Use -bor to preserve existing TLS protocols in Test-ListPath.ps1#1141
Conversation
Co-authored-by: Romanitho <96626929+Romanitho@users.noreply.github.com> Agent-Logs-Url: https://github.com/Romanitho/Winget-AutoUpdate/sessions/a1f0a60d-2d7c-4490-8176-797ca856f3fb
✅
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ COPYPASTE | jscpd | yes | no | no | 2.79s | |
| markdownlint | 1 | 0 | 3 | 0 | 1.19s | |
| ✅ MARKDOWN | markdown-table-formatter | 1 | 0 | 0 | 0 | 0.34s |
| ✅ POWERSHELL | powershell | 2 | 0 | 0 | 4.98s | |
| ✅ POWERSHELL | powershell_formatter | 2 | 0 | 0 | 4.32s | |
| checkov | yes | 3 | no | 21.44s | ||
| devskim | yes | 1 | 8 | 2.95s | ||
| ✅ REPOSITORY | dustilock | yes | no | no | 0.01s | |
| ✅ REPOSITORY | gitleaks | yes | no | no | 0.78s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.03s | |
| ✅ REPOSITORY | grype | yes | no | no | 40.92s | |
| ✅ REPOSITORY | kics | yes | no | no | 2.35s | |
| ✅ REPOSITORY | kingfisher | yes | no | no | 5.24s | |
| ✅ REPOSITORY | secretlint | yes | no | no | 0.93s | |
| ✅ REPOSITORY | syft | yes | no | no | 1.62s | |
| ✅ REPOSITORY | trivy | yes | no | no | 13.67s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 0.18s | |
| ✅ REPOSITORY | trufflehog | yes | no | no | 3.5s | |
| cspell | 5 | 11 | 0 | 5.25s | ||
| ✅ SPELL | lychee | 2 | 0 | 0 | 1.78s |
Detailed Issues
⚠️ REPOSITORY / checkov - 3 errors
Linter output file not found
⚠️ SPELL / cspell - 11 errors
Linter output file not found
⚠️ REPOSITORY / devskim - 1 error
Linter output file not found
⚠️ MARKDOWN / markdownlint - 3 errors
Linter output file not found
See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

Show us your support by starring ⭐ the repository
There was a problem hiding this comment.
Pull request overview
Updates WAU’s Test-ListPath helper to enable TLS 1.2 without clobbering the process-wide ServicePointManager.SecurityProtocol flags, aligning behavior with existing networking code in the functions layer.
Changes:
- Switches TLS 1.2 enabling from overwrite assignment to bitwise OR (
-bor) to preserve existing protocol flags. - Adds a DevSkim suppression comment on the TLS protocol line to match established suppression usage.
| function Test-ListPath ($ListPath, $UseWhiteList, $WingetUpdatePath) { | ||
| # Enable TLS 1.2 for secure connections | ||
| [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | ||
| [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12 #DevSkim: ignore DS440020,DS440020 Hard-coded SSL/TLS Protocol |
There was a problem hiding this comment.
[Net.ServicePointManager]::SecurityProtocol is process-wide state. In this function it’s set unconditionally, even when $ListPath is UNC/local and no HTTP request will be made. Consider moving the TLS flag update into the if ($ListPath -like "http*") branch (as in Test-ModsPath.ps1) to minimize unintended side effects on callers.
The TLS 1.2 assignment in
Test-ListPath.ps1was overwriting the process-wideSecurityProtocolvalue, potentially disabling already-enabled protocols (e.g. TLS 1.3 /SystemDefault).Change
Replace the overwrite assignment with a bitwise OR, matching the pattern used in
Test-ModsPath.ps1:Also adds the
#DevSkim: ignore DS440020suppression comment consistent with the rest of the codebase.⚡ Quickly spin up Copilot coding agent tasks from anywhere on your macOS or Windows machine with Raycast.