Merge branch 'main' into dependabot/npm_and_yarn/SortVision/npm_and_yarn-d580857466

alienx5499 · web-flow · commit 7a1e1ffb1bb2 · 2026-03-30T03:21:34.000+05:30
diff --git a/.github/workflows/README.md b/.github/workflows/README.md
@@ -32,11 +32,9 @@ Longer validation: format, lint, build, `pnpm run test:extended`, sitemap, **pnp
 - **TruffleHog** (pinned release) for verified secrets.
 - **Dependency review** on pull requests (`fail-on-severity: moderate`).
 
-### `codeql.yml`
+### CodeQL (GitHub default setup)
 
-**Triggers:** push/PR when `SortVision/**` or this workflow changes; weekly schedule.
-
-JavaScript/TypeScript analysis scoped to `SortVision` via [`codeql-config.yml`](../codeql/codeql-config.yml).
+This repo does **not** use a custom `codeql.yml` workflow. Enable **Code scanning** with **Default setup** under **Settings → Code security and analysis → Code scanning**. Results and status appear under the **Security** tab; required checks (if any) use the names GitHub shows for that setup (not the old workflow job `Analyze (JavaScript)`).
 
 ### `typos.yml`
 
@@ -50,13 +48,13 @@ Auto-merge rules for Dependabot PRs (repository-specific).
 
 ## Branch protection
 
-Required status check names must match each job’s `name:` field exactly (for example **Formatting**, **Lint**, **Build and test**, **Typos**, **Analyze (JavaScript)**).
+Required status check names must match each job’s `name:` field exactly (for example **Formatting**, **Lint**, **Build and test**, **Typos**). Add CodeQL-related checks only if you require them, using the exact names from **Settings → Rules** after a green run.
 
 ## Adding more checks
 
 - **Default PR path:** extend [`continuous-integration.yml`](continuous-integration.yml) or add a job with `needs:` as appropriate.
 - **Nightly / manual only:** use [`extended-quality-assurance.yml`](extended-quality-assurance.yml) or a new workflow file.
-- **Security:** prefer [`security-scan.yml`](security-scan.yml) or CodeQL-related config under `.github/codeql/`.
+- **Security:** prefer [`security-scan.yml`](security-scan.yml); CodeQL is managed in **Settings → Code scanning** (default setup).
 
 **Not configured here (optional later):** Knip/depcheck for unused exports, Playwright E2E — useful once you want the extra maintenance cost.
 
diff --git a/_typos.toml b/_typos.toml
@@ -19,3 +19,8 @@ extend-ignore-re = [
   "(?i)radix",
   "(?i)tailwind",
 ]
+
+# Locale / CS terms typos would otherwise “fix” incorrectly.
+[default.extend-words]
+Algorithmus = "Algorithmus"
+DAA = "DAA"

Original file line number	Diff line number	Diff line change
`@@ -19,3 +19,8 @@ extend-ignore-re = [`
`19`	`19`	`"(?i)radix",`
`20`	`20`	`"(?i)tailwind",`
`21`	`21`	`]`
	`22`	`+`
	`23`	`+# Locale / CS terms typos would otherwise “fix” incorrectly.`
	`24`	`+[default.extend-words]`
	`25`	`+Algorithmus = "Algorithmus"`
	`26`	`+DAA = "DAA"`