fix: codeql exclusion for third party dependencies (#1617)

* codeql exclusion + skip scan for 3.7

* formatting

---------

Co-authored-by: Victoria Hall <[email protected]>

Author: hallvictoria

eng/ci/official-build.yml

@@ -39,6 +39,8 @@ extends:
       image: 1es-windows-2022
       os: windows
     sdl:
+      codeql:
+        excludePathPatterns: '/deps'
       codeSignValidation:
         enabled: true
         break: true

eng/ci/public-build.yml

@@ -41,6 +41,7 @@ extends:
          compiled:
            enabled: true # still only runs for default branch
          runSourceLanguagesInSourceAnalysis: true
+         excludePathPatterns: '/deps'
     settings:
       skipBuildTagsForGitHubPullRequests: ${{ variables['System.PullRequest.IsFork'] }}
     stages:

pack/templates/macos_64_env_gen.yml

@@ -16,6 +16,7 @@ steps:
     pip install pip-audit
     pip-audit -r requirements.txt
   displayName: 'Run vulnerability scan'
+  condition: ne(variables['pythonVersion'], '3.7')
 - task: CopyFiles@2
   inputs:
     contents: |

pack/templates/nix_env_gen.yml

@@ -16,6 +16,7 @@ steps:
     pip install pip-audit
     pip-audit -r requirements.txt
   displayName: 'Run vulnerability scan'
+  condition: ne(variables['pythonVersion'], '3.7')
 - task: CopyFiles@2
   inputs:
     contents: |

pack/templates/win_env_gen.yml

@@ -16,6 +16,7 @@ steps:
     pip install pip-audit
     pip-audit -r requirements.txt
   displayName: 'Run vulnerability scan'
+  condition: ne(variables['pythonVersion'], '3.7')
 - task: CopyFiles@2
   inputs:
     contents: |