[Schema Inaccuracy] code_scanning_alert fixed webhook: alert.state typed as null | "fixed" but GitHub sends "dismissed"

## Expected

In the `code_scanning_alert` webhook event with `action: "fixed"`, the `alert.state` property should permit `"dismissed"` in addition to `null` and `"fixed"`:

```yaml
state:
  description: >-
    State of a code scanning alert. Events for alerts found outside the
    default branch will return a `null` value until they are dismissed or
    fixed.
  oneOf:
    - type: "null"
    - enum:
        - fixed
        - dismissed
      type: string
```

This would be consistent with how the `appeared_in_branch`, `reopened`, and `updated_assignment` actions already define `alert.state` as `null | "open" | "dismissed" | "fixed"`.

## Actual

The webhook schema for `code_scanning_alert` (action `fixed`) defines `alert.state` as only `null | "fixed"`, rejecting the value `"dismissed"`.

## Reproduction Steps

1. Configure a repository webhook (or GitHub App) to receive `code_scanning_alert` events.
2. Have a code scanning alert that has been **dismissed** (e.g., marked as "won't fix").
3. Merge a PR that fixes the underlying code issue for that dismissed alert.
4. GitHub delivers a `code_scanning_alert` webhook with `action: "fixed"`, but the `alert.state` field is `"dismissed"` (not `"fixed"`), because the alert's canonical state remains dismissed.
5. Attempt to validate this payload against a client generated from the OpenAPI spec. Validation fails because the schema only permits `null` or `"fixed"` for `alert.state`.

## Impact

Any strongly-typed client generated from this spec (e.g., githubkit for Python, Octokit for TypeScript) will reject valid `code_scanning_alert` fixed webhook payloads when the alert was previously dismissed, because `"dismissed"` does not conform to the `null | "fixed"` schema.

## Error

```
pydantic_core._pydantic_core.ValidationError: 1 validation error for
tagged-union[...,WebhookCodeScanningAlertFixed,...]
fixed.alert.state
  Input should be 'fixed' [type=literal_error, input_value='dismissed', input_type=str]
```

## Reference

- Related spec issue for `fixed_at` on the same webhook: https://github.com/github/rest-api-description/issues/6058
- Webhook event docs: https://docs.github.com/en/webhooks/webhook-events-and-payloads#code_scanning_alert

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Schema Inaccuracy] code_scanning_alert fixed webhook: alert.state typed as null | "fixed" but GitHub sends "dismissed" #6059

Expected

Actual

Reproduction Steps

Impact

Error

Reference

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Schema Inaccuracy] code_scanning_alert fixed webhook: alert.state typed as null | "fixed" but GitHub sends "dismissed" #6059

Description

Expected

Actual

Reproduction Steps

Impact

Error

Reference

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions