Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve CodeQL Alert #26 - Generated by GHA #6677

Closed
2 of 11 tasks
HackforLABot opened this issue Apr 17, 2024 · 2 comments
Closed
2 of 11 tasks

Resolve CodeQL Alert #26 - Generated by GHA #6677

HackforLABot opened this issue Apr 17, 2024 · 2 comments
Labels
Complexity: Medium Dependency An issue is blocking the completion or starting of another issue Feature: Code Alerts manual dependency release role: back end/devOps Tasks for back-end developers role: front end Tasks for front end developers size: 1pt Can be done in 4-6 hours
Milestone
02. Security

Comments

@HackforLABot
Copy link
Contributor

HackforLABot commented Apr 17, 2024
edited by t-will-gillis
Loading

Dependency

When the following issues are complete, select "Dismiss alert" and "Won't fix" on Alert 26, then remove Dependency label and close this issue as "Not planned"

Prerequisite

  1. Be a member of Hack for LA. (There are no fees to join.) If you have not joined yet, please follow the steps on our Getting Started page.
  2. Before you claim or start working on an issue, please make sure you have read our How to Contribute to Hack for LA Guide.

Overview

We need to resolve the new alert (26) and either recommend dismissal of the alert or update the code files to resolve the alert.

Action Items

  • The following action item serves to "link" this issue as the "tracking issue" for the CodeQL alert and to provide more details regarding the alert: https://github.com/hackforla/website/security/code-scanning/26
  • In a comment in this issue, add your analysis and recommendations. The recommendation can be one of the following: dismiss as test, dismiss as false positive, dismiss as won't fix, or update code. An example of a false positive is a report of a JavaScript syntax error that is caused by markdown or liquid symbols such as --- or {%
  • If the recommendation is to dismiss the alert:
    • Apply the label ready for dev lead
    • Move the issue to Questions/In Review
  • If the recommendation is to update code:
    • Create an issue branch and proceed with the code update
    • Test using docker to ensure that there are no changes to any affected webpage(s)
    • Proceed with pull request in the usual manner

Resources/Instructions

This issue was automatically generated from the codeql.yml workflow
@HackforLABot HackforLABot added the ready for dev lead Issues that tech leads or merge team members need to follow up on label Apr 17, 2024
@github-actions github-actions bot added Feature Missing This label means that the issue needs to be linked to a precise feature label. size: missing role missing Complexity: Missing labels Apr 17, 2024
@ExperimentsInHonesty ExperimentsInHonesty added this to the 02. Security milestone Apr 22, 2024
@roslynwythe roslynwythe self-assigned this Apr 26, 2024
@roslynwythe roslynwythe added Draft Issue is still in the process of being created Feature: Code Alerts Complexity: Medium size: 1pt Can be done in 4-6 hours role: front end Tasks for front end developers role: back end/devOps Tasks for back-end developers Dependency An issue is blocking the completion or starting of another issue and removed Feature Missing This label means that the issue needs to be linked to a precise feature label. Draft Issue is still in the process of being created role missing Complexity: Missing size: missing ready for dev lead Issues that tech leads or merge team members need to follow up on labels Apr 26, 2024
@roslynwythe roslynwythe removed their assignment Jul 7, 2024
@t-will-gillis
Copy link
Member

@roslynwythe just to confirm, I added to select "Dismiss alert" and "Won't fix" on Alert 26 after the two issues #7091 and #7092 are complete

This was referenced Aug 18, 2024
Closed
Closed
@roslynwythe
Copy link
Member

The code in question will be removed in #7091 and #7092

@roslynwythe roslynwythe closed this as not planned Won't fix, can't repro, duplicate, stale Sep 16, 2024
@kgold2018 kgold2018 moved this from QA to Done in P: HfLA Website: Project Board Sep 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Complexity: Medium Dependency An issue is blocking the completion or starting of another issue Feature: Code Alerts manual dependency release role: back end/devOps Tasks for back-end developers role: front end Tasks for front end developers size: 1pt Can be done in 4-6 hours
Projects
P: HfLA Website: Project Board
Status: Done
Milestone
02. Security
Development

No branches or pull requests
4 participants
@roslynwythe @ExperimentsInHonesty @t-will-gillis @HackforLABot