style: automated autofixes from CodeQL workflow#1040
style: automated autofixes from CodeQL workflow#1040github-actions[bot] wants to merge 1 commit into
Conversation
Security Policy Alert: Harden Runner Policy ViolationThis workflow run has been blocked by StepSecurity's Harden Runner policy. This workflow run was blocked because one or more jobs are missing the Harden-Runner action, or it is not properly configured, which can introduce agent-bypass risk. Jobs not protected by Harden Runner:
Update the affected jobs so Harden Runner is initialized before any other action or command runs. For more information, see StepSecurity's Harden Runner documentation. |
Security Policy Alert: Harden Runner Policy ViolationThis workflow run has been blocked by StepSecurity's Harden Runner policy. This workflow run was blocked because one or more jobs are missing the Harden-Runner action, or it is not properly configured, which can introduce agent-bypass risk. Jobs not protected by Harden Runner:
Update the affected jobs so Harden Runner is initialized before any other action or command runs. For more information, see StepSecurity's Harden Runner documentation. |
| "plateau": es_metrics.is_plateau, | ||
| "reason": es_metrics.reason | ||
| } | ||
| "early_stopping": {"plateau": es_metrics.is_plateau, "reason": es_metrics.reason}, |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Is "is_plateau" a function or an attribute? If it is a function, you may have meant es_metrics.is_plateau() because es_metrics.is_plateau is always true.
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by is-function-without-parentheses.
You can view more details about this finding in the Semgrep AppSec Platform.
| with open(metrics_file, 'w') as f: | ||
|
|
||
| with open(metrics_file, "w") as f: |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Missing 'encoding' parameter. 'open()' uses device locale encodings by default, corrupting files with special characters. Specify the encoding to ensure cross-platform support when opening files in text mode (e.g. encoding="utf-8").
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by unspecified-open-encoding.
You can view more details about this finding in the Semgrep AppSec Platform.
| with open(output / "training_results.json", 'w') as f: | ||
|
|
||
| with open(output / "training_results.json", "w") as f: |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
Missing 'encoding' parameter. 'open()' uses device locale encodings by default, corrupting files with special characters. Specify the encoding to ensure cross-platform support when opening files in text mode (e.g. encoding="utf-8").
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by unspecified-open-encoding.
You can view more details about this finding in the Semgrep AppSec Platform.
| - package-ecosystem: "github-actions" | ||
| directory: "/" | ||
| <<: *defaults | ||
| open-pull-requests-limit: 6 | ||
| commit-message: | ||
| prefix: "deps(actions)" | ||
| groups: | ||
| actions-minor-patch: | ||
| update-types: ["minor", "patch"] | ||
| patterns: ["*"] | ||
| actions-major: | ||
| update-types: ["major"] | ||
| patterns: ["*"] |
There was a problem hiding this comment.
Semgrep identified an issue in your code:
This Dependabot configuration does not set a cooldown period. Newly published packages can be malicious or unstable. Add a cooldown block with default-days: 7 to each package-ecosystem entry under updates to wait 7 days before proposing updates to newly published package versions. Reference: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#cooldown
To resolve this comment:
🔧 No guidance has been designated for this issue. Fix according to your organization's approved methods.
💬 Ignore this finding
Reply with Semgrep commands to ignore this finding.
/fp <comment>for false positive/ar <comment>for acceptable risk/other <comment>for all other reasons
Alternatively, triage in Semgrep AppSec Platform to ignore the finding created by dependabot-missing-cooldown.
You can view more details about this finding in the Semgrep AppSec Platform.
Automated cleanup pushed by the CodeQL Advanced workflow.
Tools applied:
ruff check --fix+ruff format(unsafe fixes only enabled when allow_unsafe_fixes=true on scheduled/manual runs)prettier --writeeslint --fix(if configured in the repository)clang-format -i --style=file(when C/C++ files are present)Triggered by:
pushonrefs/heads/main(run #29162861564).