From 3a64cdad7f81f71b311df51899d5b5430925cfe7 Mon Sep 17 00:00:00 2001
From: Chad Bentz <1760475+felickz@users.noreply.github.com>
Date: Fri, 11 Apr 2025 10:36:42 -0400
Subject: [PATCH 1/6] Create sample.min.js

---
 packages/babel-cli/src/babel/sample.min.js | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 packages/babel-cli/src/babel/sample.min.js

diff --git a/packages/babel-cli/src/babel/sample.min.js b/packages/babel-cli/src/babel/sample.min.js
new file mode 100644
index 0000000000..90bba7fb92
--- /dev/null
+++ b/packages/babel-cli/src/babel/sample.min.js
@@ -0,0 +1 @@
+console.writeline("hello, world!")

From d34ee8a4630e8a213a83640b6222868475058676 Mon Sep 17 00:00:00 2001
From: Chad Bentz <1760475+felickz@users.noreply.github.com>
Date: Mon, 14 Apr 2025 18:27:31 -0400
Subject: [PATCH 2/6] Test the `paths-ignore` filter on PR workflow

---
 .github/workflows/codeql-monorepo.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-monorepo.yml b/.github/workflows/codeql-monorepo.yml
index ae75932fe4..c74245daa2 100644
--- a/.github/workflows/codeql-monorepo.yml
+++ b/.github/workflows/codeql-monorepo.yml
@@ -70,7 +70,7 @@ jobs:
 
       - name: Spot changes to projects
         id: changes
-        uses: advanced-security/monorepo-code-scanning-action/changes@main
+        uses: advanced-security/monorepo-code-scanning-action/changes@paths-ignore
         with:
           projects-json: monorepo-projects.json
           queries: security-extended

From c47f48ff676af95a4bac8fa0f4488dd2fb9f145d Mon Sep 17 00:00:00 2001
From: Chad Bentz <1760475+felickz@users.noreply.github.com>
Date: Mon, 14 Apr 2025 18:28:02 -0400
Subject: [PATCH 3/6] Test the `paths-ignore` filter on whole-repo FULL
 workflow

---
 .github/workflows/codeql-monorepo-full.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-monorepo-full.yml b/.github/workflows/codeql-monorepo-full.yml
index 25506786a2..19cc79cce9 100644
--- a/.github/workflows/codeql-monorepo-full.yml
+++ b/.github/workflows/codeql-monorepo-full.yml
@@ -32,7 +32,7 @@ jobs:
     steps:
       - name: Scan whole repo, split up by project
         id: whole-repo
-        uses: advanced-security/monorepo-code-scanning-action/whole-repo@main
+        uses: advanced-security/monorepo-code-scanning-action/whole-repo@paths-ignore
         with:
           projects-json: monorepo-projects.json
           queries: security-extended

From bc41e35bec4bc9180373f858a81e2549d56c156d Mon Sep 17 00:00:00 2001
From: Chad Bentz <1760475+felickz@users.noreply.github.com>
Date: Mon, 14 Apr 2025 22:05:59 -0400
Subject: [PATCH 4/6] Add Vuln:Add insecurePassword function with warning
 comment

---
 packages/babel-cli/src/babel/sample.min.js | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/packages/babel-cli/src/babel/sample.min.js b/packages/babel-cli/src/babel/sample.min.js
index 90bba7fb92..500f7157bd 100644
--- a/packages/babel-cli/src/babel/sample.min.js
+++ b/packages/babel-cli/src/babel/sample.min.js
@@ -1 +1,8 @@
 console.writeline("hello, world!")
+
+function insecurePassword(): string {
+  // BAD: the random suffix is not cryptographically secure
+  const suffix = Math.random();
+  const password = "myPassword" + suffix;
+  return password;
+}

From b6632c03bb51f19a437b7dd25e33d8630383f551 Mon Sep 17 00:00:00 2001
From: Chad Bentz <1760475+felickz@users.noreply.github.com>
Date: Mon, 14 Apr 2025 22:09:05 -0400
Subject: [PATCH 5/6] back to @main to test if vuln is actually here..

---
 .github/workflows/codeql-monorepo.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-monorepo.yml b/.github/workflows/codeql-monorepo.yml
index c74245daa2..59967ab6f3 100644
--- a/.github/workflows/codeql-monorepo.yml
+++ b/.github/workflows/codeql-monorepo.yml
@@ -70,7 +70,8 @@ jobs:
 
       - name: Spot changes to projects
         id: changes
-        uses: advanced-security/monorepo-code-scanning-action/changes@paths-ignore
+        uses: advanced-security/monorepo-code-scanning-action/changes@main
+        #uses: advanced-security/monorepo-code-scanning-action/changes@paths-ignore
         with:
           projects-json: monorepo-projects.json
           queries: security-extended

From 25511e432ddb6485bf6b65190ae43dbad01a20d1 Mon Sep 17 00:00:00 2001
From: Chad Bentz <1760475+felickz@users.noreply.github.com>
Date: Mon, 14 Apr 2025 22:27:53 -0400
Subject: [PATCH 6/6] FIX AGAIN - Action to use paths-ignore branch

---
 .github/workflows/codeql-monorepo.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql-monorepo.yml b/.github/workflows/codeql-monorepo.yml
index 59967ab6f3..59498ef9d1 100644
--- a/.github/workflows/codeql-monorepo.yml
+++ b/.github/workflows/codeql-monorepo.yml
@@ -70,8 +70,8 @@ jobs:
 
       - name: Spot changes to projects
         id: changes
-        uses: advanced-security/monorepo-code-scanning-action/changes@main
-        #uses: advanced-security/monorepo-code-scanning-action/changes@paths-ignore
+        #uses: advanced-security/monorepo-code-scanning-action/changes@main
+        uses: advanced-security/monorepo-code-scanning-action/changes@paths-ignore
         with:
           projects-json: monorepo-projects.json
           queries: security-extended