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(page + 1) parseInt
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js.map [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-src/compose-paginate.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./iterator ./paginate

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-src/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./compose-paginate ./iterator ./paginate ./version

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-src/iterator.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/math	complex math with parseInt or fromCharCode conversions	(page + 1) parseInt
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-src/paginate.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./iterator

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-src/paginating-endpoints.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./generated

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/compose-paginate.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./types

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/generated/paginating-endpoints.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/js	contains large number of static map lookups	["configurations"] ["devcontainers"] ["installations"] ["attestations"] ["environments"] ["repositories"] ["codespaces"] ["parameters"] ["artifacts"] ["variables"] ["workflows"] ["response"] ["statuses"] ["commits"] ["runners"] ["secrets"] ["items"] ["names"] ["seats"] ["data"] ["jobs"]
+MEDIUM	net/http/webhook	supports webhooks	webhooks
+LOW	crypto/public_key	references a 'public key'	public-key
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://docs.github.com/rest/enterprise-teams/enterprise-team-organizatio https://docs.github.com/rest/private-registries/organization-configuratio https://docs.github.com/rest/security-advisories/repository-advisories https://docs.github.com/rest/enterprise-teams/enterprise-team-members https://docs.github.com/rest/security-advisories/global-advisories https://docs.github.com/rest/actions/self-hosted-runner-groups https://docs.github.com/rest/enterprise-teams/enterprise-teams https://docs.github.com/enterprise-server@3.9/rest/apps/apps https://docs.github.com/rest/codespaces/organization-secrets https://docs.github.com/rest/copilot/copilot-user-management https://docs.github.com/rest/secret-scanning/secret-scanning https://docs.github.com/rest/projects-classic/collaborators https://docs.github.com/rest/codespaces/repository-secrets https://docs.github.com/rest/code-security/configurations https://docs.github.com/rest/dependabot/repository-access https://docs.github.com/rest/deployments/protection-rules https://docs.github.com/rest/actions/self-hosted-runners https://docs.github.com/rest/code-scanning/code-scanning https://docs.github.com/rest/collaborators/collaborators https://docs.github.com/rest/deployments/branch-policies https://docs.github.com/rest/orgs/network-configurations https://docs.github.com/rest/orgs/personal-access-tokens https://docs.github.com/rest/orgs/outside-collaborators https://docs.github.com/rest/collaborators/invitations https://docs.github.com/rest/issues/issue-dependencies https://docs.github.com/rest/projects-classic/projects https://docs.github.com/rest/teams/discussion-comments https://docs.github.com/rest/codespaces/organizations https://docs.github.com/rest/deployments/environments https://docs.github.com/rest/copilot/copilot-metrics https://docs.github.com/rest/deploy-keys/deploy-keys https://docs.github.com/rest/deployments/deployments https://docs.github.com/rest/orgs/organization-roles https://docs.github.com/rest/reference/code-scanning https://docs.github.com/rest/actions/hosted-runners https://docs.github.com/rest/activity/notifications https://docs.github.com/rest/orgs/custom-properties https://docs.github.com/rest/users/ssh-signing-keys https://docs.github.com/rest/actions/workflow-jobs https://docs.github.com/rest/actions/workflow-runs https://docs.github.com/rest/codespaces/codespaces https://docs.github.com/rest/users/social-accounts https://docs.github.com/rest/deployments/statuses https://docs.github.com/rest/actions/permissions https://docs.github.com/rest/campaigns/campaigns https://docs.github.com/rest/classroom/classroom https://docs.github.com/rest/reactions/reactions https://docs.github.com/rest/apps/installations https://docs.github.com/rest/codespaces/secrets https://docs.github.com/rest/dependabot/secrets https://docs.github.com/rest/users/attestations https://docs.github.com/rest/actions/artifacts https://docs.github.com/rest/actions/variables https://docs.github.com/rest/actions/workflows https://docs.github.com/rest/activity/starring https://docs.github.com/rest/activity/watching https://docs.github.com/rest/branches/branches https://docs.github.com/rest/dependabot/alerts https://docs.github.com/rest/issues/milestones https://docs.github.com/rest/issues/sub-issues https://docs.github.com/rest/licenses/licenses https://docs.github.com/rest/orgs/api-insights https://docs.github.com/rest/orgs/attestations https://docs.github.com/rest/packages/packages https://docs.github.com/rest/projects/projects https://docs.github.com/rest/releases/releases https://docs.github.com/rest/repos/rule-suites https://docs.github.com/rest/teams/discussions https://docs.github.com/rest/apps/marketplace https://docs.github.com/rest/commits/comments https://docs.github.com/rest/commits/statuses https://docs.github.com/rest/issues/assignees https://docs.github.com/rest/migrations/users https://docs.github.com/rest/orgs/rule-suites https://docs.github.com/rest/actions/secrets https://docs.github.com/rest/activity/events https://docs.github.com/rest/commits/commits https://docs.github.com/rest/issues/comments https://docs.github.com/rest/issues/timeline https://docs.github.com/rest/migrations/orgs https://docs.github.com/rest/projects/fields https://docs.github.com/rest/reference/repos https://docs.github.com/rest/releases/assets https://docs.github.com/rest/users/followers https://docs.github.com/rest/gists/comments https://docs.github.com/rest/projects/items https://docs.github.com/rest/pulls/comments https://docs.github.com/rest/repos/webhooks https://docs.github.com/rest/users/blocking https://docs.github.com/rest/users/gpg-keys https://docs.github.com/rest/actions/cache https://docs.github.com/rest/apps/webhooks https://docs.github.com/rest/checks/suites https://docs.github.com/rest/issues/events https://docs.github.com/rest/issues/issues https://docs.github.com/rest/issues/labels https://docs.github.com/rest/orgs/blocking https://docs.github.com/rest/orgs/webhooks https://docs.github.com/rest/pulls/reviews https://docs.github.com/rest/search/search https://docs.github.com/rest/teams/members https://docs.github.com/rest/orgs/members https://docs.github.com/rest/users/emails https://docs.github.com/rest/checks/runs https://docs.github.com/rest/gists/gists https://docs.github.com/rest/pages/pages https://docs.github.com/rest/pulls/pulls https://docs.github.com/rest/repos/forks https://docs.github.com/rest/repos/repos https://docs.github.com/rest/repos/rules https://docs.github.com/rest/teams/teams https://docs.github.com/rest/users/users https://docs.github.com/rest/orgs/rules https://docs.github.com/rest/users/keys https://docs.github.com/rest/apps/apps https://docs.github.com/rest/orgs/orgs

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/index.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./compose-paginate ./types

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/iterator.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./types

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/normalize-paginated-list-response.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./types
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.github.com/v3/repos/statuses/

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/paginate.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./types

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/paginating-endpoints.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./generated

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/types.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./generated
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Stateme

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/package.json [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dist-bundle ./dist-types ./types
+LOW	exec/plugin	references a 'plugin'	plugin

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./generated

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js.map [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	plugin
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/octokit/plugin-rest-endpoint-methods.js/pull/622 https://github.com/microsoft/TypeScript/issues/25488

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	c2/client	contains a client ID	client_id
+MEDIUM	net/download	download files	downloadWorkflowRunLogs downloadTarballArchive downloadZipballArchive downloadArchiveForOrg downloadArtifact downloads
+MEDIUM	net/http/post	submits content to websites	POST http
+MEDIUM	net/http/webhook	supports webhooks	updateWebhookConfigForRepo updateWebhookConfigForApp updateWebhookConfigForOrg redeliverWebhookDelivery getWebhookConfigForRepo getWebhookConfigForApp getWebhookConfigForOrg listWebhookDeliveries getWebhookDelivery testPushWebhook createWebhook deleteWebhook listWebhooks pingWebhook
+LOW	crypto/public_key	references a 'public key'	public-key PublicKey
+LOW	fs/file/delete	deletes files	deleteFile
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://docs.github.com/rest/orgs/security-managers https://uploads.github.com

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js.map [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	c2/client	contains a client ID	client_id
+MEDIUM	net/download	download files	n downloadWorkflowRunLogs n downloadTarballArchive n downloadZipballArchive n downloadArchiveForOrg n downloadArtifact downloads
+MEDIUM	net/http/post	submits content to websites	POST http
+MEDIUM	net/http/webhook	supports webhooks	updateWebhookConfigForRepo updateWebhookConfigForApp updateWebhookConfigForOrg redeliverWebhookDelivery getWebhookConfigForRepo getWebhookConfigForApp getWebhookConfigForOrg listWebhookDeliveries getWebhookDelivery testPushWebhook createWebhook deleteWebhook listWebhooks pingWebhook
+LOW	crypto/public_key	references a 'public key'	public-key PublicKey
+LOW	fs/file/delete	deletes files	deleteFile
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://docs.github.com/rest/orgs/security-managers https://uploads.github.com

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./version

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js.map [🔵 LOW]

RISK	KEY	DESCRIPTION	EVIDENCE
+LOW	exec/plugin	references a 'plugin'	plugin

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/endpoints-to-methods.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./generated

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/generated/method-types.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/js	contains large number of static map lookups	["interactions"] ["credentials"] ["codespaces"] ["dependabot"] ["migrations"] ["parameters"] ["campaigns"] ["gitignore"] ["reactions"] ["activity"] ["defaults"] ["licenses"] ["markdown"] ["packages"] ["projects"] ["response"] ["transfer"] ["unfollow"] ["actions"] ["billing"] ["commits"] ["copilot"] ["unblock"] ["checks"] ["create"] ["delete"] ["emojis"] ["follow"] ["issues"] ["labels"] ["remove"] ["render"] ["revoke"] ["search"] ["topics"] ["unlock"] ["unstar"] ["update"] ["block"] ["gists"] ["merge"] ["pulls"] ["repos"] ["teams"] ["users"] ["apps"] ["code"] ["fork"] ["html"] ["list"] ["lock"] ["meta"] ["oidc"] ["orgs"] ["root"] ["star"] ["add"] ["get"] ["git"]
+MEDIUM	c2/tool_transfer/os	references multiple operating systems	https:// Windows http:// windows macOS
+MEDIUM	crypto/encrypt	encrypts data	Encrypt a Unicode strin Encrypt using LibSodium Encrypt your secret usi Encrypting secrets for
+MEDIUM	data/base64/external	calls base64 command to encode strings	base64_shell_encode::base64 -w [base64_shell_encode::
+MEDIUM	fs/path/relative	references and possibly executes relative path	./config
+MEDIUM	malware/ref	mentions 'malware'	because malware are not standar es that are not malware advisories for malware
+MEDIUM	net/download	download files	that you can download and run - Download URLs expire and the URL for the download downloadWorkflowRunLogs downloadTarballArchive downloadZipballArchive To download the asset URL for each download downloadArchiveForOrg browser_download_url downloadArtifact downloads
+MEDIUM	net/http/accept	accepts binary files via HTTP	application/octet-stream Accept
+MEDIUM	net/http/post	submits content to websites	Content-Type HTTP POST http
+MEDIUM	net/http/webhook	supports webhooks	updateWebhookConfigForRepo updateWebhookConfigForApp updateWebhookConfigForOrg redeliverWebhookDelivery getWebhookConfigForRepo getWebhookConfigForApp getWebhookConfigForOrg listWebhookDeliveries getWebhookDelivery testPushWebhook webhook_secret createWebhook deleteWebhook listWebhooks pingWebhook webhooks
+MEDIUM	net/ip/addr	mentions an 'IP address'	IP address
+MEDIUM	net/ip/icmp	Uses the ping tool to generate ICMP packets	ping event
+MEDIUM	net/tcp/ssh	Supports SSH (secure shell)	SSH
+LOW	anti-behavior/random_behavior	uses a random number generator	random
+LOW	crypto/public_key	references a 'public key'	public key public-key public_key PublicKey publicKey
+LOW	data/compression/gzip	works with gzip files	gzip
+LOW	data/encoding/base64	Supports base64 encoded strings	base64
+LOW	fs/file/delete	deletes files	deleteFile
+LOW	net/http	Uses the HTTP protocol	HTTP http
