Skip to content

Comments

fix: resolve CodeQL quality/maintainability findings#23

Merged
maxgolov merged 1 commit intomainfrom
fix/codeql-quality
Feb 12, 2026
Merged

fix: resolve CodeQL quality/maintainability findings#23
maxgolov merged 1 commit intomainfrom
fix/codeql-quality

Conversation

@maxgolov
Copy link
Contributor

Summary

Resolves all 5 CodeQL code scanning quality findings from the /security/quality dashboard.

Unused variable/import/function (3 findings)

File Issue Fix
src/server.ts listAdvisoriesSchema and getAdvisorySchema imported but never used Removed unused imports
src/telemetry.ts OTLPLogExporter imported but never used (Winston handles logging) Removed unused import
test/integration/ai-sdk-azure.test.ts ChildProcess import erased after TS compilation (type-only) Changed to import type

Useless assignment to local variable (2 findings)

File Issue Fix
test/test-utils.ts (x2) data assigned in both branches of initializeMCPSession() but never read Removed the variable; response body still consumed

How these findings are reported

These come from CodeQL's extended query suite (maintainability rules). They appear on Security > Code scanning > Quality tab. Rules: js/unused-local-variable, js/useless-assignment-to-local

@github-actions
Copy link

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses 5 CodeQL quality/maintainability findings by removing unused imports, variables, and converting a value import to a type-only import where appropriate.

Changes:

  • Removed unused schema imports from server.ts (listAdvisoriesSchema, getAdvisorySchema)
  • Removed unused OTLPLogExporter import from telemetry.ts (Winston handles logging instead)
  • Changed ChildProcess import to type-only import in ai-sdk-azure.test.ts
  • Removed unused data variable in test-utils.ts while preserving response body consumption

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
src/server.ts Removed unused schema imports; functions are used directly without their schemas
src/telemetry.ts Removed unused OTLPLogExporter import; Winston handles log export instead
test/integration/ai-sdk-azure.test.ts Changed ChildProcess to type-only import (only used in interface definition)
test/test-utils.ts Removed unused data variable while maintaining response body consumption for header access

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@maxgolov maxgolov merged commit 3b076bf into main Feb 12, 2026
16 checks passed
@maxgolov maxgolov deleted the fix/codeql-quality branch February 12, 2026 00:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant