Merge pull request #1051 from github/henrymercer/run-atm-on-windows

Run ML-powered queries on Windows with CodeQL CLI 2.9.0+

.github/update-release-branch.py

@@ -1,12 +1,9 @@
+import argparse
 import datetime
 from github import Github
-import random
-import requests
-import subprocess
-import sys
 import json
-import datetime
 import os
+import subprocess
 
 EMPTY_CHANGELOG = """# CodeQL Action and CodeQL Runner Changelog
 
@@ -16,21 +13,25 @@ No user facing changes.
 
 """
 
-# The branch being merged from.
-# This is the one that contains day-to-day development work.
-MAIN_BRANCH = 'main'
-# The branch being merged into.
-# This is the release branch that users reference.
-LATEST_RELEASE_BRANCH = 'v1'
+# Value of the mode flag for a v1 release
+V1_MODE = 'v1-release'
+
+# Value of the mode flag for a v2 release
+V2_MODE = 'v2-release'
+
+SOURCE_BRANCH_FOR_MODE = { V1_MODE: 'releases/v2', V2_MODE: 'main' }
+TARGET_BRANCH_FOR_MODE = { V1_MODE: 'releases/v1', V2_MODE: 'releases/v2' }
+
 # Name of the remote
 ORIGIN = 'origin'
 
 # Runs git with the given args and returns the stdout.
-# Raises an error if git does not exit successfully.
-def run_git(*args):
+# Raises an error if git does not exit successfully (unless passed
+# allow_non_zero_exit_code=True).
+def run_git(*args, allow_non_zero_exit_code=False):
   cmd = ['git', *args]
   p = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-  if (p.returncode != 0):
+  if not allow_non_zero_exit_code and p.returncode != 0:
     raise Exception('Call to ' + ' '.join(cmd) + ' exited with code ' + str(p.returncode) + ' stderr:' + p.stderr.decode('ascii'))
   return p.stdout.decode('ascii')
 
@@ -38,8 +39,10 @@ def run_git(*args):
 def branch_exists_on_remote(branch_name):
   return run_git('ls-remote', '--heads', ORIGIN, branch_name).strip() != ''
 
-# Opens a PR from the given branch to the release branch
-def open_pr(repo, all_commits, short_main_sha, branch_name):
+# Opens a PR from the given branch to the target branch
+def open_pr(
+  repo, all_commits, source_branch_short_sha, new_branch_name, source_branch, target_branch,
+  conductor, is_v2_release, labels, conflicted_files):
   # Sort the commits into the pull requests that introduced them,
   # and any commits that don't have a pull request
   pull_requests = []
@@ -61,9 +64,8 @@ def open_pr(repo, all_commits, short_main_sha, branch_name):
 
   # Start constructing the body text
   body = []
-  body.append('Merging ' + short_main_sha + ' into ' + LATEST_RELEASE_BRANCH)
+  body.append('Merging ' + source_branch_short_sha + ' into ' + target_branch)
 
-  conductor = get_conductor(repo, pull_requests, commits_without_pull_requests)
   body.append('')
   body.append('Conductor for this PR is @' + conductor)
 
@@ -80,43 +82,46 @@ def open_pr(repo, all_commits, short_main_sha, branch_name):
     body.append('')
     body.append('Contains the following commits not from a pull request:')
     for commit in commits_without_pull_requests:
-      body.append('- ' + commit.sha + ' - ' + get_truncated_commit_message(commit) + ' (@' + commit.author.login + ')')
+      author_description = ' (@' + commit.author.login + ')' if commit.author is not None else ''
+      body.append('- ' + commit.sha + ' - ' + get_truncated_commit_message(commit) + author_description)
 
   body.append('')
   body.append('Please review the following:')
+  if len(conflicted_files) > 0:
+    body.append(' - [ ] You have added commits to this branch that resolve the merge conflicts ' +
+      'in the following files:')
+    body.extend([f'    - [ ] `{file}`' for file in conflicted_files])
+    body.append(' - [ ] Another maintainer has reviewed the additional commits you added to this ' +
+      'branch to resolve the merge conflicts.')
   body.append(' - [ ] The CHANGELOG displays the correct version and date.')
   body.append(' - [ ] The CHANGELOG includes all relevant, user-facing changes since the last release.')
-  body.append(' - [ ] There are no unexpected commits being merged into the ' + LATEST_RELEASE_BRANCH + ' branch.')
+  body.append(' - [ ] There are no unexpected commits being merged into the ' + target_branch + ' branch.')
   body.append(' - [ ] The docs team is aware of any documentation changes that need to be released.')
-  body.append(' - [ ] The mergeback PR is merged back into ' + MAIN_BRANCH + ' after this PR is merged.')
+  if is_v2_release:
+    body.append(' - [ ] The mergeback PR is merged back into ' + source_branch + ' after this PR is merged.')
+    body.append(' - [ ] The v1 release PR is merged after this PR is merged.')
 
-  title = 'Merge ' + MAIN_BRANCH + ' into ' + LATEST_RELEASE_BRANCH
+  title = 'Merge ' + source_branch + ' into ' + target_branch
 
   # Create the pull request
   # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft so that
   # a maintainer can take the PR out of draft, thereby triggering the PR checks.
-  pr = repo.create_pull(title=title, body='\n'.join(body), head=branch_name, base=LATEST_RELEASE_BRANCH, draft=True)
+  pr = repo.create_pull(title=title, body='\n'.join(body), head=new_branch_name, base=target_branch, draft=True)
+  pr.add_to_labels(*labels)
   print('Created PR #' + str(pr.number))
 
   # Assign the conductor
   pr.add_to_assignees(conductor)
   print('Assigned PR to ' + conductor)
 
-# Gets the person who should be in charge of the mergeback PR
-def get_conductor(repo, pull_requests, other_commits):
-  # If there are any PRs then use whoever merged the last one
-  if len(pull_requests) > 0:
-    return get_merger_of_pr(repo, pull_requests[-1])
-
-  # Otherwise take the author of the latest commit
-  return other_commits[-1].author.login
-
-# Gets a list of the SHAs of all commits that have happened on main
-# since the release branched off.
-# This will not include any commits that exist on the release branch
-# that aren't on main.
-def get_commit_difference(repo):
-  commits = run_git('log', '--pretty=format:%H', ORIGIN + '/' + LATEST_RELEASE_BRANCH + '..' + ORIGIN + '/' + MAIN_BRANCH).strip().split('\n')
+# Gets a list of the SHAs of all commits that have happened on the source branch
+# since the last release to the target branch.
+# This will not include any commits that exist on the target branch
+# that aren't on the source branch.
+def get_commit_difference(repo, source_branch, target_branch):
+  # Passing split nothing means that the empty string splits to nothing: compare `''.split() == []`
+  # to `''.split('\n') == ['']`.
+  commits = run_git('log', '--pretty=format:%H', ORIGIN + '/' + target_branch + '..' + ORIGIN + '/' + source_branch).strip().split()
 
   # Convert to full-fledged commit objects
   commits = [repo.get_commit(c) for c in commits]
@@ -136,7 +141,7 @@ def get_truncated_commit_message(commit):
   else:
     return message
 
-# Converts a commit into the PR that introduced it to the main branch.
+# Converts a commit into the PR that introduced it to the source branch.
 # Returns the PR object, or None if no PR could be found.
 def get_pr_for_commit(repo, commit):
   prs = commit.get_pulls()
@@ -179,29 +184,65 @@ def update_changelog(version):
 
 
 def main():
-  if len(sys.argv) != 3:
-    raise Exception('Usage: update-release.branch.py <github token> <repository nwo>')
-  github_token = sys.argv[1]
-  repository_nwo = sys.argv[2]
+  parser = argparse.ArgumentParser('update-release-branch.py')
 
-  repo = Github(github_token).get_repo(repository_nwo)
+  parser.add_argument(
+    '--github-token',
+    type=str,
+    required=True,
+    help='GitHub token, typically from GitHub Actions.'
+  )
+  parser.add_argument(
+    '--repository-nwo',
+    type=str,
+    required=True,
+    help='The nwo of the repository, for example github/codeql-action.'
+  )
+  parser.add_argument(
+    '--mode',
+    type=str,
+    required=True,
+    choices=[V2_MODE, V1_MODE],
+    help=f"Which release to perform. '{V2_MODE}' uses {SOURCE_BRANCH_FOR_MODE[V2_MODE]} as the source " +
+      f"branch and {TARGET_BRANCH_FOR_MODE[V2_MODE]} as the target branch. " +
+      f"'{V1_MODE}' uses {SOURCE_BRANCH_FOR_MODE[V1_MODE]} as the source branch and " +
+      f"{TARGET_BRANCH_FOR_MODE[V1_MODE]} as the target branch."
+  )
+  parser.add_argument(
+    '--conductor',
+    type=str,
+    required=True,
+    help='The GitHub handle of the person who is conducting the release process.'
+  )
+
+  args = parser.parse_args()
+
+  source_branch = SOURCE_BRANCH_FOR_MODE[args.mode]
+  target_branch = TARGET_BRANCH_FOR_MODE[args.mode]
+
+  repo = Github(args.github_token).get_repo(args.repository_nwo)
   version = get_current_version()
 
+  if args.mode == V1_MODE:
+    # Change the version number to a v1 equivalent
+    version = get_current_version()
+    version = f'1{version[1:]}'
+
   # Print what we intend to go
-  print('Considering difference between ' + MAIN_BRANCH + ' and ' + LATEST_RELEASE_BRANCH)
-  short_main_sha = run_git('rev-parse', '--short', ORIGIN + '/' + MAIN_BRANCH).strip()
-  print('Current head of ' + MAIN_BRANCH + ' is ' + short_main_sha)
+  print('Considering difference between ' + source_branch + ' and ' + target_branch)
+  source_branch_short_sha = run_git('rev-parse', '--short', ORIGIN + '/' + source_branch).strip()
+  print('Current head of ' + source_branch + ' is ' + source_branch_short_sha)
 
   # See if there are any commits to merge in
-  commits = get_commit_difference(repo)
+  commits = get_commit_difference(repo=repo, source_branch=source_branch, target_branch=target_branch)
   if len(commits) == 0:
-    print('No commits to merge from ' + MAIN_BRANCH + ' to ' + LATEST_RELEASE_BRANCH)
+    print('No commits to merge from ' + source_branch + ' to ' + target_branch)
     return
 
   # The branch name is based off of the name of branch being merged into
   # and the SHA of the branch being merged from. Thus if the branch already
   # exists we can assume we don't need to recreate it.
-  new_branch_name = 'update-v' + version + '-' + short_main_sha
+  new_branch_name = 'update-v' + version + '-' + source_branch_short_sha
   print('Branch name is ' + new_branch_name)
 
   # Check if the branch already exists. If so we can abort as this script
@@ -212,19 +253,90 @@ def main():
 
   # Create the new branch and push it to the remote
   print('Creating branch ' + new_branch_name)
-  run_git('checkout', '-b', new_branch_name, ORIGIN + '/' + MAIN_BRANCH)
 
-  print('Updating changelog')
-  update_changelog(version)
+  # The process of creating the v1 release can run into merge conflicts. We commit the unresolved
+  # conflicts so a maintainer can easily resolve them (vs erroring and requiring maintainers to
+  # reconstruct the release manually)
+  conflicted_files = []
 
-  # Create a commit that updates the CHANGELOG
-  run_git('add', 'CHANGELOG.md')
-  run_git('commit', '-m', version)
+  if args.mode == V1_MODE:
+    # If we're performing a backport, start from the target branch
+    print(f'Creating {new_branch_name} from the {ORIGIN}/{target_branch} branch')
+    run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{target_branch}')
+
+    # Revert the commit that we made as part of the last release that updated the version number and
+    # changelog to refer to 1.x.x variants. This avoids merge conflicts in the changelog and
+    # package.json files when we merge in the v2 branch.
+    # This commit will not exist the first time we release the v1 branch from the v2 branch, so we
+    # use `git log --grep` to conditionally revert the commit.
+    print('Reverting the 1.x.x version number and changelog updates from the last release to avoid conflicts')
+    v1_update_commits = run_git('log', '--grep', '^Update version and changelog for v', '--format=%H').split()
+
+    if len(v1_update_commits) > 0:
+      print(f'  Reverting {v1_update_commits[0]}')
+      # Only revert the newest commit as older ones will already have been reverted in previous
+      # releases.
+      run_git('revert', v1_update_commits[0], '--no-edit')
+
+      # Also revert the "Update checked-in dependencies" commit created by Actions.
+      update_dependencies_commit = run_git('log', '--grep', '^Update checked-in dependencies', '--format=%H').split()[0]
+      print(f'  Reverting {update_dependencies_commit}')
+      run_git('revert', update_dependencies_commit, '--no-edit')
+
+    else:
+      print('  Nothing to revert.')
+
+    print(f'Merging {ORIGIN}/{source_branch} into the release prep branch')
+    # Commit any conflicts (see the comment for `conflicted_files`)
+    run_git('merge', f'{ORIGIN}/{source_branch}', allow_non_zero_exit_code=True)
+    conflicted_files = run_git('diff', '--name-only', '--diff-filter', 'U').splitlines()
+    if len(conflicted_files) > 0:
+      run_git('add', '.')
+      run_git('commit', '--no-edit')
+
+    # Migrate the package version number from a v2 version number to a v1 version number
+    print(f'Setting version number to {version}')
+    subprocess.run(['npm', 'version', version, '--no-git-tag-version'])
+    run_git('add', 'package.json', 'package-lock.json')
+
+    # Migrate the changelog notes from v2 version numbers to v1 version numbers
+    print('Migrating changelog notes from v2 to v1')
+    subprocess.run(['sed', '-i', 's/^## 2\./## 1./g', 'CHANGELOG.md'])
+
+    # Remove changelog notes from v2 that don't apply to v1
+    subprocess.run(['sed', '-i', '/^- \[v2+ only\]/d', 'CHANGELOG.md'])
+
+    # Amend the commit generated by `npm version` to update the CHANGELOG
+    run_git('add', 'CHANGELOG.md')
+    run_git('commit', '-m', f'Update version and changelog for v{version}')
+  else:
+    # If we're performing a standard release, there won't be any new commits on the target branch,
+    # as these will have already been merged back into the source branch. Therefore we can just
+    # start from the source branch.
+    run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{source_branch}')
+
+    print('Updating changelog')
+    update_changelog(version)
+
+    # Create a commit that updates the CHANGELOG
+    run_git('add', 'CHANGELOG.md')
+    run_git('commit', '-m', f'Update changelog for v{version}')
 
   run_git('push', ORIGIN, new_branch_name)
 
   # Open a PR to update the branch
-  open_pr(repo, commits, short_main_sha, new_branch_name)
+  open_pr(
+    repo,
+    commits,
+    source_branch_short_sha,
+    new_branch_name,
+    source_branch=source_branch,
+    target_branch=target_branch,
+    conductor=args.conductor,
+    is_v2_release=args.mode == V2_MODE,
+    labels=['Update dependencies'] if args.mode == V1_MODE else [],
+    conflicted_files=conflicted_files
+  )
 
 if __name__ == '__main__':
   main()

.github/workflows/__analyze-ref-input.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -65,11 +66,11 @@ jobs:
         - os: windows-2022
           version: nightly-latest
     name: "Analyze: 'ref' and 'sha' from inputs"
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__debug-artifacts.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -49,11 +50,11 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: Debug artifact upload
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
@@ -70,7 +71,7 @@ jobs:
       run: ./build.sh
     - uses: ./../action/analyze
       id: analysis
-    - uses: actions/download-artifact@v2
+    - uses: actions/download-artifact@v3
       with:
         name: my-debug-artifacts-${{ matrix.os }}-${{ matrix.version }}
     - shell: bash

.github/workflows/__extractor-ram-threads.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -27,11 +28,11 @@ jobs:
         - os: ubuntu-latest
           version: latest
     name: Extractor ram and threads options test
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__go-custom-queries.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -65,17 +66,17 @@ jobs:
         - os: windows-2022
           version: nightly-latest
     name: 'Go: Custom queries'
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
       with:
         version: ${{ matrix.version }}
-    - uses: actions/setup-go@v2
+    - uses: actions/setup-go@v3
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__go-custom-tracing-autobuild.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -49,17 +50,17 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: 'Go: Autobuild custom tracing'
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
       with:
         version: ${{ matrix.version }}
-    - uses: actions/setup-go@v2
+    - uses: actions/setup-go@v3
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__go-custom-tracing.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -65,17 +66,17 @@ jobs:
         - os: windows-2022
           version: nightly-latest
     name: 'Go: Custom tracing'
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
       with:
         version: ${{ matrix.version }}
-    - uses: actions/setup-go@v2
+    - uses: actions/setup-go@v3
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__javascript-source-root.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -31,11 +32,11 @@ jobs:
         - os: ubuntu-latest
           version: nightly-latest
     name: Custom source root
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__ml-powered-queries.yml

@@ -0,0 +1,129 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pip install ruamel.yaml && python3 sync.py
+# to regenerate this file.
+
+name: PR Check - ML-powered queries
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  ml-powered-queries:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: stable-20220120
+        - os: macos-latest
+          version: stable-20220120
+        - os: windows-latest
+          version: stable-20220120
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-latest
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-latest
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-latest
+          version: nightly-latest
+    name: ML-powered queries
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - uses: ./../action/init
+      with:
+        languages: javascript
+        queries: security-extended
+        source-root: ./../action/tests/ml-powered-queries-repo
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - uses: ./../action/analyze
+      with:
+        output: ${{ runner.temp }}/results
+        upload-database: false
+      env:
+        TEST_MODE: true
+
+    - name: Upload SARIF
+      uses: actions/upload-artifact@v3
+      with:
+        name: ml-powered-queries-${{ matrix.os }}-${{ matrix.version }}.sarif.json
+        path: ${{ runner.temp }}/results/javascript.sarif
+        retention-days: 7
+
+    - name: Check results
+    # Running ML-powered queries on Windows requires CodeQL CLI 2.9.0+. We don't run these checks
+    # against Windows and `cached` while CodeQL CLI 2.9.0 makes its way into `cached` to avoid the
+    # test starting to fail when the cached CodeQL Bundle gets updated. Once the CodeQL Bundle
+    # containing CodeQL CLI 2.9.0 has been fully released, we can drop this line and start running
+    # these checks on Windows and `cached`.
+      if: matrix.os != 'windows-latest' || matrix.version != 'cached'
+      env:
+      # Running on Windows requires CodeQL CLI 2.9.0+, which has so far only made it to 'latest'.
+        SHOULD_RUN_ML_POWERED_QUERIES: ${{ matrix.os != 'windows-latest' || matrix.version
+          == 'latest' || matrix.version == 'nightly-latest' }}
+      shell: bash
+      run: |
+        echo "Expecting ML-powered queries to be run: ${SHOULD_RUN_ML_POWERED_QUERIES}"
+
+        cd "$RUNNER_TEMP/results"
+        # We should run at least the ML-powered queries in `expected_rules`.
+        expected_rules="js/ml-powered/nosql-injection js/ml-powered/path-injection js/ml-powered/sql-injection js/ml-powered/xss"
+
+        for rule in ${expected_rules}; do
+          found_rule=$(jq --arg rule "${rule}" '[.runs[0].tool.extensions[].rules | select(. != null) |
+            flatten | .[].id] | any(. == $rule)' javascript.sarif)
+          echo "Did find rule '${rule}': ${found_rule}"
+          if [[ "${found_rule}" != "true" && "${SHOULD_RUN_ML_POWERED_QUERIES}" == "true" ]]; then
+            echo "Expected SARIF output to contain rule '${rule}', but found no such rule."
+            exit 1
+          elif [[ "${found_rule}" == "true" && "${SHOULD_RUN_ML_POWERED_QUERIES}" != "true" ]]; then
+            echo "Found rule '${rule}' in the SARIF output which shouldn't have been part of the analysis."
+            exit 1
+          fi
+        done
+
+        # We should have at least one alert from an ML-powered query.
+        num_alerts=$(jq '[.runs[0].results[] |
+          select(.properties.score != null and (.rule.id | startswith("js/ml-powered/")))] | length' \
+          javascript.sarif)
+        echo "Found ${num_alerts} alerts from ML-powered queries.";
+        if [[ "${num_alerts}" -eq 0 && "${SHOULD_RUN_ML_POWERED_QUERIES}" == "true" ]]; then
+          echo "Expected to find at least one alert from an ML-powered query but found ${num_alerts}."
+          exit 1
+        elif [[ "${num_alerts}" -ne 0 && "${SHOULD_RUN_ML_POWERED_QUERIES}" != "true" ]]; then
+          echo "Expected not to find any alerts from an ML-powered query but found ${num_alerts}."
+          exit 1
+        fi
+    env:
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/__multi-language-autodetect.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -49,11 +50,11 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: Multi-language repository
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__packaging-config-inputs-js.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -25,15 +26,33 @@ jobs:
       matrix:
         include:
         - os: ubuntu-latest
-          version: nightly-20210831
+          version: latest
         - os: macos-latest
-          version: nightly-20210831
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
     name: 'Packaging: Config and input'
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
@@ -42,7 +61,7 @@ jobs:
     - uses: ./../action/init
       with:
         config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@0.1.0
+        packs: +dsp-testing/codeql-pack1@1.0.0
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
     - name: Build code
@@ -57,11 +76,11 @@ jobs:
       shell: bash
       run: |
         cd "$RUNNER_TEMP/results"
-        # We should have 3 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block"
+        # We should have 4 hits from these rules
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
 
         # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)"
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
         echo "Found matching rules '$RULES'"
         if [ "$RULES" != "$EXPECTED_RULES" ]; then
           echo "Did not match expected rules '$EXPECTED_RULES'."

.github/workflows/__packaging-config-js.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -25,15 +26,33 @@ jobs:
       matrix:
         include:
         - os: ubuntu-latest
-          version: nightly-20210831
+          version: latest
         - os: macos-latest
-          version: nightly-20210831
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
     name: 'Packaging: Config file'
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
@@ -56,11 +75,11 @@ jobs:
       shell: bash
       run: |
         cd "$RUNNER_TEMP/results"
-        # We should have 3 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block"
+        # We should have 4 hits from these rules
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
 
         # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)"
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
         echo "Found matching rules '$RULES'"
         if [ "$RULES" != "$EXPECTED_RULES" ]; then
           echo "Did not match expected rules '$EXPECTED_RULES'."

.github/workflows/__packaging-inputs-js.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -25,15 +26,33 @@ jobs:
       matrix:
         include:
         - os: ubuntu-latest
-          version: nightly-20210831
+          version: latest
         - os: macos-latest
-          version: nightly-20210831
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
     name: 'Packaging: Action input'
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
@@ -43,7 +62,7 @@ jobs:
       with:
         config-file: .github/codeql/codeql-config-packaging2.yml
         languages: javascript
-        packs: dsp-testing/codeql-pack1@0.1.0, dsp-testing/codeql-pack2
+        packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2, dsp-testing/codeql-pack3:other-query.ql
         tools: ${{ steps.prepare-test.outputs.tools-url }}
     - name: Build code
       shell: bash
@@ -57,11 +76,11 @@ jobs:
       shell: bash
       run: |
         cd "$RUNNER_TEMP/results"
-        # We should have 3 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block"
+        # We should have 4 hits from these rules
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
 
         # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)"
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
         echo "Found matching rules '$RULES'"
         if [ "$RULES" != "$EXPECTED_RULES" ]; then
           echo "Did not match expected rules '$EXPECTED_RULES'."

.github/workflows/__remote-config.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -65,11 +66,11 @@ jobs:
         - os: windows-2022
           version: nightly-latest
     name: Remote config file
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__rubocop-multi-language.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -37,11 +38,11 @@ jobs:
         - os: ubuntu-latest
           version: nightly-latest
     name: RuboCop multi-language
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__split-workflow.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -25,15 +26,23 @@ jobs:
       matrix:
         include:
         - os: ubuntu-latest
-          version: nightly-20210831
+          version: latest
         - os: macos-latest
-          version: nightly-20210831
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
     name: Split workflow
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test
@@ -42,7 +51,7 @@ jobs:
     - uses: ./../action/init
       with:
         config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@0.1.0
+        packs: +dsp-testing/codeql-pack1@1.0.0
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
     - name: Build code
@@ -71,11 +80,11 @@ jobs:
       shell: bash
       run: |
         cd "$RUNNER_TEMP/results"
-        # We should have 3 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block"
+        # We should have 4 hits from these rules
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
 
         # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)"
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
         echo "Found matching rules '$RULES'"
         if [ "$RULES" != "$EXPECTED_RULES" ]; then
           echo "Did not match expected rules '$EXPECTED_RULES'."

.github/workflows/__test-autobuild-working-dir.yml

@@ -0,0 +1,67 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pip install ruamel.yaml && python3 sync.py
+# to regenerate this file.
+
+name: PR Check - Autobuild working directory
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  test-autobuild-working-dir:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: latest
+    name: Autobuild working directory
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - name: Test setup
+      shell: bash
+      run: |
+        # Make sure that Gradle build succeeds in autobuild-dir ...
+        cp -a ../action/tests/java-repo autobuild-dir
+        # ... and fails if attempted in the current directory
+        echo > build.gradle
+    - uses: ./../action/init
+      with:
+        languages: java
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+    - uses: ./../action/autobuild
+      with:
+        working-directory: autobuild-dir
+    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
+    - name: Check database
+      shell: bash
+      run: |
+        cd "$RUNNER_TEMP/codeql_databases"
+        if [[ ! -d java ]]; then
+          echo "Did not find a Java database"
+          exit 1
+        fi
+    env:
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/__test-local-codeql.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -27,11 +28,11 @@ jobs:
         - os: ubuntu-latest
           version: nightly-latest
     name: Local CodeQL bundle
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__test-proxy.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -27,11 +28,11 @@ jobs:
         - os: ubuntu-latest
           version: latest
     name: Proxy test
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__test-ruby.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -37,11 +38,11 @@ jobs:
         - os: macos-latest
           version: nightly-latest
     name: Ruby analysis
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__unset-environment.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -37,11 +38,11 @@ jobs:
         - os: ubuntu-latest
           version: nightly-latest
     name: Test unsetting environment variables
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__upload-ref-sha-input.yml

@@ -11,7 +11,8 @@ on:
   push:
     branches:
     - main
-    - v1
+    - releases/v1
+    - releases/v2
   pull_request:
     types:
     - opened
@@ -65,11 +66,11 @@ jobs:
         - os: windows-2022
           version: nightly-latest
     name: "Upload-sarif: 'ref' and 'sha' from inputs"
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
     - name: Prepare test
       id: prepare-test
       uses: ./.github/prepare-test

.github/workflows/__with-checkout-path.yml

@@ -0,0 +1,146 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pip install ruamel.yaml && python3 sync.py
+# to regenerate this file.
+
+name: PR Check - Use a custom `checkout_path`
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  with-checkout-path:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: stable-20210308
+        - os: macos-latest
+          version: stable-20210308
+        - os: windows-2019
+          version: stable-20210308
+        - os: ubuntu-latest
+          version: stable-20210319
+        - os: macos-latest
+          version: stable-20210319
+        - os: windows-2019
+          version: stable-20210319
+        - os: ubuntu-latest
+          version: stable-20210809
+        - os: macos-latest
+          version: stable-20210809
+        - os: windows-2019
+          version: stable-20210809
+        - os: ubuntu-latest
+          version: cached
+        - os: macos-latest
+          version: cached
+        - os: windows-2019
+          version: cached
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-2019
+          version: latest
+        - os: windows-2022
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-2019
+          version: nightly-latest
+        - os: windows-2022
+          version: nightly-latest
+    name: Use a custom `checkout_path`
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - uses: actions/checkout@v3
+      with:
+        ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
+        path: x/y/z/some-path
+    - uses: ./../action/init
+      with:
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+      # it's enough to test one compiled language and one interpreted language
+        languages: csharp,javascript
+        source-path: x/y/z/some-path/tests/multi-language-repo
+        debug: true
+    - name: Build code (non-windows)
+      shell: bash
+      if: ${{ runner.os != 'Windows' }}
+      run: |
+        $CODEQL_RUNNER x/y/z/some-path/tests/multi-language-repo/build.sh
+    - name: Build code (windows)
+      shell: bash
+      if: ${{ runner.os == 'Windows' }}
+      run: |
+        x/y/z/some-path/tests/multi-language-repo/build.sh
+    - uses: ./../action/analyze
+      with:
+        checkout_path: x/y/z/some-path/tests/multi-language-repo
+        ref: v1.1.0
+        sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
+        upload: false
+      env:
+        TEST_MODE: true
+
+    - uses: ./../action/upload-sarif
+      with:
+        ref: v1.1.0
+        sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
+        checkout_path: x/y/z/some-path/tests/multi-language-repo
+      env:
+        TEST_MODE: true
+
+    - name: Verify SARIF after upload
+      shell: bash
+      run: |
+        EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6"
+        EXPECTED_REF="v1.1.0"
+        EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo"
+
+        ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)"
+        ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)"
+        ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)"
+
+        if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then
+          echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID"
+          echo "$RUNNER_TEMP/payload.json"
+          exit 1
+        fi
+
+        if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then
+          echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'"
+          echo "$RUNNER_TEMP/payload.json"
+          exit 1
+        fi
+
+        if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then
+          echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI"
+          echo "$RUNNER_TEMP/payload.json"
+          exit 1
+        fi
+    env:
+      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true

.github/workflows/check-expected-release-files.yml

@@ -15,7 +15,7 @@ jobs:
 
     steps:
       - name: Checkout CodeQL Action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Check Expected Release Files
         run: |
           bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")"

.github/workflows/check-for-conflicts.yml

@@ -0,0 +1,31 @@
+# Checks for any conflict markers created by git. This check is primarily intended to validate that
+# any merge conflicts in the v2 -> v1 backport PR are fixed before the PR is merged.
+name: Check for conflicts
+
+on:
+  pull_request:
+    branches: [main, v1, v2]
+    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
+    # by other workflows.
+    types: [opened, synchronize, reopened, ready_for_review]
+
+jobs:
+  check-for-conflicts:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Check for conflicts
+        run: |
+          # Use `|| true` since grep returns exit code 1 if there are no matches, and we don't want
+          # this to fail the workflow.
+          FILES_WITH_CONFLICTS=$(grep --extended-regexp --ignore-case --line-number --recursive \
+            '^(<<<<<<<|>>>>>>>)' . || true)
+          if [[ "${FILES_WITH_CONFLICTS}" ]]; then
+            echo "Fail: Found merge conflict markers in the following files:"
+            echo ""
+            echo "${FILES_WITH_CONFLICTS}"
+            exit 1
+          else
+            echo "Success: Found no merge conflict markers."
+          fi

.github/workflows/codeql.yml

@@ -2,9 +2,9 @@ name: "CodeQL action"
 
 on:
   push:
-    branches: [main, v1]
+    branches: [main, releases/v1, releases/v2]
   pull_request:
-    branches: [main, v1]
+    branches: [main, releases/v1, releases/v2]
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
     types: [opened, synchronize, reopened, ready_for_review]
@@ -20,7 +20,7 @@ jobs:
       security-events: write
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Init with default CodeQL bundle from the VM image
       id: init-default
       uses: ./init
@@ -75,7 +75,7 @@ jobs:
       security-events: write
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - uses: ./init
       id: init
       with:

.github/workflows/post-release-mergeback.yml

@@ -1,7 +1,8 @@
-# This workflow runs after a release of the action.
-# It merges any changes from the release back into the
-# main branch. Typically, this is just a single commit
-# that updates the changelog.
+# This workflow runs after a release of the action. For v2 releases, it merges any changes from the
+# release back into the main branch. Typically, this is just a single commit that updates the
+# changelog. For v2 and v1 releases, it then (a) tags the merge commit on the release branch that
+# represents the new release with an `vx.y.z` tag and (b) updates the `vx` tag to refer to this
+# commit.
 name: Tag release and merge back
 
 on:
@@ -14,7 +15,8 @@ on:
 
   push:
     branches:
-      - v1
+      - releases/v1
+      - releases/v2
 
 jobs:
   merge-back:
@@ -25,13 +27,16 @@ jobs:
       HEAD_BRANCH: "${{ github.head_ref || github.ref }}"
 
     steps:
-      - name: Dump GitHub Event context
-        env:
-          GITHUB_EVENT_CONTEXT: "${{ toJson(github.event) }}"
-        run: echo "$GITHUB_EVENT_CONTEXT"
+      - name: Dump environment
+        run: env
 
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - name: Dump GitHub context
+        env:
+          GITHUB_CONTEXT: '${{ toJson(github) }}'
+        run: echo "${GITHUB_CONTEXT}"
+
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
 
       - name: Update git config
         run: |
@@ -42,25 +47,25 @@ jobs:
         id: getVersion
         run: |
           VERSION="v$(jq '.version' -r 'package.json')"
-          SHORT_SHA="${GITHUB_SHA:0:8}"
-          echo "::set-output name=version::$VERSION"
-          NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${SHORT_SHA}"
-          echo "::set-output name=newBranch::$NEW_BRANCH"
+          echo "::set-output name=version::${VERSION}"
+          short_sha="${GITHUB_SHA:0:8}"
+          NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${short_sha}"
+          echo "::set-output name=newBranch::${NEW_BRANCH}"
 
 
       - name: Dump branches
         env:
           NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}"
         run: |
-          echo "BASE_BRANCH $BASE_BRANCH"
-          echo "HEAD_BRANCH $HEAD_BRANCH"
-          echo "NEW_BRANCH $NEW_BRANCH"
+          echo "BASE_BRANCH ${BASE_BRANCH}"
+          echo "HEAD_BRANCH ${HEAD_BRANCH}"
+          echo "NEW_BRANCH ${NEW_BRANCH}"
 
