mirror of
https://github.com/ZoneMinder/zoneminder.git
synced 2026-06-22 20:50:06 -04:00
c47dc991cb
CodeQL's open alerts are dominated by findings inside bundled third-party libraries (jQuery UI, Bootstrap 4, bootstrap-table, the jQuery UI timepicker addon, hls.js). These flag coding patterns internal to those libraries -- js/unsafe-jquery-plugin, js/insecure-randomness, etc. -- that are not ZoneMinder bugs and cannot be fixed without forking the dependencies. They drown out findings in ZoneMinder-authored code. Add the vendored library directories/files to paths-ignore in the CodeQL config. ZoneMinder-authored files in these trees (skin.js, MonitorStream.js, views/js/*.js, ...) are not listed and remain analysed. moment.js is intentionally left out: it is scheduled for removal once its remaining call sites migrate to luxon, so its alert will be resolved by deletion rather than suppression. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>