From 1b5efeb6a3ba43011fdf8d7b5bb3e0b73c663c28 Mon Sep 17 00:00:00 2001
From: Qingyu Wang <40660121+colinaaa@users.noreply.github.com>
Date: Sun, 11 May 2025 18:57:10 +0800
Subject: [PATCH 1/2] ci: integrate with CodeQL (#765)
## Summary
This patch setup the Advanced CodeQL code scanning.
See:
-
https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/configuring-advanced-setup-for-code-scanning
-
https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning
## Checklist
- [ ] Tests updated (or not required).
- [ ] Documentation updated (or not required).
---------
Signed-off-by: Qingyu Wang <40660121+colinaaa@users.noreply.github.com>
---
.github/codeql-config.yml | 6 ++
.github/workflows/code-scanning.yml | 107 ++++++++++++++++++++++++++++
.github/workflows/test.yml | 21 ------
3 files changed, 113 insertions(+), 21 deletions(-)
create mode 100644 .github/codeql-config.yml
create mode 100644 .github/workflows/code-scanning.yml
diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml
new file mode 100644
index 0000000000..91fe51768d
--- /dev/null
+++ b/.github/codeql-config.yml
@@ -0,0 +1,6 @@
+paths-ignore:
+ - "**/node_modules"
+ - "packages/rspeedy/core/test/**"
+ - "packages/rspeedy/create-rspeedy/template-react-js/src/index.js"
+ - "packages/webpack/react-refresh-webpack-plugin/test/hotCases/**"
+ - "packages/webpack/test-tools/update.js"
diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml
new file mode 100644
index 0000000000..a0addf72dd
--- /dev/null
+++ b/.github/workflows/code-scanning.yml
@@ -0,0 +1,107 @@
+name: "Code Scanning"
+
+on:
+ push:
+ branches: ["main"]
+ pull_request:
+ branches: ["main"]
+ schedule:
+ - cron: "16 3 * * 2"
+
+jobs:
+ codeql:
+ name: CodeQL Analyze (${{ matrix.language }})
+ # Runner size impacts CodeQL analysis time. To learn more, please see:
+ # - https://gh.io/recommended-hardware-resources-for-running-codeql
+ # - https://gh.io/supported-runners-and-hardware-resources
+ # - https://gh.io/using-larger-runners (GitHub.com only)
+ # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+ runs-on: lynx-ubuntu-24.04-medium
+ permissions:
+ # required for all workflows
+ security-events: write
+
+ strategy:
+ fail-fast: false
+ matrix:
+ include:
+ - language: actions
+ build-mode: none
+ - language: javascript-typescript
+ build-mode: none
+ # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+ # Use `c-cpp` to analyze code written in C, C++ or both
+ # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+ # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+ # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+ # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+ # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+ # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
+
+ # Add any setup steps before running the `github/codeql-action/init` action.
+ # This includes steps like installing compilers or runtimes (`actions/setup-node`
+ # or others). This is typically only required for manual builds.
+ - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+ with:
+ node-version: "22"
+
+ # Initializes the CodeQL tools for scanning.
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3
+ with:
+ config-file: ./.github/codeql-config.yml
+ languages: ${{ matrix.language }}
+ build-mode: ${{ matrix.build-mode }}
+ # If you wish to specify custom queries, you can do so here or in a config file.
+ # By default, queries listed here will override any specified in a config file.
+ # Prefix the list here with "+" to use these queries and those in the config file.
+
+ # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+ # queries: security-extended,security-and-quality
+
+ # If the analyze step fails for one of the languages you are analyzing with
+ # "We were unable to automatically build your code", modify the matrix above
+ # to set the build mode to "manual" for that language. Then modify this step
+ # to build your code.
+ # âšī¸ Command-line programs to run using the OS shell.
+ # đ See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+ - if: matrix.build-mode == 'manual'
+ shell: bash
+ run: |
+ echo 'If you are using a "manual" build mode for one or more of the' \
+ 'languages you are analyzing, replace this with the commands to build' \
+ 'your code, for example:'
+ echo ' make bootstrap'
+ echo ' make release'
+ exit 1
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3
+ with:
+ category: "/language:${{matrix.language}}"
+
+ zizmor:
+ runs-on: lynx-ubuntu-24.04-medium
+ permissions:
+ security-events: write
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+ with:
+ persist-credentials: false
+ - name: Install the latest version of uv
+ uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6
+ - name: Run zizmor đ
+ run: uvx zizmor --format=sarif . > results.sarif
+ env:
+ GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ - name: Upload SARIF file
+ uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3
+ with:
+ sarif_file: results.sarif
+ category: zizmor
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 262d636f10..e071e85790 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -274,26 +274,6 @@ jobs:
website:
needs: build
uses: ./.github/workflows/workflow-website.yml
- zizmor:
- runs-on: lynx-ubuntu-24.04-medium
- permissions:
- security-events: write
- steps:
- - name: Checkout repository
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
- with:
- persist-credentials: false
- - name: Install the latest version of uv
- uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # v6
- - name: Run zizmor đ
- run: uvx zizmor --format=sarif . > results.sarif
- env:
- GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- - name: Upload SARIF file
- uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3
- with:
- sarif_file: results.sarif
- category: zizmor
# Copied from https://github.com/swc-project/swc/blob/b192dc82e6a84bd30f159fb12ca8a216f41e8efb/.github/workflows/CI.yml#L491
done:
needs:
@@ -310,7 +290,6 @@ jobs:
- test-testing-library
- test-type
- website
- - zizmor
if: always()
runs-on: lynx-ubuntu-24.04-medium
name: Done
From 810280c796d02a1952904c97dee9c0a1d5e870b1 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Sun, 11 May 2025 18:59:43 +0800
Subject: [PATCH 2/2] chore(deps): update typia (#618)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [@samchon/openapi](https://samchon.github.io/openapi/api)
([source](https://redirect.github.com/samchon/openapi)) | [`4.1.0` ->
`4.2.0`](https://renovatebot.com/diffs/npm/@samchon%2fopenapi/4.1.0/4.2.0)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
| [typia](https://typia.io)
([source](https://redirect.github.com/samchon/typia)) | [`9.1.1` ->
`9.2.0`](https://renovatebot.com/diffs/npm/typia/9.1.1/9.2.0) |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
---
### Release Notes
samchon/openapi (@samchon/openapi)
###
[`v4.2.0`](https://redirect.github.com/samchon/openapi/releases/tag/v4.2.0)
[Compare
Source](https://redirect.github.com/samchon/openapi/compare/v4.1.0...v4.2.0)
```mermaid
flowchart
subgraph "JSON Schema Specification"
schemav4("JSON Schema v4") --upgrades--> emended[["OpenAPI v3.1 (emended)"]]
schemav7("JSON Schema v7") --upgrades--> emended
schema2020("JSON Schema 2020-12") --emends--> emended
end
subgraph "Model Context Protocol"
emended --"Artificial Intelligence"--> lfc{{"LLM Function Calling"}}
lfc --"OpenAI"--> chatgpt("ChatGPT")
lfc --"Google"--> gemini("Gemini")
lfc --"Anthropic"--> claude("Claude")
lfc --"High-Flyer"--> deepseek("DeepSeek")
lfc --"Meta"--> llama("Llama")
chatgpt --"3.1"--> custom(["Custom JSON Schema"])
gemini --"3.0"--> custom(["Custom JSON Schema"])
claude --"3.1"--> standard(["Standard JSON Schema"])
deepseek --"3.1"--> standard
llama --"3.1"--> standard
end
```
Started supporting MCP (Model Context Protocol( schema.