       - name: Create mergeback branch
         env:
           NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}"
         run: |
-          git checkout -b "$NEW_BRANCH"
+          git checkout -b "${NEW_BRANCH}"
 
       - name: Check for tag
         id: check
@@ -68,13 +73,13 @@ jobs:
           VERSION: "${{ steps.getVersion.outputs.version }}"
         run: |
           set +e # don't fail on an errored command
-          git ls-remote --tags origin | grep "$VERSION"
-          EXISTS="$?"
-          if [ "$EXISTS" -eq 0 ]; then
-            echo "Tag $TAG exists. Not going to re-release."
+          git ls-remote --tags origin | grep "${VERSION}"
+          exists="$?"
+          if [ "${exists}" -eq 0 ]; then
+            echo "Tag ${VERSION} exists. Not going to re-release."
             echo "::set-output name=exists::true"
           else
-            echo "Tag $TAG does not exist yet."
+            echo "Tag ${VERSION} does not exist yet."
           fi
 
       # we didn't tag the release during the update-release-branch workflow because the
@@ -85,35 +90,48 @@ jobs:
         env:
           VERSION: ${{ steps.getVersion.outputs.version }}
         run: |
-          git tag -a "$VERSION" -m "$VERSION"
-          git fetch --unshallow  # unshallow the repo in order to allow pushes
-          git push origin --follow-tags "$VERSION"
+          # Unshallow the repo in order to allow pushes
+          git fetch --unshallow
+          # Create the `vx.y.z` tag
+          git tag --annotate "${VERSION}" --message "${VERSION}"
+          # Update the `vx` tag
+          major_version_tag=$(cut -d '.' -f1 <<< "${VERSION}")
+          # Use `--force` to overwrite the major version tag
+          git tag --annotate "${major_version_tag}" --message "${major_version_tag}" --force
+          # Push the tags, using:
+          # - `--atomic` to make sure we either update both tags or neither (an intermediate state,
+          #   e.g. where we update the v2.x.y tag on the remote but not the v2 tag, could result in
+          #   unwanted Dependabot updates, e.g. from v2 to v2.x.y)
+          # - `--force` since we're overwriting the `vx` tag
+          git push origin --atomic --force refs/tags/"${VERSION}" refs/tags/"${major_version_tag}"
 
       - name: Create mergeback branch
-        if: steps.check.outputs.exists != 'true'
+        if: steps.check.outputs.exists != 'true' && contains(github.ref, 'releases/v2')
         env:
           VERSION: "${{ steps.getVersion.outputs.version }}"
           NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}"
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
         run: |
           set -exu
-          PR_TITLE="Mergeback $VERSION $HEAD_BRANCH into $BASE_BRANCH"
-          PR_BODY="Updates version and changelog."
+          pr_title="Mergeback ${VERSION} ${HEAD_BRANCH} into ${BASE_BRANCH}"
+          pr_body="Updates version and changelog."
+
+          # Update the version number ready for the next release
+          npm version patch --no-git-tag-version
 
           # Update the changelog
           perl -i -pe 's/^/## \[UNRELEASED\]\n\nNo user facing changes.\n\n/ if($.==3)' CHANGELOG.md
           git add .
-          git commit -m "Update changelog and version after $VERSION"
-          npm version patch
+          git commit -m "Update changelog and version after ${VERSION}"
 
-          git push origin "$NEW_BRANCH"
+          git push origin "${NEW_BRANCH}"
 
           # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft
           # so that a maintainer can take the PR out of draft, thereby triggering the PR checks.
           gh pr create \
-            --head "$NEW_BRANCH" \
-            --base "$BASE_BRANCH" \
-            --title "$PR_TITLE" \
+            --head "${NEW_BRANCH}" \
+            --base "${BASE_BRANCH}" \
+            --title "${pr_title}" \
             --label "Update dependencies" \
-            --body "$PR_BODY" \
+            --body "${pr_body}" \
             --draft

.github/workflows/pr-checks.yml

@@ -2,7 +2,7 @@ name: PR Checks (Basic Checks and Runner)
 
 on:
   push:
-    branches: [main, v1]
+    branches: [main, releases/v1, releases/v2]
   pull_request:
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
@@ -13,41 +13,69 @@ jobs:
   lint-js:
     name: Lint
     runs-on: ubuntu-latest
-    timeout-minutes: 30
+    timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Run Lint
         run: npm run-script lint
 
   check-js:
     runs-on: ubuntu-latest
-    timeout-minutes: 30
+    timeout-minutes: 45
+
+    strategy:
+      fail-fast: true
+      matrix:
+        node-types-version: [12.12, current]
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
+
+      - name: Update version of @types/node
+        if: matrix.node-types-version != 'current'
+        env:
+          NODE_TYPES_VERSION: ${{ matrix.node-types-version }}
+        run: |
+          # Export `NODE_TYPES_VERSION` so it's available to jq
+          export NODE_TYPES_VERSION="${NODE_TYPES_VERSION}"
+          contents=$(jq '.devDependencies."@types/node" = env.NODE_TYPES_VERSION' package.json)
+          echo "${contents}" > package.json
+          # Usually we run `npm install` on macOS to ensure that we pick up macOS-only dependencies.
+          # However we're not checking in the updated lockfile here, so it's fine to run
+          # `npm install` on Linux.
+          npm install
+
+          if [ ! -z "$(git status --porcelain)" ]; then
+            git config --global user.email "github-actions@github.com"
+            git config --global user.name "github-actions[bot]"
+            # The period in `git add --all .` ensures that we stage deleted files too.
+            git add --all .
+            git commit -m "Use @types/node=${NODE_TYPES_VERSION}"
+          fi
+
       - name: Check generated JS
         run: .github/workflows/script/check-js.sh
 
   check-node-modules:
     name: Check modules up to date
     runs-on: macos-latest
-    timeout-minutes: 30
+    timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Check node modules up to date
         run: .github/workflows/script/check-node-modules.sh
 
   verify-pr-checks:
     name: Verify PR checks up to date
     runs-on: ubuntu-latest
-    timeout-minutes: 30
+    timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v3
         with:
           python-version: 3.8
       - name: Install dependencies
@@ -64,21 +92,21 @@ jobs:
       matrix:
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
-    timeout-minutes: 30
+    timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: npm run-script test
         run: npm run-script test
 
   runner-analyze-javascript-ubuntu:
     name: Runner ubuntu JS analyze
     needs: [check-js, check-node-modules]
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Build runner
         run: |
@@ -103,11 +131,11 @@ jobs:
   runner-analyze-javascript-windows:
     name: Runner windows JS analyze
     needs: [check-js, check-node-modules]
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: windows-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Build runner
         run: |
@@ -128,11 +156,11 @@ jobs:
   runner-analyze-javascript-macos:
     name: Runner macos JS analyze
     needs: [check-js, check-node-modules]
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: macos-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Build runner
         run: |
@@ -153,11 +181,11 @@ jobs:
   runner-analyze-csharp-ubuntu:
     name: Runner ubuntu C# analyze
     needs: [check-js, check-node-modules]
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Move codeql-action
         shell: bash
@@ -193,11 +221,11 @@ jobs:
     needs: [check-js, check-node-modules]
     # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of
     # `windows-latest`.
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: windows-2019
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Move codeql-action
         shell: bash
@@ -225,7 +253,7 @@ jobs:
           & $Env:CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false
 
       - name: Upload tracer logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: tracer-logs
           path: ./codeql-runner/compound-build-tracer.log
@@ -238,12 +266,12 @@ jobs:
 
   runner-analyze-csharp-macos:
     name: Runner macos C# analyze
-    timeout-minutes: 30
+    timeout-minutes: 45
     needs: [check-js, check-node-modules]
     runs-on: macos-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Move codeql-action
         shell: bash
@@ -277,12 +305,12 @@ jobs:
 
   runner-analyze-csharp-autobuild-ubuntu:
     name: Runner ubuntu autobuild C# analyze
-    timeout-minutes: 30
+    timeout-minutes: 45
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Move codeql-action
         shell: bash
@@ -313,7 +341,7 @@ jobs:
           TEST_MODE: true
 
   runner-analyze-csharp-autobuild-windows:
-    timeout-minutes: 30
+    timeout-minutes: 45
     name: Runner windows autobuild C# analyze
     needs: [check-js, check-node-modules]
     # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of
@@ -321,7 +349,7 @@ jobs:
     runs-on: windows-2019
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Move codeql-action
         shell: bash
@@ -356,10 +384,10 @@ jobs:
     name: Runner macos autobuild C# analyze
     needs: [check-js, check-node-modules]
     runs-on: macos-latest
-    timeout-minutes: 30
+    timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Move codeql-action
         shell: bash
@@ -394,12 +422,12 @@ jobs:
     name: Runner upload sarif
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
-    timeout-minutes: 30
+    timeout-minutes: 45
 
     if: ${{ github.event_name != 'pull_request' || github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }}
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Build runner
         run: |
@@ -417,10 +445,10 @@ jobs:
     name: Runner ubuntu extractor RAM and threads options
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
-    timeout-minutes: 30
+    timeout-minutes: 45
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Build runner
         run: |

.github/workflows/python-deps.yml

@@ -2,7 +2,7 @@ name: Test Python Package Installation on Linux and Mac
 
 on:
   push:
-    branches: [main, v1]
+    branches: [main, releases/v1, releases/v2]
   pull_request:
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
@@ -10,7 +10,7 @@ on:
 
 jobs:
   test-setup-python-scripts:
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     strategy:
         fail-fast: false
@@ -25,7 +25,7 @@ jobs:
 
     steps:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Initialize CodeQL
       uses: ./init
@@ -71,7 +71,7 @@ jobs:
 
     steps:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Initialize CodeQL
       uses: ./init
@@ -122,9 +122,9 @@ jobs:
 
     steps:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
-    - uses: actions/setup-python@v2
+    - uses: actions/setup-python@v3
       with:
         python-version: ${{ matrix.python_version }}
 

.github/workflows/release-runner.yml

@@ -1,55 +0,0 @@
-name: Release runner
-
-on:
-  workflow_dispatch:
-    inputs:
-      bundle-tag:
-        description: 'Tag of the bundle release (e.g., "codeql-bundle-20200826")'
-        required: false
-
-jobs:
-  release-runner:
-    timeout-minutes: 30
-    runs-on: ubuntu-latest
-    env:
-      RELEASE_TAG: "${{ github.event.inputs.bundle-tag }}"
-
-    strategy:
-      matrix:
-        extension: ["linux", "macos", "win.exe"]
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Build runner
-        run: |
-          cd runner
-          npm install
-          npm run build-runner
-
-      - uses: actions/upload-artifact@v2
-        with:
-          name: codeql-runner-${{matrix.extension}}
-          path: runner/dist/codeql-runner-${{matrix.extension}}
-
-      - name: Resolve Upload URL for the release
-        if: ${{ github.event.inputs.bundle-tag != null }}
-        id: save_url
-        run: |
-          UPLOAD_URL=$(curl -sS \
-                "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/${RELEASE_TAG}" \
-                -H "Accept: application/json" \
-                -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" | jq .upload_url | sed s/\"//g)
-          echo ${UPLOAD_URL}
-          echo "::set-output name=upload_url::${UPLOAD_URL}"
-
-      - name: Upload Platform Package
-        if: ${{ github.event.inputs.bundle-tag != null }}
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.save_url.outputs.upload_url }}
-          asset_path: runner/dist/codeql-runner-${{matrix.extension}}
-          asset_name: codeql-runner-${{matrix.extension}}
-          asset_content_type: application/octet-stream

.github/workflows/script/update-required-checks.sh

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+# Update the required checks based on the current branch.
+# Typically, this will be main.
+
+if [ -z "$GITHUB_TOKEN" ]; then
+  echo "Failed: No GitHub token found. This script requires admin access to `github/codeql-action`."
+  exit 1
+fi
+
+if [ "$#" -eq 1 ]; then
+  # If we were passed an argument, pass it as a query to fzf
+  GITHUB_SHA="$@"
+elif [ "$#" -gt 1 ]; then
+  echo "Usage: $0 [SHA]"
+  echo "Update the required checks based on the SHA, or main."
+elif [ -z "$GITHUB_SHA" ]; then
+  # If we don't have a SHA, use main
+  GITHUB_SHA="$(git rev-parse main)"
+fi
+
+echo "Getting checks for $GITHUB_SHA"
+
+# Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
+CHECKS="$(gh api repos/github/codeql-action/commits/${GITHUB_SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") | not)] | sort')"
+
+echo "$CHECKS" | jq
+
+echo "{\"contexts\": ${CHECKS}}" > checks.json
+
+for BRANCH in main releases/v2 releases/v1; do
+  echo "Updating $BRANCH"
+  gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
+done
+
+rm checks.json

.github/workflows/split.yml

@@ -1,74 +0,0 @@
-#
-# Split the CodeQL Bundle into platform bundles
-#
-# Instructions:
-#  1. Upload the new codeql-bundle (codeql-bundle.tar.gz) as an asset of the
-#     release (codeql-bundle-20200826)
-#  2. Take note of the CLI Release used by the bundle (e.g., v2.2.5)
-#  3. Manually launch this workflow file (via the Actions UI) specifying
-#     - The CLI Release (e.g., v2.2.5)
-#     - The release tag (e.g., codeql-bundle-20200826)
-#  4. If everything succeeds you should see 3 new assets.
-#
-
-name: Split Bundle
-
-on:
- workflow_dispatch:
-    inputs:
-      cli-release:
-        description: 'CodeQL CLI Release (e.g., "v2.2.5")'
-        required: true
-      bundle-tag:
-        description: 'Tag of the bundle release (e.g., "codeql-bundle-20200826")'
-        required: true
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    timeout-minutes: 30
-    env:
-      CLI_RELEASE: "${{ github.event.inputs.cli-release }}"
-      RELEASE_TAG: "${{ github.event.inputs.bundle-tag }}"
-
-    strategy:
-      fail-fast: false
-      matrix:
-        platform: ["linux64", "osx64", "win64"]
-
-    steps:
-      - name: Resolve Upload URL for the release
-        id: save_url
-        run: |
-          UPLOAD_URL=$(curl -sS \
-               "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/${RELEASE_TAG}" \
-               -H "Accept: application/json" \
-               -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" | jq .upload_url | sed s/\"//g)
-          echo ${UPLOAD_URL}
-          echo "::set-output name=upload_url::${UPLOAD_URL}"
-
-      - name: Download CodeQL CLI and Bundle
-        run: |
-          wget --no-verbose "https://github.com/${GITHUB_REPOSITORY}/releases/download/${RELEASE_TAG}/codeql-bundle.tar.gz"
-          wget --no-verbose "https://github.com/github/codeql-cli-binaries/releases/download/${CLI_RELEASE}/codeql-${{matrix.platform}}.zip"
-
-      - name: Create Platform Package
-        # Replace the codeql-binaries with the platform specific ones
-        run: |
-          gunzip codeql-bundle.tar.gz
-          tar -f codeql-bundle.tar --delete codeql
-          unzip -q codeql-${{matrix.platform}}.zip
-          tar -f codeql-bundle.tar --append codeql
-          gzip codeql-bundle.tar
-          mv codeql-bundle.tar.gz codeql-bundle-${{matrix.platform}}.tar.gz
-          du -sh codeql-bundle-${{matrix.platform}}.tar.gz
-
-      - name: Upload Platform Package
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.save_url.outputs.upload_url }}
-          asset_path: ./codeql-bundle-${{matrix.platform}}.tar.gz
-          asset_name: codeql-bundle-${{matrix.platform}}.tar.gz
-          asset_content_type: application/tar+gzip

.github/workflows/update-dependencies.yml

@@ -6,12 +6,12 @@ on:
 jobs:
   update:
     name: Update dependencies
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: macos-latest
     if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'github/codeql-action')
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     - name: Remove PR label
       env:

.github/workflows/update-release-branch.yml

@@ -1,25 +1,35 @@
 name: Update release branch
 on:
-  repository_dispatch:
-    # Example of how to trigger this:
-    # curl -H "Authorization: Bearer <token>" -X POST https://api.github.com/repos/github/codeql-action/dispatches -d '{"event_type":"update-release-branch"}'
-    # Replace <token> with a personal access token from this page: https://github.com/settings/tokens
-    types: [update-release-branch]
+  # You can trigger this workflow via workflow dispatch to start a release.
+  # This will open a PR to update the v2 release branch.
   workflow_dispatch:
 
+  # When the v2 release is complete, this workflow will open a PR to update the v1 release branch.
+  push:
+    branches:
+      - releases/v2
+
 jobs:
   update:
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ubuntu-latest
-    if: ${{ github.repository == 'github/codeql-action' }}
+    if: github.repository == 'github/codeql-action'
     steps:
-    - uses: actions/checkout@v2
+    - name: Dump environment
+      run: env
+
+    - name: Dump GitHub context
+      env:
+        GITHUB_CONTEXT: '${{ toJson(github) }}'
+      run: echo "$GITHUB_CONTEXT"
+
+    - uses: actions/checkout@v3
       with:
         # Need full history so we calculate diffs
         fetch-depth: 0
 
     - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v3
       with:
         python-version: 3.8
 
@@ -33,5 +43,20 @@ jobs:
         git config --global user.email "github-actions@github.com"
         git config --global user.name "github-actions[bot]"
 
-    - name: Update release branch
-      run: python .github/update-release-branch.py ${{ secrets.GITHUB_TOKEN }} ${{ github.repository }}
+    - name: Update v2 release branch
+      if: github.event_name == 'workflow_dispatch'
+      run: |
+        python .github/update-release-branch.py \
+          --github-token ${{ secrets.GITHUB_TOKEN }} \
+          --repository-nwo ${{ github.repository }} \
+          --mode v2-release \
+          --conductor ${GITHUB_ACTOR}
+
+    - name: Update v1 release branch
+      if: github.event_name == 'push'
+      run: |
+        python .github/update-release-branch.py \
+          --github-token ${{ secrets.GITHUB_TOKEN }} \
+          --repository-nwo ${{ github.repository }} \
+          --mode v1-release \
+          --conductor ${GITHUB_ACTOR}

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -7,19 +7,19 @@ on:
 jobs:
   update-supported-enterprise-server-versions:
     name: Update Supported Enterprise Server Versions
-    timeout-minutes: 30
+    timeout-minutes: 45
     runs-on: ubuntu-latest
     if: ${{ github.repository == 'github/codeql-action' }}
 
     steps:
       - name: Setup Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v3
         with:
           python-version: "3.7"
       - name: Checkout CodeQL Action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Checkout Enterprise Releases
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           repository: github/enterprise-releases
           ssh-key: ${{ secrets.ENTERPRISE_RELEASES_SSH_KEY }}

CHANGELOG.md

@@ -4,6 +4,33 @@
 
 No user facing changes.
 
+## 2.1.10 - 10 May 2022
+
+- Update default CodeQL bundle version to 2.9.5. [#1056](https://github.com/github/codeql-action/pull/1056)
+- When `wait-for-processing` is enabled, the workflow will now fail if there were any errors that occurred during processing of the analysis results.
+
+## 2.1.9 - 27 Apr 2022
+
+- Add `working-directory` input to the `autobuild` action. [#1024](https://github.com/github/codeql-action/pull/1024)
+- The `analyze` and `upload-sarif` actions will now wait up to 2 minutes for processing to complete after they have uploaded the results so they can report any processing errors that occurred. This behavior can be disabled by setting the `wait-for-processing` action input to `"false"`. [#1007](https://github.com/github/codeql-action/pull/1007)
+- Update default CodeQL bundle version to 2.9.0.
+- Fix a bug where [status reporting fails on Windows](https://github.com/github/codeql-action/issues/1041). [#1042](https://github.com/github/codeql-action/pull/1042)
+
+## 2.1.8 - 08 Apr 2022
+
+- Update default CodeQL bundle version to 2.8.5. [#1014](https://github.com/github/codeql-action/pull/1014)
+- Fix error where the init action would fail due to a GitHub API request that was taking too long to complete [#1025](https://github.com/github/codeql-action/pull/1025)
+
+## 2.1.7 - 05 Apr 2022
+
+- A bug where additional queries specified in the workflow file would sometimes not be respected has been fixed. [#1018](https://github.com/github/codeql-action/pull/1018)
+
+## 2.1.6 - 30 Mar 2022
+
+- [v2+ only] The CodeQL Action now runs on Node.js v16. [#1000](https://github.com/github/codeql-action/pull/1000)
+- Update default CodeQL bundle version to 2.8.4. [#990](https://github.com/github/codeql-action/pull/990)
+- Fix a bug where an invalid `commit_oid` was being sent to code scanning when a custom checkout path was being used. [#956](https://github.com/github/codeql-action/pull/956)
+
 ## 1.1.5 - 15 Mar 2022
 
 - Update default CodeQL bundle version to 2.8.3.
@@ -19,7 +46,7 @@ No user facing changes.
 
 ## 1.1.3 - 23 Feb 2022
 
-- Fix bug where the CLR traces can continue tracing even after tracing should be stopped. [#938](https://github.com/github/codeql-action/pull/938)
+- Fix a bug where the CLR traces can continue tracing even after tracing should be stopped. [#938](https://github.com/github/codeql-action/pull/938)
 
 ## 1.1.2 - 17 Feb 2022
 

CODEOWNERS

@@ -1 +1,3 @@
 **/* @github/codeql-action-reviewers
+
+/python-setup/ @github/codeql-python @github/codeql-action-reviewers

CONTRIBUTING.md

@@ -61,35 +61,30 @@ Here are a few things you can do that will increase the likelihood of your pull
 ## Releasing (write access required)
 
 1. The first step of releasing a new version of the `codeql-action` is running the "Update release branch" workflow.
-    This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `v1` release branch.
+    This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `releases/v2` release branch.
 
-    A release is automatically started every Monday via a scheduled run of this workflow, however you can start a release manually by triggering a run via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml).
-1. The workflow run will open a pull request titled "Merge main into v1". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks.
+    You can start a release by triggering this workflow via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml).
+1. The workflow run will open a pull request titled "Merge main into releases/v2". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks.
 1. Review the checklist items in the pull request description.
-    Once you've checked off all but the last of these, approve the PR and automerge it.
-1. When the "Merge main into v1" pull request is merged into the `v1` branch, the "Tag release and merge back" workflow will create a mergeback PR.
-    This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into v1" pull request, and bumps the patch version of the CodeQL Action.
+    Once you've checked off all but the last two of these, approve the PR and automerge it.
+1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Tag release and merge back" workflow will create a mergeback PR.
+    This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into releases/v2" pull request, and bumps the patch version of the CodeQL Action.
 
-    Approve the mergeback PR and automerge it. Once the mergeback has been merged into main, the release is complete.
+    Approve the mergeback PR and automerge it.
+1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Update release branch" workflow will create a "Merge releases/v2 into releases/v1" pull request to merge the changes since the last release into the `releases/v1` release branch.
+    This ensures we keep both the `releases/v1` and `releases/v2` release branches up to date and fully supported.
+
+    Review the checklist items in the pull request description.
+    Once you've checked off all the items, approve the PR and automerge it.
+1. Once the mergeback has been merged to `main` and the "Merge releases/v2 into releases/v1" PR has been merged to `releases/v1`, the release is complete.
 
 ## Keeping the PR checks up to date (admin access required)
 
-Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. Managing these PR checks manually is time consuming and complex. Here is a semi-automated approach.
-
-To regenerate the PR jobs for the action:
-
-1. From a terminal, run the following commands (replace `SHA` with the sha of the commit whose checks you want to use, typically this should be the latest from `main`):
-
-    ```sh
-    SHA= ####
-    CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" or . == "Update Supported Enterprise Server Versions" | not)]')"
-    echo "{\"contexts\": ${CHECKS}}" > checks.json
-    gh api -X "PATCH" repos/github/codeql-action/branches/main/protection/required_status_checks --input checks.json
-    gh api -X "PATCH" repos/github/codeql-action/branches/v1/protection/required_status_checks --input checks.json
-    ````
-
-2. Go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules have been updated.
+Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. You can regenerate the checks automatically by running the [update-required-checks.sh](.github/workflows/script/update-required-checks.sh) script:
 
+1. By default, this script retrieves the checks from the latest SHA on `main`, so make sure that your `main` branch is up to date.
+2. Run the script. If there's a reason to, you can pass in a different SHA as a CLI argument.
+3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v1`, and `v2` have been updated.
 
 ## Resources
 

README.md

@@ -52,11 +52,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
         # Override language selection by uncommenting this and choosing your languages
         # with:
         #   languages: go, javascript, csharp, python, cpp, java
@@ -64,10 +64,10 @@ jobs:
       # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below).
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@v2
 
       # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 https://git.io/JvXDl
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
       # ✏️ If the Autobuild fails above, remove it and uncomment the following
       #    three lines and modify them (or add more) to build your code if your
@@ -78,14 +78,14 @@ jobs:
       #     make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2
 ```
 
 If you prefer to integrate this within an existing CI workflow, it should end up looking something like this:
 
 ```yaml
 - name: Initialize CodeQL
-  uses: github/codeql-action/init@v1
+  uses: github/codeql-action/init@v2
   with:
     languages: go, javascript
 
@@ -95,7 +95,7 @@ If you prefer to integrate this within an existing CI workflow, it should end up
     make release
 
 - name: Perform CodeQL Analysis
-  uses: github/codeql-action/analyze@v1
+  uses: github/codeql-action/analyze@v2
 ```
 
 ### Configuration file
@@ -103,7 +103,7 @@ If you prefer to integrate this within an existing CI workflow, it should end up
 Use the `config-file` parameter of the `init` action to enable the configuration file. The value of `config-file` is the path to the configuration file you want to use. This example loads the configuration file `./.github/codeql/codeql-config.yml`.
 
 ```yaml
-- uses: github/codeql-action/init@v1
+- uses: github/codeql-action/init@v2
   with:
     config-file: ./.github/codeql/codeql-config.yml
 ```
@@ -111,7 +111,7 @@ Use the `config-file` parameter of the `init` action to enable the configuration
 The configuration file can be located in a different repository. This is useful if you want to share the same configuration across multiple repositories. If the configuration file is in a private repository you can also specify an `external-repository-token` option. This should be a personal access token that has read access to any repositories containing referenced config files and queries.
 
 ```yaml
-- uses: github/codeql-action/init@v1
+- uses: github/codeql-action/init@v2
   with:
     config-file: owner/repo/codeql-config.yml@branch
     external-repository-token: ${{ secrets.EXTERNAL_REPOSITORY_TOKEN }}
@@ -122,7 +122,7 @@ For information on how to write a configuration file, see "[Using a custom confi
 If you only want to customise the queries used, you can specify them in your workflow instead of creating a config file, using the `queries` property of the `init` action:
 
 ```yaml
-- uses: github/codeql-action/init@v1
+- uses: github/codeql-action/init@v2
   with:
     queries: <local-or-remote-query>,<another-query>
 ```
@@ -130,7 +130,7 @@ If you only want to customise the queries used, you can specify them in your wor
 By default, this will override any queries specified in a config file. If you wish to use both sets of queries, prefix the list of queries in the workflow with `+`:
 
 ```yaml
-- uses: github/codeql-action/init@v1
+- uses: github/codeql-action/init@v2
   with:
     queries: +<local-or-remote-query>,<another-query>
 ```

analyze/action.yml

@@ -61,7 +61,7 @@ inputs:
   wait-for-processing:
     description: If true, the Action will wait for the uploaded SARIF to be processed before completing.
     required: true
-    default: "false"
+    default: "true"
   token:
     default: ${{ github.token }}
   matrix:
@@ -72,5 +72,5 @@ outputs:
   sarif-id:
     description: The ID of the uploaded SARIF file.
 runs:
-  using: "node12"
+  using: "node16"
   main: "../lib/analyze-action.js"

autobuild/action.yml

@@ -6,6 +6,12 @@ inputs:
     default: ${{ github.token }}
   matrix:
     default: ${{ toJson(matrix) }}
+  working-directory:
+    description: >-
+      Run the autobuilder using this path (relative to $GITHUB_WORKSPACE) as
+      working directory. If this input is not set, the autobuilder runs with
+      $GITHUB_WORKSPACE as its working directory.
+    required: false
 runs:
-  using: 'node12'
-  main: '../lib/autobuild-action.js'
+  using: 'node16'
+  main: '../lib/autobuild-action.js'

init/action.yml

@@ -73,5 +73,5 @@ outputs:
   codeql-path:
     description: The path of the CodeQL binary used for analysis
 runs:
-  using: 'node12'
+  using: 'node16'
   main: '../lib/init-action.js'

lib/actions-util.js

@@ -76,7 +76,7 @@ exports.getToolCacheDirectory = getToolCacheDirectory;
 /**
  * Gets the SHA of the commit that is currently checked out.
  */
-const getCommitOid = async function (ref = "HEAD") {
+const getCommitOid = async function (checkoutPath, ref = "HEAD") {
     // Try to use git to get the current commit SHA. If that fails then
     // log but otherwise silently fall back to using the SHA from the environment.
     // The only time these two values will differ is during analysis of a PR when
@@ -96,6 +96,7 @@ const getCommitOid = async function (ref = "HEAD") {
                     process.stderr.write(data);
                 },
             },
+            cwd: checkoutPath,
         }).exec();
         return commitOid.trim();
     }
@@ -115,6 +116,7 @@ const determineMergeBaseCommitOid = async function () {
         return undefined;
     }
     const mergeSha = (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
+    const checkoutPath = (0, exports.getOptionalInput)("checkout_path");
     try {
         let commitOid = "";
         let baseOid = "";
@@ -139,6 +141,7 @@ const determineMergeBaseCommitOid = async function () {
                     process.stderr.write(data);
                 },
             },
+            cwd: checkoutPath,
         }).exec();
         // Let's confirm our assumptions: We had a merge commit and the parsed parent data looks correct
         if (commitOid === mergeSha &&
@@ -354,7 +357,7 @@ async function getWorkflowPath() {
     const repo = repo_nwo[1];
     const run_id = Number((0, util_1.getRequiredEnvParam)("GITHUB_RUN_ID"));
     const apiClient = api.getActionsApiClient();
-    const runsResponse = await apiClient.request("GET /repos/:owner/:repo/actions/runs/:run_id", {
+    const runsResponse = await apiClient.request("GET /repos/:owner/:repo/actions/runs/:run_id?exclude_pull_requests=true", {
         owner,
         repo,
         run_id,
@@ -427,6 +430,9 @@ async function getRef() {
     // or in the form "refs/pull/N/merge" on a pull_request event
     const refInput = (0, exports.getOptionalInput)("ref");
     const shaInput = (0, exports.getOptionalInput)("sha");
+    const checkoutPath = (0, exports.getOptionalInput)("checkout_path") ||
+        (0, exports.getOptionalInput)("source-root") ||
+        (0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE");
     const hasRefInput = !!refInput;
     const hasShaInput = !!shaInput;
     // If one of 'ref' or 'sha' are provided, both are required
@@ -448,15 +454,14 @@ async function getRef() {
     if (!pull_ref_regex.test(ref)) {
         return ref;
     }
-    const head = await (0, exports.getCommitOid)("HEAD");
-    // in actions/checkout@v2 we can check if git rev-parse HEAD == GITHUB_SHA
+    const head = await (0, exports.getCommitOid)(checkoutPath, "HEAD");
+    // in actions/checkout@v2+ we can check if git rev-parse HEAD == GITHUB_SHA
     // in actions/checkout@v1 this may not be true as it checks out the repository
     // using GITHUB_REF. There is a subtle race condition where
     // git rev-parse GITHUB_REF != GITHUB_SHA, so we must check
     // git git-parse GITHUB_REF == git rev-parse HEAD instead.
     const hasChangedRef = sha !== head &&
-        (await (0, exports.getCommitOid)(ref.replace(/^refs\/pull\//, "refs/remotes/pull/"))) !==
-            head;
+        (await (0, exports.getCommitOid)(checkoutPath, ref.replace(/^refs\/pull\//, "refs/remotes/pull/"))) !== head;
     if (hasChangedRef) {
         const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head");
         core.debug(`No longer on merge commit, rewriting ref from ${ref} to ${newRef}.`);
@@ -550,7 +555,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, cause
         statusReport.runner_os_release = os.release();
     }
     if (codeQlCliVersion !== undefined) {
-        statusReport.codeql_cli_version = codeQlCliVersion;
+        statusReport.codeql_version = codeQlCliVersion;
     }
     return statusReport;
 }
@@ -579,8 +584,7 @@ async function sendStatusReport(statusReport) {
     const statusReportJSON = JSON.stringify(statusReport);
     core.debug(`Sending status report: ${statusReportJSON}`);
     // If in test mode we don't want to upload the results
-    const testMode = process.env["TEST_MODE"] === "true" || false;
-    if (testMode) {
+    if ((0, util_1.isInTestMode)()) {
         core.debug("In test mode. Status reports are not uploaded.");
         return true;
     }

