Skip to content

Sync Main (autogenerated) #320

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
dilanbhalla merged 819 commits into from
Jan 26, 2026

Merge tag 'codeql-cli/latest' into auto/sync-main-pr

5818330
Select commit
Loading
Failed to load commit list.
Merged

Sync Main (autogenerated) #320

Merge tag 'codeql-cli/latest' into auto/sync-main-pr
5818330
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL completed Jan 26, 2026 in 3s

5 configurations not found

Warning: Code scanning may not have found all the alerts introduced by this pull request, because 5 configurations present on refs/heads/main were not found:

API upload

  • ❓  <default>

Actions workflow (csv-coverage-metrics.yml)

  • ❓  .github/workflows/csv-coverage-metrics.yml:publish-csharp
  • ❓  .github/workflows/csv-coverage-metrics.yml:publish-java

Actions workflow (rust-analysis.yml)

  • ❓  .github/workflows/rust-analysis.yml:analyze/language:rust

Actions workflow (cpp-swift-analysis.yml)

  • ❓  .github/workflows/cpp-swift-analysis.yml:CodeQL-Build

New alerts in code changed by this pull request

  • 1 warning
  • 25 notes

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 619 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

See this annotation in the file changed.

Code scanning / CodeQL

Useless assignment to local variable Warning

This assignment to
bytesRead
Loading
is useless, since its value is never read.

Check notice on line 106 in csharp/extractor/Semmle.Extraction.Tests/DotNet.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note test

Generic catch clause.

Check notice on line 36 in csharp/extractor/Semmle.Extraction.Tests/DotNet.cs

See this annotation in the file changed.

Code scanning / CodeQL

Local scope variable shadows member Note test

Local scope variable 'output' shadows
DotNetCliInvokerStub.output
Loading
.

Check notice on line 65 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Sdk.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments Note

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments.

Check notice on line 81 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Runtime.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments Note

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments.

Check notice on line 884 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments Note

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments.

Check notice on line 876 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments Note

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments.

Check notice on line 834 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 845 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

See this annotation in the file changed.

Code scanning / CodeQL

Missed ternary opportunity Note

Both branches of this 'if' statement write to the same variable - consider using '?' to express intent better.

Check notice on line 683 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 611 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 405 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments Note

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments.

Check notice on line 166 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments Note

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments.

Check notice on line 156 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 112 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FileProvider.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 44 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetVersion.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments Note

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments.

Check notice on line 23 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetVersion.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments Note

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments.

Check notice on line 319 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs

See this annotation in the file changed.

Code scanning / CodeQL

Missed opportunity to use Where Note

This foreach loop
implicitly filters its target sequence
Loading
- consider filtering the sequence explicitly using '.Where(...)'.

Check notice on line 177 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 58 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments Note

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments.

Check notice on line 33 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments Note

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments.

Check notice on line 541 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.

Check notice on line 330 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments Note

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments.

Check notice on line 80 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs

See this annotation in the file changed.

Code scanning / CodeQL

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments Note

Call to 'System.IO.Path.Combine' may silently drop its earlier arguments.

Check notice on line 75 in csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs

See this annotation in the file changed.

Code scanning / CodeQL

Generic catch clause Note

Generic catch clause.