From 93de5ad59b070eca4292428a63fa100b749eff99 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Aug 2025 18:33:30 +0000 Subject: [PATCH 1/5] Bump twilio from 9.7.0 to 9.7.1 Bumps [twilio](https://github.com/twilio/twilio-python) from 9.7.0 to 9.7.1. - [Release notes](https://github.com/twilio/twilio-python/releases) - [Changelog](https://github.com/twilio/twilio-python/blob/main/CHANGES.md) - [Commits](https://github.com/twilio/twilio-python/compare/9.7.0...9.7.1) --- updated-dependencies: - dependency-name: twilio dependency-version: 9.7.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- requirements_with_versions.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements_with_versions.txt b/requirements_with_versions.txt index 84c8fe7008f..26c5d25c17d 100644 --- a/requirements_with_versions.txt +++ b/requirements_with_versions.txt @@ -28,7 +28,7 @@ requests==2.32.4 quo==2023.5.1 PyPDF2==3.0.1 pyserial==3.5 -twilio==9.7.0 +twilio==9.7.1 tabula==1.0.5 nltk==3.9.1 Pillow==11.3.0 From 9a359e68ee54adeefdb0b8bab62ff0a41c6e3ce2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Aug 2025 18:33:39 +0000 Subject: [PATCH 2/5] Bump solara from 1.51.0 to 1.51.1 Bumps [solara](https://github.com/widgetti/solara) from 1.51.0 to 1.51.1. - [Changelog](https://github.com/widgetti/solara/blob/master/CHANGELOG.md) - [Commits](https://github.com/widgetti/solara/compare/v1.51.0...v1.51.1) --- updated-dependencies: - dependency-name: solara dependency-version: 1.51.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- News_App/requirements.txt | 2 +- requirements_with_versions.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/News_App/requirements.txt b/News_App/requirements.txt index a5afb06ba1d..6dd3c457c72 100644 --- a/News_App/requirements.txt +++ b/News_App/requirements.txt @@ -1,4 +1,4 @@ -solara == 1.51.0 +solara == 1.51.1 Flask gunicorn ==23.0.0 simple-websocket diff --git a/requirements_with_versions.txt b/requirements_with_versions.txt index 84c8fe7008f..7b51c88f98e 100644 --- a/requirements_with_versions.txt +++ b/requirements_with_versions.txt @@ -74,7 +74,7 @@ xor-cipher==5.0.2 bird==0.1.2 mechanize==0.4.10 translate==3.6.1 -solara==1.51.0 +solara==1.51.1 pywhatkit==5.4 mutagen==1.47.0 Unidecode==1.4.0 From 70c09a69346a7cdcb64e94524c71af00d3b1ebe5 Mon Sep 17 00:00:00 2001 From: lighting9999 Date: Sat, 23 Aug 2025 08:15:38 +0800 Subject: [PATCH 3/5] fix Codeql.yml --- .github/workflows/Codeql.yml | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/.github/workflows/Codeql.yml b/.github/workflows/Codeql.yml index ac1a6c7cf44..33f37895583 100644 --- a/.github/workflows/Codeql.yml +++ b/.github/workflows/Codeql.yml @@ -1,4 +1,4 @@ -name: "CodeQL Python Security Scan (Top-N + PR Comment)" +name: "CodeQL Python Security Scan (Top-N)" on: pull_request: @@ -35,20 +35,3 @@ jobs: uses: github/codeql-action/analyze@v3 with: upload: true - - - name: Comment CodeQL Alerts on PR - if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository - uses: marocchino/sticky-pull-request-comment@v2 - with: - path: results.sarif - header: "### :shield: CodeQL Python Security Alerts Summary" - layout: "group-by-file" - format: "markdown-table" - sort-severity: true - highlight: "Critical,High" - collapse: "Medium,Low" - max-items-per-file: 5 - show-summary: true - show-file-overview: true - overflow-text: "+{remaining} more alerts in this file" - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file From 841f8530a93099f9f0a33ef22796b9a5879fba18 Mon Sep 17 00:00:00 2001 From: lighting9999 Date: Sat, 23 Aug 2025 09:33:44 +0800 Subject: [PATCH 4/5] Upgrade Codeql.yml --- .github/workflows/Codeql.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/Codeql.yml b/.github/workflows/Codeql.yml index 33f37895583..e7c6f2bb7f3 100644 --- a/.github/workflows/Codeql.yml +++ b/.github/workflows/Codeql.yml @@ -1,4 +1,4 @@ -name: "CodeQL Python Security Scan (Top-N)" +name: "CodeQL Python Security Scan" on: pull_request: @@ -27,6 +27,7 @@ jobs: uses: github/codeql-action/init@v3 with: languages: python + queries: +security-extended,+security-and-quality - name: Autobuild uses: github/codeql-action/autobuild@v3 @@ -34,4 +35,4 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: - upload: true + upload: true \ No newline at end of file From e42c6e85634be7b945b94e17f2874aa280dac424 Mon Sep 17 00:00:00 2001 From: lighting9999 Date: Sat, 23 Aug 2025 09:37:00 +0800 Subject: [PATCH 5/5] Upgrade Codeql.yml --- .github/workflows/Codeql.yml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/Codeql.yml b/.github/workflows/Codeql.yml index e7c6f2bb7f3..8888ce47d41 100644 --- a/.github/workflows/Codeql.yml +++ b/.github/workflows/Codeql.yml @@ -1,11 +1,10 @@ -name: "CodeQL Python Security Scan" +name: "CodeQL Python Security and Quality Scan" on: - pull_request: - branches: [ main, master ] - types: [opened, synchronize, reopened] push: branches: [ main, master ] + pull_request: + branches: [ main, master ] permissions: contents: read @@ -18,21 +17,26 @@ jobs: runs-on: ubuntu-latest steps: + # 1. 检出代码 - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 + # 2. 初始化 CodeQL - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: languages: python - queries: +security-extended,+security-and-quality + # 不指定 queries,Action 会默认跑安全 + 质量查询 + # 3. 自动构建 - name: Autobuild uses: github/codeql-action/autobuild@v3 + # 4. 执行分析 - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: + # 不指定 queries,Action 会自动跑安全 + 质量规则 upload: true \ No newline at end of file