On Sat, Dec 21, 2024 at 03:04:39PM +0100, Daniel Stenberg via curl-library wrote: > We started using codeql for static code analysis in 7183f5acc3d7ca39, > June 2020. > > Since then, not a single commit has been merged into the source code > repository citing codeql as > source or reason. Yet, it keeps getting updated and we get constant reminders > to upgrade the > pinning it to the latest hash.
There have been 158 issues raised by CodeQL in that time. Every single one of them was closed as "false positive" or "won't fix". So, I think you're onto something. Dan -- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.html