lib/actions-util.test.js

@@ -39,74 +39,93 @@ function errorCodes(actual, expected) {
     await t.throwsAsync(actionsutil.getRef);
 });
 (0, ava_1.default)("getRef() returns merge PR ref if GITHUB_SHA still checked out", async (t) => {
-    const expectedRef = "refs/pull/1/merge";
-    const currentSha = "a".repeat(40);
-    process.env["GITHUB_REF"] = expectedRef;
-    process.env["GITHUB_SHA"] = currentSha;
-    const callback = sinon.stub(actionsutil, "getCommitOid");
-    callback.withArgs("HEAD").resolves(currentSha);
-    const actualRef = await actionsutil.getRef();
-    t.deepEqual(actualRef, expectedRef);
-    callback.restore();
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const expectedRef = "refs/pull/1/merge";
+        const currentSha = "a".repeat(40);
+        process.env["GITHUB_REF"] = expectedRef;
+        process.env["GITHUB_SHA"] = currentSha;
+        const callback = sinon.stub(actionsutil, "getCommitOid");
+        callback.withArgs("HEAD").resolves(currentSha);
+        const actualRef = await actionsutil.getRef();
+        t.deepEqual(actualRef, expectedRef);
+        callback.restore();
+    });
 });
 (0, ava_1.default)("getRef() returns merge PR ref if GITHUB_REF still checked out but sha has changed (actions checkout@v1)", async (t) => {
-    const expectedRef = "refs/pull/1/merge";
-    process.env["GITHUB_REF"] = expectedRef;
-    process.env["GITHUB_SHA"] = "b".repeat(40);
-    const sha = "a".repeat(40);
-    const callback = sinon.stub(actionsutil, "getCommitOid");
-    callback.withArgs("refs/remotes/pull/1/merge").resolves(sha);
-    callback.withArgs("HEAD").resolves(sha);
-    const actualRef = await actionsutil.getRef();
-    t.deepEqual(actualRef, expectedRef);
-    callback.restore();
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const expectedRef = "refs/pull/1/merge";
+        process.env["GITHUB_REF"] = expectedRef;
+        process.env["GITHUB_SHA"] = "b".repeat(40);
+        const sha = "a".repeat(40);
+        const callback = sinon.stub(actionsutil, "getCommitOid");
+        callback.withArgs("refs/remotes/pull/1/merge").resolves(sha);
+        callback.withArgs("HEAD").resolves(sha);
+        const actualRef = await actionsutil.getRef();
+        t.deepEqual(actualRef, expectedRef);
+        callback.restore();
+    });
 });
 (0, ava_1.default)("getRef() returns head PR ref if GITHUB_REF no longer checked out", async (t) => {
-    process.env["GITHUB_REF"] = "refs/pull/1/merge";
-    process.env["GITHUB_SHA"] = "a".repeat(40);
-    const callback = sinon.stub(actionsutil, "getCommitOid");
-    callback.withArgs("refs/pull/1/merge").resolves("a".repeat(40));
-    callback.withArgs("HEAD").resolves("b".repeat(40));
-    const actualRef = await actionsutil.getRef();
-    t.deepEqual(actualRef, "refs/pull/1/head");
-    callback.restore();
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        process.env["GITHUB_REF"] = "refs/pull/1/merge";
+        process.env["GITHUB_SHA"] = "a".repeat(40);
+        const callback = sinon.stub(actionsutil, "getCommitOid");
+        callback.withArgs(tmpDir, "refs/pull/1/merge").resolves("a".repeat(40));
+        callback.withArgs(tmpDir, "HEAD").resolves("b".repeat(40));
+        const actualRef = await actionsutil.getRef();
+        t.deepEqual(actualRef, "refs/pull/1/head");
+        callback.restore();
+    });
 });
 (0, ava_1.default)("getRef() returns ref provided as an input and ignores current HEAD", async (t) => {
-    const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
-    getAdditionalInputStub.withArgs("ref").resolves("refs/pull/2/merge");
-    getAdditionalInputStub.withArgs("sha").resolves("b".repeat(40));
-    // These values are be ignored
-    process.env["GITHUB_REF"] = "refs/pull/1/merge";
-    process.env["GITHUB_SHA"] = "a".repeat(40);
-    const callback = sinon.stub(actionsutil, "getCommitOid");
-    callback.withArgs("refs/pull/1/merge").resolves("b".repeat(40));
-    callback.withArgs("HEAD").resolves("b".repeat(40));
-    const actualRef = await actionsutil.getRef();
-    t.deepEqual(actualRef, "refs/pull/2/merge");
-    callback.restore();
-    getAdditionalInputStub.restore();
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
+        getAdditionalInputStub.withArgs("ref").resolves("refs/pull/2/merge");
+        getAdditionalInputStub.withArgs("sha").resolves("b".repeat(40));
+        // These values are be ignored
+        process.env["GITHUB_REF"] = "refs/pull/1/merge";
+        process.env["GITHUB_SHA"] = "a".repeat(40);
+        const callback = sinon.stub(actionsutil, "getCommitOid");
+        callback.withArgs("refs/pull/1/merge").resolves("b".repeat(40));
+        callback.withArgs("HEAD").resolves("b".repeat(40));
+        const actualRef = await actionsutil.getRef();
+        t.deepEqual(actualRef, "refs/pull/2/merge");
+        callback.restore();
+        getAdditionalInputStub.restore();
+    });
 });
 (0, ava_1.default)("getRef() throws an error if only `ref` is provided as an input", async (t) => {
-    const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
-    getAdditionalInputStub.withArgs("ref").resolves("refs/pull/1/merge");
-    await t.throwsAsync(async () => {
-        await actionsutil.getRef();
-    }, {
-        instanceOf: Error,
-        message: "Both 'ref' and 'sha' are required if one of them is provided.",
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
+        getAdditionalInputStub.withArgs("ref").resolves("refs/pull/1/merge");
+        await t.throwsAsync(async () => {
+            await actionsutil.getRef();
+        }, {
+            instanceOf: Error,
+            message: "Both 'ref' and 'sha' are required if one of them is provided.",
+        });
+        getAdditionalInputStub.restore();
     });
-    getAdditionalInputStub.restore();
 });
 (0, ava_1.default)("getRef() throws an error if only `sha` is provided as an input", async (t) => {
-    const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
-    getAdditionalInputStub.withArgs("sha").resolves("a".repeat(40));
-    await t.throwsAsync(async () => {
-        await actionsutil.getRef();
-    }, {
-        instanceOf: Error,
-        message: "Both 'ref' and 'sha' are required if one of them is provided.",
+    await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        process.env["GITHUB_WORKSPACE"] = "/tmp";
+        const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
+        getAdditionalInputStub.withArgs("sha").resolves("a".repeat(40));
+        await t.throwsAsync(async () => {
+            await actionsutil.getRef();
+        }, {
+            instanceOf: Error,
+            message: "Both 'ref' and 'sha' are required if one of them is provided.",
+        });
+        getAdditionalInputStub.restore();
     });
-    getAdditionalInputStub.restore();
 });
 (0, ava_1.default)("computeAutomationID()", async (t) => {
     let actualAutomationID = actionsutil.computeAutomationID(".github/workflows/codeql-analysis.yml:analyze", '{"language": "javascript", "os": "linux"}');
@@ -461,6 +480,7 @@ on: ["push"]
 });
 (0, ava_1.default)("isAnalyzingDefaultBranch()", async (t) => {
     await (0, util_1.withTmpDir)(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         const envFile = path.join(tmpDir, "event.json");
         fs.writeFileSync(envFile, JSON.stringify({
             repository: {

lib/analysis-paths.test.js

@@ -45,6 +45,7 @@ const util = __importStar(require("./util"));
             debugMode: false,
             debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
             debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+            injectedMlQueries: false,
         };
         analysisPaths.includeAndExcludeAnalysisPaths(config);
         t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
@@ -69,6 +70,7 @@ const util = __importStar(require("./util"));
             debugMode: false,
             debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
             debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+            injectedMlQueries: false,
         };
         analysisPaths.includeAndExcludeAnalysisPaths(config);
         t.is(process.env["LGTM_INDEX_INCLUDE"], "path1\npath2");
@@ -94,6 +96,7 @@ const util = __importStar(require("./util"));
             debugMode: false,
             debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
             debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+            injectedMlQueries: false,
         };
         analysisPaths.includeAndExcludeAnalysisPaths(config);
         t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);

lib/analysis-paths.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;SACpD,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;SACpD,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CACF,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACjC,gGAAgG,CACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,YAAY,EAAE,EAAE;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO;YACP,YAAY;YACZ,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;YACrD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;SACpD,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC,CAAC;QAC9D,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,KAAK;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,KAAK;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CACF,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACjC,gGAAgG,CACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,YAAY,EAAE,EAAE;QAClD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;QAC/D,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO;YACP,YAAY;YACZ,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;YACrD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,KAAK;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC,CAAC;QAC9D,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-env.test.js

@@ -38,14 +38,17 @@ const util = __importStar(require("./util"));
 // but the first test would fail.
 (0, ava_1.default)("analyze action with RAM & threads from environment variables", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
-        process.env["GITHUB_SERVER_URL"] = "fake-server-url";
-        process.env["GITHUB_REPOSITORY"] = "fake/repository";
+        process.env["GITHUB_SERVER_URL"] = util.GITHUB_DOTCOM_URL;
+        process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
         sinon
             .stub(actionsUtil, "createStatusReportBase")
             .resolves({});
         sinon.stub(actionsUtil, "sendStatusReport").resolves(true);
+        const gitHubVersion = {
+            type: util.GitHubVariant.DOTCOM,
+        };
         sinon.stub(configUtils, "getConfig").resolves({
-            gitHubVersion: { type: util.GitHubVariant.DOTCOM },
+            gitHubVersion,
             languages: [],
             packs: [],
         });
@@ -54,6 +57,7 @@ const util = __importStar(require("./util"));
         requiredInputStub.withArgs("upload-database").returns("false");
         const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
         optionalInputStub.withArgs("cleanup-level").returns("none");
+        sinon.stub(util, "getGitHubVersion").resolves(gitHubVersion);
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});
         // When there are no action inputs for RAM and threads, the action uses

lib/analyze-action-env.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;YAClD,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-input.test.js

@@ -38,14 +38,17 @@ const util = __importStar(require("./util"));
 // but the first test would fail.
 (0, ava_1.default)("analyze action with RAM & threads from action inputs", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
-        process.env["GITHUB_SERVER_URL"] = "fake-server-url";
-        process.env["GITHUB_REPOSITORY"] = "fake/repository";
+        process.env["GITHUB_SERVER_URL"] = util.GITHUB_DOTCOM_URL;
+        process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
         sinon
             .stub(actionsUtil, "createStatusReportBase")
             .resolves({});
         sinon.stub(actionsUtil, "sendStatusReport").resolves(true);
+        const gitHubVersion = {
+            type: util.GitHubVariant.DOTCOM,
+        };
         sinon.stub(configUtils, "getConfig").resolves({
-            gitHubVersion: { type: util.GitHubVariant.DOTCOM },
+            gitHubVersion,
             languages: [],
             packs: [],
         });
@@ -54,6 +57,7 @@ const util = __importStar(require("./util"));
         requiredInputStub.withArgs("upload-database").returns("false");
         const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
         optionalInputStub.withArgs("cleanup-level").returns("none");
+        sinon.stub(util, "getGitHubVersion").resolves(gitHubVersion);
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});
         process.env["CODEQL_THREADS"] = "1";

lib/analyze-action-input.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;YAClD,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action.js

@@ -57,6 +57,7 @@ async function run() {
     let runStats = undefined;
     let config = undefined;
     util.initializeEnvironment(util.Mode.actions, pkg.version);
+    await util.checkActionVersion(pkg.version);
     try {
         if (!(await actionsUtil.sendStatusReport(await actionsUtil.createStatusReportBase("finish", "starting", startedAt)))) {
             return;
@@ -117,7 +118,11 @@ async function run() {
         }
         // Possibly upload the database bundles for remote queries
         await (0, database_upload_1.uploadDatabases)(repositoryNwo, config, apiDetails, logger);
-        if (uploadResult !== undefined &&
+        // We don't upload results in test mode, so don't wait for processing
+        if (util.isInTestMode()) {
+            core.debug("In test mode. Waiting for processing is disabled.");
+        }
+        else if (uploadResult !== undefined &&
             actionsUtil.getRequiredInput("wait-for-processing") === "true") {
             await upload_lib.waitForProcessing((0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), uploadResult.sarifID, apiDetails, (0, logging_1.getActionsLogger)());
         }

lib/analyze.js

@@ -131,11 +131,11 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         if (!hasBuiltinQueries && !hasCustomQueries && !hasPackWithCustomQueries) {
             throw new Error(`Unable to analyse ${language} as no queries were selected for this language`);
         }
+        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
         try {
             if (hasPackWithCustomQueries) {
                 logger.info("Performing analysis with custom CodeQL Packs.");
                 logger.startGroup(`Downloading custom packs for ${language}`);
-                const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
                 const results = await codeql.packDownload(packsWithVersion);
                 logger.info(`Downloaded packs: ${results.packs
                     .map((r) => `${r.name}@${r.version || "latest"}`)
@@ -159,7 +159,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
                 }
             }
             if (packsWithVersion.length > 0) {
-                querySuitePaths.push(await runQueryGroup(language, "packs", createPackSuiteContents(packsWithVersion), undefined));
+                querySuitePaths.push(...(await runQueryPacks(language, "packs", packsWithVersion, undefined)));
                 ranCustom = true;
             }
             if (ranCustom) {
@@ -217,21 +217,23 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
         return querySuitePath;
     }
+    async function runQueryPacks(language, type, packs, searchPath) {
+        const databasePath = util.getCodeQLDatabasePath(config, language);
+        // Run the queries individually instead of all at once to avoid command
+        // line length restrictions, particularly on windows.
+        for (const pack of packs) {
+            logger.debug(`Running query pack for ${language}-${type}: ${pack}`);
+            const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+            await codeql.databaseRunQueries(databasePath, searchPath, pack, memoryFlag, threadsFlag);
+            logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
+        }
+        return packs;
+    }
 }
 exports.runQueries = runQueries;
 function createQuerySuiteContents(queries) {
     return queries.map((q) => `- query: ${q}`).join("\n");
 }
-function createPackSuiteContents(packsWithVersion) {
-    return packsWithVersion.map(packWithVersionToQuerySuiteEntry).join("\n");
-}
-function packWithVersionToQuerySuiteEntry(pack) {
-    let text = `- qlpack: ${pack.packName}`;
-    if (pack.version) {
-        text += `\n  version: ${pack.version}`;
-    }
-    return text;
-}
 async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger) {
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
     if (await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {

lib/analyze.test.js

@@ -26,7 +26,6 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
 const yaml = __importStar(require("js-yaml"));
-const semver_1 = require("semver");
 const sinon = __importStar(require("sinon"));
 const analyze_1 = require("./analyze");
 const codeql_1 = require("./codeql");
@@ -53,18 +52,8 @@ const util = __importStar(require("./util"));
         const addSnippetsFlag = "";
         const threadsFlag = "";
         const packs = {
-            [languages_1.Language.cpp]: [
-                {
-                    packName: "a/b",
-                    version: (0, semver_1.clean)("1.0.0"),
-                },
-            ],
-            [languages_1.Language.java]: [
-                {
-                    packName: "c/d",
-                    version: (0, semver_1.clean)("2.0.0"),
-                },
-            ],
+            [languages_1.Language.cpp]: ["a/b@1.0.0"],
+            [languages_1.Language.java]: ["c/d@2.0.0"],
         };
         for (const language of Object.values(languages_1.Language)) {
             (0, codeql_1.setCodeQL)({
@@ -128,6 +117,7 @@ const util = __importStar(require("./util"));
                 debugMode: false,
                 debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
                 debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+                injectedMlQueries: false,
             };
             fs.mkdirSync(util.getCodeQLDatabasePath(config, language), {
                 recursive: true,
@@ -208,32 +198,10 @@ const util = __importStar(require("./util"));
                 query: "bar.ql",
             },
         ];
-        const qlsPackContentCpp = [
-            {
-                qlpack: "a/b",
-                version: "1.0.0",
-            },
-        ];
-        const qlsPackContentJava = [
-            {
-                qlpack: "c/d",
-                version: "2.0.0",
-            },
-        ];
         for (const lang of Object.values(languages_1.Language)) {
             t.deepEqual(readContents(`${lang}-queries-builtin.qls`), qlsContent);
             t.deepEqual(readContents(`${lang}-queries-custom-0.qls`), qlsContent);
             t.deepEqual(readContents(`${lang}-queries-custom-1.qls`), qlsContent2);
-            const packSuiteName = `${lang}-queries-packs.qls`;
-            if (lang === languages_1.Language.cpp) {
-                t.deepEqual(readContents(packSuiteName), qlsPackContentCpp);
-            }
-            else if (lang === languages_1.Language.java) {
-                t.deepEqual(readContents(packSuiteName), qlsPackContentJava);
-            }
-            else {
-                t.false(fs.existsSync(path.join(tmpDir, "codeql_databases", packSuiteName)));
-            }
         }
         function readContents(name) {
             const x = fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8");

lib/autobuild-action.js

@@ -39,8 +39,9 @@ async function sendCompletedStatusReport(startedAt, allLanguages, failingLanguag
     await (0, actions_util_1.sendStatusReport)(statusReport);
 }
 async function run() {
-    const logger = (0, logging_1.getActionsLogger)();
     const startedAt = new Date();
+    const logger = (0, logging_1.getActionsLogger)();
+    await (0, util_1.checkActionVersion)(pkg.version);
     let language = undefined;
     try {
         if (!(await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("autobuild", "starting", startedAt)))) {
@@ -52,6 +53,11 @@ async function run() {
         }
         language = (0, autobuild_1.determineAutobuildLanguage)(config, logger);
         if (language !== undefined) {
+            const workingDirectory = (0, actions_util_1.getOptionalInput)("working-directory");
+            if (workingDirectory) {
+                logger.info(`Changing autobuilder working directory to ${workingDirectory}`);
+                process.chdir(workingDirectory);
+            }
             await (0, autobuild_1.runAutobuild)(language, config, logger);
         }
     }

lib/autobuild-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAMwB;AACxB,2CAAuE;AACvE,6DAA+C;AAE/C,uCAA6C;AAC7C,iCAAqD;AAErD,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AASvC,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,EACd,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,QAAQ,GAAyB,SAAS,CAAC;IAC/C,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,CACzC,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QACF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QACD,QAAQ,GAAG,IAAA,sCAA0B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;SAC9C;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAC1B,QAAQ,EACR,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAOwB;AACxB,2CAAuE;AACvE,6DAA+C;AAE/C,uCAA6C;AAC7C,iCAAyE;AAEzE,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AASvC,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,EACd,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,IAAA,yBAAkB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,IAAI,QAAQ,GAAyB,SAAS,CAAC;IAC/C,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,CACzC,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QACF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QACD,QAAQ,GAAG,IAAA,sCAA0B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;SAC9C;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAC1B,QAAQ,EACR,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/codeql.js

@@ -22,12 +22,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getExtraOptions = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.convertToSemVer = exports.getCodeQLURLVersion = exports.setupCodeQL = exports.getCodeQLActionRepository = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_ML_POWERED_QUERIES = exports.CODEQL_VERSION_COUNTS_LINES = exports.CommandInvocationError = void 0;
+exports.getExtraOptions = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.convertToSemVer = exports.getCodeQLURLVersion = exports.setupCodeQL = exports.getCodeQLActionRepository = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_ML_POWERED_QUERIES = exports.CODEQL_VERSION_COUNTS_LINES = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const fast_deep_equal_1 = __importDefault(require("fast-deep-equal"));
-const yaml = __importStar(require("js-yaml"));
 const query_string_1 = __importDefault(require("query-string"));
 const semver = __importStar(require("semver"));
 const actions_util_1 = require("./actions-util");
@@ -76,7 +75,6 @@ const CODEQL_VERSION_GROUP_RULES = "2.5.5";
 const CODEQL_VERSION_SARIF_GROUP = "2.5.3";
 exports.CODEQL_VERSION_COUNTS_LINES = "2.6.2";
 const CODEQL_VERSION_CUSTOM_QUERY_HELP = "2.7.1";
-const CODEQL_VERSION_CONFIG_FILES = "2.8.2"; // Versions before 2.8.2 weren't tolerant to unknown properties
 exports.CODEQL_VERSION_ML_POWERED_QUERIES = "2.7.5";
 /**
  * This variable controls using the new style of tracing from the CodeQL
@@ -88,6 +86,12 @@ exports.CODEQL_VERSION_ML_POWERED_QUERIES = "2.7.5";
  * versions above that.
  */
 exports.CODEQL_VERSION_NEW_TRACING = "2.7.0";
+/**
+ * Versions 2.9.0+ of the CodeQL CLI run machine learning models from a temporary directory, which
+ * resolves an issue on Windows where TensorFlow models are not correctly loaded due to the path of
+ * some of their files being greater than MAX_PATH (260 characters).
+ */
+exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = "2.9.0";
 function getCodeQLBundleName() {
     let platform;
     if (process.platform === "win32") {
@@ -396,7 +400,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
         async getVersion() {
             let result = util.getCachedCodeQlVersion();
             if (result === undefined) {
-                result = await runTool(cmd, ["version", "--format=terse"]);
+                result = (await runTool(cmd, ["version", "--format=terse"])).trim();
                 util.cacheCodeQlVersion(result);
             }
             return result;
@@ -468,11 +472,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                     extraArgs.push(`--trace-process-level=${processLevel || 3}`);
                 }
             }
-            if (await util.codeQlVersionAbove(codeql, CODEQL_VERSION_CONFIG_FILES)) {
-                const configLocation = path.resolve(config.tempDir, "user-config.yaml");
-                fs.writeFileSync(configLocation, yaml.dump(config.originalUserInput));
-                extraArgs.push(`--codescanning-config=${configLocation}`);
-            }
             await runTool(cmd, [
                 "database",
                 "init",
@@ -593,9 +592,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (extraSearchPath !== undefined) {
                 codeqlArgs.push("--additional-packs", extraSearchPath);
             }
-            if (!(await util.codeQlVersionAbove(this, CODEQL_VERSION_CONFIG_FILES))) {
-                codeqlArgs.push(querySuitePath);
-            }
+            codeqlArgs.push(querySuitePath);
             await runTool(cmd, codeqlArgs);
         },
         async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, automationDetailsId) {
@@ -622,9 +619,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 codeqlArgs.push("--sarif-category", automationDetailsId);
             }
             codeqlArgs.push(databasePath);
-            if (!(await util.codeQlVersionAbove(this, CODEQL_VERSION_CONFIG_FILES))) {
-                codeqlArgs.push(...querySuitePaths);
-            }
+            codeqlArgs.push(...querySuitePaths);
             // capture stdout, which contains analysis summaries
             return await runTool(cmd, codeqlArgs);
         },
@@ -652,8 +647,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 "pack",
                 "download",
                 "--format=json",
+                "--resolve-query-specs",
                 ...getExtraOptionsFromEnv(["pack", "download"]),
-                ...packs.map(packWithVersionToString),
+                ...packs,
             ];
             const output = await runTool(cmd, codeqlArgs);
             try {
@@ -709,9 +705,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
     }
     return codeql;
 }
-function packWithVersionToString(pack) {
-    return pack.version ? `${pack.packName}@${pack.version}` : pack.packName;
-}
 /**
  * Gets the options for `path` of `options` as an array of extra option strings.
  */

lib/config-utils.js

@@ -19,7 +19,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.parsePacksFromConfig = exports.getDefaultConfig = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPacksRequireLanguage = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = void 0;
+exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePacksSpecification = exports.parsePacksFromConfig = exports.getDefaultConfig = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPacksRequireLanguage = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const yaml = __importStar(require("js-yaml"));
@@ -118,9 +118,11 @@ const builtinSuites = ["security-extended", "security-and-quality"];
 /**
  * Determine the set of queries associated with suiteName's suites and add them to resultMap.
  * Throws an error if suiteName is not a valid builtin suite.
+ * May inject ML queries, and the return value will declare if this was done.
  */
 async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suiteName, featureFlags, configFile) {
     var _a;
+    let injectedMlQueries = false;
     const found = builtinSuites.find((suite) => suite === suiteName);
     if (!found) {
         throw new Error(getQueryUsesInvalid(configFile, suiteName));
@@ -128,18 +130,29 @@ async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suite
     // If we're running the JavaScript security-extended analysis (or a superset of it), the repo is
     // opted into the ML-powered queries beta, and a user hasn't already added the ML-powered query
     // pack, then add the ML-powered query pack so that we run ML-powered queries.
-    if (languages.includes("javascript") &&
+    if (
+    // Only run ML-powered queries on Windows if we have a CLI that supports it.
+    (process.platform !== "win32" ||
+        (await (0, util_1.codeQlVersionAbove)(codeQL, codeql_1.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS))) &&
+        languages.includes("javascript") &&
         (found === "security-extended" || found === "security-and-quality") &&
-        !((_a = packs.javascript) === null || _a === void 0 ? void 0 : _a.some((pack) => pack.packName === util_1.ML_POWERED_JS_QUERIES_PACK.packName)) &&
+        !((_a = packs.javascript) === null || _a === void 0 ? void 0 : _a.some(isMlPoweredJsQueriesPack)) &&
         (await featureFlags.getValue(feature_flags_1.FeatureFlag.MlPoweredQueriesEnabled)) &&
         (await (0, util_1.codeQlVersionAbove)(codeQL, codeql_1.CODEQL_VERSION_ML_POWERED_QUERIES))) {
         if (!packs.javascript) {
             packs.javascript = [];
         }
-        packs.javascript.push(util_1.ML_POWERED_JS_QUERIES_PACK);
+        packs.javascript.push(await (0, util_1.getMlPoweredJsQueriesPack)(codeQL));
+        injectedMlQueries = true;
     }
     const suites = languages.map((l) => `${l}-${suiteName}.qls`);
     await runResolveQueries(codeQL, resultMap, suites, undefined);
+    return injectedMlQueries;
+}
+function isMlPoweredJsQueriesPack(pack) {
+    return (pack === util_1.ML_POWERED_JS_QUERIES_PACK_NAME ||
+        pack.startsWith(`${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}@`) ||
+        pack.startsWith(`${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}:`));
 }
 /**
  * Retrieve the set of queries at localQueryPath and add them to resultMap.
@@ -196,6 +209,11 @@ async function addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetail
  * parsing the 'uses' actions in the workflow file. So it can handle
  * local paths starting with './', or references to remote repos, or
  * a finite set of hardcoded terms for builtin suites.
+ *
+ * This may inject ML queries into the packs to use, and the return value will
+ * declare if this was done.
+ *
+ * @returns whether or not we injected ML queries into the packs
  */
 async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, tempDir, workspacePath, apiDetails, featureFlags, logger, configFile) {
     queryUses = queryUses.trim();
@@ -205,15 +223,15 @@ async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, te
     // Check for the local path case before we start trying to parse the repository name
     if (queryUses.startsWith("./")) {
         await addLocalQueries(codeQL, resultMap, queryUses.slice(2), workspacePath, configFile);
-        return;
+        return false;
     }
     // Check for one of the builtin suites
     if (queryUses.indexOf("/") === -1 && queryUses.indexOf("@") === -1) {
-        await addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, queryUses, featureFlags, configFile);
-        return;
+        return await addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, queryUses, featureFlags, configFile);
     }
     // Otherwise, must be a reference to another repo
     await addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetails, logger, configFile);
+    return false;
 }
 // Regex validating stars in paths or paths-ignore entries.
 // The intention is to only allow ** to appear when immediately
@@ -422,12 +440,15 @@ async function getLanguages(codeQL, languagesInput, repository, apiDetails, logg
     return parsedLanguages;
 }
 async function addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, resultMap, packs, tempDir, workspacePath, apiDetails, featureFlags, logger) {
+    let injectedMlQueries = false;
     queriesInput = queriesInput.trim();
     // "+" means "don't override config file" - see shouldAddConfigFileQueries
     queriesInput = queriesInput.replace(/^\+/, "");
     for (const query of queriesInput.split(",")) {
-        await parseQueryUses(languages, codeQL, resultMap, packs, query, tempDir, workspacePath, apiDetails, featureFlags, logger);
+        const didInject = await parseQueryUses(languages, codeQL, resultMap, packs, query, tempDir, workspacePath, apiDetails, featureFlags, logger);
+        injectedMlQueries = injectedMlQueries || didInject;
     }
+    return injectedMlQueries;
 }
 // Returns true if either no queries were provided in the workflow.
 // or if the queries in the workflow were provided in "additive" mode,
@@ -454,8 +475,9 @@ async function getDefaultConfig(languagesInput, queriesInput, packsInput, dbLoca
     }
     await addDefaultQueries(codeQL, languages, queries);
     const packs = (_a = parsePacksFromInput(packsInput, languages)) !== null && _a !== void 0 ? _a : {};
+    let injectedMlQueries = false;
     if (queriesInput) {
-        await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
+        injectedMlQueries = await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
     }
     return {
         languages,
@@ -472,6 +494,7 @@ async function getDefaultConfig(languagesInput, queriesInput, packsInput, dbLoca
         debugMode,
         debugArtifactName,
         debugDatabaseName,
+        injectedMlQueries,
     };
 }
 exports.getDefaultConfig = getDefaultConfig;
@@ -524,8 +547,9 @@ async function loadConfig(languagesInput, queriesInput, packsInput, configFile,
     // they should take precedence over the queries in the config file
     // unless they're prefixed with "+", in which case they supplement those
     // in the config file.
+    let injectedMlQueries = false;
     if (queriesInput) {
-        await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
+        injectedMlQueries = await addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureFlags, logger);
     }
     if (shouldAddConfigFileQueries(queriesInput) &&
         QUERIES_PROPERTY in parsedYAML) {
@@ -578,6 +602,7 @@ async function loadConfig(languagesInput, queriesInput, packsInput, configFile,
         debugMode,
         debugArtifactName,
         debugDatabaseName,
+        injectedMlQueries,
     };
 }
 /**
@@ -615,7 +640,7 @@ function parsePacksFromConfig(packsByLanguage, languages, configFile) {
         }
         packs[lang] = [];
         for (const packStr of packsArr) {
-            packs[lang].push(toPackWithVersion(packStr, configFile));
+            packs[lang].push(validatePacksSpecification(packStr, configFile));
         }
     }
     return packs;
@@ -640,32 +665,74 @@ function parsePacksFromInput(packsInput, languages) {
     }
     return {
         [languages[0]]: packsInput.split(",").reduce((packs, pack) => {
-            packs.push(toPackWithVersion(pack, ""));
+            packs.push(validatePacksSpecification(pack, ""));
             return packs;
         }, []),
     };
 }
-function toPackWithVersion(packStr, configFile) {
+/**
+ * Validates that this package specification is syntactically correct.
+ * It may not point to any real package, but after this function returns
+ * without throwing, we are guaranteed that the package specification
+ * is roughly correct.
+ *
+ * The CLI itself will do a more thorough validation of the package
+ * specification.
+ *
+ * A package specification looks like this:
+ *
+ * `scope/name@version:path`
+ *
+ * Version and path are optional.
+ *
+ * @param packStr the package specification to verify.
+ * @param configFile Config file to use for error reporting
+ */
+function validatePacksSpecification(packStr, configFile) {
     if (typeof packStr !== "string") {
         throw new Error(getPacksStrInvalid(packStr, configFile));
     }
-    const nameWithVersion = packStr.trim().split("@");
-    let version;
-    if (nameWithVersion.length > 2 ||
-        !PACK_IDENTIFIER_PATTERN.test(nameWithVersion[0])) {
+    packStr = packStr.trim();
+    const atIndex = packStr.indexOf("@");
+    const colonIndex = packStr.indexOf(":", atIndex);
+    const packStart = 0;
+    const versionStart = atIndex + 1 || undefined;
+    const pathStart = colonIndex + 1 || undefined;
+    const packEnd = Math.min(atIndex > 0 ? atIndex : Infinity, colonIndex > 0 ? colonIndex : Infinity, packStr.length);
+    const versionEnd = versionStart
+        ? Math.min(colonIndex > 0 ? colonIndex : Infinity, packStr.length)
+        : undefined;
+    const pathEnd = pathStart ? packStr.length : undefined;
+    const packName = packStr.slice(packStart, packEnd).trim();
+    const version = versionStart
+        ? packStr.slice(versionStart, versionEnd).trim()
+        : undefined;
+    const packPath = pathStart
+        ? packStr.slice(pathStart, pathEnd).trim()
+        : undefined;
+    if (!PACK_IDENTIFIER_PATTERN.test(packName)) {
         throw new Error(getPacksStrInvalid(packStr, configFile));
     }
-    else if (nameWithVersion.length === 2) {
-        version = semver.clean(nameWithVersion[1]) || undefined;
-        if (!version) {
+    if (version) {
+        try {
+            new semver.Range(version);
+        }
+        catch (e) {
+            // The range string is invalid. OK to ignore the caught error
             throw new Error(getPacksStrInvalid(packStr, configFile));
         }
     }
-    return {
-        packName: nameWithVersion[0].trim(),
-        version,
-    };
+    if (packPath &&
+        (path.isAbsolute(packPath) || path.normalize(packPath) !== packPath)) {
+        throw new Error(getPacksStrInvalid(packStr, configFile));
+    }
+    if (!packPath && pathStart) {
+        // 0 length path
+        throw new Error(getPacksStrInvalid(packStr, configFile));
+    }
+    return (packName + (version ? `@${version}` : "") + (packPath ? `:${packPath}` : ""));
 }
+exports.validatePacksSpecification = validatePacksSpecification;
 // exported for testing
 function parsePacks(rawPacksFromConfig, rawPacksInput, languages, configFile) {
     const packsFromInput = parsePacksFromInput(rawPacksInput, languages);

