fix: remove security-experimental queries from CodeQL configuration to prevent false positives

scripts/pre-commit-hooks/codeql-go-scan.sh

@@ -28,12 +28,11 @@ codeql database create codeql-db-go \
   --overwrite
 
 echo ""
-echo "📊 Analyzing with security-and-quality + security-experimental suites..."
+echo "📊 Analyzing with security-and-quality suite..."
 ANALYZE_LOG=$(mktemp)
-# Analyze with CI-aligned suites (mirrors codeql.yml queries: security-and-quality,security-experimental)
+# Analyze with CI-aligned suite (mirrors codeql.yml queries: security-and-quality)
 codeql database analyze codeql-db-go \
   codeql/go-queries:codeql-suites/go-security-and-quality.qls \
-  codeql/go-queries:codeql-suites/go-security-experimental.qls \
   --format=sarif-latest \
   --output=codeql-results-go.sarif \
   --sarif-add-baseline-file-info \

scripts/pre-commit-hooks/codeql-js-scan.sh

@@ -26,11 +26,10 @@ codeql database create codeql-db-js \
   --overwrite
 
 echo ""
-echo "📊 Analyzing with security-and-quality + security-experimental suites..."
-# Analyze with CI-aligned suites (mirrors codeql.yml queries: security-and-quality,security-experimental)
+echo "📊 Analyzing with security-and-quality suite..."
+# Analyze with CI-aligned suite (mirrors codeql.yml queries: security-and-quality)
 codeql database analyze codeql-db-js \
   codeql/javascript-queries:codeql-suites/javascript-security-and-quality.qls \
-  codeql/javascript-queries:codeql-suites/javascript-security-experimental.qls \
   --format=sarif-latest \
   --output=codeql-results-js.sarif \
   --sarif-add-baseline-file-info \