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.github.com/changes/2019-12-03-internal-visibility-chang https://docs.github.com/actions/deployment/targeting-different-environmen https://docs.github.com/actions/managing-workflow-runs-and-deployments/ma https://docs.github.com/actions/managing-workflow-runs/approving-workflow https://docs.github.com/actions/security-guides/using-artifact-attestatio https://docs.github.com/admin/policies/enforcing-policies-for-your-enterp https://docs.github.com/apps/building-github-apps/authenticating-with-git https://docs.github.com/apps/building-github-apps/creating-github-apps-fr https://docs.github.com/apps/creating-github-apps/setting-up-a-github-app https://docs.github.com/articles/about-security-alerts-for-vulnerable-dep https://docs.github.com/articles/assigning-issues-and-pull-requests-to-ot https://docs.github.com/articles/converting-an-organization-member-to-an- https://docs.github.com/articles/publicizing-or-concealing-organization-m https://docs.github.com/articles/securing-your-account-with-two-factor-au https://docs.github.com/articles/setting-team-creation-permissions-in-you https://docs.github.com/articles/synchronizing-teams-between-your-identit https://docs.github.com/articles/transferring-an-issue-to-another-reposit https://docs.github.com/code-security/code-scanning/integrating-with-code https://docs.github.com/code-security/code-scanning/troubleshooting-sarif https://docs.github.com/code-security/codeql-for-vs-code/getting-started- https://docs.github.com/code-security/security-advisories/global-security https://docs.github.com/code-security/security-advisories/guidance-on-rep https://docs.github.com/code-security/security-advisories/repository-secu https://docs.github.com/code-security/security-advisories/working-with-re https://docs.github.com/communities/setting-up-your-project-for-healthy-c https://docs.github.com/copilot/managing-copilot/managing-github-copilot- https://docs.github.com/copilot/managing-copilot/managing-policies-for-co https://docs.github.com/enterprise-cloud@latest/admin/managing-iam/unders https://docs.github.com/enterprise-server@3.9/apps/building-github-apps/a https://docs.github.com/get-started/learning-about-github/about-github-ad https://docs.github.com/github/administering-a-repository/renaming-a-bran https://docs.github.com/github/getting-started-with-github/githubs-produc https://docs.github.com/github/managing-subscriptions-and-notifications-o https://docs.github.com/github/searching-for-information-on-github/search https://docs.github.com/github/setting-up-and-managing-billing-and-paymen https://docs.github.com/github/setting-up-and-managing-organizations-and- https://docs.github.com/issues/tracking-your-work-with-issues/configuring https://docs.github.com/organizations/managing-organization-settings/disa https://docs.github.com/organizations/managing-organization-settings/mana https://docs.github.com/organizations/managing-organization-settings/sett https://docs.github.com/organizations/managing-peoples-access-to-your-org https://docs.github.com/organizations/managing-user-access-to-your-organi https://docs.github.com/packages/learn-github-packages/about-permissions- https://docs.github.com/pull-requests/collaborating-with-pull-requests/wo https://docs.github.com/repositories/configuring-branches-and-merges-in-y https://docs.github.com/repositories/managing-your-repositorys-settings-a https://docs.github.com/repositories/viewing-activity-and-data-for-your-r https://docs.github.com/rest/authentication/authenticating-to-the-rest-ap https://docs.github.com/rest/guides/best-practices-for-using-the-rest-api https://docs.github.com/rest/guides/getting-started-with-the-git-database https://docs.github.com/rest/using-the-rest-api/getting-started-with-the- https://docs.github.com/rest/using-the-rest-api/rate-limits-for-the-rest- https://docs.oasis-open.org/sarif/sarif/v2.1.0/cs01/sarif-v2.1.0-cs01.htm https://github.blog/changelog/2024-07-09-sunsetting-security-settings-def https://github.blog/changelog/2025-02-02-actions-get-workflow-usage-and-g https://docs.github.com/site-policy/github-terms/github-terms-of-service