lib/config-utils.test.js

@@ -26,7 +26,6 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
-const semver_1 = require("semver");
 const sinon = __importStar(require("sinon"));
 const api = __importStar(require("./api-client"));
 const codeql_1 = require("./codeql");
@@ -221,6 +220,7 @@ function mockListLanguages(languages) {
             debugMode: false,
             debugArtifactName: "my-artifact",
             debugDatabaseName: "my-db",
+            injectedMlQueries: false,
         };
         const languages = "javascript";
         const configFilePath = createConfigFile(inputFileContents, tmpDir);
@@ -600,12 +600,7 @@ function queriesToResolvedQueryForm(queries) {
         const languages = "javascript";
         const { packs } = await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         t.deepEqual(packs, {
-            [languages_1.Language.javascript]: [
-                {
-                    packName: "a/b",
-                    version: (0, semver_1.clean)("1.2.3"),
-                },
-            ],
+            [languages_1.Language.javascript]: ["a/b@1.2.3"],
         });
     });
 });
@@ -639,18 +634,8 @@ function queriesToResolvedQueryForm(queries) {
         const languages = "javascript,python,cpp";
         const { packs, queries } = await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, "", "", { owner: "github", repo: "example" }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
         t.deepEqual(packs, {
-            [languages_1.Language.javascript]: [
-                {
-                    packName: "a/b",
-                    version: (0, semver_1.clean)("1.2.3"),
-                },
-            ],
-            [languages_1.Language.python]: [
-                {
-                    packName: "c/d",
-                    version: (0, semver_1.clean)("1.2.3"),
-                },
-            ],
+            [languages_1.Language.javascript]: ["a/b@1.2.3"],
+            [languages_1.Language.python]: ["c/d@1.2.3"],
         });
         t.deepEqual(queries, {
             cpp: {
@@ -785,28 +770,47 @@ const invalidPackNameMacro = ava_1.default.macro({
 });
 (0, ava_1.default)("no packs", parsePacksMacro, {}, [], {});
 (0, ava_1.default)("two packs", parsePacksMacro, ["a/b", "c/d@1.2.3"], [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
-        { packName: "a/b", version: undefined },
-        { packName: "c/d", version: (0, semver_1.clean)("1.2.3") },
-    ],
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
 });
 (0, ava_1.default)("two packs with spaces", parsePacksMacro, [" a/b ", " c/d@1.2.3 "], [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
-        { packName: "a/b", version: undefined },
-        { packName: "c/d", version: (0, semver_1.clean)("1.2.3") },
-    ],
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
 });
 (0, ava_1.default)("two packs with language", parsePacksMacro, {
     [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
     [languages_1.Language.java]: ["d/e", "f/g@1.2.3"],
 }, [languages_1.Language.cpp, languages_1.Language.java, languages_1.Language.csharp], {
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
+    [languages_1.Language.java]: ["d/e", "f/g@1.2.3"],
+});
+(0, ava_1.default)("packs with other valid names", parsePacksMacro, [
+    // ranges are ok
+    "c/d@1.0",
+    "c/d@~1.0.0",
+    "c/d@~1.0.0:a/b",
+    "c/d@~1.0.0+abc:a/b",
+    "c/d@~1.0.0-abc:a/b",
+    "c/d:a/b",
+    // whitespace is removed
+    " c/d      @     ~1.0.0    :    b.qls   ",
+    // and it is retained within a path
+    " c/d      @     ~1.0.0    :    b/a path with/spaces.qls   ",
+    // this is valid. the path is '@'. It will probably fail when passed to the CLI
+    "c/d@1.2.3:@",
+    // this is valid, too. It will fail if it doesn't match a path
+    // (globbing is not done)
+    "c/d@1.2.3:+*)_(",
+], [languages_1.Language.cpp], {
     [languages_1.Language.cpp]: [
-        { packName: "a/b", version: undefined },
-        { packName: "c/d", version: (0, semver_1.clean)("1.2.3") },
-    ],
-    [languages_1.Language.java]: [
-        { packName: "d/e", version: undefined },
-        { packName: "f/g", version: (0, semver_1.clean)("1.2.3") },
+        "c/d@1.0",
+        "c/d@~1.0.0",
+        "c/d@~1.0.0:a/b",
+        "c/d@~1.0.0+abc:a/b",
+        "c/d@~1.0.0-abc:a/b",
+        "c/d:a/b",
+        "c/d@~1.0.0:b.qls",
+        "c/d@~1.0.0:b/a path with/spaces.qls",
+        "c/d@1.2.3:@",
+        "c/d@1.2.3:+*)_(",
     ],
 });
 (0, ava_1.default)("no language", parsePacksErrorMacro, ["a/b@1.2.3"], [languages_1.Language.java, languages_1.Language.python], /The configuration file "\/a\/b" is invalid: property "packs" must split packages by language/);
@@ -816,7 +820,14 @@ const invalidPackNameMacro = ava_1.default.macro({
 (0, ava_1.default)(invalidPackNameMacro, "c-/d");
 (0, ava_1.default)(invalidPackNameMacro, "-c/d");
 (0, ava_1.default)(invalidPackNameMacro, "c/d_d");
-(0, ava_1.default)(invalidPackNameMacro, "c/d@x");
+(0, ava_1.default)(invalidPackNameMacro, "c/d@@");
+(0, ava_1.default)(invalidPackNameMacro, "c/d@1.0.0:");
+(0, ava_1.default)(invalidPackNameMacro, "c/d:");
+(0, ava_1.default)(invalidPackNameMacro, "c/d:/a");
+(0, ava_1.default)(invalidPackNameMacro, "@1.0.0:a");
+(0, ava_1.default)(invalidPackNameMacro, "c/d@../a");
+(0, ava_1.default)(invalidPackNameMacro, "c/d@b/../a");
+(0, ava_1.default)(invalidPackNameMacro, "c/d:z@1");
 /**
  * Test macro for testing the packs block and the packs input
  */
@@ -833,39 +844,22 @@ function parseInputAndConfigErrorMacro(t, packsFromConfig, packsFromInput, langu
 }
 parseInputAndConfigErrorMacro.title = (providedTitle) => `Parse Packs input and config Error: ${providedTitle}`;
 (0, ava_1.default)("input only", parseInputAndConfigMacro, {}, " c/d ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [{ packName: "c/d", version: undefined }],
+    [languages_1.Language.cpp]: ["c/d"],
 });
 (0, ava_1.default)("input only with multiple", parseInputAndConfigMacro, {}, "a/b , c/d@1.2.3", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
-        { packName: "a/b", version: undefined },
-        { packName: "c/d", version: "1.2.3" },
-    ],
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
 });
 (0, ava_1.default)("input only with +", parseInputAndConfigMacro, {}, "  +  a/b , c/d@1.2.3 ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
-        { packName: "a/b", version: undefined },
-        { packName: "c/d", version: "1.2.3" },
-    ],
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
 });
 (0, ava_1.default)("config only", parseInputAndConfigMacro, ["a/b", "c/d"], "  ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
-        { packName: "a/b", version: undefined },
-        { packName: "c/d", version: undefined },
-    ],
+    [languages_1.Language.cpp]: ["a/b", "c/d"],
 });
 (0, ava_1.default)("input overrides", parseInputAndConfigMacro, ["a/b", "c/d"], " e/f, g/h@1.2.3 ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
-        { packName: "e/f", version: undefined },
-        { packName: "g/h", version: "1.2.3" },
-    ],
+    [languages_1.Language.cpp]: ["e/f", "g/h@1.2.3"],
 });
 (0, ava_1.default)("input and config", parseInputAndConfigMacro, ["a/b", "c/d"], " +e/f, g/h@1.2.3 ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
-        { packName: "e/f", version: undefined },
-        { packName: "g/h", version: "1.2.3" },
-        { packName: "a/b", version: undefined },
-        { packName: "c/d", version: undefined },
-    ],
+    [languages_1.Language.cpp]: ["e/f", "g/h@1.2.3", "a/b", "c/d"],
 });
 (0, ava_1.default)("input with no language", parseInputAndConfigErrorMacro, {}, "c/d", [], /No languages specified/);
 (0, ava_1.default)("input with two languages", parseInputAndConfigErrorMacro, {}, "c/d", [languages_1.Language.cpp, languages_1.Language.csharp], /multi-language analysis/);
@@ -894,10 +888,7 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
             if (expectedVersionString !== undefined) {
                 t.deepEqual(packs, {
                     [languages_1.Language.javascript]: [
-                        {
-                            packName: "codeql/javascript-experimental-atm-queries",
-                            version: expectedVersionString,
-                        },
+                        `codeql/javascript-experimental-atm-queries@${expectedVersionString}`,
                     ],
                 });
             }
@@ -910,11 +901,28 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
         ? `${expectedVersionString} are`
         : "aren't"} loaded for packs: ${packsInput}, queries: ${queriesInput} using CLI v${codeQLVersion} when feature flag is ${isMlPoweredQueriesFlagEnabled ? "enabled" : "disabled"}`,
 });
-// macro, isMlPoweredQueriesFlagEnabled, packsInput, queriesInput, versionString
+// macro, codeQLVersion, isMlPoweredQueriesFlagEnabled, packsInput, queriesInput, expectedVersionString
+// Test that ML-powered queries aren't run on v2.7.4 of the CLI.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.4", true, undefined, "security-extended", undefined);
+// Test that ML-powered queries aren't run when the feature flag is off.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", false, undefined, "security-extended", undefined);
+// Test that the ~0.1.0 version of ML-powered queries is run on v2.8.3 of the CLI.
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.8.3", true, undefined, "security-extended", process.platform === "win32" ? undefined : "~0.1.0");
+// Test that ML-powered queries aren't run when the user hasn't specified that we should run the
+// `security-extended` or `security-and-quality` query suite.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, undefined, undefined);
-(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, "security-extended", "~0.1.0");
-(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, "security-and-quality", "~0.1.0");
-(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, "codeql/javascript-experimental-atm-queries@0.0.1", "security-and-quality", "0.0.1");
+// Test that ML-powered queries are run on non-Windows platforms running `security-extended` on
+// versions of the CodeQL CLI prior to 2.9.0.
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.8.5", true, undefined, "security-extended", process.platform === "win32" ? undefined : "~0.2.0");
+// Test that ML-powered queries are run on non-Windows platforms running `security-and-quality` on
+// versions of the CodeQL CLI prior to 2.9.0.
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.8.5", true, undefined, "security-and-quality", process.platform === "win32" ? undefined : "~0.2.0");
+// Test that ML-powered queries are run on all platforms running `security-extended` on CodeQL CLI
+// 2.9.0+.
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.9.0", true, undefined, "security-extended", "~0.2.0");
+// Test that ML-powered queries are run on all platforms running `security-and-quality` on CodeQL
+// CLI 2.9.0+.
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.9.0", true, undefined, "security-and-quality", "~0.2.0");
+// Test that we don't inject an ML-powered query pack if the user has already specified one.
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.9.0", true, "codeql/javascript-experimental-atm-queries@0.0.1", "security-and-quality", "0.0.1");
 //# sourceMappingURL=config-utils.test.js.map

lib/database-upload.test.js

@@ -58,6 +58,7 @@ function getTestConfig(tmpDir) {
         debugMode: false,
         debugArtifactName: util_1.DEFAULT_DEBUG_ARTIFACT_NAME,
         debugDatabaseName: util_1.DEFAULT_DEBUG_DATABASE_NAME,
+        injectedMlQueries: false,
     };
 }
 async function mockHttpRequests(databaseUploadStatusCode) {

lib/defaults.json

@@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20220311"
+    "bundleVersion": "codeql-bundle-20220428"
 }

lib/init-action.js

@@ -71,6 +71,7 @@ async function run() {
     const startedAt = new Date();
     const logger = (0, logging_1.getActionsLogger)();
     (0, util_1.initializeEnvironment)(util_1.Mode.actions, pkg.version);
+    await (0, util_1.checkActionVersion)(pkg.version);
     let config;
     let codeql;
     let toolsVersion;

lib/testing-utils.js

@@ -90,6 +90,7 @@ exports.setupTests = setupTests;
 function setupActionsVars(tempDir, toolsDir) {
     process.env["RUNNER_TEMP"] = tempDir;
     process.env["RUNNER_TOOL_CACHE"] = toolsDir;
+    process.env["GITHUB_WORKSPACE"] = tempDir;
 }
 exports.setupActionsVars = setupActionsVars;
 function getRecordingLogger(messages) {

lib/testing-utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"testing-utils.js","sourceRoot":"","sources":["../src/testing-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,wDAA0C;AAE1C,6CAA+B;AAE/B,wDAA0C;AAC1C,iDAAmC;AAEnC,iCAAmC;AASnC,SAAS,UAAU,CAAC,OAAoB;IACtC,8CAA8C;IAC9C,gCAAgC;IAChC,2EAA2E;IAC3E,2FAA2F;IAC3F,OAAO,CACL,KAA0B,EAC1B,QAAiB,EACjB,EAA0B,EACjB,EAAE;QACX,2CAA2C;QAC3C,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,QAAQ,KAAK,UAAU,EAAE;YACtD,EAAE,GAAG,QAAQ,CAAC;YACd,QAAQ,GAAG,SAAS,CAAC;SACtB;QAED,oBAAoB;QACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;SAC7B;aAAM;YACL,OAAO,CAAC,UAAU,IAAI,IAAI,WAAW,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAC1E;QAED,iDAAiD;QACjD,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE;YAChD,EAAE,EAAE,CAAC;SACN;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CAAC,IAAiB;IAC1C,MAAM,SAAS,GAAG,IAA2B,CAAC;IAE9C,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE;QACzB,gEAAgE;QAChE,0CAA0C;QAC1C,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAErB,iEAAiE;QACjE,CAAC,CAAC,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAC1B,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QACpD,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QAEpD,mEAAmE;QACnE,wEAAwE;QACxE,kEAAkE;QAClE,CAAC,CAAC,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;QACnB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAC/B,4BAA4B;QAC5B,0DAA0D;QAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;SAC5C;QAED,uCAAuC;QACvC,KAAK,CAAC,OAAO,EAAE,CAAC;QAEhB,oCAAoC;QACpC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAvCD,gCAuCC;AAED,yEAAyE;AACzE,sDAAsD;AACtD,SAAgB,gBAAgB,CAAC,OAAe,EAAE,QAAgB;IAChE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,QAAQ,CAAC;AAC9C,CAAC;AAHD,4CAGC;AAOD,SAAgB,kBAAkB,CAAC,QAAyB;IAC1D,OAAO;QACL,KAAK,EAAE,CAAC,OAAe,EAAE,EAAE;YACzB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,EAAE,CAAC,OAAe,EAAE,EAAE;YACxB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QACD,OAAO,EAAE,CAAC,OAAuB,EAAE,EAAE;YACnC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YAC5C,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QACD,KAAK,EAAE,CAAC,OAAuB,EAAE,EAAE;YACjC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI;QACnB,UAAU,EAAE,GAAG,EAAE,CAAC,SAAS;QAC3B,QAAQ,EAAE,GAAG,EAAE,CAAC,SAAS;KAC1B,CAAC;AACJ,CAAC;AAtBD,gDAsBC;AAED,0EAA0E;AAC1E,SAAgB,0BAA0B,CACxC,kBAA0B,EAC1B,QAAyC;IAEzC,kEAAkE;IAClE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAExC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAEjD,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAClC,8DAA8D,CAC/D,CAAC;IACF,IAAI,kBAAkB,GAAG,GAAG,EAAE;QAC5B,QAAQ,CAAC,QAAQ,CAAC;YAChB,MAAM,EAAE,kBAAkB;YAC1B,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,EAAE;YACX,GAAG,EAAE,8DAA8D;SACpE,CAAC,CAAC;KACJ;SAAM;QACL,QAAQ,CAAC,MAAM,CAAC,IAAI,gBAAS,CAAC,oBAAoB,EAAE,kBAAkB,CAAC,CAAC,CAAC;KAC1E;IAED,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC;AAC5D,CAAC;AAxBD,gEAwBC"}
+{"version":3,"file":"testing-utils.js","sourceRoot":"","sources":["../src/testing-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,wDAA0C;AAE1C,6CAA+B;AAE/B,wDAA0C;AAC1C,iDAAmC;AAEnC,iCAAmC;AASnC,SAAS,UAAU,CAAC,OAAoB;IACtC,8CAA8C;IAC9C,gCAAgC;IAChC,2EAA2E;IAC3E,2FAA2F;IAC3F,OAAO,CACL,KAA0B,EAC1B,QAAiB,EACjB,EAA0B,EACjB,EAAE;QACX,2CAA2C;QAC3C,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,QAAQ,KAAK,UAAU,EAAE;YACtD,EAAE,GAAG,QAAQ,CAAC;YACd,QAAQ,GAAG,SAAS,CAAC;SACtB;QAED,oBAAoB;QACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;SAC7B;aAAM;YACL,OAAO,CAAC,UAAU,IAAI,IAAI,WAAW,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAC1E;QAED,iDAAiD;QACjD,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE;YAChD,EAAE,EAAE,CAAC;SACN;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CAAC,IAAiB;IAC1C,MAAM,SAAS,GAAG,IAA2B,CAAC;IAE9C,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE;QACzB,gEAAgE;QAChE,0CAA0C;QAC1C,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAErB,iEAAiE;QACjE,CAAC,CAAC,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAC1B,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QACpD,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QAEpD,mEAAmE;QACnE,wEAAwE;QACxE,kEAAkE;QAClE,CAAC,CAAC,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;QACnB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAC/B,4BAA4B;QAC5B,0DAA0D;QAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;SAC5C;QAED,uCAAuC;QACvC,KAAK,CAAC,OAAO,EAAE,CAAC;QAEhB,oCAAoC;QACpC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAvCD,gCAuCC;AAED,yEAAyE;AACzE,sDAAsD;AACtD,SAAgB,gBAAgB,CAAC,OAAe,EAAE,QAAgB;IAChE,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC;IACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,QAAQ,CAAC;IAC5C,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,OAAO,CAAC;AAC5C,CAAC;AAJD,4CAIC;AAOD,SAAgB,kBAAkB,CAAC,QAAyB;IAC1D,OAAO;QACL,KAAK,EAAE,CAAC,OAAe,EAAE,EAAE;YACzB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,IAAI,EAAE,CAAC,OAAe,EAAE,EAAE;YACxB,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC,CAAC;YACzC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QACD,OAAO,EAAE,CAAC,OAAuB,EAAE,EAAE;YACnC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YAC5C,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;QACD,KAAK,EAAE,CAAC,OAAuB,EAAE,EAAE;YACjC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1C,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,EAAE,GAAG,EAAE,CAAC,IAAI;QACnB,UAAU,EAAE,GAAG,EAAE,CAAC,SAAS;QAC3B,QAAQ,EAAE,GAAG,EAAE,CAAC,SAAS;KAC1B,CAAC;AACJ,CAAC;AAtBD,gDAsBC;AAED,0EAA0E;AAC1E,SAAgB,0BAA0B,CACxC,kBAA0B,EAC1B,QAAyC;IAEzC,kEAAkE;IAClE,MAAM,MAAM,GAAG,MAAM,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;IAExC,MAAM,UAAU,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IAEjD,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,CAClC,8DAA8D,CAC/D,CAAC;IACF,IAAI,kBAAkB,GAAG,GAAG,EAAE;QAC5B,QAAQ,CAAC,QAAQ,CAAC;YAChB,MAAM,EAAE,kBAAkB;YAC1B,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,EAAE;YACX,GAAG,EAAE,8DAA8D;SACpE,CAAC,CAAC;KACJ;SAAM;QACL,QAAQ,CAAC,MAAM,CAAC,IAAI,gBAAS,CAAC,oBAAoB,EAAE,kBAAkB,CAAC,CAAC,CAAC;KAC1E;IAED,KAAK,CAAC,IAAI,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,CAAC;AAC5D,CAAC;AAxBD,gEAwBC"}

lib/tracer-config.test.js

@@ -47,6 +47,7 @@ function getTestConfig(tmpDir) {
         debugMode: false,
         debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
         debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+        injectedMlQueries: false,
     };
 }
 // A very minimal setup

lib/upload-lib.js

@@ -93,9 +93,11 @@ function getAutomationID(category, analysis_key, environment) {
 async function uploadPayload(payload, repositoryNwo, apiDetails, logger) {
     logger.info("Uploading results");
     // If in test mode we don't want to upload the results
-    const testMode = process.env["TEST_MODE"] === "true" || false;
-    if (testMode) {
-        logger.debug("In test mode. Results are not uploaded.");
+    if (util.isInTestMode()) {
+        const payloadSaveFile = path.join(actionsUtil.getTemporaryDirectory(), "payload.json");
+        logger.info(`In test mode. Results are not uploaded. Saving to ${payloadSaveFile}`);
+        logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`);
+        fs.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2));
         return;
     }
     const client = api.getApiClient(apiDetails);
@@ -134,7 +136,7 @@ exports.findSarifFilesInDir = findSarifFilesInDir;
 // depending on what the path happens to refer to.
 // Returns true iff the upload occurred and succeeded
 async function uploadFromActions(sarifPath, gitHubVersion, apiDetails, logger) {
-    return await uploadFiles(getSarifFilePaths(sarifPath), (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), await actionsUtil.getCommitOid(), await actionsUtil.getRef(), await actionsUtil.getAnalysisKey(), actionsUtil.getOptionalInput("category"), util.getRequiredEnvParam("GITHUB_WORKFLOW"), actionsUtil.getWorkflowRunID(), actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getRequiredInput("matrix"), gitHubVersion, apiDetails, logger);
+    return await uploadFiles(getSarifFilePaths(sarifPath), (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), await actionsUtil.getCommitOid(actionsUtil.getRequiredInput("checkout_path")), await actionsUtil.getRef(), await actionsUtil.getAnalysisKey(), actionsUtil.getOptionalInput("category"), util.getRequiredEnvParam("GITHUB_WORKFLOW"), actionsUtil.getWorkflowRunID(), actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getRequiredInput("matrix"), gitHubVersion, apiDetails, logger);
 }
 exports.uploadFromActions = uploadFromActions;
 // Uploads a single sarif file or a directory of sarif files
@@ -308,34 +310,28 @@ async function waitForProcessing(repositoryNwo, sarifID, apiDetails, logger) {
             logger.warning("Timed out waiting for analysis to finish processing. Continuing.");
             break;
         }
+        let response = undefined;
         try {
-            const response = await client.request("GET /repos/:owner/:repo/code-scanning/sarifs/:sarif_id", {
+            response = await client.request("GET /repos/:owner/:repo/code-scanning/sarifs/:sarif_id", {
                 owner: repositoryNwo.owner,
                 repo: repositoryNwo.repo,
                 sarif_id: sarifID,
             });
-            const status = response.data.processing_status;
-            logger.info(`Analysis upload status is ${status}.`);
-            if (status === "complete") {
-                break;
-            }
-            else if (status === "failed") {
-                throw new Error(`Code Scanning could not process the submitted SARIF file:\n${response.data.errors}`);
-            }
         }
         catch (e) {
-            if (util.isHTTPError(e)) {
-                switch (e.status) {
-                    case 404:
-                        logger.debug("Analysis is not found yet...");
-                        break; // Note this breaks from the case statement, not the outer loop.
-                    default:
-                        throw e;
-                }
-            }
-            else {
-                throw e;
-            }
+            logger.warning(`An error occurred checking the status of the delivery. ${e} It should still be processed in the background, but errors that occur during processing may not be reported.`);
+            break;
+        }
+        const status = response.data.processing_status;
+        logger.info(`Analysis upload status is ${status}.`);
+        if (status === "complete") {
+            break;
+        }
+        else if (status === "pending") {
+            logger.debug("Analysis processing is still pending...");
+        }
+        else if (status === "failed") {
+            throw new Error(`Code Scanning could not process the submitted SARIF file:\n${response.data.errors}`);
         }
         await util.delay(STATUS_CHECK_FREQUENCY_MILLISECONDS);
     }

lib/upload-sarif-action.js

@@ -37,8 +37,9 @@ async function sendSuccessStatusReport(startedAt, uploadStats) {
     await actionsUtil.sendStatusReport(statusReport);
 }
 async function run() {
-    (0, util_1.initializeEnvironment)(util_1.Mode.actions, pkg.version);
     const startedAt = new Date();
+    (0, util_1.initializeEnvironment)(util_1.Mode.actions, pkg.version);
+    await (0, util_1.checkActionVersion)(pkg.version);
     if (!(await actionsUtil.sendStatusReport(await actionsUtil.createStatusReportBase("upload-sarif", "starting", startedAt)))) {
         return;
     }
@@ -50,7 +51,11 @@ async function run() {
         const gitHubVersion = await (0, api_client_1.getGitHubVersionActionsOnly)();
         const uploadResult = await upload_lib.uploadFromActions(actionsUtil.getRequiredInput("sarif_file"), gitHubVersion, apiDetails, (0, logging_1.getActionsLogger)());
         core.setOutput("sarif-id", uploadResult.sarifID);
-        if (actionsUtil.getRequiredInput("wait-for-processing") === "true") {
+        // We don't upload results in test mode, so don't wait for processing
+        if ((0, util_1.isInTestMode)()) {
+            core.debug("In test mode. Waiting for processing is disabled.");
+        }
+        else if (actionsUtil.getRequiredInput("wait-for-processing") === "true") {
             await upload_lib.waitForProcessing((0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY")), uploadResult.sarifID, apiDetails, (0, logging_1.getActionsLogger)());
         }
         await sendSuccessStatusReport(startedAt, uploadResult.statusReport);

lib/upload-sarif-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAA2D;AAC3D,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAA0E;AAE1E,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAMvC,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAC3C,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;SAC9C,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,wCAA2B,GAAE,CAAC;QAE1D,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,aAAa,EACb,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YAClE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,WAAW,CAAC,gBAAgB,CAAC,KAAK,CAAC,EACnC,SAAS,EACT,OAAO,EACP,KAAK,CACN,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAA2D;AAC3D,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAMgB;AAEhB,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAMvC,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,IAAA,yBAAkB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAC3C,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;SAC9C,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,wCAA2B,GAAE,CAAC;QAE1D,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,aAAa,EACb,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE;YAClB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;SACjE;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YACzE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,WAAW,CAAC,gBAAgB,CAAC,KAAK,CAAC,EACnC,SAAS,EACT,OAAO,EACP,KAAK,CACN,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/util.js

@@ -22,13 +22,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getMlPoweredJsQueriesStatus = exports.ML_POWERED_JS_QUERIES_PACK = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isGitHubGhesVersionBelow = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.isActions = exports.getMode = exports.enrichEnvironment = exports.initializeEnvironment = exports.Mode = exports.assertNever = exports.getGitHubAuth = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
+exports.isInTestMode = exports.checkActionVersion = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isGitHubGhesVersionBelow = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.isActions = exports.getMode = exports.enrichEnvironment = exports.initializeEnvironment = exports.Mode = exports.assertNever = exports.getGitHubAuth = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const del_1 = __importDefault(require("del"));
 const semver = __importStar(require("semver"));
+const api = __importStar(require("./api-client"));
 const api_client_1 = require("./api-client");
 const apiCompatibility = __importStar(require("./api-compatibility.json"));
 const codeql_1 = require("./codeql");
@@ -545,24 +546,26 @@ function isGoodVersion(versionSpec) {
     return !BROKEN_VERSIONS.includes(versionSpec);
 }
 exports.isGoodVersion = isGoodVersion;
+exports.ML_POWERED_JS_QUERIES_PACK_NAME = "codeql/javascript-experimental-atm-queries";
 /**
- * The ML-powered JS query pack to add to the analysis if a repo is opted into the ML-powered
+ * Gets the ML-powered JS query pack to add to the analysis if a repo is opted into the ML-powered
  * queries beta.
  */
-exports.ML_POWERED_JS_QUERIES_PACK = {
-    packName: "codeql/javascript-experimental-atm-queries",
-    version: "~0.1.0",
-};
+async function getMlPoweredJsQueriesPack(codeQL) {
+    if (await codeQlVersionAbove(codeQL, "2.8.4")) {
+        return `${exports.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.2.0`;
+    }
+    return `${exports.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`;
+}
+exports.getMlPoweredJsQueriesPack = getMlPoweredJsQueriesPack;
 /**
  * Get information about ML-powered JS queries to populate status reports with.
  *
  * This will be:
  *
- * - The version string if the analysis is using the ML-powered query pack that will be added to the
- *   analysis if the repo is opted into the ML-powered queries beta, i.e.
- *   {@link ML_POWERED_JS_QUERIES_PACK.version}. If the version string
- *   {@link ML_POWERED_JS_QUERIES_PACK.version} is undefined, then the status report string will be
- *   "latest", however this shouldn't occur in practice (see comment below).
+ * - The version string if the analysis is using a single version of the ML-powered query pack.
+ * - "latest" if the version string of the ML-powered query pack is undefined. This is unlikely to
+ *   occur in practice (see comment below).
  * - "false" if the analysis won't run any ML-powered JS queries.
  * - "other" in all other cases.
  *
@@ -572,30 +575,64 @@ exports.ML_POWERED_JS_QUERIES_PACK = {
  * version of the CodeQL Action. For instance, we might want to compare the `~0.1.0` and `~0.0.2`
  * version strings.
  *
- * We restrict the set of strings we report here by excluding other version strings and combinations
- * of version strings. We do this to limit the cardinality of the ML-powered JS queries status
- * report field, since some platforms that ingest this status report bill based on the cardinality
- * of its fields.
- *
  * This function lives here rather than in `init-action.ts` so it's easier to test, since tests for
  * `init-action.ts` would each need to live in their own file. See `analyze-action-env.ts` for an
  * explanation as to why this is.
  */
 function getMlPoweredJsQueriesStatus(config) {
-    const mlPoweredJsQueryPacks = (config.packs.javascript || []).filter((pack) => pack.packName === exports.ML_POWERED_JS_QUERIES_PACK.packName);
-    if (mlPoweredJsQueryPacks.length === 0) {
-        return "false";
+    const mlPoweredJsQueryPacks = (config.packs.javascript || [])
+        .map((pack) => pack.split("@"))
+        .filter((packNameVersion) => packNameVersion[0] === "codeql/javascript-experimental-atm-queries" &&
+        packNameVersion.length <= 2);
+    switch (mlPoweredJsQueryPacks.length) {
+        case 1:
+            // We should always specify an explicit version string in `getMlPoweredJsQueriesPack`,
+            // otherwise we won't be able to make changes to the pack unless those changes are compatible
+            // with each version of the CodeQL Action. Therefore in practice we should only hit the
+            // `latest` case here when customers have explicitly added the ML-powered query pack to their
+            // CodeQL config.
+            return mlPoweredJsQueryPacks[0][1] || "latest";
+        case 0:
+            return "false";
+        default:
+            return "other";
     }
-    const firstVersionString = mlPoweredJsQueryPacks[0].version;
-    if (mlPoweredJsQueryPacks.length === 1 &&
-        exports.ML_POWERED_JS_QUERIES_PACK.version === firstVersionString) {
-        // We should always specify an explicit version string in `ML_POWERED_JS_QUERIES_PACK`,
-        // otherwise we won't be able to make changes to the pack unless those changes are compatible
-        // with each version of the CodeQL Action. Therefore in practice, we should never hit the
-        // `latest` case here.
-        return exports.ML_POWERED_JS_QUERIES_PACK.version || "latest";
-    }
-    return "other";
 }
 exports.getMlPoweredJsQueriesStatus = getMlPoweredJsQueriesStatus;
+/**
+ * Prompt the customer to upgrade to CodeQL Action v2, if appropriate.
+ *
+ * Check whether a customer is running v1. If they are, and we can determine that the GitHub
+ * instance supports v2, then log a warning about v1's upcoming deprecation prompting the customer
+ * to upgrade to v2.
+ */
+async function checkActionVersion(version) {
+    var _a;
+    if (!semver.satisfies(version, ">=2")) {
+        const githubVersion = await api.getGitHubVersionActionsOnly();
+        // Only log a warning for versions of GHES that are compatible with CodeQL Action version 2.
+        //
+        // GHES 3.4 shipped without the v2 tag, but it also shipped without this warning message code.
+        // Therefore users who are seeing this warning message code have pulled in a new version of the
+        // Action, and with it the v2 tag.
+        if (githubVersion.type === GitHubVariant.DOTCOM ||
+            githubVersion.type === GitHubVariant.GHAE ||
+            (githubVersion.type === GitHubVariant.GHES &&
+                semver.satisfies((_a = semver.coerce(githubVersion.version)) !== null && _a !== void 0 ? _a : "0.0.0", ">=3.4"))) {
+            core.warning("CodeQL Action v1 will be deprecated on December 7th, 2022. Please upgrade to v2. For " +
+                "more information, see " +
+                "https://github.blog/changelog/2022-04-27-code-scanning-deprecation-of-codeql-action-v1/");
+        }
+    }
+}
+exports.checkActionVersion = checkActionVersion;
+/*
+ * Returns whether we are in test mode.
+ *
+ * In test mode, we don't upload SARIF results or status reports to the GitHub API.
+ */
+function isInTestMode() {
+    return process.env["TEST_MODE"] === "true" || false;
+}
+exports.isInTestMode = isInTestMode;
 //# sourceMappingURL=util.js.map

lib/util.test.js

@@ -25,6 +25,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const stream = __importStar(require("stream"));
+const core = __importStar(require("@actions/core"));
 const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
@@ -205,32 +206,31 @@ async function mockStdInForAuthExpectError(t, mockLogger, ...text) {
     await t.throwsAsync(async () => util.getGitHubAuth(mockLogger, undefined, true, stdin));
 }
 const ML_POWERED_JS_STATUS_TESTS = [
+    // If no packs are loaded, status is false.
     [[], "false"],
-    [[{ packName: "someOtherPack" }], "false"],
+    // If another pack is loaded but not the ML-powered query pack, status is false.
+    [["someOtherPack"], "false"],
+    // If the ML-powered query pack is loaded with a specific version, status is that version.
+    [[`${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`], "~0.1.0"],
+    // If the ML-powered query pack is loaded with a specific version and another pack is loaded, the
+    // status is the version of the ML-powered query pack.
     [
-        [{ packName: "someOtherPack" }, util.ML_POWERED_JS_QUERIES_PACK],
-        util.ML_POWERED_JS_QUERIES_PACK.version,
-    ],
-    [[util.ML_POWERED_JS_QUERIES_PACK], util.ML_POWERED_JS_QUERIES_PACK.version],
-    [[{ packName: util.ML_POWERED_JS_QUERIES_PACK.packName }], "other"],
-    [
-        [{ packName: util.ML_POWERED_JS_QUERIES_PACK.packName, version: "~0.0.1" }],
-        "other",
+        ["someOtherPack", `${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`],
+        "~0.1.0",
     ],
+    // If the ML-powered query pack is loaded without a version, the status is "latest".
+    [[util.ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
+    // If the ML-powered query pack is loaded with two different versions, the status is "other".
     [
         [
-            { packName: util.ML_POWERED_JS_QUERIES_PACK.packName, version: "0.0.1" },
-            { packName: util.ML_POWERED_JS_QUERIES_PACK.packName, version: "0.0.2" },
-        ],
-        "other",
-    ],
-    [
-        [
-            { packName: "someOtherPack" },
-            { packName: util.ML_POWERED_JS_QUERIES_PACK.packName },
+            `${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.0.1`,
+            `${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.0.2`,
         ],
         "other",
     ],
+    // If the ML-powered query pack is loaded with no specific version, and another pack is loaded,
+    // the status is "latest".
+    [["someOtherPack", util.ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
 ];
 for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
     const packDescriptions = `[${packs
@@ -257,6 +257,7 @@ for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
                 debugMode: false,
                 debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
                 debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
+                injectedMlQueries: false,
             };
             t.is(util.getMlPoweredJsQueriesStatus(config), expectedStatus);
         });
@@ -269,4 +270,50 @@ for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
     t.falsy(util.isGitHubGhesVersionBelow({ type: util.GitHubVariant.GHES, version: "3.2.0" }, "3.2.0"));
     t.true(util.isGitHubGhesVersionBelow({ type: util.GitHubVariant.GHES, version: "3.1.2" }, "3.2.0"));
 });
+function formatGitHubVersion(version) {
+    switch (version.type) {
+        case util.GitHubVariant.DOTCOM:
+            return "dotcom";
+        case util.GitHubVariant.GHAE:
+            return "GHAE";
+        case util.GitHubVariant.GHES:
+            return `GHES ${version.version}`;
+        default:
+            util.assertNever(version);
+    }
+}
+const CHECK_ACTION_VERSION_TESTS = [
+    ["1.2.1", { type: util.GitHubVariant.DOTCOM }, true],
+    ["1.2.1", { type: util.GitHubVariant.GHAE }, true],
+    ["1.2.1", { type: util.GitHubVariant.GHES, version: "3.3" }, false],
+    ["1.2.1", { type: util.GitHubVariant.GHES, version: "3.4" }, true],
+    ["1.2.1", { type: util.GitHubVariant.GHES, version: "3.5" }, true],
+    ["2.2.1", { type: util.GitHubVariant.DOTCOM }, false],
+    ["2.2.1", { type: util.GitHubVariant.GHAE }, false],
+    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.3" }, false],
+    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.4" }, false],
+    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.5" }, false],
+];
+for (const [version, githubVersion, shouldReportWarning,] of CHECK_ACTION_VERSION_TESTS) {
+    const reportWarningDescription = shouldReportWarning
+        ? "reports warning"
+        : "doesn't report warning";
+    const versionsDescription = `CodeQL Action version ${version} and GitHub version ${formatGitHubVersion(githubVersion)}`;
+    (0, ava_1.default)(`checkActionVersion ${reportWarningDescription} for ${versionsDescription}`, async (t) => {
+        const warningSpy = sinon.spy(core, "warning");
+        const versionStub = sinon
+            .stub(api, "getGitHubVersionActionsOnly")
+            .resolves(githubVersion);
+        const isActionsStub = sinon.stub(util, "isActions").returns(true);
+        await util.checkActionVersion(version);
+        if (shouldReportWarning) {
+            t.true(warningSpy.calledOnceWithExactly(sinon.match("CodeQL Action v1 will be deprecated")));
+        }
+        else {
+            t.false(warningSpy.called);
+        }
+        versionStub.restore();
+        isActionsStub.restore();
+    });
+}
 //# sourceMappingURL=util.test.js.map