##### What's Changed
- Support MCP (Model Context Protocol). by
[@samchon](https://redirect.github.com/samchon) in
[https://github.com/samchon/openapi/pull/177](https://redirect.github.com/samchon/openapi/pull/177)
- Write README document by
[@samchon](https://redirect.github.com/samchon) in
[https://github.com/samchon/openapi/pull/178](https://redirect.github.com/samchon/openapi/pull/178)
**Full Changelog**:
https://github.com/samchon/openapi/compare/v4.1.0...v4.2.0
samchon/typia (typia)
###
[`v9.2.0`](https://redirect.github.com/samchon/typia/releases/tag/v9.2.0)
[Compare
Source](https://redirect.github.com/samchon/typia/compare/v9.1.1...v9.2.0)
Started supporting
[`standard-schema`](https://redirect.github.com/standard-schema/standard-schema)
from `typia.createValidate()` function.
#### What's Changed
- Upgrade `@samchon/openapi` only in `pnpm-lock.yaml` by
[@samchon](https://redirect.github.com/samchon) in
[https://github.com/samchon/typia/pull/1570](https://redirect.github.com/samchon/typia/pull/1570)
- New website building strategy by
[@samchon](https://redirect.github.com/samchon) in
[https://github.com/samchon/typia/pull/1575](https://redirect.github.com/samchon/typia/pull/1575)
- `unplugin-typia`, `npm` instead of `jsr` by
[@samchon](https://redirect.github.com/samchon) in
[https://github.com/samchon/typia/pull/1579](https://redirect.github.com/samchon/typia/pull/1579)
- Bump
[@samchon/openapi](https://redirect.github.com/samchon/openapi)
from 4.1.0 to 4.2.0 in the ecosystem group by
[@dependabot](https://redirect.github.com/dependabot) in
[https://github.com/samchon/typia/pull/1576](https://redirect.github.com/samchon/typia/pull/1576)
- feat: implement Standard Schema by
[@sevenc-nanashi](https://redirect.github.com/sevenc-nanashi) in
[https://github.com/samchon/typia/pull/1500](https://redirect.github.com/samchon/typia/pull/1500)
- Complement standard schema type by
[@samchon](https://redirect.github.com/samchon) in
[https://github.com/samchon/typia/pull/1581](https://redirect.github.com/samchon/typia/pull/1581)
#### New Contributors
- [@sevenc-nanashi](https://redirect.github.com/sevenc-nanashi)
made their first contribution in
[https://github.com/samchon/typia/pull/1500](https://redirect.github.com/samchon/typia/pull/1500)
**Full Changelog**:
https://github.com/samchon/typia/compare/v9.1.1...v9.2.0
---
### Configuration
đ
**Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).
đĻ **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
âģ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
đģ **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/lynx-family/lynx-stack).
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
packages/rspeedy/core/package.json | 4 +-
packages/rspeedy/plugin-react/package.json | 4 +-
pnpm-lock.yaml | 46 ++++++++++++----------
3 files changed, 30 insertions(+), 24 deletions(-)
diff --git a/packages/rspeedy/core/package.json b/packages/rspeedy/core/package.json