https://docs.github.com/rest/guides/encrypting-secrets-for-the-rest-api https://docs.github.com/articles/configuring-automated-security-fixes https://docs.github.com/rest/guides/getting-started-with-the-rest-api https://docs.github.com/rest/guides/using-pagination-in-the-rest-api https://docs.github.com/rest/guides/best-practices-for-integrators https://docs.github.com/articles/about-merge-methods-on-github/ https://docs.github.com/rest/overview/resources-in-the-rest-api https://docs.github.com/billing/using-the-new-billing-platform https://www.iana.org/assignments/media-types/media-types.xhtml https://docs.github.com/articles/about-github-s-ip-addresses/ https://docs.github.com/graphql/overview/resource-limitations https://libsodium.gitbook.io/doc/bindings_for_other_languages https://docs.github.com/articles/about-repository-transfers/ https://docs.github.com/rest/about-the-rest-api/api-versions https://docs.github.com/rest/codespaces/organization-secrets https://git-scm.com/book/en/v2/Git-Internals-Git-References https://docs.github.com/articles/signing-commits-with-gpg https://docs.github.com/rest/code-security/configurations https://docs.github.com/rest/actions/self-hosted-runners https://git-scm.com/book/en/v2/Git-Internals-Git-Objects https://docs.github.com/rest/branches/branch-protection https://support.github.com/contact?tags=dotcom-rest-api https://docs.github.com/copilot/reference/metrics-data https://docs.github.com/rest/collaborators/invitations https://docs.github.com/rest/teams/discussion-comments https://docs.github.com/rest/deployments/deployments/ https://docs.github.com/rest/orgs/organization-roles https://cli.github.com/manual/gh_attestation_verify https://docs.github.com/rest/activity/notifications https://docs.github.com/rest/orgs/security-managers https://docs.github.com/articles/disabling-issues/ https://docs.github.com/articles/searching-topics/ https://docs.github.com/rest/actions/workflow-runs https://docs.github.com/rest/overview/media-types/ https://docs.github.com/graphql/reference/queries https://docs.github.com/rest/deployments/statuses https://docs.github.com/webhooks/event-payloads/ https://docs.github.com/rest/dependabot/secrets https://pynacl.readthedocs.io/en/latest/public/ https://docs.github.com/rest/activity/watching https://docs.github.com/rest/releases/releases https://docs.github.com/rest/teams/discussions https://docs.github.com/rest/commits/comments https://docs.github.com/rest/commits/statuses https://docs.github.com/rest/dependency-graph https://docs.github.com/rest/migrations/users https://docs.github.com/rest/reference/checks https://docs.github.com/rest/actions/secrets https://docs.github.com/rest/commits/commits https://docs.github.com/rest/issues/comments https://docs.github.com/rest/releases/assets https://docs.github.com/rest/repos/contents/ https://docs.github.com/rest/pulls/comments https://www.nuget.org/packages/Sodium.Core/ https://docs.github.com/rest/checks/suites https://docs.github.com/rest/issues/issues https://docs.github.com/rest/pulls/reviews https://docs.github.com/rest/search/search https://docs.github.com/rest/orgs/members https://docs.github.com/rest/pulls/pulls/ https://docs.github.com/rest/users/emails https://docs.github.com/rest/checks/runs https://docs.github.com/rest/git/commits https://docs.github.com/rest/repos/repos https://docs.github.com/rest/teams/teams https://github.com/settings/applications https://en.wikipedia.org/wiki/Unix_time https://docs.github.com/rest/apps/apps https://docs.github.com/rest/git/trees https://docs.github.com/rest/orgs/orgs https://github.com/octocat/Spoon-Knife https://docs.github.com/rest/git/refs https://github.com/github/tweetsodium https://github.com/RubyCrypto/rbnacl https://github.com/settings/profile https://git-scm.com/docs/git-diff https://github.com/actions/attest https://github.com/notifications. https://github.com/settings/apps/ https://github.com/github/markup https://github.com/jquery/jquery https://github.com/search?utf8= https://github.github.com/gfm/ https://github.com/octo-org https://github.com/topics. https://git.io/v1YCW