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "1.1.6",
+  "version": "2.1.11",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
@@ -481,9 +481,9 @@
       "dev": true
     },
     "node_modules/@types/node": {
-      "version": "12.12.70",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-12.12.70.tgz",
-      "integrity": "sha512-i5y7HTbvhonZQE+GnUM2rz1Bi8QkzxdQmEv1LKOv4nWyaQk/gdeiTApuQR3PDJHX7WomAbpx2wlWSEpxXGZ/UQ=="
+      "version": "16.11.22",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-16.11.22.tgz",
+      "integrity": "sha512-DYNtJWauMQ9RNpesl4aVothr97/tIJM8HbyOXJ0AYT1Z2bEjLHyfjOBPAQQVMLf8h3kSShYfNk8Wnto8B2zHUA=="
     },
     "node_modules/@types/semver": {
       "version": "7.3.8",
@@ -893,6 +893,14 @@
         "node": ">=8"
       }
     },
+    "node_modules/array-uniq": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz",
+      "integrity": "sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/array.prototype.flat": {
       "version": "1.2.4",
       "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.2.4.tgz",
@@ -2788,10 +2796,40 @@
         "loc": "dist/cli.js"
       }
     },
+    "node_modules/github-linguist/node_modules/array-union": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz",
+      "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=",
+      "dependencies": {
+        "array-uniq": "^1.0.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/github-linguist/node_modules/commander": {
       "version": "2.20.3",
       "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
     },
+    "node_modules/github-linguist/node_modules/glob": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz",
+      "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
     "node_modules/github-linguist/node_modules/globby": {
       "version": "6.1.0",
       "integrity": "sha1-9abXDoOV4hyFj7BInWTfAkJNUGw=",
@@ -2814,18 +2852,19 @@
       }
     },
     "node_modules/glob": {
-      "version": "7.1.7",
-      "integrity": "sha512-OvD9ENzPLbegENnYP5UUfJIirTg4+XwMWGaQfQTY0JenxNvvIKP3U3/tAQSPIu/lHxXYSZmpXlUHeqAIdKzBLQ==",
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-8.0.1.tgz",
+      "integrity": "sha512-cF7FYZZ47YzmCu7dDy50xSRRfO3ErRfrXuLZcNIuyiJEco0XSrGtuilG19L5xp3NcwTx7Gn+X6Tv3fmsUPTbow==",
       "dependencies": {
         "fs.realpath": "^1.0.0",
         "inflight": "^1.0.4",
         "inherits": "2",
-        "minimatch": "^3.0.4",
+        "minimatch": "^5.0.1",
         "once": "^1.3.0",
         "path-is-absolute": "^1.0.0"
       },
       "engines": {
-        "node": "*"
+        "node": ">=12"
       },
       "funding": {
         "url": "https://github.com/sponsors/isaacs"
@@ -2842,6 +2881,25 @@
         "node": ">= 6"
       }
     },
+    "node_modules/glob/node_modules/brace-expansion": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/glob/node_modules/minimatch": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz",
+      "integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==",
+      "dependencies": {
+        "brace-expansion": "^2.0.1"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/globals": {
       "version": "13.10.0",
       "resolved": "https://registry.npmjs.org/globals/-/globals-13.10.0.tgz",
@@ -3593,8 +3651,9 @@
       }
     },
     "node_modules/minimist": {
-      "version": "1.2.5",
-      "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==",
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz",
+      "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==",
       "dev": true
     },
     "node_modules/ms": {
@@ -4448,6 +4507,25 @@
         "url": "https://github.com/sponsors/isaacs"
       }
     },
+    "node_modules/rimraf/node_modules/glob": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz",
+      "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==",
+      "dependencies": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      },
+      "engines": {
+        "node": "*"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
     "node_modules/run-parallel": {
       "version": "1.1.9",
       "integrity": "sha512-DEqnSRTDw/Tc3FXf49zedI638Z9onwUotBMiUFKmrO2sdFKIbXamXGQ3Axd4qgphxKB4kw/qP1w5kTxnfU1B9Q=="

node_modules/@types/node/README.md

@@ -2,15 +2,15 @@
 > `npm install --save @types/node`
 
 # Summary
-This package contains type definitions for Node.js (http://nodejs.org/).
+This package contains type definitions for Node.js (https://nodejs.org/).
 
 # Details
-Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node/v12.
+Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/node/v16.
 
 ### Additional Details
- * Last updated: Wed, 21 Oct 2020 17:47:46 GMT
+ * Last updated: Tue, 01 Feb 2022 08:31:30 GMT
  * Dependencies: none
- * Global values: `Buffer`, `NodeJS`, `__dirname`, `__filename`, `clearImmediate`, `clearInterval`, `clearTimeout`, `console`, `exports`, `global`, `module`, `process`, `queueMicrotask`, `require`, `setImmediate`, `setInterval`, `setTimeout`
+ * Global values: `AbortController`, `AbortSignal`, `__dirname`, `__filename`, `console`, `exports`, `gc`, `global`, `module`, `process`, `require`
 
 # Credits
-These definitions were written by [Microsoft TypeScript](https://github.com/Microsoft), [DefinitelyTyped](https://github.com/DefinitelyTyped), [Alberto Schiabel](https://github.com/jkomyno), [Alexander T.](https://github.com/a-tarasyuk), [Alvis HT Tang](https://github.com/alvis), [Andrew Makarov](https://github.com/r3nya), [Benjamin Toueg](https://github.com/btoueg), [Bruno Scheufler](https://github.com/brunoscheufler), [Chigozirim C.](https://github.com/smac89), [David Junger](https://github.com/touffy), [Deividas Bakanas](https://github.com/DeividasBakanas), [Eugene Y. Q. Shen](https://github.com/eyqs), [Flarna](https://github.com/Flarna), [Hannes Magnusson](https://github.com/Hannes-Magnusson-CK), [Hoàng Văn Khải](https://github.com/KSXGitHub), [Huw](https://github.com/hoo29), [Kelvin Jin](https://github.com/kjin), [Klaus Meinhardt](https://github.com/ajafff), [Lishude](https://github.com/islishude), [Mariusz Wiktorczyk](https://github.com/mwiktorczyk), [Mohsen Azimi](https://github.com/mohsen1), [Nicolas Even](https://github.com/n-e), [Nikita Galkin](https://github.com/galkin), [Parambir Singh](https://github.com/parambirs), [Sebastian Silbermann](https://github.com/eps1lon), [Simon Schick](https://github.com/SimonSchick), [Thomas den Hollander](https://github.com/ThomasdenH), [Wilco Bakker](https://github.com/WilcoBakker), [wwwy3y3](https://github.com/wwwy3y3), [Zane Hannan AU](https://github.com/ZaneHannanAU), [Samuel Ainsworth](https://github.com/samuela), [Kyle Uehlein](https://github.com/kuehlein), [Jordi Oliveras Rovira](https://github.com/j-oliveras), [Thanik Bhongbhibhat](https://github.com/bhongy), [Marcin Kopacz](https://github.com/chyzwar), [Trivikram Kamat](https://github.com/trivikr), [Minh Son Nguyen](https://github.com/nguymin4), [Junxiao Shi](https://github.com/yoursunny), [Ilia Baryshnikov](https://github.com/qwelias), [ExE Boss](https://github.com/ExE-Boss), and [Jason Kwok](https://github.com/JasonHK).
+These definitions were written by [Microsoft TypeScript](https://github.com/Microsoft), [DefinitelyTyped](https://github.com/DefinitelyTyped), [Alberto Schiabel](https://github.com/jkomyno), [Alvis HT Tang](https://github.com/alvis), [Andrew Makarov](https://github.com/r3nya), [Benjamin Toueg](https://github.com/btoueg), [Chigozirim C.](https://github.com/smac89), [David Junger](https://github.com/touffy), [Deividas Bakanas](https://github.com/DeividasBakanas), [Eugene Y. Q. Shen](https://github.com/eyqs), [Hannes Magnusson](https://github.com/Hannes-Magnusson-CK), [Huw](https://github.com/hoo29), [Kelvin Jin](https://github.com/kjin), [Klaus Meinhardt](https://github.com/ajafff), [Lishude](https://github.com/islishude), [Mariusz Wiktorczyk](https://github.com/mwiktorczyk), [Mohsen Azimi](https://github.com/mohsen1), [Nicolas Even](https://github.com/n-e), [Nikita Galkin](https://github.com/galkin), [Parambir Singh](https://github.com/parambirs), [Sebastian Silbermann](https://github.com/eps1lon), [Seth Westphal](https://github.com/westy92), [Simon Schick](https://github.com/SimonSchick), [Thomas den Hollander](https://github.com/ThomasdenH), [Wilco Bakker](https://github.com/WilcoBakker), [wwwy3y3](https://github.com/wwwy3y3), [Samuel Ainsworth](https://github.com/samuela), [Kyle Uehlein](https://github.com/kuehlein), [Thanik Bhongbhibhat](https://github.com/bhongy), [Marcin Kopacz](https://github.com/chyzwar), [Trivikram Kamat](https://github.com/trivikr), [Junxiao Shi](https://github.com/yoursunny), [Ilia Baryshnikov](https://github.com/qwelias), [ExE Boss](https://github.com/ExE-Boss), [Piotr Błażejewicz](https://github.com/peterblazejewicz), [Anna Henningsen](https://github.com/addaleax), [Victor Perin](https://github.com/victorperin), [Yongsheng Zhang](https://github.com/ZYSzys), [NodeJS Contributors](https://github.com/NodeJS), [Linus Unnebäck](https://github.com/LinusU), and [wafuwafu13](https://github.com/wafuwafu13).

node_modules/@types/node/assert.d.ts

@@ -1,91 +1,912 @@
+/**
+ * The `assert` module provides a set of assertion functions for verifying
+ * invariants.
+ * @see [source](https://github.com/nodejs/node/blob/v16.9.0/lib/assert.js)
+ */
 declare module 'assert' {
-    function assert(value: any, message?: string | Error): asserts value;
+    /**
+     * An alias of {@link ok}.
+     * @since v0.5.9
+     * @param value The input that is checked for being truthy.
+     */
+    function assert(value: unknown, message?: string | Error): asserts value;
     namespace assert {
-        class AssertionError implements Error {
-            name: string;
-            message: string;
-            actual: any;
-            expected: any;
+        /**
+         * Indicates the failure of an assertion. All errors thrown by the `assert` module
+         * will be instances of the `AssertionError` class.
+         */
+        class AssertionError extends Error {
+            actual: unknown;
+            expected: unknown;
             operator: string;
             generatedMessage: boolean;
             code: 'ERR_ASSERTION';
-
             constructor(options?: {
-                message?: string;
-                actual?: any;
-                expected?: any;
-                operator?: string;
-                stackStartFn?: Function;
+                /** If provided, the error message is set to this value. */
+                message?: string | undefined;
+                /** The `actual` property on the error instance. */
+                actual?: unknown | undefined;
+                /** The `expected` property on the error instance. */
+                expected?: unknown | undefined;
+                /** The `operator` property on the error instance. */
+                operator?: string | undefined;
+                /** If provided, the generated stack trace omits frames before this function. */
+                // tslint:disable-next-line:ban-types
+                stackStartFn?: Function | undefined;
             });
         }
-
+        /**
+         * This feature is currently experimental and behavior might still change.
+         * @since v14.2.0, v12.19.0
+         * @experimental
+         */
+        class CallTracker {
+            /**
+             * The wrapper function is expected to be called exactly `exact` times. If the
+             * function has not been called exactly `exact` times when `tracker.verify()` is called, then `tracker.verify()` will throw an
+             * error.
+             *
+             * ```js
+             * import assert from 'assert';
+             *
+             * // Creates call tracker.
+             * const tracker = new assert.CallTracker();
+             *
+             * function func() {}
+             *
+             * // Returns a function that wraps func() that must be called exact times
+             * // before tracker.verify().
+             * const callsfunc = tracker.calls(func);
+             * ```
+             * @since v14.2.0, v12.19.0
+             * @param [fn='A no-op function']
+             * @param [exact=1]
+             * @return that wraps `fn`.
+             */
+            calls(exact?: number): () => void;
+            calls<Func extends (...args: any[]) => any>(fn?: Func, exact?: number): Func;
+            /**
+             * The arrays contains information about the expected and actual number of calls of
+             * the functions that have not been called the expected number of times.
+             *
+             * ```js
+             * import assert from 'assert';
+             *
+             * // Creates call tracker.
+             * const tracker = new assert.CallTracker();
+             *
+             * function func() {}
+             *
+             * function foo() {}
+             *
+             * // Returns a function that wraps func() that must be called exact times
+             * // before tracker.verify().
+             * const callsfunc = tracker.calls(func, 2);
+             *
+             * // Returns an array containing information on callsfunc()
+             * tracker.report();
+             * // [
+             * //  {
+             * //    message: 'Expected the func function to be executed 2 time(s) but was
+             * //    executed 0 time(s).',
+             * //    actual: 0,
+             * //    expected: 2,
+             * //    operator: 'func',
+             * //    stack: stack trace
+             * //  }
+             * // ]
+             * ```
+             * @since v14.2.0, v12.19.0
+             * @return of objects containing information about the wrapper functions returned by `calls`.
+             */
+            report(): CallTrackerReportInformation[];
+            /**
+             * Iterates through the list of functions passed to `tracker.calls()` and will throw an error for functions that
+             * have not been called the expected number of times.
+             *
+             * ```js
+             * import assert from 'assert';
+             *
+             * // Creates call tracker.
+             * const tracker = new assert.CallTracker();
+             *
+             * function func() {}
+             *
+             * // Returns a function that wraps func() that must be called exact times
+             * // before tracker.verify().
+             * const callsfunc = tracker.calls(func, 2);
+             *
+             * callsfunc();
+             *
+             * // Will throw an error since callsfunc() was only called once.
+             * tracker.verify();
+             * ```
+             * @since v14.2.0, v12.19.0
+             */
+            verify(): void;
+        }
+        interface CallTrackerReportInformation {
+            message: string;
+            /** The actual number of times the function was called. */
+            actual: number;
+            /** The number of times the function was expected to be called. */
+            expected: number;
+            /** The name of the function that is wrapped. */
+            operator: string;
+            /** A stack trace of the function. */
+            stack: object;
+        }
+        type AssertPredicate = RegExp | (new () => object) | ((thrown: unknown) => boolean) | object | Error;
+        /**
+         * Throws an `AssertionError` with the provided error message or a default
+         * error message. If the `message` parameter is an instance of an `Error` then
+         * it will be thrown instead of the `AssertionError`.
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.fail();
+         * // AssertionError [ERR_ASSERTION]: Failed
+         *
+         * assert.fail('boom');
+         * // AssertionError [ERR_ASSERTION]: boom
+         *
+         * assert.fail(new TypeError('need array'));
+         * // TypeError: need array
+         * ```
+         *
+         * Using `assert.fail()` with more than two arguments is possible but deprecated.
+         * See below for further details.
+         * @since v0.1.21
+         * @param [message='Failed']
+         */
         function fail(message?: string | Error): never;
         /** @deprecated since v10.0.0 - use fail([message]) or other assert functions instead. */
         function fail(
-            actual: any,
-            expected: any,
+            actual: unknown,
+            expected: unknown,
             message?: string | Error,
             operator?: string,
-            stackStartFn?: Function,
+            // tslint:disable-next-line:ban-types
+            stackStartFn?: Function
         ): never;
-        function ok(value: any, message?: string | Error): asserts value;
-        /** @deprecated since v9.9.0 - use strictEqual() instead. */
-        function equal(actual: any, expected: any, message?: string | Error): void;
-        /** @deprecated since v9.9.0 - use notStrictEqual() instead. */
-        function notEqual(actual: any, expected: any, message?: string | Error): void;
-        /** @deprecated since v9.9.0 - use deepStrictEqual() instead. */
-        function deepEqual(actual: any, expected: any, message?: string | Error): void;
-        /** @deprecated since v9.9.0 - use notDeepStrictEqual() instead. */
-        function notDeepEqual(actual: any, expected: any, message?: string | Error): void;
-        function strictEqual<T>(actual: any, expected: T, message?: string | Error): asserts actual is T;
-        function notStrictEqual(actual: any, expected: any, message?: string | Error): void;
-        function deepStrictEqual<T>(actual: any, expected: T, message?: string | Error): asserts actual is T;
-        function notDeepStrictEqual(actual: any, expected: any, message?: string | Error): void;
-
-        function throws(block: () => any, message?: string | Error): void;
-        function throws(block: () => any, error: RegExp | Function | Object | Error, message?: string | Error): void;
-        function doesNotThrow(block: () => any, message?: string | Error): void;
-        function doesNotThrow(block: () => any, error: RegExp | Function, message?: string | Error): void;
-
-        function ifError(value: any): asserts value is null | undefined;
-
-        function rejects(block: (() => Promise<any>) | Promise<any>, message?: string | Error): Promise<void>;
-        function rejects(
-            block: (() => Promise<any>) | Promise<any>,
-            error: RegExp | Function | Object | Error,
-            message?: string | Error,
-        ): Promise<void>;
-        function doesNotReject(block: (() => Promise<any>) | Promise<any>, message?: string | Error): Promise<void>;
-        function doesNotReject(
-            block: (() => Promise<any>) | Promise<any>,
-            error: RegExp | Function,
-            message?: string | Error,
-        ): Promise<void>;
-
-        const strict: Omit<
-            typeof assert,
-            | 'strict'
-            | 'deepEqual'
-            | 'notDeepEqual'
-            | 'equal'
-            | 'notEqual'
-            | 'ok'
-            | 'strictEqual'
-            | 'deepStrictEqual'
-            | 'ifError'
-        > & {
-            (value: any, message?: string | Error): asserts value;
-            strict: typeof strict;
-            deepEqual: typeof deepStrictEqual;
-            notDeepEqual: typeof notDeepStrictEqual;
+        /**
+         * Tests if `value` is truthy. It is equivalent to`assert.equal(!!value, true, message)`.
+         *
+         * If `value` is not truthy, an `AssertionError` is thrown with a `message`property set equal to the value of the `message` parameter. If the `message`parameter is `undefined`, a default
+         * error message is assigned. If the `message`parameter is an instance of an `Error` then it will be thrown instead of the`AssertionError`.
+         * If no arguments are passed in at all `message` will be set to the string:`` 'No value argument passed to `assert.ok()`' ``.
+         *
+         * Be aware that in the `repl` the error message will be different to the one
+         * thrown in a file! See below for further details.
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.ok(true);
+         * // OK
+         * assert.ok(1);
+         * // OK
+         *
+         * assert.ok();
+         * // AssertionError: No value argument passed to `assert.ok()`
+         *
+         * assert.ok(false, 'it\'s false');
+         * // AssertionError: it's false
+         *
+         * // In the repl:
+         * assert.ok(typeof 123 === 'string');
+         * // AssertionError: false == true
+         *
+         * // In a file (e.g. test.js):
+         * assert.ok(typeof 123 === 'string');
+         * // AssertionError: The expression evaluated to a falsy value:
+         * //
+         * //   assert.ok(typeof 123 === 'string')
+         *
+         * assert.ok(false);
+         * // AssertionError: The expression evaluated to a falsy value:
+         * //
+         * //   assert.ok(false)
+         *
+         * assert.ok(0);
+         * // AssertionError: The expression evaluated to a falsy value:
+         * //
+         * //   assert.ok(0)
+         * ```
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * // Using `assert()` works the same:
+         * assert(0);
+         * // AssertionError: The expression evaluated to a falsy value:
+         * //
+         * //   assert(0)
+         * ```
+         * @since v0.1.21
+         */
+        function ok(value: unknown, message?: string | Error): asserts value;
+        /**
+         * **Strict assertion mode**
+         *
+         * An alias of {@link strictEqual}.
+         *
+         * **Legacy assertion mode**
+         *
+         * > Stability: 3 - Legacy: Use {@link strictEqual} instead.
+         *
+         * Tests shallow, coercive equality between the `actual` and `expected` parameters
+         * using the [Abstract Equality Comparison](https://tc39.github.io/ecma262/#sec-abstract-equality-comparison) ( `==` ). `NaN` is special handled
+         * and treated as being identical in case both sides are `NaN`.
+         *
+         * ```js
+         * import assert from 'assert';
+         *
+         * assert.equal(1, 1);
+         * // OK, 1 == 1
+         * assert.equal(1, '1');
+         * // OK, 1 == '1'
+         * assert.equal(NaN, NaN);
+         * // OK
+         *
+         * assert.equal(1, 2);
+         * // AssertionError: 1 == 2
+         * assert.equal({ a: { b: 1 } }, { a: { b: 1 } });
+         * // AssertionError: { a: { b: 1 } } == { a: { b: 1 } }
+         * ```
+         *
+         * If the values are not equal, an `AssertionError` is thrown with a `message`property set equal to the value of the `message` parameter. If the `message`parameter is undefined, a default
+         * error message is assigned. If the `message`parameter is an instance of an `Error` then it will be thrown instead of the`AssertionError`.
+         * @since v0.1.21
+         */
+        function equal(actual: unknown, expected: unknown, message?: string | Error): void;
+        /**
+         * **Strict assertion mode**
+         *
+         * An alias of {@link notStrictEqual}.
+         *
+         * **Legacy assertion mode**
+         *
+         * > Stability: 3 - Legacy: Use {@link notStrictEqual} instead.
+         *
+         * Tests shallow, coercive inequality with the [Abstract Equality Comparison](https://tc39.github.io/ecma262/#sec-abstract-equality-comparison)(`!=` ). `NaN` is special handled and treated as
+         * being identical in case both
+         * sides are `NaN`.
+         *
+         * ```js
+         * import assert from 'assert';
+         *
+         * assert.notEqual(1, 2);
+         * // OK
+         *
+         * assert.notEqual(1, 1);
+         * // AssertionError: 1 != 1
+         *
+         * assert.notEqual(1, '1');
+         * // AssertionError: 1 != '1'
+         * ```
+         *
+         * If the values are equal, an `AssertionError` is thrown with a `message`property set equal to the value of the `message` parameter. If the `message`parameter is undefined, a default error
+         * message is assigned. If the `message`parameter is an instance of an `Error` then it will be thrown instead of the`AssertionError`.
+         * @since v0.1.21
+         */
+        function notEqual(actual: unknown, expected: unknown, message?: string | Error): void;
+        /**
+         * **Strict assertion mode**
+         *
+         * An alias of {@link deepStrictEqual}.
+         *
+         * **Legacy assertion mode**
+         *
+         * > Stability: 3 - Legacy: Use {@link deepStrictEqual} instead.
+         *
+         * Tests for deep equality between the `actual` and `expected` parameters. Consider
+         * using {@link deepStrictEqual} instead. {@link deepEqual} can have
+         * surprising results.
+         *
+         * _Deep equality_ means that the enumerable "own" properties of child objects
+         * are also recursively evaluated by the following rules.
+         * @since v0.1.21
+         */
+        function deepEqual(actual: unknown, expected: unknown, message?: string | Error): void;
+        /**
+         * **Strict assertion mode**
+         *
+         * An alias of {@link notDeepStrictEqual}.
+         *
+         * **Legacy assertion mode**
+         *
+         * > Stability: 3 - Legacy: Use {@link notDeepStrictEqual} instead.
+         *
+         * Tests for any deep inequality. Opposite of {@link deepEqual}.
+         *
+         * ```js
+         * import assert from 'assert';
+         *
+         * const obj1 = {
+         *   a: {
+         *     b: 1
+         *   }
+         * };
+         * const obj2 = {
+         *   a: {
+         *     b: 2
+         *   }
+         * };
+         * const obj3 = {
+         *   a: {
+         *     b: 1
+         *   }
+         * };
+         * const obj4 = Object.create(obj1);
+         *
+         * assert.notDeepEqual(obj1, obj1);
+         * // AssertionError: { a: { b: 1 } } notDeepEqual { a: { b: 1 } }
+         *
+         * assert.notDeepEqual(obj1, obj2);
+         * // OK
+         *
+         * assert.notDeepEqual(obj1, obj3);
+         * // AssertionError: { a: { b: 1 } } notDeepEqual { a: { b: 1 } }
+         *
+         * assert.notDeepEqual(obj1, obj4);
+         * // OK
+         * ```
+         *
+         * If the values are deeply equal, an `AssertionError` is thrown with a`message` property set equal to the value of the `message` parameter. If the`message` parameter is undefined, a default
+         * error message is assigned. If the`message` parameter is an instance of an `Error` then it will be thrown
+         * instead of the `AssertionError`.
+         * @since v0.1.21
+         */
+        function notDeepEqual(actual: unknown, expected: unknown, message?: string | Error): void;
+        /**
+         * Tests strict equality between the `actual` and `expected` parameters as
+         * determined by the [SameValue Comparison](https://tc39.github.io/ecma262/#sec-samevalue).
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.strictEqual(1, 2);
+         * // AssertionError [ERR_ASSERTION]: Expected inputs to be strictly equal:
+         * //
+         * // 1 !== 2
+         *
+         * assert.strictEqual(1, 1);
+         * // OK
+         *
+         * assert.strictEqual('Hello foobar', 'Hello World!');
+         * // AssertionError [ERR_ASSERTION]: Expected inputs to be strictly equal:
+         * // + actual - expected
+         * //
+         * // + 'Hello foobar'
+         * // - 'Hello World!'
+         * //          ^
+         *
+         * const apples = 1;
+         * const oranges = 2;
+         * assert.strictEqual(apples, oranges, `apples ${apples} !== oranges ${oranges}`);
+         * // AssertionError [ERR_ASSERTION]: apples 1 !== oranges 2
+         *
+         * assert.strictEqual(1, '1', new TypeError('Inputs are not identical'));
+         * // TypeError: Inputs are not identical
+         * ```
+         *
+         * If the values are not strictly equal, an `AssertionError` is thrown with a`message` property set equal to the value of the `message` parameter. If the`message` parameter is undefined, a
+         * default error message is assigned. If the`message` parameter is an instance of an `Error` then it will be thrown
+         * instead of the `AssertionError`.
+         * @since v0.1.21
+         */
+        function strictEqual<T>(actual: unknown, expected: T, message?: string | Error): asserts actual is T;
+        /**
+         * Tests strict inequality between the `actual` and `expected` parameters as
+         * determined by the [SameValue Comparison](https://tc39.github.io/ecma262/#sec-samevalue).
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.notStrictEqual(1, 2);
+         * // OK
+         *
+         * assert.notStrictEqual(1, 1);
+         * // AssertionError [ERR_ASSERTION]: Expected "actual" to be strictly unequal to:
+         * //
+         * // 1
+         *
+         * assert.notStrictEqual(1, '1');
+         * // OK
+         * ```
+         *
+         * If the values are strictly equal, an `AssertionError` is thrown with a`message` property set equal to the value of the `message` parameter. If the`message` parameter is undefined, a
+         * default error message is assigned. If the`message` parameter is an instance of an `Error` then it will be thrown
+         * instead of the `AssertionError`.
+         * @since v0.1.21
+         */
+        function notStrictEqual(actual: unknown, expected: unknown, message?: string | Error): void;
+        /**
+         * Tests for deep equality between the `actual` and `expected` parameters.
+         * "Deep" equality means that the enumerable "own" properties of child objects
+         * are recursively evaluated also by the following rules.
+         * @since v1.2.0
+         */
+        function deepStrictEqual<T>(actual: unknown, expected: T, message?: string | Error): asserts actual is T;
+        /**
+         * Tests for deep strict inequality. Opposite of {@link deepStrictEqual}.
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.notDeepStrictEqual({ a: 1 }, { a: '1' });
+         * // OK
+         * ```
+         *
+         * If the values are deeply and strictly equal, an `AssertionError` is thrown
+         * with a `message` property set equal to the value of the `message` parameter. If
+         * the `message` parameter is undefined, a default error message is assigned. If
+         * the `message` parameter is an instance of an `Error` then it will be thrown
+         * instead of the `AssertionError`.
+         * @since v1.2.0
+         */
+        function notDeepStrictEqual(actual: unknown, expected: unknown, message?: string | Error): void;
+        /**
+         * Expects the function `fn` to throw an error.
+         *
+         * If specified, `error` can be a [`Class`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Classes),
+         * [`RegExp`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions), a validation function,
+         * a validation object where each property will be tested for strict deep equality,
+         * or an instance of error where each property will be tested for strict deep
+         * equality including the non-enumerable `message` and `name` properties. When
+         * using an object, it is also possible to use a regular expression, when
+         * validating against a string property. See below for examples.
+         *
+         * If specified, `message` will be appended to the message provided by the`AssertionError` if the `fn` call fails to throw or in case the error validation
+         * fails.
+         *
+         * Custom validation object/error instance:
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * const err = new TypeError('Wrong value');
+         * err.code = 404;
+         * err.foo = 'bar';
+         * err.info = {
+         *   nested: true,
+         *   baz: 'text'
+         * };
+         * err.reg = /abc/i;
+         *
+         * assert.throws(
+         *   () => {
+         *     throw err;
+         *   },
+         *   {
+         *     name: 'TypeError',
+         *     message: 'Wrong value',
+         *     info: {
+         *       nested: true,
+         *       baz: 'text'
+         *     }
+         *     // Only properties on the validation object will be tested for.
+         *     // Using nested objects requires all properties to be present. Otherwise
+         *     // the validation is going to fail.
+         *   }
+         * );
+         *
+         * // Using regular expressions to validate error properties:
+         * throws(
+         *   () => {
+         *     throw err;
+         *   },
+         *   {
+         *     // The `name` and `message` properties are strings and using regular
+         *     // expressions on those will match against the string. If they fail, an
+         *     // error is thrown.
+         *     name: /^TypeError$/,
+         *     message: /Wrong/,
+         *     foo: 'bar',
+         *     info: {
+         *       nested: true,
+         *       // It is not possible to use regular expressions for nested properties!
+         *       baz: 'text'
+         *     },
+         *     // The `reg` property contains a regular expression and only if the
+         *     // validation object contains an identical regular expression, it is going
+         *     // to pass.
+         *     reg: /abc/i
+         *   }
+         * );
+         *
+         * // Fails due to the different `message` and `name` properties:
+         * throws(
+         *   () => {
+         *     const otherErr = new Error('Not found');
+         *     // Copy all enumerable properties from `err` to `otherErr`.
+         *     for (const [key, value] of Object.entries(err)) {
+         *       otherErr[key] = value;
+         *     }
+         *     throw otherErr;
+         *   },
+         *   // The error's `message` and `name` properties will also be checked when using
+         *   // an error as validation object.
+         *   err
+         * );
+         * ```
+         *
+         * Validate instanceof using constructor:
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.throws(
+         *   () => {
+         *     throw new Error('Wrong value');
+         *   },
+         *   Error
+         * );
+         * ```
+         *
+         * Validate error message using [`RegExp`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions):
+         *
+         * Using a regular expression runs `.toString` on the error object, and will
+         * therefore also include the error name.
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.throws(
+         *   () => {
+         *     throw new Error('Wrong value');
+         *   },
+         *   /^Error: Wrong value$/
+         * );
+         * ```
+         *
+         * Custom error validation:
+         *
+         * The function must return `true` to indicate all internal validations passed.
+         * It will otherwise fail with an `AssertionError`.
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.throws(
+         *   () => {
+         *     throw new Error('Wrong value');
+         *   },
+         *   (err) => {
+         *     assert(err instanceof Error);
+         *     assert(/value/.test(err));
+         *     // Avoid returning anything from validation functions besides `true`.
+         *     // Otherwise, it's not clear what part of the validation failed. Instead,
+         *     // throw an error about the specific validation that failed (as done in this
+         *     // example) and add as much helpful debugging information to that error as
+         *     // possible.
+         *     return true;
+         *   },
+         *   'unexpected error'
+         * );
+         * ```
+         *
+         * `error` cannot be a string. If a string is provided as the second
+         * argument, then `error` is assumed to be omitted and the string will be used for`message` instead. This can lead to easy-to-miss mistakes. Using the same
+         * message as the thrown error message is going to result in an`ERR_AMBIGUOUS_ARGUMENT` error. Please read the example below carefully if using
+         * a string as the second argument gets considered:
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * function throwingFirst() {
+         *   throw new Error('First');
+         * }
+         *
+         * function throwingSecond() {
+         *   throw new Error('Second');
+         * }
+         *
+         * function notThrowing() {}
+         *
+         * // The second argument is a string and the input function threw an Error.
+         * // The first case will not throw as it does not match for the error message
+         * // thrown by the input function!
+         * assert.throws(throwingFirst, 'Second');
+         * // In the next example the message has no benefit over the message from the
+         * // error and since it is not clear if the user intended to actually match
+         * // against the error message, Node.js throws an `ERR_AMBIGUOUS_ARGUMENT` error.
+         * assert.throws(throwingSecond, 'Second');
+         * // TypeError [ERR_AMBIGUOUS_ARGUMENT]
+         *
+         * // The string is only used (as message) in case the function does not throw:
+         * assert.throws(notThrowing, 'Second');
+         * // AssertionError [ERR_ASSERTION]: Missing expected exception: Second
+         *
+         * // If it was intended to match for the error message do this instead:
+         * // It does not throw because the error messages match.
+         * assert.throws(throwingSecond, /Second$/);
+         *
+         * // If the error message does not match, an AssertionError is thrown.
+         * assert.throws(throwingFirst, /Second$/);
+         * // AssertionError [ERR_ASSERTION]
+         * ```
+         *
+         * Due to the confusing error-prone notation, avoid a string as the second
+         * argument.
+         * @since v0.1.21
+         */
+        function throws(block: () => unknown, message?: string | Error): void;
+        function throws(block: () => unknown, error: AssertPredicate, message?: string | Error): void;
+        /**
+         * Asserts that the function `fn` does not throw an error.
+         *
+         * Using `assert.doesNotThrow()` is actually not useful because there
+         * is no benefit in catching an error and then rethrowing it. Instead, consider
+         * adding a comment next to the specific code path that should not throw and keep
+         * error messages as expressive as possible.
+         *
+         * When `assert.doesNotThrow()` is called, it will immediately call the `fn`function.
+         *
+         * If an error is thrown and it is the same type as that specified by the `error`parameter, then an `AssertionError` is thrown. If the error is of a
+         * different type, or if the `error` parameter is undefined, the error is
+         * propagated back to the caller.
+         *
+         * If specified, `error` can be a [`Class`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Classes),
+         * [`RegExp`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions) or a validation
+         * function. See {@link throws} for more details.
+         *
+         * The following, for instance, will throw the `TypeError` because there is no
+         * matching error type in the assertion:
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.doesNotThrow(
+         *   () => {
+         *     throw new TypeError('Wrong value');
+         *   },
+         *   SyntaxError
+         * );
+         * ```
+         *
+         * However, the following will result in an `AssertionError` with the message
+         * 'Got unwanted exception...':
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.doesNotThrow(
+         *   () => {
+         *     throw new TypeError('Wrong value');
+         *   },
+         *   TypeError
+         * );
+         * ```
+         *
+         * If an `AssertionError` is thrown and a value is provided for the `message`parameter, the value of `message` will be appended to the `AssertionError` message:
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.doesNotThrow(
+         *   () => {
+         *     throw new TypeError('Wrong value');
+         *   },
+         *   /Wrong value/,
+         *   'Whoops'
+         * );
+         * // Throws: AssertionError: Got unwanted exception: Whoops
+         * ```
+         * @since v0.1.21
+         */
+        function doesNotThrow(block: () => unknown, message?: string | Error): void;
+        function doesNotThrow(block: () => unknown, error: AssertPredicate, message?: string | Error): void;
+        /**
+         * Throws `value` if `value` is not `undefined` or `null`. This is useful when
+         * testing the `error` argument in callbacks. The stack trace contains all frames
+         * from the error passed to `ifError()` including the potential new frames for`ifError()` itself.
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.ifError(null);
+         * // OK
+         * assert.ifError(0);
+         * // AssertionError [ERR_ASSERTION]: ifError got unwanted exception: 0
+         * assert.ifError('error');
+         * // AssertionError [ERR_ASSERTION]: ifError got unwanted exception: 'error'
+         * assert.ifError(new Error());
+         * // AssertionError [ERR_ASSERTION]: ifError got unwanted exception: Error
+         *
+         * // Create some random error frames.
+         * let err;
+         * (function errorFrame() {
+         *   err = new Error('test error');
+         * })();
+         *
+         * (function ifErrorFrame() {
+         *   assert.ifError(err);
+         * })();
+         * // AssertionError [ERR_ASSERTION]: ifError got unwanted exception: test error
+         * //     at ifErrorFrame
+         * //     at errorFrame
+         * ```
+         * @since v0.1.97
+         */
+        function ifError(value: unknown): asserts value is null | undefined;
+        /**
+         * Awaits the `asyncFn` promise or, if `asyncFn` is a function, immediately
+         * calls the function and awaits the returned promise to complete. It will then
+         * check that the promise is rejected.
+         *
+         * If `asyncFn` is a function and it throws an error synchronously,`assert.rejects()` will return a rejected `Promise` with that error. If the
+         * function does not return a promise, `assert.rejects()` will return a rejected`Promise` with an `ERR_INVALID_RETURN_VALUE` error. In both cases the error
+         * handler is skipped.
+         *
+         * Besides the async nature to await the completion behaves identically to {@link throws}.
+         *
+         * If specified, `error` can be a [`Class`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Classes),
+         * [`RegExp`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions), a validation function,
+         * an object where each property will be tested for, or an instance of error where
+         * each property will be tested for including the non-enumerable `message` and`name` properties.
+         *
+         * If specified, `message` will be the message provided by the `AssertionError` if the `asyncFn` fails to reject.
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * await assert.rejects(
+         *   async () => {
+         *     throw new TypeError('Wrong value');
+         *   },
+         *   {
+         *     name: 'TypeError',
+         *     message: 'Wrong value'
+         *   }
+         * );
+         * ```
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * await assert.rejects(
+         *   async () => {
+         *     throw new TypeError('Wrong value');
+         *   },
+         *   (err) => {
+         *     assert.strictEqual(err.name, 'TypeError');
+         *     assert.strictEqual(err.message, 'Wrong value');
+         *     return true;
+         *   }
+         * );
+         * ```
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.rejects(
+         *   Promise.reject(new Error('Wrong value')),
+         *   Error
+         * ).then(() => {
+         *   // ...
+         * });
+         * ```
+         *
+         * `error` cannot be a string. If a string is provided as the second
+         * argument, then `error` is assumed to be omitted and the string will be used for`message` instead. This can lead to easy-to-miss mistakes. Please read the
+         * example in {@link throws} carefully if using a string as the second
+         * argument gets considered.
+         * @since v10.0.0
+         */
+        function rejects(block: (() => Promise<unknown>) | Promise<unknown>, message?: string | Error): Promise<void>;
+        function rejects(block: (() => Promise<unknown>) | Promise<unknown>, error: AssertPredicate, message?: string | Error): Promise<void>;
+        /**
+         * Awaits the `asyncFn` promise or, if `asyncFn` is a function, immediately
+         * calls the function and awaits the returned promise to complete. It will then
+         * check that the promise is not rejected.
+         *
+         * If `asyncFn` is a function and it throws an error synchronously,`assert.doesNotReject()` will return a rejected `Promise` with that error. If
+         * the function does not return a promise, `assert.doesNotReject()` will return a
+         * rejected `Promise` with an `ERR_INVALID_RETURN_VALUE` error. In both cases
+         * the error handler is skipped.
+         *
+         * Using `assert.doesNotReject()` is actually not useful because there is little
+         * benefit in catching a rejection and then rejecting it again. Instead, consider
+         * adding a comment next to the specific code path that should not reject and keep
+         * error messages as expressive as possible.
+         *
+         * If specified, `error` can be a [`Class`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Classes),
+         * [`RegExp`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions) or a validation
+         * function. See {@link throws} for more details.
+         *
+         * Besides the async nature to await the completion behaves identically to {@link doesNotThrow}.
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * await assert.doesNotReject(
+         *   async () => {
+         *     throw new TypeError('Wrong value');
+         *   },
+         *   SyntaxError
+         * );
+         * ```
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.doesNotReject(Promise.reject(new TypeError('Wrong value')))
+         *   .then(() => {
+         *     // ...
+         *   });
+         * ```
+         * @since v10.0.0
+         */
+        function doesNotReject(block: (() => Promise<unknown>) | Promise<unknown>, message?: string | Error): Promise<void>;
+        function doesNotReject(block: (() => Promise<unknown>) | Promise<unknown>, error: AssertPredicate, message?: string | Error): Promise<void>;
+        /**
+         * Expects the `string` input to match the regular expression.
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.match('I will fail', /pass/);
+         * // AssertionError [ERR_ASSERTION]: The input did not match the regular ...
+         *
+         * assert.match(123, /pass/);
+         * // AssertionError [ERR_ASSERTION]: The "string" argument must be of type string.
+         *
+         * assert.match('I will pass', /pass/);
+         * // OK
+         * ```
+         *
+         * If the values do not match, or if the `string` argument is of another type than`string`, an `AssertionError` is thrown with a `message` property set equal
+         * to the value of the `message` parameter. If the `message` parameter is
+         * undefined, a default error message is assigned. If the `message` parameter is an
+         * instance of an `Error` then it will be thrown instead of the `AssertionError`.
+         * @since v13.6.0, v12.16.0
+         */
+        function match(value: string, regExp: RegExp, message?: string | Error): void;
+        /**
+         * Expects the `string` input not to match the regular expression.
+         *
+         * ```js
+         * import assert from 'assert/strict';
+         *
+         * assert.doesNotMatch('I will fail', /fail/);
+         * // AssertionError [ERR_ASSERTION]: The input was expected to not match the ...
+         *
+         * assert.doesNotMatch(123, /pass/);
+         * // AssertionError [ERR_ASSERTION]: The "string" argument must be of type string.
+         *
+         * assert.doesNotMatch('I will pass', /different/);
+         * // OK
+         * ```
+         *
+         * If the values do match, or if the `string` argument is of another type than`string`, an `AssertionError` is thrown with a `message` property set equal
+         * to the value of the `message` parameter. If the `message` parameter is
+         * undefined, a default error message is assigned. If the `message` parameter is an
+         * instance of an `Error` then it will be thrown instead of the `AssertionError`.
+         * @since v13.6.0, v12.16.0
+         */
+        function doesNotMatch(value: string, regExp: RegExp, message?: string | Error): void;
+        const strict: Omit<typeof assert, 'equal' | 'notEqual' | 'deepEqual' | 'notDeepEqual' | 'ok' | 'strictEqual' | 'deepStrictEqual' | 'ifError' | 'strict'> & {
+            (value: unknown, message?: string | Error): asserts value;
             equal: typeof strictEqual;
             notEqual: typeof notStrictEqual;
-            ok(value: any, message?: string | Error): asserts value;
-            strictEqual<T>(actual: any, expected: T, message?: string | Error): asserts actual is T;
-            deepStrictEqual<T>(actual: any, expected: T, message?: string | Error): asserts actual is T;
-            ifError(value: any): asserts value is null | undefined;
+            deepEqual: typeof deepStrictEqual;
+            notDeepEqual: typeof notDeepStrictEqual;
+            // Mapped types and assertion functions are incompatible?
+            // TS2775: Assertions require every name in the call target
+            // to be declared with an explicit type annotation.
+            ok: typeof ok;
+            strictEqual: typeof strictEqual;
+            deepStrictEqual: typeof deepStrictEqual;
+            ifError: typeof ifError;
+            strict: typeof strict;
         };
     }
-
+    export = assert;
+}
+declare module 'node:assert' {
+    import assert = require('assert');
     export = assert;
 }

