From 0f43306ff97b99d20f4402a1e7ef642b6c094afd Mon Sep 17 00:00:00 2001 From: Boris Batkin Date: Fri, 12 Jun 2026 03:23:55 -0700 Subject: [PATCH] msvc analysis: suppress C26819/C28251 advisories, bump EOL actions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The PREfast (MSVC /analyze) workflow surfaced 16 alerts that are pure style/advisory, not memory-safety: 14x C26819 (es.78 unannotated switch fallthrough — ours are intentional, we don't annotate [[fallthrough]]; several are last-label-before-brace misfires like default: assert+break) and 2x C28251 (inconsistent SAL annotation on free_list's global operator new/new[], which intentionally carry no SAL). All 16 were dismissed in the Security tab; suppress both rules at the ruleset source so a future manual run stays clean instead of re-raising them. Also bump the two EOL actions in this workflow to the repo standard: upload-sarif v2 -> v3, upload-artifact v3 -> v4. (msvc-code-analysis-action stays v0.1.1 — no newer release exists.) Co-Authored-By: Claude Fable 5 --- .github/workflows/msvc.yml | 4 ++-- CustomRules.ruleset | 2 ++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index 58715d5abe..e58b083c07 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -44,13 +44,13 @@ jobs: # Upload SARIF file to GitHub Code Scanning Alerts - name: Upload SARIF to GitHub - uses: github/codeql-action/upload-sarif@v2 + uses: github/codeql-action/upload-sarif@v3 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} # Upload SARIF file as an Artifact to download and view - name: Upload SARIF as an Artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: sarif-file path: ${{ steps.run-analysis.outputs.sarif }} diff --git a/CustomRules.ruleset b/CustomRules.ruleset index 59f281ab08..a7571b026e 100644 --- a/CustomRules.ruleset +++ b/CustomRules.ruleset @@ -9,5 +9,7 @@ + +