Skip to content

thank you #268

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

thank you #268

wants to merge 11 commits into from

Conversation

JohnDaWalka
Copy link

@JohnDaWalka JohnDaWalka commented Mar 28, 2025
edited
Loading

Checklist

  • If package.json or yarn.lock have changed, then test the VSIX built by yarn run vsce package works from a direct install

Summary by Sourcery

CI:

  • Configure GitHub CodeQL Advanced workflow to perform automated security scanning for JavaScript/TypeScript and Python languages

dependabot bot and others added 3 commits March 28, 2025 14:00
@dependabot
build(deps-dev): bump follow-redirects
e68a0d5 
Bumps the npm_and_yarn group with 1 update in the / directory: [follow-redirects](https://github.com/follow-redirects/follow-redirects).


Updates `follow-redirects` from 1.15.2 to 1.15.9
- [Release notes](https://github.com/follow-redirects/follow-redirects/releases)
- [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.9)

---
updated-dependencies:
- dependency-name: follow-redirects
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@JohnDaWalka
Merge pull request #10 from JohnDaWalka/dependabot/npm_and_yarn/npm_a…
82260f0 
…nd_yarn-9f7fd066c2

build(deps-dev): bump follow-redirects from 1.15.2 to 1.15.9 in the npm_and_yarn group across 1 directory
@JohnDaWalka
Create codeql.yml
16d61fa
@sourcery-ai Sourcery AI
Copy link
Contributor

sourcery-ai bot commented Mar 28, 2025
edited
Loading

Reviewer's Guide by Sourcery

This pull request introduces a CodeQL workflow to enable static analysis for JavaScript/TypeScript and Python code. The workflow is configured to run on push and pull requests to the main branch, as well as on a weekly schedule. The results of the analysis are categorized by language.

[FILTERED - Architecture diagrams are low quality] Architecture diagram for CodeQL integration

graph LR
    subgraph GitHub Actions
        A[Push/Pull Request] --> B(CodeQL Workflow)
        B --> C{Initialize CodeQL}
        C --> D{Perform CodeQL Analysis}
        D --> E[Security Events]
    end
    subgraph Repository
        F[JavaScript/TypeScript Code]
        G[Python Code]
    end
    E --> H((GitHub Security))
    C --> F
    C --> G
Loading

File-Level Changes

Change Details Files
Added a CodeQL workflow for static analysis.
  • Configured the workflow to run on push and pull requests to the main branch.
  • Scheduled the workflow to run weekly.
  • Configured the workflow to analyze JavaScript/TypeScript and Python code.
  • Initialized CodeQL with the specified languages and build modes.
  • Performed CodeQL analysis and categorized the results by language.
 .github/workflows/codeql.yml
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!
  • Generate a plan of action for an issue: Comment @sourcery-ai plan on
    an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

dependabot bot added 3 commits March 28, 2025 14:31
@dependabot
build(deps-dev): bump @vscode/vsce
8df5a9c 
Bumps the npm_and_yarn group with 1 update in the / directory: [@vscode/vsce](https://github.com/Microsoft/vsce).


Updates `@vscode/vsce` from 2.18.0 to 3.3.1
- [Release notes](https://github.com/Microsoft/vsce/releases)
- [Commits](microsoft/vscode-vsce@v2.18.0...v3.3.1)

---
updated-dependencies:
- dependency-name: "@vscode/vsce"
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build(deps): bump braces in the npm_and_yarn group across 1 directory
c3933e9 
Bumps the npm_and_yarn group with 1 update in the / directory: [braces](https://github.com/micromatch/braces).


Updates `braces` from 3.0.2 to 3.0.3
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](micromatch/braces@3.0.2...3.0.3)

---
updated-dependencies:
- dependency-name: braces
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot
build(deps): bump postcss in the npm_and_yarn group across 1 directory
bc605e0 
Bumps the npm_and_yarn group with 1 update in the / directory: [postcss](https://github.com/postcss/postcss).


Updates `postcss` from 8.4.24 to 8.5.3
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.4.24...8.5.3)

---
updated-dependencies:
- dependency-name: postcss
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
sourcery-ai[bot]
sourcery-ai bot approved these changes Mar 28, 2025
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @JohnDaWalka - I've reviewed your changes - here's some feedback:

Overall Comments:

  • Consider using a single language entry in the matrix if the build mode is the same for both javascript-typescript and python.
Here's what I looked at during the review
  • 🟡 General issues: 3 issues found
  • 🟢 Security: all looks good
  • 🟢 Review instructions: all looks good
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good
Sourcery is free for open source - if you like our reviews please consider sharing them ✨

LangSmith trace

Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

JohnDaWalka and others added 5 commits March 28, 2025 10:53
@JohnDaWalka
Merge pull request #11 from JohnDaWalka/dependabot/npm_and_yarn/npm_a…
a3aebee 
…nd_yarn-b3b4e61674
@JohnDaWalka
Merge pull request #9 from JohnDaWalka/dependabot/npm_and_yarn/npm_an…
ed1a521 
…d_yarn-c120d6abdd
@JohnDaWalka
Merge pull request #2 from JohnDaWalka/dependabot/npm_and_yarn/npm_an…
dd07ddc 
…d_yarn-5134b82be1
@dependabot
build(deps-dev): bump esbuild
189cf19 
Bumps the npm_and_yarn group with 1 update in the / directory: [esbuild](https://github.com/evanw/esbuild).


Updates `esbuild` from 0.18.10 to 0.25.0
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2023.md)
- [Commits](evanw/esbuild@v0.18.10...v0.25.0)

---
updated-dependencies:
- dependency-name: esbuild
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <[email protected]>
@JohnDaWalka
Merge pull request #7 from JohnDaWalka/dependabot/npm_and_yarn/npm_an…
f19289b 
…d_yarn-392d5e510b
JohnDaWalka
JohnDaWalka commented Mar 30, 2025
View reviewed changes
Copy link
Author

@JohnDaWalka JohnDaWalka left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Everything looks good

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@JohnDaWalka