node_modules/@types/node/assert/strict.d.ts

@@ -0,0 +1,8 @@
+declare module 'assert/strict' {
+    import { strict } from 'node:assert';
+    export = strict;
+}
+declare module 'node:assert/strict' {
+    import { strict } from 'node:assert';
+    export = strict;
+}

node_modules/@types/node/async_hooks.d.ts

@@ -1,16 +1,47 @@
 /**
- * Async Hooks module: https://nodejs.org/api/async_hooks.html
+ * The `async_hooks` module provides an API to track asynchronous resources. It
+ * can be accessed using:
+ *
+ * ```js
+ * import async_hooks from 'async_hooks';
+ * ```
+ * @experimental
+ * @see [source](https://github.com/nodejs/node/blob/v16.9.0/lib/async_hooks.js)
  */
-declare module "async_hooks" {
+declare module 'async_hooks' {
     /**
-     * Returns the asyncId of the current execution context.
+     * ```js
+     * import { executionAsyncId } from 'async_hooks';
+     *
+     * console.log(executionAsyncId());  // 1 - bootstrap
+     * fs.open(path, 'r', (err, fd) => {
+     *   console.log(executionAsyncId());  // 6 - open()
+     * });
+     * ```
+     *
+     * The ID returned from `executionAsyncId()` is related to execution timing, not
+     * causality (which is covered by `triggerAsyncId()`):
+     *
+     * ```js
+     * const server = net.createServer((conn) => {
+     *   // Returns the ID of the server, not of the new connection, because the
+     *   // callback runs in the execution scope of the server's MakeCallback().
+     *   async_hooks.executionAsyncId();
+     *
+     * }).listen(port, () => {
+     *   // Returns the ID of a TickObject (process.nextTick()) because all
+     *   // callbacks passed to .listen() are wrapped in a nextTick().
+     *   async_hooks.executionAsyncId();
+     * });
+     * ```
+     *
+     * Promise contexts may not get precise `executionAsyncIds` by default.
+     * See the section on `promise execution tracking`.
+     * @since v8.1.0
+     * @return The `asyncId` of the current execution context. Useful to track when something calls.
      */
     function executionAsyncId(): number;
-
     /**
-     * The resource representing the current execution.
-     *  Useful to store data within the resource.
-     *
      * Resource objects returned by `executionAsyncResource()` are most often internal
      * Node.js handle objects with undocumented APIs. Using any functions or properties
      * on the object is likely to crash your application and should be avoided.
@@ -18,14 +49,70 @@ declare module "async_hooks" {
      * Using `executionAsyncResource()` in the top-level execution context will
      * return an empty object as there is no handle or request object to use,
      * but having an object representing the top-level can be helpful.
+     *
+     * ```js
+     * import { open } from 'fs';
+     * import { executionAsyncId, executionAsyncResource } from 'async_hooks';
+     *
+     * console.log(executionAsyncId(), executionAsyncResource());  // 1 {}
+     * open(new URL(import.meta.url), 'r', (err, fd) => {
+     *   console.log(executionAsyncId(), executionAsyncResource());  // 7 FSReqWrap
+     * });
+     * ```
+     *
+     * This can be used to implement continuation local storage without the
+     * use of a tracking `Map` to store the metadata:
+     *
+     * ```js
+     * import { createServer } from 'http';
+     * import {
+     *   executionAsyncId,
+     *   executionAsyncResource,
+     *   createHook
+     * } from 'async_hooks';
+     * const sym = Symbol('state'); // Private symbol to avoid pollution
+     *
+     * createHook({
+     *   init(asyncId, type, triggerAsyncId, resource) {
+     *     const cr = executionAsyncResource();
+     *     if (cr) {
+     *       resource[sym] = cr[sym];
+     *     }
+     *   }
+     * }).enable();
+     *
+     * const server = createServer((req, res) => {
+     *   executionAsyncResource()[sym] = { state: req.url };
+     *   setTimeout(function() {
+     *     res.end(JSON.stringify(executionAsyncResource()[sym]));
+     *   }, 100);
+     * }).listen(3000);
+     * ```
+     * @since v13.9.0, v12.17.0
+     * @return The resource representing the current execution. Useful to store data within the resource.
      */
     function executionAsyncResource(): object;
-
     /**
-     * Returns the ID of the resource responsible for calling the callback that is currently being executed.
+     * ```js
+     * const server = net.createServer((conn) => {
+     *   // The resource that caused (or triggered) this callback to be called
+     *   // was that of the new connection. Thus the return value of triggerAsyncId()
+     *   // is the asyncId of "conn".
+     *   async_hooks.triggerAsyncId();
+     *
+     * }).listen(port, () => {
+     *   // Even though all callbacks passed to .listen() are wrapped in a nextTick()
+     *   // the callback itself exists because the call to the server's .listen()
+     *   // was made. So the return value would be the ID of the server.
+     *   async_hooks.triggerAsyncId();
+     * });
+     * ```
+     *
+     * Promise contexts may not get valid `triggerAsyncId`s by default. See
+     * the section on `promise execution tracking`.
+     * @return The ID of the resource responsible for calling the callback that is currently being executed.
      */
     function triggerAsyncId(): number;
-
     interface HookCallbacks {
         /**
          * Called when a class is constructed that has the possibility to emit an asynchronous event.
@@ -35,73 +122,133 @@ declare module "async_hooks" {
          * @param resource reference to the resource representing the async operation, needs to be released during destroy
          */
         init?(asyncId: number, type: string, triggerAsyncId: number, resource: object): void;
-
         /**
          * When an asynchronous operation is initiated or completes a callback is called to notify the user.
          * The before callback is called just before said callback is executed.
          * @param asyncId the unique identifier assigned to the resource about to execute the callback.
          */
         before?(asyncId: number): void;
-
         /**
          * Called immediately after the callback specified in before is completed.
          * @param asyncId the unique identifier assigned to the resource which has executed the callback.
          */
         after?(asyncId: number): void;
-
         /**
          * Called when a promise has resolve() called. This may not be in the same execution id
          * as the promise itself.
          * @param asyncId the unique id for the promise that was resolve()d.
          */
         promiseResolve?(asyncId: number): void;
-
         /**
          * Called after the resource corresponding to asyncId is destroyed
          * @param asyncId a unique ID for the async resource
          */
         destroy?(asyncId: number): void;
     }
-
     interface AsyncHook {
         /**
          * Enable the callbacks for a given AsyncHook instance. If no callbacks are provided enabling is a noop.
          */
         enable(): this;
-
         /**
          * Disable the callbacks for a given AsyncHook instance from the global pool of AsyncHook callbacks to be executed. Once a hook has been disabled it will not be called again until enabled.
          */
         disable(): this;
     }
-
     /**
-     * Registers functions to be called for different lifetime events of each async operation.
-     * @param options the callbacks to register
-     * @return an AsyncHooks instance used for disabling and enabling hooks
+     * Registers functions to be called for different lifetime events of each async
+     * operation.
+     *
+     * The callbacks `init()`/`before()`/`after()`/`destroy()` are called for the
+     * respective asynchronous event during a resource's lifetime.
+     *
+     * All callbacks are optional. For example, if only resource cleanup needs to
+     * be tracked, then only the `destroy` callback needs to be passed. The
+     * specifics of all functions that can be passed to `callbacks` is in the `Hook Callbacks` section.
+     *
+     * ```js
+     * import { createHook } from 'async_hooks';
+     *
+     * const asyncHook = createHook({
+     *   init(asyncId, type, triggerAsyncId, resource) { },
+     *   destroy(asyncId) { }
+     * });
+     * ```
+     *
+     * The callbacks will be inherited via the prototype chain:
+     *
+     * ```js
+     * class MyAsyncCallbacks {
+     *   init(asyncId, type, triggerAsyncId, resource) { }
+     *   destroy(asyncId) {}
+     * }
+     *
+     * class MyAddedCallbacks extends MyAsyncCallbacks {
+     *   before(asyncId) { }
+     *   after(asyncId) { }
+     * }
+     *
+     * const asyncHook = async_hooks.createHook(new MyAddedCallbacks());
+     * ```
+     *
+     * Because promises are asynchronous resources whose lifecycle is tracked
+     * via the async hooks mechanism, the `init()`, `before()`, `after()`, and`destroy()` callbacks _must not_ be async functions that return promises.
+     * @since v8.1.0
+     * @param callbacks The `Hook Callbacks` to register
+     * @return Instance used for disabling and enabling hooks
      */
-    function createHook(options: HookCallbacks): AsyncHook;
-
+    function createHook(callbacks: HookCallbacks): AsyncHook;
     interface AsyncResourceOptions {
-      /**
-       * The ID of the execution context that created this async event.
-       * Default: `executionAsyncId()`
-       */
-      triggerAsyncId?: number;
-
-      /**
-       * Disables automatic `emitDestroy` when the object is garbage collected.
-       * This usually does not need to be set (even if `emitDestroy` is called
-       * manually), unless the resource's `asyncId` is retrieved and the
-       * sensitive API's `emitDestroy` is called with it.
-       * Default: `false`
-       */
-      requireManualDestroy?: boolean;
+        /**
+         * The ID of the execution context that created this async event.
+         * @default executionAsyncId()
+         */
+        triggerAsyncId?: number | undefined;
+        /**
+         * Disables automatic `emitDestroy` when the object is garbage collected.
+         * This usually does not need to be set (even if `emitDestroy` is called
+         * manually), unless the resource's `asyncId` is retrieved and the
+         * sensitive API's `emitDestroy` is called with it.
+         * @default false
+         */
+        requireManualDestroy?: boolean | undefined;
     }
-
     /**
-     * The class AsyncResource was designed to be extended by the embedder's async resources.
-     * Using this users can easily trigger the lifetime events of their own resources.
+     * The class `AsyncResource` is designed to be extended by the embedder's async
+     * resources. Using this, users can easily trigger the lifetime events of their
+     * own resources.
+     *
+     * The `init` hook will trigger when an `AsyncResource` is instantiated.
+     *
+     * The following is an overview of the `AsyncResource` API.
+     *
+     * ```js
+     * import { AsyncResource, executionAsyncId } from 'async_hooks';
+     *
+     * // AsyncResource() is meant to be extended. Instantiating a
+     * // new AsyncResource() also triggers init. If triggerAsyncId is omitted then
+     * // async_hook.executionAsyncId() is used.
+     * const asyncResource = new AsyncResource(
+     *   type, { triggerAsyncId: executionAsyncId(), requireManualDestroy: false }
+     * );
+     *
+     * // Run a function in the execution context of the resource. This will
+     * // * establish the context of the resource
+     * // * trigger the AsyncHooks before callbacks
+     * // * call the provided function `fn` with the supplied arguments
+     * // * trigger the AsyncHooks after callbacks
+     * // * restore the original execution context
+     * asyncResource.runInAsyncScope(fn, thisArg, ...args);
+     *
+     * // Call AsyncHooks destroy callbacks.
+     * asyncResource.emitDestroy();
+     *
+     * // Return the unique ID assigned to the AsyncResource instance.
+     * asyncResource.asyncId();
+     *
+     * // Return the trigger ID for the AsyncResource instance.
+     * asyncResource.triggerAsyncId();
+     * ```
      */
     class AsyncResource {
         /**
@@ -113,135 +260,238 @@ declare module "async_hooks" {
          *   this async event (default: `executionAsyncId()`), or an
          *   AsyncResourceOptions object (since 9.3)
          */
-        constructor(type: string, triggerAsyncId?: number|AsyncResourceOptions);
-
+        constructor(type: string, triggerAsyncId?: number | AsyncResourceOptions);
         /**
-         * Call the provided function with the provided arguments in the
-         * execution context of the async resource. This will establish the
-         * context, trigger the AsyncHooks before callbacks, call the function,
-         * trigger the AsyncHooks after callbacks, and then restore the original
-         * execution context.
-         * @param fn The function to call in the execution context of this
-         *   async resource.
+         * Binds the given function to the current execution context.
+         *
+         * The returned function will have an `asyncResource` property referencing
+         * the `AsyncResource` to which the function is bound.
+         * @since v14.8.0, v12.19.0
+         * @param fn The function to bind to the current execution context.
+         * @param type An optional name to associate with the underlying `AsyncResource`.
+         */
+        static bind<Func extends (this: ThisArg, ...args: any[]) => any, ThisArg>(
+            fn: Func,
+            type?: string,
+            thisArg?: ThisArg
+        ): Func & {
+            asyncResource: AsyncResource;
+        };
+        /**
+         * Binds the given function to execute to this `AsyncResource`'s scope.
+         *
+         * The returned function will have an `asyncResource` property referencing
+         * the `AsyncResource` to which the function is bound.
+         * @since v14.8.0, v12.19.0
+         * @param fn The function to bind to the current `AsyncResource`.
+         */
+        bind<Func extends (...args: any[]) => any>(
+            fn: Func
+        ): Func & {
+            asyncResource: AsyncResource;
+        };
+        /**
+         * Call the provided function with the provided arguments in the execution context
+         * of the async resource. This will establish the context, trigger the AsyncHooks
+         * before callbacks, call the function, trigger the AsyncHooks after callbacks, and
+         * then restore the original execution context.
+         * @since v9.6.0
+         * @param fn The function to call in the execution context of this async resource.
          * @param thisArg The receiver to be used for the function call.
          * @param args Optional arguments to pass to the function.
          */
         runInAsyncScope<This, Result>(fn: (this: This, ...args: any[]) => Result, thisArg?: This, ...args: any[]): Result;
-
         /**
-         * Call AsyncHooks destroy callbacks.
+         * Call all `destroy` hooks. This should only ever be called once. An error will
+         * be thrown if it is called more than once. This **must** be manually called. If
+         * the resource is left to be collected by the GC then the `destroy` hooks will
+         * never be called.
+         * @return A reference to `asyncResource`.
          */
-        emitDestroy(): void;
-
+        emitDestroy(): this;
         /**
-         * @return the unique ID assigned to this AsyncResource instance.
+         * @return The unique `asyncId` assigned to the resource.
          */
         asyncId(): number;
-
         /**
-         * @return the trigger ID for this AsyncResource instance.
+         *
+         * @return The same `triggerAsyncId` that is passed to the `AsyncResource` constructor.
          */
         triggerAsyncId(): number;
     }
-
     /**
-     * When having multiple instances of `AsyncLocalStorage`, they are independent
-     * from each other. It is safe to instantiate this class multiple times.
+     * This class creates stores that stay coherent through asynchronous operations.
+     *
+     * While you can create your own implementation on top of the `async_hooks` module,`AsyncLocalStorage` should be preferred as it is a performant and memory safe
+     * implementation that involves significant optimizations that are non-obvious to
+     * implement.
+     *
+     * The following example uses `AsyncLocalStorage` to build a simple logger
+     * that assigns IDs to incoming HTTP requests and includes them in messages
+     * logged within each request.
+     *
+     * ```js
+     * import http from 'http';
+     * import { AsyncLocalStorage } from 'async_hooks';
+     *
+     * const asyncLocalStorage = new AsyncLocalStorage();
+     *
+     * function logWithId(msg) {
+     *   const id = asyncLocalStorage.getStore();
+     *   console.log(`${id !== undefined ? id : '-'}:`, msg);
+     * }
+     *
+     * let idSeq = 0;
+     * http.createServer((req, res) => {
+     *   asyncLocalStorage.run(idSeq++, () => {
+     *     logWithId('start');
+     *     // Imagine any chain of async operations here
+     *     setImmediate(() => {
+     *       logWithId('finish');
+     *       res.end();
+     *     });
+     *   });
+     * }).listen(8080);
+     *
+     * http.get('http://localhost:8080');
+     * http.get('http://localhost:8080');
+     * // Prints:
+     * //   0: start
+     * //   1: start
+     * //   0: finish
+     * //   1: finish
+     * ```
+     *
+     * Each instance of `AsyncLocalStorage` maintains an independent storage context.
+     * Multiple instances can safely exist simultaneously without risk of interfering
+     * with each other data.
+     * @since v13.10.0, v12.17.0
      */
     class AsyncLocalStorage<T> {
         /**
-         * This method disables the instance of `AsyncLocalStorage`. All subsequent calls
-         * to `asyncLocalStorage.getStore()` will return `undefined` until
-         * `asyncLocalStorage.run()` or `asyncLocalStorage.runSyncAndReturn()`
-         * is called again.
+         * Disables the instance of `AsyncLocalStorage`. All subsequent calls
+         * to `asyncLocalStorage.getStore()` will return `undefined` until`asyncLocalStorage.run()` or `asyncLocalStorage.enterWith()` is called again.
          *
          * When calling `asyncLocalStorage.disable()`, all current contexts linked to the
          * instance will be exited.
          *
-         * Calling `asyncLocalStorage.disable()` is required before the
-         * `asyncLocalStorage` can be garbage collected. This does not apply to stores
+         * Calling `asyncLocalStorage.disable()` is required before the`asyncLocalStorage` can be garbage collected. This does not apply to stores
          * provided by the `asyncLocalStorage`, as those objects are garbage collected
          * along with the corresponding async resources.
          *
-         * This method is to be used when the `asyncLocalStorage` is not in use anymore
+         * Use this method when the `asyncLocalStorage` is not in use anymore
          * in the current process.
+         * @since v13.10.0, v12.17.0
+         * @experimental
          */
         disable(): void;
-
         /**
-         * This method returns the current store.
-         * If this method is called outside of an asynchronous context initialized by
-         * calling `asyncLocalStorage.run` or `asyncLocalStorage.runAndReturn`, it will
-         * return `undefined`.
+         * Returns the current store.
+         * If called outside of an asynchronous context initialized by
+         * calling `asyncLocalStorage.run()` or `asyncLocalStorage.enterWith()`, it
+         * returns `undefined`.
+         * @since v13.10.0, v12.17.0
          */
         getStore(): T | undefined;
-
         /**
-         * Calling `asyncLocalStorage.run(callback)` will create a new asynchronous
-         * context.
-         * Within the callback function and the asynchronous operations from the callback,
-         * `asyncLocalStorage.getStore()` will return an instance of `Map` known as
-         * "the store". This store will be persistent through the following
-         * asynchronous calls.
-         *
-         * The callback will be ran asynchronously. Optionally, arguments can be passed
-         * to the function. They will be passed to the callback function.
-         *
-         * If an error is thrown by the callback function, it will not be caught by
-         * a `try/catch` block as the callback is ran in a new asynchronous resource.
-         * Also, the stacktrace will be impacted by the asynchronous call.
-         */
-        // TODO: Apply generic vararg once available
-        run(store: T, callback: (...args: any[]) => void, ...args: any[]): void;
-
-        /**
-         * Calling `asyncLocalStorage.exit(callback)` will create a new asynchronous
-         * context.
-         * Within the callback function and the asynchronous operations from the callback,
-         * `asyncLocalStorage.getStore()` will return `undefined`.
-         *
-         * The callback will be ran asynchronously. Optionally, arguments can be passed
-         * to the function. They will be passed to the callback function.
-         *
-         * If an error is thrown by the callback function, it will not be caught by
-         * a `try/catch` block as the callback is ran in a new asynchronous resource.
-         * Also, the stacktrace will be impacted by the asynchronous call.
-         */
-        exit(callback: (...args: any[]) => void, ...args: any[]): void;
-
-        /**
-         * This methods runs a function synchronously within a context and return its
+         * Runs a function synchronously within a context and returns its
          * return value. The store is not accessible outside of the callback function or
          * the asynchronous operations created within the callback.
          *
-         * Optionally, arguments can be passed to the function. They will be passed to
-         * the callback function.
+         * The optional `args` are passed to the callback function.
          *
-         * If the callback function throws an error, it will be thrown by
-         * `runSyncAndReturn` too. The stacktrace will not be impacted by this call and
-         * the context will be exited.
+         * If the callback function throws an error, the error is thrown by `run()` too.
+         * The stacktrace is not impacted by this call and the context is exited.
+         *
+         * Example:
+         *
+         * ```js
+         * const store = { id: 2 };
+         * try {
+         *   asyncLocalStorage.run(store, () => {
+         *     asyncLocalStorage.getStore(); // Returns the store object
+         *     throw new Error();
+         *   });
+         * } catch (e) {
+         *   asyncLocalStorage.getStore(); // Returns undefined
+         *   // The error will be caught here
+         * }
+         * ```
+         * @since v13.10.0, v12.17.0
          */
-        runSyncAndReturn<R>(store: T, callback: (...args: any[]) => R, ...args: any[]): R;
-
+        run<R, TArgs extends any[]>(store: T, callback: (...args: TArgs) => R, ...args: TArgs): R;
         /**
-         * This methods runs a function synchronously outside of a context and return its
+         * Runs a function synchronously outside of a context and returns its
          * return value. The store is not accessible within the callback function or
-         * the asynchronous operations created within the callback.
+         * the asynchronous operations created within the callback. Any `getStore()`call done within the callback function will always return `undefined`.
          *
-         * Optionally, arguments can be passed to the function. They will be passed to
-         * the callback function.
+         * The optional `args` are passed to the callback function.
          *
-         * If the callback function throws an error, it will be thrown by
-         * `exitSyncAndReturn` too. The stacktrace will not be impacted by this call and
-         * the context will be re-entered.
+         * If the callback function throws an error, the error is thrown by `exit()` too.
+         * The stacktrace is not impacted by this call and the context is re-entered.
+         *
+         * Example:
+         *
+         * ```js
+         * // Within a call to run
+         * try {
+         *   asyncLocalStorage.getStore(); // Returns the store object or value
+         *   asyncLocalStorage.exit(() => {
+         *     asyncLocalStorage.getStore(); // Returns undefined
+         *     throw new Error();
+         *   });
+         * } catch (e) {
+         *   asyncLocalStorage.getStore(); // Returns the same object or value
+         *   // The error will be caught here
+         * }
+         * ```
+         * @since v13.10.0, v12.17.0
+         * @experimental
          */
-        exitSyncAndReturn<R>(callback: (...args: any[]) => R, ...args: any[]): R;
-
+        exit<R, TArgs extends any[]>(callback: (...args: TArgs) => R, ...args: TArgs): R;
         /**
-         * Calling `asyncLocalStorage.enterWith(store)` will transition into the context
-         * for the remainder of the current synchronous execution and will persist
-         * through any following asynchronous calls.
+         * Transitions into the context for the remainder of the current
+         * synchronous execution and then persists the store through any following
+         * asynchronous calls.
+         *
+         * Example:
+         *
+         * ```js
+         * const store = { id: 1 };
+         * // Replaces previous store with the given store object
+         * asyncLocalStorage.enterWith(store);
+         * asyncLocalStorage.getStore(); // Returns the store object
+         * someAsyncOperation(() => {
+         *   asyncLocalStorage.getStore(); // Returns the same object
+         * });
+         * ```
+         *
+         * This transition will continue for the _entire_ synchronous execution.
+         * This means that if, for example, the context is entered within an event
+         * handler subsequent event handlers will also run within that context unless
+         * specifically bound to another context with an `AsyncResource`. That is why`run()` should be preferred over `enterWith()` unless there are strong reasons
+         * to use the latter method.
+         *
+         * ```js
+         * const store = { id: 1 };
+         *
+         * emitter.on('my-event', () => {
+         *   asyncLocalStorage.enterWith(store);
+         * });
+         * emitter.on('my-event', () => {
+         *   asyncLocalStorage.getStore(); // Returns the same object
+         * });
+         *
+         * asyncLocalStorage.getStore(); // Returns undefined
+         * emitter.emit('my-event');
+         * asyncLocalStorage.getStore(); // Returns the same object
+         * ```
+         * @since v13.11.0, v12.17.0
+         * @experimental
          */
         enterWith(store: T): void;
     }
 }
+declare module 'node:async_hooks' {
+    export * from 'async_hooks';
+}

