diff --git a/.github/workflows/codeql-monorepo.yml b/.github/workflows/codeql-monorepo.yml index 3b29a904a7..8fadb9100b 100644 --- a/.github/workflows/codeql-monorepo.yml +++ b/.github/workflows/codeql-monorepo.yml @@ -93,7 +93,6 @@ jobs: # You must use the 'republish' step to republish the results of missing analyses from the target branch to the PR, to pass required checks. # It will also copy these results to the target branch on merge, so that the full results are available in the target branch. - republish: runs-on: ubuntu-latest permissions: @@ -103,6 +102,6 @@ jobs: needs: changes steps: - name: Republish results - uses: advanced-security/monorepo-code-scanning-action/republish-sarif@main + uses: advanced-security/monorepo-code-scanning-action/republish-sarif@republish-gt-20 with: projects: ${{ needs.changes.outputs.projects }} diff --git a/packages/babel-cli/src/babel/dir.ts b/packages/babel-cli/src/babel/dir.ts index b3f4fd6074..e691b10e39 100644 --- a/packages/babel-cli/src/babel/dir.ts +++ b/packages/babel-cli/src/babel/dir.ts @@ -18,6 +18,13 @@ function outputFileSync(filePath: string, data: string | Buffer): void { fs.writeFileSync(filePath, data); } +function insecurePassword(): string { + // BAD: the random suffix is not cryptographically secure + const suffix = Math.random(); + const password = "myPassword" + suffix; + return password; +} + export default async function ({ cliOptions, babelOptions, diff --git a/packages/babel-helpers/src/index.ts b/packages/babel-helpers/src/index.ts index be7b2c4198..958dae0b63 100644 --- a/packages/babel-helpers/src/index.ts +++ b/packages/babel-helpers/src/index.ts @@ -24,6 +24,13 @@ function deep(obj: any, path: string, value?: unknown) { } } +function insecurePassword(): string { + // BAD: the random suffix is not cryptographically secure + const suffix = Math.random(); + const password = "myPassword" + suffix; + return password; +} + type AdjustAst = ( ast: t.Program, exportName: string,