Merge branch 'main' into alert-autofix-23

chore: fix codeql coverage and action version (#4454 )
Strengthen stagehand navigate test assertion
2026-02-11 16:38:14 +00:00 · 2026-02-11 18:23:54 +08:00 · 2026-02-11 18:20:07 +08:00 · 2026-02-11 17:49:32 +08:00 · 2026-02-11 14:32:10 +08:00 · 2025-11-18 12:16:03 -05:00
4 changed files with 21 additions and 6 deletions
--- a/.github/codeql/codeql-config.yml
+++ b/.github/codeql/codeql-config.yml
@@ -14,13 +14,18 @@ paths-ignore:
  - "lib/crewai/src/crewai/experimental/a2a/**"

 paths:
+  # Include GitHub Actions workflows/composite actions for CodeQL actions analysis
+  - ".github/workflows/**"
+  - ".github/actions/**"
  # Include all Python source code from workspace packages
  - "lib/crewai/src/**"
  - "lib/crewai-tools/src/**"
+  - "lib/crewai-files/src/**"
  - "lib/devtools/src/**"
  # Include tests (but exclude cassettes via paths-ignore)
  - "lib/crewai/tests/**"
  - "lib/crewai-tools/tests/**"
+  - "lib/crewai-files/tests/**"
  - "lib/devtools/tests/**"

 # Configure specific queries or packs if needed
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -69,7 +69,7 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
      with:
        languages: ${{ matrix.language }}
        build-mode: ${{ matrix.build-mode }}
@@ -98,6 +98,6 @@ jobs:
        exit 1

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
      with:
        category: "/language:${{matrix.language}}"
--- a/lib/crewai-tools/tests/tools/brave_search_tool_test.py
+++ b/lib/crewai-tools/tests/tools/brave_search_tool_test.py
@@ -33,8 +33,11 @@ def test_brave_tool_search(mock_get, brave_tool):
    mock_get.return_value.json.return_value = mock_response

    result = brave_tool.run(query="test")
-    assert "Test Title" in result
-    assert "http://test.com" in result
+    data = json.loads(result)
+    assert isinstance(data, list)
+    assert len(data) >= 1
+    assert data[0]["title"] == "Test Title"
+    assert data[0]["url"] == "http://test.com"


@patch("requests.get")
--- a/lib/crewai-tools/tests/tools/stagehand_tool_test.py
+++ b/lib/crewai-tools/tests/tools/stagehand_tool_test.py
@@ -1,9 +1,10 @@
+import re
 import sys
+from urllib.parse import urlparse
 from unittest.mock import MagicMock, patch

 import pytest

-
 # Create mock classes that will be used by our fixture
 class MockStagehandModule:
    def __init__(self):
@@ -171,8 +172,14 @@ def test_navigate_command(mock_run, stagehand_tool):
    )

    # Assertions
-    assert "https://example.com" in result
+    assert "Successfully navigated to " in result

+    # Extract URL from result string and check its host
+    # Example result: "Successfully navigated to https://example.com"
+    url_match = re.search(r"https?://[^\s]+", result)
+    assert url_match is not None
+    parsed = urlparse(url_match.group(0))
+    assert parsed.hostname == "example.com"

@patch(
    "crewai_tools.tools.stagehand_tool.stagehand_tool.StagehandTool._run", autospec=True
Author	SHA1	Message	Date
Rip&Tear	6612753db8	Merge branch 'main' into alert-autofix-23	2026-02-11 18:23:54 +08:00
Rip&Tear	46e1b02154	chore: fix codeql coverage and action version (#4454 )	2026-02-11 18:20:07 +08:00
theCyberTech	6712413a83	Strengthen stagehand navigate test assertion	2026-02-11 17:49:32 +08:00
Rip&Tear	87675b49fd	test: avoid URL substring assertion in brave search test (#4453 ) Some checks failed CodeQL Advanced / Analyze (actions) (push) Has been cancelled Details CodeQL Advanced / Analyze (python) (push) Has been cancelled Details Notify Downstream / notify-downstream (push) Has been cancelled Details	2026-02-11 14:32:10 +08:00
Greyson LaLonde	e9475a7215	Merge branch 'main' into alert-autofix-23	2025-11-18 12:16:03 -05:00
Rip&Tear	c2d4073415	Potential fix for code scanning alert no. 23: Incomplete URL substring sanitization Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>	2025-11-08 21:34:00 +08:00