index 0802e35037..280417f49c 100644
--- a/packages/rspeedy/core/package.json
+++ b/packages/rspeedy/core/package.json
@@ -64,7 +64,7 @@
"@microsoft/api-extractor": "catalog:",
"@rollup/plugin-typescript": "^12.1.2",
"@rsbuild/webpack": "catalog:rsbuild",
- "@samchon/openapi": "4.1.0",
+ "@samchon/openapi": "4.2.0",
"chokidar": "^4.0.3",
"commander": "^13.1.0",
"eventemitter3": "^5.0.1",
@@ -76,7 +76,7 @@
"tiny-invariant": "^1.3.3",
"ts-blank-space": "^0.6.1",
"type-fest": "^4.41.0",
- "typia": "9.1.1",
+ "typia": "9.2.0",
"typia-rspack-plugin": "2.0.1",
"vitest": "^3.1.3",
"webpack": "^5.99.8"
diff --git a/packages/rspeedy/plugin-react/package.json b/packages/rspeedy/plugin-react/package.json
index f57c17eb58..cbaaa751dd 100644
--- a/packages/rspeedy/plugin-react/package.json
+++ b/packages/rspeedy/plugin-react/package.json
@@ -57,10 +57,10 @@
"@rsbuild/plugin-typed-css-modules": "1.0.2",
"@rsbuild/plugin-webpack-swc": "catalog:rsbuild",
"@rsbuild/webpack": "catalog:rsbuild",
- "@samchon/openapi": "4.1.0",
+ "@samchon/openapi": "4.2.0",
"tailwindcss": "^3.4.17",
"type-fest": "^4.41.0",
- "typia": "9.1.1",
+ "typia": "9.2.0",
"typia-rspack-plugin": "2.0.1"
},
"peerDependencies": {
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 16b800f724..8113dc7abf 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -307,8 +307,8 @@ importers:
specifier: catalog:rsbuild
version: 1.3.0(@rsbuild/core@1.3.18)(@rspack/core@1.3.9(@swc/helpers@0.5.17))
'@samchon/openapi':
- specifier: 4.1.0
- version: 4.1.0
+ specifier: 4.2.0
+ version: 4.2.0
chokidar:
specifier: ^4.0.3
version: 4.0.3
@@ -343,11 +343,11 @@ importers:
specifier: ^4.41.0
version: 4.41.0
typia:
- specifier: 9.1.1
- version: 9.1.1(@samchon/openapi@4.1.0)(typescript@5.8.3)
+ specifier: 9.2.0
+ version: 9.2.0(@samchon/openapi@4.2.0)(typescript@5.8.3)
typia-rspack-plugin:
specifier: 2.0.1
- version: 2.0.1(typescript@5.8.3)(typia@9.1.1(@samchon/openapi@4.1.0)(typescript@5.8.3))
+ version: 2.0.1(typescript@5.8.3)(typia@9.2.0(@samchon/openapi@4.2.0)(typescript@5.8.3))
vitest:
specifier: ^3.1.3
version: 3.1.3(@types/debug@4.1.12)(@types/node@22.15.17)(@vitest/ui@3.1.3)(jsdom@26.1.0)(sass-embedded@1.86.0)(terser@5.31.6)
@@ -453,8 +453,8 @@ importers:
specifier: catalog:rsbuild
version: 1.3.0(@rsbuild/core@1.3.18)(@rspack/core@1.3.9(@swc/helpers@0.5.17))
'@samchon/openapi':
- specifier: 4.1.0
- version: 4.1.0
+ specifier: 4.2.0
+ version: 4.2.0
tailwindcss:
specifier: ^3.4.17
version: 3.4.17
@@ -462,11 +462,11 @@ importers:
specifier: ^4.41.0
version: 4.41.0
typia:
- specifier: 9.1.1
- version: 9.1.1(@samchon/openapi@4.1.0)(typescript@5.8.3)
+ specifier: 9.2.0
+ version: 9.2.0(@samchon/openapi@4.2.0)(typescript@5.8.3)
typia-rspack-plugin:
specifier: 2.0.1
- version: 2.0.1(typescript@5.8.3)(typia@9.1.1(@samchon/openapi@4.1.0)(typescript@5.8.3))
+ version: 2.0.1(typescript@5.8.3)(typia@9.2.0(@samchon/openapi@4.2.0)(typescript@5.8.3))
