Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resolve CodeQL Alert #55 - Generated by GHA #6826

Closed
10 tasks
HackforLABot opened this issue May 7, 2024 · 2 comments
Closed
10 tasks

Resolve CodeQL Alert #55 - Generated by GHA #6826

HackforLABot opened this issue May 7, 2024 · 2 comments
Labels
Added to dev/pm agenda Complexity: Medium Feature: Code Alerts P-Feature: Wins Page https://www.hackforla.org/wins/ role: back end/devOps Tasks for back-end developers size: 1pt Can be done in 4-6 hours
Milestone

Comments

@HackforLABot
Copy link
Contributor

Prerequisite

  1. Be a member of Hack for LA. (There are no fees to join.) If you have not joined yet, please follow the steps on our Getting Started page.
  2. Before you claim or start working on an issue, please make sure you have read our How to Contribute to Hack for LA Guide.

Overview

We need to resolve the new alert (55) and either recommend dismissal of the alert or update the code files to resolve the alert.

Action Items

  • The following action item serves to "link" this issue as the "tracking issue" for the CodeQL alert and to provide more details regarding the alert:
  • https://github.com/hackforla/website/security/code-scanning/55
  • In a comment in this issue, add your analysis and recommendations. The recommendation can be one of the following: dismiss as test, dismiss as false positive, dismiss as won't fix, or update code. An example of a false positive is a report of a JavaScript syntax error that is caused by markdown or liquid symbols such as --- or {%
  • If the recommendation is to dismiss the alert:
    • Apply the label ready for dev lead
    • Move the issue to Questions/In Review
  • If the recommendation is to update code:
    • Create an issue branch and proceed with the code update
    • Test using docker to ensure that there are no changes to any affected webpage(s)
    • Proceed with pull request in the usual manner

Resources/Instructions

This issue was automatically generated from the codeql.yml workflow

@HackforLABot HackforLABot added the ready for dev lead Issues that tech leads or merge team members need to follow up on label May 7, 2024
@github-actions github-actions bot added Feature Missing This label means that the issue needs to be linked to a precise feature label. size: missing role missing Complexity: Missing labels May 7, 2024

This comment was marked as resolved.

@ExperimentsInHonesty ExperimentsInHonesty added this to the 02. Security milestone May 7, 2024
@ExperimentsInHonesty ExperimentsInHonesty added Feature: Code Alerts role: back end/devOps Tasks for back-end developers and removed role missing Feature Missing This label means that the issue needs to be linked to a precise feature label. labels Jun 18, 2024
@t-will-gillis t-will-gillis added P-Feature: Wins Page https://www.hackforla.org/wins/ Complexity: Small Take this type of issues after the successful merge of your second good first issue size: 1pt Can be done in 4-6 hours and removed size: missing Complexity: Missing labels Aug 18, 2024
@ExperimentsInHonesty ExperimentsInHonesty added Added to dev/pm agenda Complexity: Medium and removed Complexity: Small Take this type of issues after the successful merge of your second good first issue labels Sep 24, 2024
@t-will-gillis t-will-gillis added Draft Issue is still in the process of being created and removed ready for dev lead Issues that tech leads or merge team members need to follow up on labels Oct 1, 2024
@t-will-gillis t-will-gillis removed the Draft Issue is still in the process of being created label Oct 30, 2024
@t-will-gillis
Copy link
Member

Closing this completed- PR #7615 (fixes #2147) edited the code and fixed the issue brought up by this CodeQL alert

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Added to dev/pm agenda Complexity: Medium Feature: Code Alerts P-Feature: Wins Page https://www.hackforla.org/wins/ role: back end/devOps Tasks for back-end developers size: 1pt Can be done in 4-6 hours
Projects
Development

No branches or pull requests

3 participants