From 1c6b66dc846cd7230d7ce22b032756c60883c905 Mon Sep 17 00:00:00 2001
From: Marco Ippolito <marcoippolito54@gmail.com>
Date: Sat, 3 Aug 2024 09:34:45 +0200
Subject: [PATCH] chore(tools): add codeql for typescript

---
 .github/workflows/audit.yml | 28 +++++++++++++++++++++++++---
 deny.toml                   | 21 +++++----------------
 2 files changed, 30 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
index bb8aaf899..7130a97d9 100644
--- a/.github/workflows/audit.yml
+++ b/.github/workflows/audit.yml
@@ -5,9 +5,6 @@ on:
     # Runs at 00:00 UTC everyday
     - cron: '0 0 * * *'
   push:
-    paths:
-      - '**/Cargo.toml'
-      - '**/Cargo.lock'
   pull_request:
 
 jobs:
@@ -17,3 +14,28 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - uses: EmbarkStudios/cargo-deny-action@3f4a782664881cf5725d0ffd23969fcce89fd868 # v1.6.3
+        with:
+          manifest-path: "deps/swc/bindings/Cargo.toml"
+
+  typescript-audit:
+    runs-on: ubuntu-22.04
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+    strategy:
+      matrix:
+        include:
+        - language: javascript-typescript
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        with:
+          languages: ${{ matrix.language }}
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
+        with:
+          category: "/language:${{matrix.language}}"
diff --git a/deny.toml b/deny.toml
index 8f01047a3..cba0dabea 100644
--- a/deny.toml
+++ b/deny.toml
@@ -2,28 +2,25 @@
 targets = []
 
 [advisories]
-vulnerability = "deny"
-unmaintained = "warn"
-yanked = "warn"
-notice = "warn"
 ignore = []
 
 [licenses]
-unlicensed = "deny"
 allow = [
     "Apache-2.0",
     "Apache-2.0 WITH LLVM-exception",
     "MIT",
     "MPL-2.0",
     "BSD-3-Clause",
+    "BSD-2-Clause",
     "ISC",
+    "0BSD",
+    "CC0-1.0",
+    "Unicode-DFS-2016",
+    "BSL-1.0"
 ]
-deny = []
-copyleft = "deny"
 confidence-threshold = 0.8
 exceptions = []
 
-
 [licenses.private]
 ignore = false
 registries = []
@@ -38,12 +35,4 @@ skip = []
 skip-tree = []
 
 [sources]
-unknown-registry = "warn"
-unknown-git = "warn"
 allow-registry = ["https://github.com/rust-lang/crates.io-index"]
-allow-git = []
-
-[sources.allow-org]
-github = []
-gitlab = []
-bitbucket = []