Skip to content

Resolve CodeQL alerts for checked-in .yarn paths in some samples #1016

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jonthysell opened this issue Mar 19, 2025 · 0 comments · Fixed by #1017
Closed

Resolve CodeQL alerts for checked-in .yarn paths in some samples #1016

jonthysell opened this issue Mar 19, 2025 · 0 comments · Fixed by #1017
Assignees
@jonthysell
Labels
enhancement New feature or request
Milestone
Next

Comments

@jonthysell
Copy link
Contributor

Now that CodeQL is scanning this repo, and even though I'm trying to prevent scanning the samples (as they're non-production) we're getting issues thanks to the checked-in yarn binaries in the .yarn folders of several samples and the security issues they bring with them.

It's hard to tell if we can remove the folders entirely (see yarnpkg/yarn#7741) or if we'll have to try to exclude them from CodeQL scanning.
@jonthysell jonthysell added the bug Something isn't working label Mar 19, 2025
@jonthysell jonthysell mentioned this issue Mar 19, 2025
Merged
@chrisglein chrisglein added enhancement New feature or request and removed bug Something isn't working labels Mar 20, 2025
@chrisglein chrisglein added this to the Next milestone Mar 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jonthysell jonthysell

Labels
enhancement New feature or request
Projects
None yet
Milestone
Next
Development

Successfully merging a pull request may close this issue.

Fix CodeQL issues for checked-in yarn binaries jonthysell/react-native-windows-samples
2 participants
@jonthysell @chrisglein