node_modules/@types/node/base.d.ts

@@ -1,20 +0,0 @@
-// NOTE: These definitions support NodeJS and TypeScript 3.7.
-
-// NOTE: TypeScript version-specific augmentations can be found in the following paths:
-//          - ~/base.d.ts         - Shared definitions common to all TypeScript versions
-//          - ~/index.d.ts        - Definitions specific to TypeScript 2.1
-//          - ~/ts3.7/base.d.ts   - Definitions specific to TypeScript 3.7
-//          - ~/ts3.7/index.d.ts  - Definitions specific to TypeScript 3.7 with assert pulled in
-
-// Reference required types from the default lib:
-/// <reference lib="es2018" />
-/// <reference lib="esnext.asynciterable" />
-/// <reference lib="esnext.intl" />
-/// <reference lib="esnext.bigint" />
-
-// Base definitions for all NodeJS modules that are not specific to any version of TypeScript:
-// tslint:disable-next-line:no-bad-reference
-/// <reference path="ts3.6/base.d.ts" />
-
-// TypeScript 3.7-specific augmentations:
-/// <reference path="assert.d.ts" />

node_modules/@types/node/cluster.d.ts

@@ -1,37 +1,278 @@
-declare module "cluster" {
-    import * as child from "child_process";
-    import * as events from "events";
-    import * as net from "net";
-
-    // interfaces
-    interface ClusterSettings {
-        execArgv?: string[]; // default: process.execArgv
-        exec?: string;
-        args?: string[];
-        silent?: boolean;
-        stdio?: any[];
-        uid?: number;
-        gid?: number;
-        inspectPort?: number | (() => number);
+/**
+ * A single instance of Node.js runs in a single thread. To take advantage of
+ * multi-core systems, the user will sometimes want to launch a cluster of Node.js
+ * processes to handle the load.
+ *
+ * The cluster module allows easy creation of child processes that all share
+ * server ports.
+ *
+ * ```js
+ * import cluster from 'cluster';
+ * import http from 'http';
+ * import { cpus } from 'os';
+ * import process from 'process';
+ *
+ * const numCPUs = cpus().length;
+ *
+ * if (cluster.isPrimary) {
+ *   console.log(`Primary ${process.pid} is running`);
+ *
+ *   // Fork workers.
+ *   for (let i = 0; i < numCPUs; i++) {
+ *     cluster.fork();
+ *   }
+ *
+ *   cluster.on('exit', (worker, code, signal) => {
+ *     console.log(`worker ${worker.process.pid} died`);
+ *   });
+ * } else {
+ *   // Workers can share any TCP connection
+ *   // In this case it is an HTTP server
+ *   http.createServer((req, res) => {
+ *     res.writeHead(200);
+ *     res.end('hello world\n');
+ *   }).listen(8000);
+ *
+ *   console.log(`Worker ${process.pid} started`);
+ * }
+ * ```
+ *
+ * Running Node.js will now share port 8000 between the workers:
+ *
+ * ```console
+ * $ node server.js
+ * Primary 3596 is running
+ * Worker 4324 started
+ * Worker 4520 started
+ * Worker 6056 started
+ * Worker 5644 started
+ * ```
+ *
+ * On Windows, it is not yet possible to set up a named pipe server in a worker.
+ * @see [source](https://github.com/nodejs/node/blob/v16.9.0/lib/cluster.js)
+ */
+declare module 'cluster' {
+    import * as child from 'node:child_process';
+    import EventEmitter = require('node:events');
+    import * as net from 'node:net';
+    export interface ClusterSettings {
+        execArgv?: string[] | undefined; // default: process.execArgv
+        exec?: string | undefined;
+        args?: string[] | undefined;
+        silent?: boolean | undefined;
+        stdio?: any[] | undefined;
+        uid?: number | undefined;
+        gid?: number | undefined;
+        inspectPort?: number | (() => number) | undefined;
     }
-
-    interface Address {
+    export interface Address {
         address: string;
         port: number;
-        addressType: number | "udp4" | "udp6";  // 4, 6, -1, "udp4", "udp6"
+        addressType: number | 'udp4' | 'udp6'; // 4, 6, -1, "udp4", "udp6"
     }
-
-    class Worker extends events.EventEmitter {
+    /**
+     * A `Worker` object contains all public information and method about a worker.
+     * In the primary it can be obtained using `cluster.workers`. In a worker
+     * it can be obtained using `cluster.worker`.
+     * @since v0.7.0
+     */
+    export class Worker extends EventEmitter {
+        /**
+         * Each new worker is given its own unique id, this id is stored in the`id`.
+         *
+         * While a worker is alive, this is the key that indexes it in`cluster.workers`.
+         * @since v0.8.0
+         */
         id: number;
+        /**
+         * All workers are created using `child_process.fork()`, the returned object
+         * from this function is stored as `.process`. In a worker, the global `process`is stored.
+         *
+         * See: `Child Process module`.
+         *
+         * Workers will call `process.exit(0)` if the `'disconnect'` event occurs
+         * on `process` and `.exitedAfterDisconnect` is not `true`. This protects against
+         * accidental disconnection.
+         * @since v0.7.0
+         */
         process: child.ChildProcess;
-        send(message: any, sendHandle?: any, callback?: (error: Error | null) => void): boolean;
+        /**
+         * Send a message to a worker or primary, optionally with a handle.
+         *
+         * In the primary this sends a message to a specific worker. It is identical to `ChildProcess.send()`.
+         *
+         * In a worker this sends a message to the primary. It is identical to`process.send()`.
+         *
+         * This example will echo back all messages from the primary:
+         *
+         * ```js
+         * if (cluster.isPrimary) {
+         *   const worker = cluster.fork();
+         *   worker.send('hi there');
+         *
+         * } else if (cluster.isWorker) {
+         *   process.on('message', (msg) => {
+         *     process.send(msg);
+         *   });
+         * }
+         * ```
+         * @since v0.7.0
+         * @param options The `options` argument, if present, is an object used to parameterize the sending of certain types of handles. `options` supports the following properties:
+         */
+        send(message: child.Serializable, callback?: (error: Error | null) => void): boolean;
+        send(message: child.Serializable, sendHandle: child.SendHandle, callback?: (error: Error | null) => void): boolean;
+        send(message: child.Serializable, sendHandle: child.SendHandle, options?: child.MessageOptions, callback?: (error: Error | null) => void): boolean;
+        /**
+         * This function will kill the worker. In the primary, it does this
+         * by disconnecting the `worker.process`, and once disconnected, killing
+         * with `signal`. In the worker, it does it by disconnecting the channel,
+         * and then exiting with code `0`.
+         *
+         * Because `kill()` attempts to gracefully disconnect the worker process, it is
+         * susceptible to waiting indefinitely for the disconnect to complete. For example,
+         * if the worker enters an infinite loop, a graceful disconnect will never occur.
+         * If the graceful disconnect behavior is not needed, use `worker.process.kill()`.
+         *
+         * Causes `.exitedAfterDisconnect` to be set.
+         *
+         * This method is aliased as `worker.destroy()` for backward compatibility.
+         *
+         * In a worker, `process.kill()` exists, but it is not this function;
+         * it is `kill()`.
+         * @since v0.9.12
+         * @param [signal='SIGTERM'] Name of the kill signal to send to the worker process.
+         */
         kill(signal?: string): void;
         destroy(signal?: string): void;
+        /**
+         * In a worker, this function will close all servers, wait for the `'close'` event
+         * on those servers, and then disconnect the IPC channel.
+         *
+         * In the primary, an internal message is sent to the worker causing it to call`.disconnect()` on itself.
+         *
+         * Causes `.exitedAfterDisconnect` to be set.
+         *
+         * After a server is closed, it will no longer accept new connections,
+         * but connections may be accepted by any other listening worker. Existing
+         * connections will be allowed to close as usual. When no more connections exist,
+         * see `server.close()`, the IPC channel to the worker will close allowing it
+         * to die gracefully.
+         *
+         * The above applies _only_ to server connections, client connections are not
+         * automatically closed by workers, and disconnect does not wait for them to close
+         * before exiting.
+         *
+         * In a worker, `process.disconnect` exists, but it is not this function;
+         * it is `disconnect()`.
+         *
+         * Because long living server connections may block workers from disconnecting, it
+         * may be useful to send a message, so application specific actions may be taken to
+         * close them. It also may be useful to implement a timeout, killing a worker if
+         * the `'disconnect'` event has not been emitted after some time.
+         *
+         * ```js
+         * if (cluster.isPrimary) {
+         *   const worker = cluster.fork();
+         *   let timeout;
+         *
+         *   worker.on('listening', (address) => {
+         *     worker.send('shutdown');
+         *     worker.disconnect();
+         *     timeout = setTimeout(() => {
+         *       worker.kill();
+         *     }, 2000);
+         *   });
+         *
+         *   worker.on('disconnect', () => {
+         *     clearTimeout(timeout);
+         *   });
+         *
+         * } else if (cluster.isWorker) {
+         *   const net = require('net');
+         *   const server = net.createServer((socket) => {
+         *     // Connections never end
+         *   });
+         *
+         *   server.listen(8000);
+         *
+         *   process.on('message', (msg) => {
+         *     if (msg === 'shutdown') {
+         *       // Initiate graceful close of any connections to server
+         *     }
+         *   });
+         * }
+         * ```
+         * @since v0.7.7
+         * @return A reference to `worker`.
+         */
         disconnect(): void;
+        /**
+         * This function returns `true` if the worker is connected to its primary via its
+         * IPC channel, `false` otherwise. A worker is connected to its primary after it
+         * has been created. It is disconnected after the `'disconnect'` event is emitted.
+         * @since v0.11.14
+         */
         isConnected(): boolean;
+        /**
+         * This function returns `true` if the worker's process has terminated (either
+         * because of exiting or being signaled). Otherwise, it returns `false`.
+         *
+         * ```js
+         * import cluster from 'cluster';
+         * import http from 'http';
+         * import { cpus } from 'os';
+         * import process from 'process';
+         *
+         * const numCPUs = cpus().length;
+         *
+         * if (cluster.isPrimary) {
+         *   console.log(`Primary ${process.pid} is running`);
+         *
+         *   // Fork workers.
+         *   for (let i = 0; i < numCPUs; i++) {
+         *     cluster.fork();
+         *   }
+         *
+         *   cluster.on('fork', (worker) => {
+         *     console.log('worker is dead:', worker.isDead());
+         *   });
+         *
+         *   cluster.on('exit', (worker, code, signal) => {
+         *     console.log('worker is dead:', worker.isDead());
+         *   });
+         * } else {
+         *   // Workers can share any TCP connection. In this case, it is an HTTP server.
+         *   http.createServer((req, res) => {
+         *     res.writeHead(200);
+         *     res.end(`Current process\n ${process.pid}`);
+         *     process.kill(process.pid);
+         *   }).listen(8000);
+         * }
+         * ```
+         * @since v0.11.14
+         */
         isDead(): boolean;
+        /**
+         * This property is `true` if the worker exited due to `.kill()` or`.disconnect()`. If the worker exited any other way, it is `false`. If the
+         * worker has not exited, it is `undefined`.
+         *
+         * The boolean `worker.exitedAfterDisconnect` allows distinguishing between
+         * voluntary and accidental exit, the primary may choose not to respawn a worker
+         * based on this value.
+         *
+         * ```js
+         * cluster.on('exit', (worker, code, signal) => {
+         *   if (worker.exitedAfterDisconnect === true) {
+         *     console.log('Oh, it was just voluntary – no need to worry');
+         *   }
+         * });
+         *
+         * // kill worker
+         * worker.kill();
+         * ```
+         * @since v6.0.0
+         */
         exitedAfterDisconnect: boolean;
-
         /**
          * events.EventEmitter
          *   1. disconnect
@@ -42,68 +283,67 @@ declare module "cluster" {
          *   6. online
          */
         addListener(event: string, listener: (...args: any[]) => void): this;
-        addListener(event: "disconnect", listener: () => void): this;
-        addListener(event: "error", listener: (error: Error) => void): this;
-        addListener(event: "exit", listener: (code: number, signal: string) => void): this;
-        addListener(event: "listening", listener: (address: Address) => void): this;
-        addListener(event: "message", listener: (message: any, handle: net.Socket | net.Server) => void): this;  // the handle is a net.Socket or net.Server object, or undefined.
-        addListener(event: "online", listener: () => void): this;
-
+        addListener(event: 'disconnect', listener: () => void): this;
+        addListener(event: 'error', listener: (error: Error) => void): this;
+        addListener(event: 'exit', listener: (code: number, signal: string) => void): this;
+        addListener(event: 'listening', listener: (address: Address) => void): this;
+        addListener(event: 'message', listener: (message: any, handle: net.Socket | net.Server) => void): this; // the handle is a net.Socket or net.Server object, or undefined.
+        addListener(event: 'online', listener: () => void): this;
         emit(event: string | symbol, ...args: any[]): boolean;
-        emit(event: "disconnect"): boolean;
-        emit(event: "error", error: Error): boolean;
-        emit(event: "exit", code: number, signal: string): boolean;
-        emit(event: "listening", address: Address): boolean;
-        emit(event: "message", message: any, handle: net.Socket | net.Server): boolean;
-        emit(event: "online"): boolean;
-
+        emit(event: 'disconnect'): boolean;
+        emit(event: 'error', error: Error): boolean;
+        emit(event: 'exit', code: number, signal: string): boolean;
+        emit(event: 'listening', address: Address): boolean;
+        emit(event: 'message', message: any, handle: net.Socket | net.Server): boolean;
+        emit(event: 'online'): boolean;
         on(event: string, listener: (...args: any[]) => void): this;
-        on(event: "disconnect", listener: () => void): this;
-        on(event: "error", listener: (error: Error) => void): this;
-        on(event: "exit", listener: (code: number, signal: string) => void): this;
-        on(event: "listening", listener: (address: Address) => void): this;
-        on(event: "message", listener: (message: any, handle: net.Socket | net.Server) => void): this;  // the handle is a net.Socket or net.Server object, or undefined.
-        on(event: "online", listener: () => void): this;
-
+        on(event: 'disconnect', listener: () => void): this;
+        on(event: 'error', listener: (error: Error) => void): this;
+        on(event: 'exit', listener: (code: number, signal: string) => void): this;
+        on(event: 'listening', listener: (address: Address) => void): this;
+        on(event: 'message', listener: (message: any, handle: net.Socket | net.Server) => void): this; // the handle is a net.Socket or net.Server object, or undefined.
+        on(event: 'online', listener: () => void): this;
         once(event: string, listener: (...args: any[]) => void): this;
-        once(event: "disconnect", listener: () => void): this;
-        once(event: "error", listener: (error: Error) => void): this;
-        once(event: "exit", listener: (code: number, signal: string) => void): this;
-        once(event: "listening", listener: (address: Address) => void): this;
-        once(event: "message", listener: (message: any, handle: net.Socket | net.Server) => void): this;  // the handle is a net.Socket or net.Server object, or undefined.
-        once(event: "online", listener: () => void): this;
-
+        once(event: 'disconnect', listener: () => void): this;
+        once(event: 'error', listener: (error: Error) => void): this;
+        once(event: 'exit', listener: (code: number, signal: string) => void): this;
+        once(event: 'listening', listener: (address: Address) => void): this;
+        once(event: 'message', listener: (message: any, handle: net.Socket | net.Server) => void): this; // the handle is a net.Socket or net.Server object, or undefined.
+        once(event: 'online', listener: () => void): this;
         prependListener(event: string, listener: (...args: any[]) => void): this;
-        prependListener(event: "disconnect", listener: () => void): this;
-        prependListener(event: "error", listener: (error: Error) => void): this;
-        prependListener(event: "exit", listener: (code: number, signal: string) => void): this;
-        prependListener(event: "listening", listener: (address: Address) => void): this;
-        prependListener(event: "message", listener: (message: any, handle: net.Socket | net.Server) => void): this;  // the handle is a net.Socket or net.Server object, or undefined.
-        prependListener(event: "online", listener: () => void): this;
-
+        prependListener(event: 'disconnect', listener: () => void): this;
+        prependListener(event: 'error', listener: (error: Error) => void): this;
+        prependListener(event: 'exit', listener: (code: number, signal: string) => void): this;
+        prependListener(event: 'listening', listener: (address: Address) => void): this;
+        prependListener(event: 'message', listener: (message: any, handle: net.Socket | net.Server) => void): this; // the handle is a net.Socket or net.Server object, or undefined.
+        prependListener(event: 'online', listener: () => void): this;
         prependOnceListener(event: string, listener: (...args: any[]) => void): this;
-        prependOnceListener(event: "disconnect", listener: () => void): this;
-        prependOnceListener(event: "error", listener: (error: Error) => void): this;
-        prependOnceListener(event: "exit", listener: (code: number, signal: string) => void): this;
-        prependOnceListener(event: "listening", listener: (address: Address) => void): this;
-        prependOnceListener(event: "message", listener: (message: any, handle: net.Socket | net.Server) => void): this;  // the handle is a net.Socket or net.Server object, or undefined.
-        prependOnceListener(event: "online", listener: () => void): this;
+        prependOnceListener(event: 'disconnect', listener: () => void): this;
+        prependOnceListener(event: 'error', listener: (error: Error) => void): this;
+        prependOnceListener(event: 'exit', listener: (code: number, signal: string) => void): this;
+        prependOnceListener(event: 'listening', listener: (address: Address) => void): this;
+        prependOnceListener(event: 'message', listener: (message: any, handle: net.Socket | net.Server) => void): this; // the handle is a net.Socket or net.Server object, or undefined.
+        prependOnceListener(event: 'online', listener: () => void): this;
     }
-
-    interface Cluster extends events.EventEmitter {
-        Worker: Worker;
+    export interface Cluster extends EventEmitter {
         disconnect(callback?: () => void): void;
         fork(env?: any): Worker;
-        isMaster: boolean;
-        isWorker: boolean;
-        // TODO: cluster.schedulingPolicy
-        settings: ClusterSettings;
+        /** @deprecated since v16.0.0 - use isPrimary. */
+        readonly isMaster: boolean;
+        readonly isPrimary: boolean;
+        readonly isWorker: boolean;
+        schedulingPolicy: number;
+        readonly settings: ClusterSettings;
+        /** @deprecated since v16.0.0 - use setupPrimary. */
         setupMaster(settings?: ClusterSettings): void;
-        worker?: Worker;
-        workers?: {
-            [index: string]: Worker | undefined
-        };
-
+        /**
+         * `setupPrimary` is used to change the default 'fork' behavior. Once called, the settings will be present in cluster.settings.
+         */
+        setupPrimary(settings?: ClusterSettings): void;
+        readonly worker?: Worker | undefined;
+        readonly workers?: NodeJS.Dict<Worker> | undefined;
+        readonly SCHED_NONE: number;
+        readonly SCHED_RR: number;
         /**
          * events.EventEmitter
          *   1. disconnect
@@ -115,146 +355,60 @@ declare module "cluster" {
          *   7. setup
          */
         addListener(event: string, listener: (...args: any[]) => void): this;
-        addListener(event: "disconnect", listener: (worker: Worker) => void): this;
-        addListener(event: "exit", listener: (worker: Worker, code: number, signal: string) => void): this;
-        addListener(event: "fork", listener: (worker: Worker) => void): this;
-        addListener(event: "listening", listener: (worker: Worker, address: Address) => void): this;
-        addListener(event: "message", listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): this;  // the handle is a net.Socket or net.Server object, or undefined.
-        addListener(event: "online", listener: (worker: Worker) => void): this;
-        addListener(event: "setup", listener: (settings: ClusterSettings) => void): this;
-
+        addListener(event: 'disconnect', listener: (worker: Worker) => void): this;
+        addListener(event: 'exit', listener: (worker: Worker, code: number, signal: string) => void): this;
+        addListener(event: 'fork', listener: (worker: Worker) => void): this;
+        addListener(event: 'listening', listener: (worker: Worker, address: Address) => void): this;
+        addListener(event: 'message', listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): this; // the handle is a net.Socket or net.Server object, or undefined.
+        addListener(event: 'online', listener: (worker: Worker) => void): this;
+        addListener(event: 'setup', listener: (settings: ClusterSettings) => void): this;
         emit(event: string | symbol, ...args: any[]): boolean;
-        emit(event: "disconnect", worker: Worker): boolean;
-        emit(event: "exit", worker: Worker, code: number, signal: string): boolean;
-        emit(event: "fork", worker: Worker): boolean;
-        emit(event: "listening", worker: Worker, address: Address): boolean;
-        emit(event: "message", worker: Worker, message: any, handle: net.Socket | net.Server): boolean;
-        emit(event: "online", worker: Worker): boolean;
-        emit(event: "setup", settings: ClusterSettings): boolean;
-
+        emit(event: 'disconnect', worker: Worker): boolean;
+        emit(event: 'exit', worker: Worker, code: number, signal: string): boolean;
+        emit(event: 'fork', worker: Worker): boolean;
+        emit(event: 'listening', worker: Worker, address: Address): boolean;
+        emit(event: 'message', worker: Worker, message: any, handle: net.Socket | net.Server): boolean;
+        emit(event: 'online', worker: Worker): boolean;
+        emit(event: 'setup', settings: ClusterSettings): boolean;
         on(event: string, listener: (...args: any[]) => void): this;
-        on(event: "disconnect", listener: (worker: Worker) => void): this;
-        on(event: "exit", listener: (worker: Worker, code: number, signal: string) => void): this;
-        on(event: "fork", listener: (worker: Worker) => void): this;
-        on(event: "listening", listener: (worker: Worker, address: Address) => void): this;
-        on(event: "message", listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): this;  // the handle is a net.Socket or net.Server object, or undefined.
-        on(event: "online", listener: (worker: Worker) => void): this;
-        on(event: "setup", listener: (settings: ClusterSettings) => void): this;
-
+        on(event: 'disconnect', listener: (worker: Worker) => void): this;
+        on(event: 'exit', listener: (worker: Worker, code: number, signal: string) => void): this;
+        on(event: 'fork', listener: (worker: Worker) => void): this;
+        on(event: 'listening', listener: (worker: Worker, address: Address) => void): this;
+        on(event: 'message', listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): this; // the handle is a net.Socket or net.Server object, or undefined.
+        on(event: 'online', listener: (worker: Worker) => void): this;
+        on(event: 'setup', listener: (settings: ClusterSettings) => void): this;
         once(event: string, listener: (...args: any[]) => void): this;
-        once(event: "disconnect", listener: (worker: Worker) => void): this;
-        once(event: "exit", listener: (worker: Worker, code: number, signal: string) => void): this;
-        once(event: "fork", listener: (worker: Worker) => void): this;
-        once(event: "listening", listener: (worker: Worker, address: Address) => void): this;
-        once(event: "message", listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): this;  // the handle is a net.Socket or net.Server object, or undefined.
-        once(event: "online", listener: (worker: Worker) => void): this;
-        once(event: "setup", listener: (settings: ClusterSettings) => void): this;
-
+        once(event: 'disconnect', listener: (worker: Worker) => void): this;
+        once(event: 'exit', listener: (worker: Worker, code: number, signal: string) => void): this;
+        once(event: 'fork', listener: (worker: Worker) => void): this;
+        once(event: 'listening', listener: (worker: Worker, address: Address) => void): this;
+        once(event: 'message', listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): this; // the handle is a net.Socket or net.Server object, or undefined.
+        once(event: 'online', listener: (worker: Worker) => void): this;
+        once(event: 'setup', listener: (settings: ClusterSettings) => void): this;
         prependListener(event: string, listener: (...args: any[]) => void): this;
-        prependListener(event: "disconnect", listener: (worker: Worker) => void): this;
-        prependListener(event: "exit", listener: (worker: Worker, code: number, signal: string) => void): this;
-        prependListener(event: "fork", listener: (worker: Worker) => void): this;
-        prependListener(event: "listening", listener: (worker: Worker, address: Address) => void): this;
-        prependListener(event: "message", listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): this;  // the handle is a net.Socket or net.Server object, or undefined.
-        prependListener(event: "online", listener: (worker: Worker) => void): this;
-        prependListener(event: "setup", listener: (settings: ClusterSettings) => void): this;
-
-        prependOnceListener(event: string, listener: (...args: any[]) => void): this;
-        prependOnceListener(event: "disconnect", listener: (worker: Worker) => void): this;
-        prependOnceListener(event: "exit", listener: (worker: Worker, code: number, signal: string) => void): this;
-        prependOnceListener(event: "fork", listener: (worker: Worker) => void): this;
-        prependOnceListener(event: "listening", listener: (worker: Worker, address: Address) => void): this;
+        prependListener(event: 'disconnect', listener: (worker: Worker) => void): this;
+        prependListener(event: 'exit', listener: (worker: Worker, code: number, signal: string) => void): this;
+        prependListener(event: 'fork', listener: (worker: Worker) => void): this;
+        prependListener(event: 'listening', listener: (worker: Worker, address: Address) => void): this;
         // the handle is a net.Socket or net.Server object, or undefined.
-        prependOnceListener(event: "message", listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): this;
-        prependOnceListener(event: "online", listener: (worker: Worker) => void): this;
-        prependOnceListener(event: "setup", listener: (settings: ClusterSettings) => void): this;
+        prependListener(event: 'message', listener: (worker: Worker, message: any, handle?: net.Socket | net.Server) => void): this;
+        prependListener(event: 'online', listener: (worker: Worker) => void): this;
+        prependListener(event: 'setup', listener: (settings: ClusterSettings) => void): this;
+        prependOnceListener(event: string, listener: (...args: any[]) => void): this;
+        prependOnceListener(event: 'disconnect', listener: (worker: Worker) => void): this;
+        prependOnceListener(event: 'exit', listener: (worker: Worker, code: number, signal: string) => void): this;
+        prependOnceListener(event: 'fork', listener: (worker: Worker) => void): this;
+        prependOnceListener(event: 'listening', listener: (worker: Worker, address: Address) => void): this;
+        // the handle is a net.Socket or net.Server object, or undefined.
+        prependOnceListener(event: 'message', listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): this;
+        prependOnceListener(event: 'online', listener: (worker: Worker) => void): this;
+        prependOnceListener(event: 'setup', listener: (settings: ClusterSettings) => void): this;
     }
-
-    function disconnect(callback?: () => void): void;
-    function fork(env?: any): Worker;
-    const isMaster: boolean;
-    const isWorker: boolean;
-    // TODO: cluster.schedulingPolicy
-    const settings: ClusterSettings;
-    function setupMaster(settings?: ClusterSettings): void;
-    const worker: Worker;
-    const workers: {
-        [index: string]: Worker | undefined
-    };
-
-    /**
-     * events.EventEmitter
-     *   1. disconnect
-     *   2. exit
-     *   3. fork
-     *   4. listening
-     *   5. message
-     *   6. online
-     *   7. setup
-     */
-    function addListener(event: string, listener: (...args: any[]) => void): Cluster;
-    function addListener(event: "disconnect", listener: (worker: Worker) => void): Cluster;
-    function addListener(event: "exit", listener: (worker: Worker, code: number, signal: string) => void): Cluster;
-    function addListener(event: "fork", listener: (worker: Worker) => void): Cluster;
-    function addListener(event: "listening", listener: (worker: Worker, address: Address) => void): Cluster;
-     // the handle is a net.Socket or net.Server object, or undefined.
-    function addListener(event: "message", listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): Cluster;
-    function addListener(event: "online", listener: (worker: Worker) => void): Cluster;
-    function addListener(event: "setup", listener: (settings: ClusterSettings) => void): Cluster;
-
-    function emit(event: string | symbol, ...args: any[]): boolean;
-    function emit(event: "disconnect", worker: Worker): boolean;
-    function emit(event: "exit", worker: Worker, code: number, signal: string): boolean;
-    function emit(event: "fork", worker: Worker): boolean;
-    function emit(event: "listening", worker: Worker, address: Address): boolean;
-    function emit(event: "message", worker: Worker, message: any, handle: net.Socket | net.Server): boolean;
-    function emit(event: "online", worker: Worker): boolean;
-    function emit(event: "setup", settings: ClusterSettings): boolean;
-
-    function on(event: string, listener: (...args: any[]) => void): Cluster;
-    function on(event: "disconnect", listener: (worker: Worker) => void): Cluster;
-    function on(event: "exit", listener: (worker: Worker, code: number, signal: string) => void): Cluster;
-    function on(event: "fork", listener: (worker: Worker) => void): Cluster;
-    function on(event: "listening", listener: (worker: Worker, address: Address) => void): Cluster;
-    function on(event: "message", listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): Cluster;  // the handle is a net.Socket or net.Server object, or undefined.
-    function on(event: "online", listener: (worker: Worker) => void): Cluster;
-    function on(event: "setup", listener: (settings: ClusterSettings) => void): Cluster;
-
-    function once(event: string, listener: (...args: any[]) => void): Cluster;
-    function once(event: "disconnect", listener: (worker: Worker) => void): Cluster;
-    function once(event: "exit", listener: (worker: Worker, code: number, signal: string) => void): Cluster;
-    function once(event: "fork", listener: (worker: Worker) => void): Cluster;
-    function once(event: "listening", listener: (worker: Worker, address: Address) => void): Cluster;
-    function once(event: "message", listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): Cluster;  // the handle is a net.Socket or net.Server object, or undefined.
-    function once(event: "online", listener: (worker: Worker) => void): Cluster;
-    function once(event: "setup", listener: (settings: ClusterSettings) => void): Cluster;
-
-    function removeListener(event: string, listener: (...args: any[]) => void): Cluster;
-    function removeAllListeners(event?: string): Cluster;
-    function setMaxListeners(n: number): Cluster;
-    function getMaxListeners(): number;
-    function listeners(event: string): Function[];
-    function listenerCount(type: string): number;
-
-    function prependListener(event: string, listener: (...args: any[]) => void): Cluster;
-    function prependListener(event: "disconnect", listener: (worker: Worker) => void): Cluster;
-    function prependListener(event: "exit", listener: (worker: Worker, code: number, signal: string) => void): Cluster;
-    function prependListener(event: "fork", listener: (worker: Worker) => void): Cluster;
-    function prependListener(event: "listening", listener: (worker: Worker, address: Address) => void): Cluster;
-     // the handle is a net.Socket or net.Server object, or undefined.
-    function prependListener(event: "message", listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): Cluster;
-    function prependListener(event: "online", listener: (worker: Worker) => void): Cluster;
-    function prependListener(event: "setup", listener: (settings: ClusterSettings) => void): Cluster;
-
-    function prependOnceListener(event: string, listener: (...args: any[]) => void): Cluster;
-    function prependOnceListener(event: "disconnect", listener: (worker: Worker) => void): Cluster;
-    function prependOnceListener(event: "exit", listener: (worker: Worker, code: number, signal: string) => void): Cluster;
-    function prependOnceListener(event: "fork", listener: (worker: Worker) => void): Cluster;
-    function prependOnceListener(event: "listening", listener: (worker: Worker, address: Address) => void): Cluster;
-     // the handle is a net.Socket or net.Server object, or undefined.
-    function prependOnceListener(event: "message", listener: (worker: Worker, message: any, handle: net.Socket | net.Server) => void): Cluster;
-    function prependOnceListener(event: "online", listener: (worker: Worker) => void): Cluster;
-    function prependOnceListener(event: "setup", listener: (settings: ClusterSettings) => void): Cluster;
-
-    function eventNames(): string[];
+    const cluster: Cluster;
+    export default cluster;
+}
+declare module 'node:cluster' {
+    export * from 'cluster';
+    export { default as default } from 'cluster';
 }

