Skip to content

Add test coverage for ignore-filepaths matching nested subdirectory files#22

Open
aebrahim with Copilot wants to merge 2 commits into
mainfrom
copilot/add-test-for-ignore-paths
Open

Add test coverage for ignore-filepaths matching nested subdirectory files#22
aebrahim with Copilot wants to merge 2 commits into
mainfrom
copilot/add-test-for-ignore-paths

Conversation

Copilot AI commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

ignore-filepaths lacked test coverage confirming that files nested inside an ignored directory (not just direct top-level matches) are correctly excluded from the CODEOWNERS check.

Test changes

  • Added 'skips check when all changed files are in an ignored subdirectory' in __tests__/main.test.ts, mirroring the existing top-level ignore test but using a deeply nested changed file path against a dist/** pattern to validate the minimatch-based isIgnored logic in src/main.ts correctly matches across directory depth.
gh.buildMockOctokit({
  listFiles: jest.fn().mockResolvedValue({
    data: [{ filename: 'dist/nested/deep/bundle.js' }]
  })
})
// with ignore-filepaths: 'dist/**'
// expected: CODEOWNERS check is skipped

No production code changes were required — the existing isIgnored implementation already handles this case correctly; this PR closes the test coverage gap.

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

Super-linter summary

Language Validation result
BASH Pass ✅
BASH_EXEC Pass ✅
CHECKOV Pass ✅
ENV Pass ✅
GITHUB_ACTIONS Pass ✅
GITLEAKS Pass ✅
GIT_MERGE_CONFLICT_MARKERS Pass ✅
JAVASCRIPT_PRETTIER Pass ✅
JSON_PRETTIER Pass ✅
MARKDOWN Pass ✅
MARKDOWN_PRETTIER Pass ✅
NATURAL_LANGUAGE Pass ✅
PRE_COMMIT Pass ✅
SHELL_SHFMT Pass ✅
SPELL_CODESPELL Pass ✅
TRIVY Fail ❌
TYPESCRIPT_PRETTIER Pass ✅
YAML Pass ✅
YAML_PRETTIER Pass ✅

Super-linter detected linting errors

For more information, see the
GitHub Actions workflow run

Powered by Super-linter

TRIVY

Report Summary

┌───────────────────┬──────┬─────────────────┬───────────────────┬─────────┐
│      Target       │ Type │ Vulnerabilities │ Misconfigurations │ Secrets │
├───────────────────┼──────┼─────────────────┼───────────────────┼─────────┤
│ package-lock.json │ npm  │        4        │         -         │    -    │
└───────────────────┴──────┴─────────────────┴───────────────────┴─────────┘
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)


For OSS Maintainers: VEX Notice
--------------------------------
If you're an OSS maintainer and Trivy has detected vulnerabilities in your project that you believe are not actually exploitable, consider issuing a VEX (Vulnerability Exploitability eXchange) statement.
VEX allows you to communicate the actual status of vulnerabilities in your project, improving security transparency and reducing false positives for your users.
Learn more and start using VEX: https://trivy.dev/docs/v0.71/guide/supply-chain/vex/repo#publishing-vex-documents

To disable this notice, set the TRIVY_DISABLE_VEX_NOTICE environment variable.


package-lock.json (npm)
=======================
Total: 4 (UNKNOWN: 0, LOW: 2, MEDIUM: 1, HIGH: 1, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────────────┬────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │     Fixed Version     │                           Title                            │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────────────┼────────────────────────────────────────────────────────────┤
│ undici  │ CVE-2026-12151 │ HIGH     │ fixed  │ 6.26.0            │ 6.27.0, 7.28.0, 8.5.0 │ undici: undici: Denial of Service due to unbounded memory  │
│         │                │          │        │                   │                       │ growth via WebSocket...                                    │
│         │                │          │        │                   │                       │ https://avd.aquasec.com/nvd/cve-2026-12151                 │
│         ├────────────────┼──────────┤        │                   │                       ├────────────────────────────────────────────────────────────┤
│         │ CVE-2026-9679  │ MEDIUM   │        │                   │                       │ undici: undici vulnerable to HTTP header injection via     │
│         │                │          │        │                   │                       │ Set-Cookie percent-decoding                                │
│         │                │          │        │                   │                       │ https://avd.aquasec.com/nvd/cve-2026-9679                  │
│         ├────────────────┼──────────┤        │                   │                       ├────────────────────────────────────────────────────────────┤
│         │ CVE-2026-11525 │ LOW      │        │                   │                       │ undici: undici: Weakening of cookie SameSite policy due to │
│         │                │          │        │                   │                       │ incorrect parsing of...                                    │
│         │                │          │        │                   │                       │ https://avd.aquasec.com/nvd/cve-2026-11525                 │
│         ├────────────────┤          │        │                   │                       ├────────────────────────────────────────────────────────────┤
│         │ CVE-2026-6733  │          │        │                   │                       │ undici: Undici: Response queue poisoning on reused         │
│         │                │          │        │                   │                       │ keep-alive sockets can lead to...                          │
│         │                │          │        │                   │                       │ https://avd.aquasec.com/nvd/cve-2026-6733                  │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────────────┴────────────────────────────────────────────────────────────┘

Copilot AI changed the title [WIP] Add a test for ignore-paths with subdirectory files Add test coverage for ignore-filepaths matching nested subdirectory files Jul 1, 2026
Copilot AI requested a review from aebrahim July 1, 2026 18:42
@aebrahim aebrahim requested a review from GhaithqD July 2, 2026 01:40
@aebrahim aebrahim marked this pull request as ready for review July 2, 2026 01:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add a test for ignore-paths where we ensure a file in a subdirectory is also ignored.

3 participants