We’ve improved the depth of CodeQL's Python analysis by adding support for more libraries and frameworks, including:
os.path moduleAs a result, CodeQL can now detect even more potential sources of untrusted user data, steps through which that data flows, and potentially dangerous sinks in which this data could end up. This results in an overall improvement of the quality of the code scanning alerts.
We carefully choose and prioritize the libraries and frameworks supported by CodeQL based on their popularity and through user feedback. These improvements are now available to users of CodeQL code scanning on GitHub.com, and will also be available in the next release of GitHub Enterprise Server (3.4).
You can now run workflows for Python projects faster on GitHub Actions by enabling dependency caching on the setup-python action. setup-python supports caching for both pip and pipenv projects.
The following example enables caching for a Python project with pip:
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: '3.9'
cache: 'pip'
- run: pip install -r requirements.txt
- run: pip testFor additional examples, visit the setup-python repository.
A light high contrast theme, with greater contrast between foreground and background elements, is now available to all github.com users in a public beta. Navigate to the “Appearance” page in your profile settings to choose the light high contrast theme.