packages/rspeedy/plugin-react-alias:
dependencies:
@@ -3024,8 +3024,8 @@ packages:
'@rushstack/ts-command-line@5.0.1':
resolution: {integrity: sha512-bsbUucn41UXrQK7wgM8CNM/jagBytEyJqXw/umtI8d68vFm1Jwxh1OtLrlW7uGZgjCWiiPH6ooUNa1aVsuVr3Q==}
- '@samchon/openapi@4.1.0':
- resolution: {integrity: sha512-UUFBI6n8R9+V0xt4scGEaQ0rib04cOVARhu7DXBZuEG0ExiTFPoiW49+qYFwE44LjYpfxBIlNkd+rcpiRGhsNA==}
+ '@samchon/openapi@4.2.0':
+ resolution: {integrity: sha512-OIgKBbUtWf0bcv3PRGwm1CbOeZsVC8qGE0H7xXEtUwqbin9O3czhWf9jxP90GGEw55joNJyV2fXZ3eWBm45O5g==}
'@selderee/plugin-htmlparser2@0.11.0':
resolution: {integrity: sha512-P33hHGdldxGabLFjPPpaTxVolMrzrcegejx+0GxjrIb9Zv48D8yAIA/QTDR2dFl7Uz7urX8aX6+5bCZslr+gWQ==}
@@ -3036,6 +3036,9 @@ packages:
'@socket.io/component-emitter@3.1.2':
resolution: {integrity: sha512-9BCxFwvbGg/RsZK9tjXd8s4UcwR0MWeFQ1XEKIQVVvAGJyINdrqKMcTRyLoK8Rse1GjzLV9cwjWV1olXRWEXVA==}
+ '@standard-schema/spec@1.0.0':
+ resolution: {integrity: sha512-m2bOd0f2RT9k8QJx1JN85cZYyH1RqFBdlwtkSlf4tBDYLCiiZnv1fIIwacK6cqwXavOydf0NPToMQgpKq+dVlA==}
+
'@svitejs/changesets-changelog-github-compact@1.2.0':
resolution: {integrity: sha512-08eKiDAjj4zLug1taXSIJ0kGL5cawjVCyJkBb6EWSg5fEPX6L+Wtr0CH2If4j5KYylz85iaZiFlUItvgJvll5g==}
engines: {node: ^14.13.1 || ^16.0.0 || >=18}
@@ -8229,11 +8232,11 @@ packages:
typescript: '*'
typia: '*'
- typia@9.1.1:
- resolution: {integrity: sha512-fMgrd2VLGZoDjZZwWlgriotUiG38UEzcMD0ToJOhQ0bPr966mit0ZEy5TnDhm2RidXfejZOqHb7iOoTG3VHd4w==}
+ typia@9.2.0:
+ resolution: {integrity: sha512-XvLnH32MziXohOopp7hgxK5BqAXTOSUh0kNdmau9lDwWzs1kA9l/jy3rS5y/AVyKPwBG4dO/9DmBKpe3AqJpSw==}
hasBin: true
peerDependencies:
- '@samchon/openapi': '>=4.0.0 <5.0.0'
+ '@samchon/openapi': '>=4.2.0 <5.0.0'
typescript: '>=4.8.0 <5.9.0'
unbox-primitive@1.0.2:
@@ -10778,7 +10781,7 @@ snapshots:
transitivePeerDependencies:
- '@types/node'
- '@samchon/openapi@4.1.0': {}
+ '@samchon/openapi@4.2.0': {}
'@selderee/plugin-htmlparser2@0.11.0':
dependencies:
@@ -10789,6 +10792,8 @@ snapshots:
'@socket.io/component-emitter@3.1.2': {}
+ '@standard-schema/spec@1.0.0': {}
+
'@svitejs/changesets-changelog-github-compact@1.2.0':
dependencies:
'@changesets/get-github-info': 0.6.0
@@ -16870,15 +16875,16 @@ snapshots:
typescript@5.8.3: {}
- typia-rspack-plugin@2.0.1(typescript@5.8.3)(typia@9.1.1(@samchon/openapi@4.1.0)(typescript@5.8.3)):
+ typia-rspack-plugin@2.0.1(typescript@5.8.3)(typia@9.2.0(@samchon/openapi@4.2.0)(typescript@5.8.3)):
dependencies:
typescript: 5.8.3
- typia: 9.1.1(@samchon/openapi@4.1.0)(typescript@5.8.3)
+ typia: 9.2.0(@samchon/openapi@4.2.0)(typescript@5.8.3)
unplugin: 2.3.2
- typia@9.1.1(@samchon/openapi@4.1.0)(typescript@5.8.3):
+ typia@9.2.0(@samchon/openapi@4.2.0)(typescript@5.8.3):
dependencies:
- '@samchon/openapi': 4.1.0
+ '@samchon/openapi': 4.2.0
+ '@standard-schema/spec': 1.0.0
commander: 10.0.1
comment-json: 4.2.5
inquirer: 8.2.6