Move UnversionedImmutableAction.ql to experimental

aeisenberg · aeisenberg · commit 2a0e133768eb · 2025-03-06T15:08:02.000-08:00
This query will give too many false positives for users until
immutable actions is released.
diff --git a/actions/ql/src/change-notes/2025-02-27-immutable-actions-list.md b/actions/ql/src/change-notes/2025-02-27-immutable-actions-list.md
@@ -2,6 +2,7 @@
 category: fix
 ---
 * The `actions/unversioned-immutable-action` query will no longer report any alerts, since the
-  Immutable Actions feature is not yet available for customer use. The query remains in the
-  default Code Scanning suites for use internal to GitHub. Once the Immutable Actions feature is
-  available, the query will be updated to report alerts again.
+  Immutable Actions feature is not yet available for customer use. The query has also been moved
+  to the experimental folder and will not be used in code scanning unless it is explicitly added
+  to a code scanning configuration. Once the Immutable Actions feature is available, the query will
+  be updated to report alerts again.
diff --git a/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.md b/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.md
diff --git a/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.ql b/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.ql
@@ -8,6 +8,7 @@
  * @tags security
  *       actions
  *       internal
+ *       experimental
  *       external/cwe/cwe-829
  */
 
diff --git a/actions/ql/test/query-tests/Security/CWE-829/UnversionedImmutableAction.qlref b/actions/ql/test/query-tests/Security/CWE-829/UnversionedImmutableAction.qlref
@@ -1 +1 @@
-Security/CWE-829/UnversionedImmutableAction.ql
+experimental/Security/CWE-829/UnversionedImmutableAction.ql

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-Security/CWE-829/UnversionedImmutableAction.ql`
	`1`	`+experimental/Security/CWE-829/UnversionedImmutableAction.ql`