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/generated/parameters-and-response-types.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	anti-static/obfuscation/js	contains large number of static map lookups	["parameters"] ["response"]
+MEDIUM	c2/client	contains a client ID	client_id
+MEDIUM	net/download	download files	downloadWorkflowRunLogs downloadTarballArchive downloadZipballArchive downloadArchiveForOrg downloadArtifact downloads
+MEDIUM	net/http/webhook	supports webhooks	updateWebhookConfigForRepo updateWebhookConfigForApp updateWebhookConfigForOrg redeliverWebhookDelivery getWebhookConfigForRepo getWebhookConfigForApp getWebhookConfigForOrg listWebhookDeliveries getWebhookDelivery testPushWebhook createWebhook deleteWebhook listWebhooks pingWebhook
+LOW	crypto/public_key	references a 'public key'	public-key PublicKey
+LOW	fs/file/delete	deletes files	deleteFile

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/index.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./generated ./types

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/types.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./generated

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/package.json [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dist-types ./dist-src
+LOW	collect/code/github_api	access GitHub API	api.github.com
+LOW	exec/plugin	references a 'plugin'	plugin
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://twitter.com/gr2m

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@package-json/types/dist/index.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	exec/cmd	executes a command	startCommand
+MEDIUM	fs/path/relative	references and possibly executes relative path	./package
+MEDIUM	net/download	download files	download
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://docs.npmjs.com/cli/v9/configuring-npm/package-json https://docs.npmjs.com/cli/v8/commands/npm-publish https://github.com/maninak/ts-xor/tree/master https://runtime-keys.proposal.wintercg.org/ https://yarnpkg.com/configuration/manifest https://nodejs.org/api/corepack.html

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@package-json/types/package.json [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./package ./dist
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/importantimport/package-json/issues https://github.com/importantimport/package-json.git

Added: /tmp/current-commit ∴ /tmp/current-commit/pr-checks/release-branches.test.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./release-branches
+LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env

Added: /tmp/current-commit ∴ /tmp/current-commit/pr-checks/release-branches.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./config
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
+LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env

Added: /tmp/current-commit ∴ /tmp/current-commit/pr-checks/sync-checks.test.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./sync-checks
+LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://example.com

Added: /tmp/current-commit ∴ /tmp/current-commit/pr-checks/sync-checks.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./config
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	exec/plugin	references a 'plugin'	plugin
+LOW	fs/file/read	reads files	fs.readFile
+LOW	fs/path/usr_bin	path reference within /usr/bin	/usr/bin/env

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code minor Minor semver labels Mar 30, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump github/codeql-action from 4.34.1 to 4.35.1#590

Bump github/codeql-action from 4.34.1 to 4.35.1#590
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/github/codeql-action-4.35.1

dependabot bot commented on behalf of github Mar 30, 2026

Uh oh!

github-actions bot commented Mar 30, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 30, 2026

v4.35.1

v4.35.0

CodeQL Action Changelog

[UNRELEASED]

4.35.1 - 27 Mar 2026

4.35.0 - 27 Mar 2026

4.34.1 - 20 Mar 2026

4.34.0 - 20 Mar 2026

4.33.0 - 16 Mar 2026

4.32.6 - 05 Mar 2026

4.32.5 - 02 Mar 2026

Uh oh!

github-actions bot commented Mar 30, 2026

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/.github/actions/release-branches/release-branches.py [🔵 LOW]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/.github/workflows/script/update-required-checks.sh [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js.map [🔵 LOW]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/compose-paginate.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/index.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/iterator.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/paginate.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/paginating-endpoints.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/compose-paginate.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/generated/paginating-endpoints.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/index.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/iterator.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/normalize-paginated-list-response.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/paginate.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/paginating-endpoints.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/types.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/package.json [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js.map [🔵 LOW]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js.map [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js.map [🔵 LOW]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/endpoints-to-methods.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/generated/method-types.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/generated/parameters-and-response-types.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/index.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/types.d.ts [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/package.json [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/strnum/strnum.test.js [🟡 MEDIUM]

Deleted: /tmp/prior-commit ∴ /tmp/prior-commit/node_modules/strnum/test.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-bundle/index.js.map [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-src/compose-paginate.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-src/index.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-src/iterator.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-src/paginate.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-src/paginating-endpoints.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/compose-paginate.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/generated/paginating-endpoints.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/index.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/iterator.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/normalize-paginated-list-response.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/paginate.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/paginating-endpoints.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/dist-types/types.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-paginate-rest/package.json [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/endpoints-to-methods.js.map [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/generated/endpoints.js.map [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js.map [🔵 LOW]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/endpoints-to-methods.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/generated/method-types.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/generated/parameters-and-response-types.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/index.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/types.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@octokit/plugin-rest-endpoint-methods/package.json [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@package-json/types/dist/index.d.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/node_modules/@package-json/types/package.json [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/pr-checks/release-branches.test.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/pr-checks/release-branches.ts [🟡 MEDIUM]

Added: /tmp/current-commit ∴ /tmp/current-commit/pr-checks/sync-checks.test.ts [🟡 MEDIUM]