node_modules/@types/node/console.d.ts

@@ -1,3 +1,412 @@
-declare module "console" {
+/**
+ * The `console` module provides a simple debugging console that is similar to the
+ * JavaScript console mechanism provided by web browsers.
+ *
+ * The module exports two specific components:
+ *
+ * * A `Console` class with methods such as `console.log()`, `console.error()` and`console.warn()` that can be used to write to any Node.js stream.
+ * * A global `console` instance configured to write to `process.stdout` and `process.stderr`. The global `console` can be used without calling`require('console')`.
+ *
+ * _**Warning**_: The global console object's methods are neither consistently
+ * synchronous like the browser APIs they resemble, nor are they consistently
+ * asynchronous like all other Node.js streams. See the `note on process I/O` for
+ * more information.
+ *
+ * Example using the global `console`:
+ *
+ * ```js
+ * console.log('hello world');
+ * // Prints: hello world, to stdout
+ * console.log('hello %s', 'world');
+ * // Prints: hello world, to stdout
+ * console.error(new Error('Whoops, something bad happened'));
+ * // Prints error message and stack trace to stderr:
+ * //   Error: Whoops, something bad happened
+ * //     at [eval]:5:15
+ * //     at Script.runInThisContext (node:vm:132:18)
+ * //     at Object.runInThisContext (node:vm:309:38)
+ * //     at node:internal/process/execution:77:19
+ * //     at [eval]-wrapper:6:22
+ * //     at evalScript (node:internal/process/execution:76:60)
+ * //     at node:internal/main/eval_string:23:3
+ *
+ * const name = 'Will Robinson';
+ * console.warn(`Danger ${name}! Danger!`);
+ * // Prints: Danger Will Robinson! Danger!, to stderr
+ * ```
+ *
+ * Example using the `Console` class:
+ *
+ * ```js
+ * const out = getStreamSomehow();
+ * const err = getStreamSomehow();
+ * const myConsole = new console.Console(out, err);
+ *
+ * myConsole.log('hello world');
+ * // Prints: hello world, to out
+ * myConsole.log('hello %s', 'world');
+ * // Prints: hello world, to out
+ * myConsole.error(new Error('Whoops, something bad happened'));
+ * // Prints: [Error: Whoops, something bad happened], to err
+ *
+ * const name = 'Will Robinson';
+ * myConsole.warn(`Danger ${name}! Danger!`);
+ * // Prints: Danger Will Robinson! Danger!, to err
+ * ```
+ * @see [source](https://github.com/nodejs/node/blob/v16.9.0/lib/console.js)
+ */
+declare module 'console' {
+    import console = require('node:console');
     export = console;
 }
+declare module 'node:console' {
+    import { InspectOptions } from 'node:util';
+    global {
+        // This needs to be global to avoid TS2403 in case lib.dom.d.ts is present in the same build
+        interface Console {
+            Console: console.ConsoleConstructor;
+            /**
+             * `console.assert()` writes a message if `value` is [falsy](https://developer.mozilla.org/en-US/docs/Glossary/Falsy) or omitted. It only
+             * writes a message and does not otherwise affect execution. The output always
+             * starts with `"Assertion failed"`. If provided, `message` is formatted using `util.format()`.
+             *
+             * If `value` is [truthy](https://developer.mozilla.org/en-US/docs/Glossary/Truthy), nothing happens.
+             *
+             * ```js
+             * console.assert(true, 'does nothing');
+             *
+             * console.assert(false, 'Whoops %s work', 'didn\'t');
+             * // Assertion failed: Whoops didn't work
+             *
+             * console.assert();
+             * // Assertion failed
+             * ```
+             * @since v0.1.101
+             * @param value The value tested for being truthy.
+             * @param message All arguments besides `value` are used as error message.
+             */
+            assert(value: any, message?: string, ...optionalParams: any[]): void;
+            /**
+             * When `stdout` is a TTY, calling `console.clear()` will attempt to clear the
+             * TTY. When `stdout` is not a TTY, this method does nothing.
+             *
+             * The specific operation of `console.clear()` can vary across operating systems
+             * and terminal types. For most Linux operating systems, `console.clear()`operates similarly to the `clear` shell command. On Windows, `console.clear()`will clear only the output in the
+             * current terminal viewport for the Node.js
+             * binary.
+             * @since v8.3.0
+             */
+            clear(): void;
+            /**
+             * Maintains an internal counter specific to `label` and outputs to `stdout` the
+             * number of times `console.count()` has been called with the given `label`.
+             *
+             * ```js
+             * > console.count()
+             * default: 1
+             * undefined
+             * > console.count('default')
+             * default: 2
+             * undefined
+             * > console.count('abc')
+             * abc: 1
+             * undefined
+             * > console.count('xyz')
+             * xyz: 1
+             * undefined
+             * > console.count('abc')
+             * abc: 2
+             * undefined
+             * > console.count()
+             * default: 3
+             * undefined
+             * >
+             * ```
+             * @since v8.3.0
+             * @param label The display label for the counter.
+             */
+            count(label?: string): void;
+            /**
+             * Resets the internal counter specific to `label`.
+             *
+             * ```js
+             * > console.count('abc');
+             * abc: 1
+             * undefined
+             * > console.countReset('abc');
+             * undefined
+             * > console.count('abc');
+             * abc: 1
+             * undefined
+             * >
+             * ```
+             * @since v8.3.0
+             * @param label The display label for the counter.
+             */
+            countReset(label?: string): void;
+            /**
+             * The `console.debug()` function is an alias for {@link log}.
+             * @since v8.0.0
+             */
+            debug(message?: any, ...optionalParams: any[]): void;
+            /**
+             * Uses `util.inspect()` on `obj` and prints the resulting string to `stdout`.
+             * This function bypasses any custom `inspect()` function defined on `obj`.
+             * @since v0.1.101
+             */
+            dir(obj: any, options?: InspectOptions): void;
+            /**
+             * This method calls `console.log()` passing it the arguments received.
+             * This method does not produce any XML formatting.
+             * @since v8.0.0
+             */
+            dirxml(...data: any[]): void;
+            /**
+             * Prints to `stderr` with newline. Multiple arguments can be passed, with the
+             * first used as the primary message and all additional used as substitution
+             * values similar to [`printf(3)`](http://man7.org/linux/man-pages/man3/printf.3.html) (the arguments are all passed to `util.format()`).
+             *
+             * ```js
+             * const code = 5;
+             * console.error('error #%d', code);
+             * // Prints: error #5, to stderr
+             * console.error('error', code);
+             * // Prints: error 5, to stderr
+             * ```
+             *
+             * If formatting elements (e.g. `%d`) are not found in the first string then `util.inspect()` is called on each argument and the resulting string
+             * values are concatenated. See `util.format()` for more information.
+             * @since v0.1.100
+             */
+            error(message?: any, ...optionalParams: any[]): void;
+            /**
+             * Increases indentation of subsequent lines by spaces for `groupIndentation`length.
+             *
+             * If one or more `label`s are provided, those are printed first without the
+             * additional indentation.
+             * @since v8.5.0
+             */
+            group(...label: any[]): void;
+            /**
+             * An alias for {@link group}.
+             * @since v8.5.0
+             */
+            groupCollapsed(...label: any[]): void;
+            /**
+             * Decreases indentation of subsequent lines by spaces for `groupIndentation`length.
+             * @since v8.5.0
+             */
+            groupEnd(): void;
+            /**
+             * The `console.info()` function is an alias for {@link log}.
+             * @since v0.1.100
+             */
+            info(message?: any, ...optionalParams: any[]): void;
+            /**
+             * Prints to `stdout` with newline. Multiple arguments can be passed, with the
+             * first used as the primary message and all additional used as substitution
+             * values similar to [`printf(3)`](http://man7.org/linux/man-pages/man3/printf.3.html) (the arguments are all passed to `util.format()`).
+             *
+             * ```js
+             * const count = 5;
+             * console.log('count: %d', count);
+             * // Prints: count: 5, to stdout
+             * console.log('count:', count);
+             * // Prints: count: 5, to stdout
+             * ```
+             *
+             * See `util.format()` for more information.
+             * @since v0.1.100
+             */
+            log(message?: any, ...optionalParams: any[]): void;
+            /**
+             * Try to construct a table with the columns of the properties of `tabularData`(or use `properties`) and rows of `tabularData` and log it. Falls back to just
+             * logging the argument if it can’t be parsed as tabular.
+             *
+             * ```js
+             * // These can't be parsed as tabular data
+             * console.table(Symbol());
+             * // Symbol()
+             *
+             * console.table(undefined);
+             * // undefined
+             *
+             * console.table([{ a: 1, b: 'Y' }, { a: 'Z', b: 2 }]);
+             * // ┌─────────┬─────┬─────┐
+             * // │ (index) │  a  │  b  │
+             * // ├─────────┼─────┼─────┤
+             * // │    0    │  1  │ 'Y' │
+             * // │    1    │ 'Z' │  2  │
+             * // └─────────┴─────┴─────┘
+             *
+             * console.table([{ a: 1, b: 'Y' }, { a: 'Z', b: 2 }], ['a']);
+             * // ┌─────────┬─────┐
+             * // │ (index) │  a  │
+             * // ├─────────┼─────┤
+             * // │    0    │  1  │
+             * // │    1    │ 'Z' │
+             * // └─────────┴─────┘
+             * ```
+             * @since v10.0.0
+             * @param properties Alternate properties for constructing the table.
+             */
+            table(tabularData: any, properties?: ReadonlyArray<string>): void;
+            /**
+             * Starts a timer that can be used to compute the duration of an operation. Timers
+             * are identified by a unique `label`. Use the same `label` when calling {@link timeEnd} to stop the timer and output the elapsed time in
+             * suitable time units to `stdout`. For example, if the elapsed
+             * time is 3869ms, `console.timeEnd()` displays "3.869s".
+             * @since v0.1.104
+             */
+            time(label?: string): void;
+            /**
+             * Stops a timer that was previously started by calling {@link time} and
+             * prints the result to `stdout`:
+             *
+             * ```js
+             * console.time('100-elements');
+             * for (let i = 0; i < 100; i++) {}
+             * console.timeEnd('100-elements');
+             * // prints 100-elements: 225.438ms
+             * ```
+             * @since v0.1.104
+             */
+            timeEnd(label?: string): void;
+            /**
+             * For a timer that was previously started by calling {@link time}, prints
+             * the elapsed time and other `data` arguments to `stdout`:
+             *
+             * ```js
+             * console.time('process');
+             * const value = expensiveProcess1(); // Returns 42
+             * console.timeLog('process', value);
+             * // Prints "process: 365.227ms 42".
+             * doExpensiveProcess2(value);
+             * console.timeEnd('process');
+             * ```
+             * @since v10.7.0
+             */
+            timeLog(label?: string, ...data: any[]): void;
+            /**
+             * Prints to `stderr` the string `'Trace: '`, followed by the `util.format()` formatted message and stack trace to the current position in the code.
+             *
+             * ```js
+             * console.trace('Show me');
+             * // Prints: (stack trace will vary based on where trace is called)
+             * //  Trace: Show me
+             * //    at repl:2:9
+             * //    at REPLServer.defaultEval (repl.js:248:27)
+             * //    at bound (domain.js:287:14)
+             * //    at REPLServer.runBound [as eval] (domain.js:300:12)
+             * //    at REPLServer.<anonymous> (repl.js:412:12)
+             * //    at emitOne (events.js:82:20)
+             * //    at REPLServer.emit (events.js:169:7)
+             * //    at REPLServer.Interface._onLine (readline.js:210:10)
+             * //    at REPLServer.Interface._line (readline.js:549:8)
+             * //    at REPLServer.Interface._ttyWrite (readline.js:826:14)
+             * ```
+             * @since v0.1.104
+             */
+            trace(message?: any, ...optionalParams: any[]): void;
+            /**
+             * The `console.warn()` function is an alias for {@link error}.
+             * @since v0.1.100
+             */
+            warn(message?: any, ...optionalParams: any[]): void;
+            // --- Inspector mode only ---
+            /**
+             * This method does not display anything unless used in the inspector.
+             *  Starts a JavaScript CPU profile with an optional label.
+             */
+            profile(label?: string): void;
+            /**
+             * This method does not display anything unless used in the inspector.
+             *  Stops the current JavaScript CPU profiling session if one has been started and prints the report to the Profiles panel of the inspector.
+             */
+            profileEnd(label?: string): void;
+            /**
+             * This method does not display anything unless used in the inspector.
+             *  Adds an event with the label `label` to the Timeline panel of the inspector.
+             */
+            timeStamp(label?: string): void;
+        }
+        /**
+         * The `console` module provides a simple debugging console that is similar to the
+         * JavaScript console mechanism provided by web browsers.
+         *
+         * The module exports two specific components:
+         *
+         * * A `Console` class with methods such as `console.log()`, `console.error()` and`console.warn()` that can be used to write to any Node.js stream.
+         * * A global `console` instance configured to write to `process.stdout` and `process.stderr`. The global `console` can be used without calling`require('console')`.
+         *
+         * _**Warning**_: The global console object's methods are neither consistently
+         * synchronous like the browser APIs they resemble, nor are they consistently
+         * asynchronous like all other Node.js streams. See the `note on process I/O` for
+         * more information.
+         *
+         * Example using the global `console`:
+         *
+         * ```js
+         * console.log('hello world');
+         * // Prints: hello world, to stdout
+         * console.log('hello %s', 'world');
+         * // Prints: hello world, to stdout
+         * console.error(new Error('Whoops, something bad happened'));
+         * // Prints error message and stack trace to stderr:
+         * //   Error: Whoops, something bad happened
+         * //     at [eval]:5:15
+         * //     at Script.runInThisContext (node:vm:132:18)
+         * //     at Object.runInThisContext (node:vm:309:38)
+         * //     at node:internal/process/execution:77:19
+         * //     at [eval]-wrapper:6:22
+         * //     at evalScript (node:internal/process/execution:76:60)
+         * //     at node:internal/main/eval_string:23:3
+         *
+         * const name = 'Will Robinson';
+         * console.warn(`Danger ${name}! Danger!`);
+         * // Prints: Danger Will Robinson! Danger!, to stderr
+         * ```
+         *
+         * Example using the `Console` class:
+         *
+         * ```js
+         * const out = getStreamSomehow();
+         * const err = getStreamSomehow();
+         * const myConsole = new console.Console(out, err);
+         *
+         * myConsole.log('hello world');
+         * // Prints: hello world, to out
+         * myConsole.log('hello %s', 'world');
+         * // Prints: hello world, to out
+         * myConsole.error(new Error('Whoops, something bad happened'));
+         * // Prints: [Error: Whoops, something bad happened], to err
+         *
+         * const name = 'Will Robinson';
+         * myConsole.warn(`Danger ${name}! Danger!`);
+         * // Prints: Danger Will Robinson! Danger!, to err
+         * ```
+         * @see [source](https://github.com/nodejs/node/blob/v16.4.2/lib/console.js)
+         */
+        namespace console {
+            interface ConsoleConstructorOptions {
+                stdout: NodeJS.WritableStream;
+                stderr?: NodeJS.WritableStream | undefined;
+                ignoreErrors?: boolean | undefined;
+                colorMode?: boolean | 'auto' | undefined;
+                inspectOptions?: InspectOptions | undefined;
+                /**
+                 * Set group indentation
+                 * @default 2
+                 */
+                groupIndentation?: number | undefined;
+            }
+            interface ConsoleConstructor {
+                prototype: Console;
+                new (stdout: NodeJS.WritableStream, stderr?: NodeJS.WritableStream, ignoreErrors?: boolean): Console;
+                new (options: ConsoleConstructorOptions): Console;
+            }
+        }
+        var console: Console;
+    }
+    export = globalThis.console;
+}

node_modules/@types/node/constants.d.ts

@@ -1,448 +1,18 @@
 /** @deprecated since v6.3.0 - use constants property exposed by the relevant module instead. */
-declare module "constants" {
-    /** @deprecated since v6.3.0 - use `os.constants.errno.E2BIG` instead. */
-    const E2BIG: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EACCES` instead. */
-    const EACCES: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EADDRINUSE` instead. */
-    const EADDRINUSE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EADDRNOTAVAIL` instead. */
-    const EADDRNOTAVAIL: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EAFNOSUPPORT` instead. */
-    const EAFNOSUPPORT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EAGAIN` instead. */
-    const EAGAIN: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EALREADY` instead. */
-    const EALREADY: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EBADF` instead. */
-    const EBADF: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EBADMSG` instead. */
-    const EBADMSG: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EBUSY` instead. */
-    const EBUSY: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ECANCELED` instead. */
-    const ECANCELED: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ECHILD` instead. */
-    const ECHILD: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ECONNABORTED` instead. */
-    const ECONNABORTED: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ECONNREFUSED` instead. */
-    const ECONNREFUSED: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ECONNRESET` instead. */
-    const ECONNRESET: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EDEADLK` instead. */
-    const EDEADLK: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EDESTADDRREQ` instead. */
-    const EDESTADDRREQ: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EDOM` instead. */
-    const EDOM: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EEXIST` instead. */
-    const EEXIST: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EFAULT` instead. */
-    const EFAULT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EFBIG` instead. */
-    const EFBIG: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EHOSTUNREACH` instead. */
-    const EHOSTUNREACH: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EIDRM` instead. */
-    const EIDRM: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EILSEQ` instead. */
-    const EILSEQ: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EINPROGRESS` instead. */
-    const EINPROGRESS: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EINTR` instead. */
-    const EINTR: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EINVAL` instead. */
-    const EINVAL: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EIO` instead. */
-    const EIO: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EISCONN` instead. */
-    const EISCONN: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EISDIR` instead. */
-    const EISDIR: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ELOOP` instead. */
-    const ELOOP: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EMFILE` instead. */
-    const EMFILE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EMLINK` instead. */
-    const EMLINK: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EMSGSIZE` instead. */
-    const EMSGSIZE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENAMETOOLONG` instead. */
-    const ENAMETOOLONG: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENETDOWN` instead. */
-    const ENETDOWN: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENETRESET` instead. */
-    const ENETRESET: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENETUNREACH` instead. */
-    const ENETUNREACH: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENFILE` instead. */
-    const ENFILE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOBUFS` instead. */
-    const ENOBUFS: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENODATA` instead. */
-    const ENODATA: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENODEV` instead. */
-    const ENODEV: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOENT` instead. */
-    const ENOENT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOEXEC` instead. */
-    const ENOEXEC: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOLCK` instead. */
-    const ENOLCK: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOLINK` instead. */
-    const ENOLINK: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOMEM` instead. */
-    const ENOMEM: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOMSG` instead. */
-    const ENOMSG: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOPROTOOPT` instead. */
-    const ENOPROTOOPT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOSPC` instead. */
-    const ENOSPC: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOSR` instead. */
-    const ENOSR: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOSTR` instead. */
-    const ENOSTR: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOSYS` instead. */
-    const ENOSYS: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOTCONN` instead. */
-    const ENOTCONN: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOTDIR` instead. */
-    const ENOTDIR: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOTEMPTY` instead. */
-    const ENOTEMPTY: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOTSOCK` instead. */
-    const ENOTSOCK: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOTSUP` instead. */
-    const ENOTSUP: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENOTTY` instead. */
-    const ENOTTY: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ENXIO` instead. */
-    const ENXIO: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EOPNOTSUPP` instead. */
-    const EOPNOTSUPP: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EOVERFLOW` instead. */
-    const EOVERFLOW: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EPERM` instead. */
-    const EPERM: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EPIPE` instead. */
-    const EPIPE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EPROTO` instead. */
-    const EPROTO: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EPROTONOSUPPORT` instead. */
-    const EPROTONOSUPPORT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EPROTOTYPE` instead. */
-    const EPROTOTYPE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ERANGE` instead. */
-    const ERANGE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EROFS` instead. */
-    const EROFS: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ESPIPE` instead. */
-    const ESPIPE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ESRCH` instead. */
-    const ESRCH: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ETIME` instead. */
-    const ETIME: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ETIMEDOUT` instead. */
-    const ETIMEDOUT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.ETXTBSY` instead. */
-    const ETXTBSY: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EWOULDBLOCK` instead. */
-    const EWOULDBLOCK: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.EXDEV` instead. */
-    const EXDEV: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEINTR` instead. */
-    const WSAEINTR: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEBADF` instead. */
-    const WSAEBADF: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEACCES` instead. */
-    const WSAEACCES: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEFAULT` instead. */
-    const WSAEFAULT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEINVAL` instead. */
-    const WSAEINVAL: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEMFILE` instead. */
-    const WSAEMFILE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEWOULDBLOCK` instead. */
-    const WSAEWOULDBLOCK: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEINPROGRESS` instead. */
-    const WSAEINPROGRESS: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEALREADY` instead. */
-    const WSAEALREADY: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAENOTSOCK` instead. */
-    const WSAENOTSOCK: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEDESTADDRREQ` instead. */
-    const WSAEDESTADDRREQ: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEMSGSIZE` instead. */
-    const WSAEMSGSIZE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEPROTOTYPE` instead. */
-    const WSAEPROTOTYPE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAENOPROTOOPT` instead. */
-    const WSAENOPROTOOPT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEPROTONOSUPPORT` instead. */
-    const WSAEPROTONOSUPPORT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAESOCKTNOSUPPORT` instead. */
-    const WSAESOCKTNOSUPPORT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEOPNOTSUPP` instead. */
-    const WSAEOPNOTSUPP: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEPFNOSUPPORT` instead. */
-    const WSAEPFNOSUPPORT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEAFNOSUPPORT` instead. */
-    const WSAEAFNOSUPPORT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEADDRINUSE` instead. */
-    const WSAEADDRINUSE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEADDRNOTAVAIL` instead. */
-    const WSAEADDRNOTAVAIL: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAENETDOWN` instead. */
-    const WSAENETDOWN: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAENETUNREACH` instead. */
-    const WSAENETUNREACH: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAENETRESET` instead. */
-    const WSAENETRESET: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAECONNABORTED` instead. */
-    const WSAECONNABORTED: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAECONNRESET` instead. */
-    const WSAECONNRESET: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAENOBUFS` instead. */
-    const WSAENOBUFS: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEISCONN` instead. */
-    const WSAEISCONN: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAENOTCONN` instead. */
-    const WSAENOTCONN: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAESHUTDOWN` instead. */
-    const WSAESHUTDOWN: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAETOOMANYREFS` instead. */
-    const WSAETOOMANYREFS: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAETIMEDOUT` instead. */
-    const WSAETIMEDOUT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAECONNREFUSED` instead. */
-    const WSAECONNREFUSED: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAELOOP` instead. */
-    const WSAELOOP: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAENAMETOOLONG` instead. */
-    const WSAENAMETOOLONG: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEHOSTDOWN` instead. */
-    const WSAEHOSTDOWN: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEHOSTUNREACH` instead. */
-    const WSAEHOSTUNREACH: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAENOTEMPTY` instead. */
-    const WSAENOTEMPTY: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEPROCLIM` instead. */
-    const WSAEPROCLIM: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEUSERS` instead. */
-    const WSAEUSERS: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEDQUOT` instead. */
-    const WSAEDQUOT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAESTALE` instead. */
-    const WSAESTALE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEREMOTE` instead. */
-    const WSAEREMOTE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSASYSNOTREADY` instead. */
-    const WSASYSNOTREADY: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAVERNOTSUPPORTED` instead. */
-    const WSAVERNOTSUPPORTED: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSANOTINITIALISED` instead. */
-    const WSANOTINITIALISED: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEDISCON` instead. */
-    const WSAEDISCON: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAENOMORE` instead. */
-    const WSAENOMORE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAECANCELLED` instead. */
-    const WSAECANCELLED: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEINVALIDPROCTABLE` instead. */
-    const WSAEINVALIDPROCTABLE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEINVALIDPROVIDER` instead. */
-    const WSAEINVALIDPROVIDER: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEPROVIDERFAILEDINIT` instead. */
-    const WSAEPROVIDERFAILEDINIT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSASYSCALLFAILURE` instead. */
-    const WSASYSCALLFAILURE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSASERVICE_NOT_FOUND` instead. */
-    const WSASERVICE_NOT_FOUND: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSATYPE_NOT_FOUND` instead. */
-    const WSATYPE_NOT_FOUND: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSA_E_NO_MORE` instead. */
-    const WSA_E_NO_MORE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSA_E_CANCELLED` instead. */
-    const WSA_E_CANCELLED: number;
-    /** @deprecated since v6.3.0 - use `os.constants.errno.WSAEREFUSED` instead. */
-    const WSAEREFUSED: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGHUP` instead. */
-    const SIGHUP: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGINT` instead. */
-    const SIGINT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGILL` instead. */
-    const SIGILL: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGABRT` instead. */
-    const SIGABRT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGFPE` instead. */
-    const SIGFPE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGKILL` instead. */
-    const SIGKILL: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGSEGV` instead. */
-    const SIGSEGV: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGTERM` instead. */
-    const SIGTERM: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGBREAK` instead. */
-    const SIGBREAK: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGWINCH` instead. */
-    const SIGWINCH: number;
-    const SSL_OP_ALL: number;
-    const SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION: number;
-    const SSL_OP_CIPHER_SERVER_PREFERENCE: number;
-    const SSL_OP_CISCO_ANYCONNECT: number;
-    const SSL_OP_COOKIE_EXCHANGE: number;
-    const SSL_OP_CRYPTOPRO_TLSEXT_BUG: number;
-    const SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS: number;
-    const SSL_OP_EPHEMERAL_RSA: number;
-    const SSL_OP_LEGACY_SERVER_CONNECT: number;
-    const SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER: number;
-    const SSL_OP_MICROSOFT_SESS_ID_BUG: number;
-    const SSL_OP_MSIE_SSLV2_RSA_PADDING: number;
-    const SSL_OP_NETSCAPE_CA_DN_BUG: number;
-    const SSL_OP_NETSCAPE_CHALLENGE_BUG: number;
-    const SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG: number;
-    const SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG: number;
-    const SSL_OP_NO_COMPRESSION: number;
-    const SSL_OP_NO_QUERY_MTU: number;
-    const SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION: number;
-    const SSL_OP_NO_SSLv2: number;
-    const SSL_OP_NO_SSLv3: number;
-    const SSL_OP_NO_TICKET: number;
-    const SSL_OP_NO_TLSv1: number;
-    const SSL_OP_NO_TLSv1_1: number;
-    const SSL_OP_NO_TLSv1_2: number;
-    const SSL_OP_PKCS1_CHECK_1: number;
-    const SSL_OP_PKCS1_CHECK_2: number;
-    const SSL_OP_SINGLE_DH_USE: number;
-    const SSL_OP_SINGLE_ECDH_USE: number;
-    const SSL_OP_SSLEAY_080_CLIENT_DH_BUG: number;
-    const SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG: number;
-    const SSL_OP_TLS_BLOCK_PADDING_BUG: number;
-    const SSL_OP_TLS_D5_BUG: number;
-    const SSL_OP_TLS_ROLLBACK_BUG: number;
-    const ENGINE_METHOD_DSA: number;
-    const ENGINE_METHOD_DH: number;
-    const ENGINE_METHOD_RAND: number;
-    const ENGINE_METHOD_ECDH: number;
-    const ENGINE_METHOD_ECDSA: number;
-    const ENGINE_METHOD_CIPHERS: number;
-    const ENGINE_METHOD_DIGESTS: number;
-    const ENGINE_METHOD_STORE: number;
-    const ENGINE_METHOD_PKEY_METHS: number;
-    const ENGINE_METHOD_PKEY_ASN1_METHS: number;
-    const ENGINE_METHOD_ALL: number;
-    const ENGINE_METHOD_NONE: number;
-    const DH_CHECK_P_NOT_SAFE_PRIME: number;
-    const DH_CHECK_P_NOT_PRIME: number;
-    const DH_UNABLE_TO_CHECK_GENERATOR: number;
-    const DH_NOT_SUITABLE_GENERATOR: number;
-    const RSA_PKCS1_PADDING: number;
-    const RSA_SSLV23_PADDING: number;
-    const RSA_NO_PADDING: number;
-    const RSA_PKCS1_OAEP_PADDING: number;
-    const RSA_X931_PADDING: number;
-    const RSA_PKCS1_PSS_PADDING: number;
-    const POINT_CONVERSION_COMPRESSED: number;
-    const POINT_CONVERSION_UNCOMPRESSED: number;
-    const POINT_CONVERSION_HYBRID: number;
-    const O_RDONLY: number;
-    const O_WRONLY: number;
-    const O_RDWR: number;
-    const S_IFMT: number;
-    const S_IFREG: number;
-    const S_IFDIR: number;
-    const S_IFCHR: number;
-    const S_IFBLK: number;
-    const S_IFIFO: number;
-    const S_IFSOCK: number;
-    const S_IRWXU: number;
-    const S_IRUSR: number;
-    const S_IWUSR: number;
-    const S_IXUSR: number;
-    const S_IRWXG: number;
-    const S_IRGRP: number;
-    const S_IWGRP: number;
-    const S_IXGRP: number;
-    const S_IRWXO: number;
-    const S_IROTH: number;
-    const S_IWOTH: number;
-    const S_IXOTH: number;
-    const S_IFLNK: number;
-    const O_CREAT: number;
-    const O_EXCL: number;
-    const O_NOCTTY: number;
-    const O_DIRECTORY: number;
-    const O_NOATIME: number;
-    const O_NOFOLLOW: number;
-    const O_SYNC: number;
-    const O_DSYNC: number;
-    const O_SYMLINK: number;
-    const O_DIRECT: number;
-    const O_NONBLOCK: number;
-    const O_TRUNC: number;
-    const O_APPEND: number;
-    const F_OK: number;
-    const R_OK: number;
-    const W_OK: number;
-    const X_OK: number;
-    const COPYFILE_EXCL: number;
-    const COPYFILE_FICLONE: number;
-    const COPYFILE_FICLONE_FORCE: number;
-    const UV_UDP_REUSEADDR: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGQUIT` instead. */
-    const SIGQUIT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGTRAP` instead. */
-    const SIGTRAP: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGIOT` instead. */
-    const SIGIOT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGBUS` instead. */
-    const SIGBUS: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGUSR1` instead. */
-    const SIGUSR1: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGUSR2` instead. */
-    const SIGUSR2: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGPIPE` instead. */
-    const SIGPIPE: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGALRM` instead. */
-    const SIGALRM: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGCHLD` instead. */
-    const SIGCHLD: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGSTKFLT` instead. */
-    const SIGSTKFLT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGCONT` instead. */
-    const SIGCONT: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGSTOP` instead. */
-    const SIGSTOP: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGTSTP` instead. */
-    const SIGTSTP: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGTTIN` instead. */
-    const SIGTTIN: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGTTOU` instead. */
-    const SIGTTOU: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGURG` instead. */
-    const SIGURG: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGXCPU` instead. */
-    const SIGXCPU: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGXFSZ` instead. */
-    const SIGXFSZ: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGVTALRM` instead. */
-    const SIGVTALRM: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGPROF` instead. */
-    const SIGPROF: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGIO` instead. */
-    const SIGIO: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGPOLL` instead. */
-    const SIGPOLL: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGPWR` instead. */
-    const SIGPWR: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGSYS` instead. */
-    const SIGSYS: number;
-    /** @deprecated since v6.3.0 - use `os.constants.signals.SIGUNUSED` instead. */
-    const SIGUNUSED: number;
-    const defaultCoreCipherList: string;
-    const defaultCipherList: string;
-    const ENGINE_METHOD_RSA: number;
-    const ALPN_ENABLED: number;
+declare module 'constants' {
+    import { constants as osConstants, SignalConstants } from 'node:os';
+    import { constants as cryptoConstants } from 'node:crypto';
+    import { constants as fsConstants } from 'node:fs';
+
+    const exp: typeof osConstants.errno &
+        typeof osConstants.priority &
+        SignalConstants &
+        typeof cryptoConstants &
+        typeof fsConstants;
+    export = exp;
+}
+
+declare module 'node:constants' {
+    import constants = require('constants');
+    export = constants;
 }

node_modules/@types/node/dgram.d.ts

@@ -1,70 +1,499 @@
-declare module "dgram" {
-    import { AddressInfo } from "net";
-    import * as dns from "dns";
-    import * as events from "events";
-
+/**
+ * The `dgram` module provides an implementation of UDP datagram sockets.
+ *
+ * ```js
+ * import dgram from 'dgram';
+ *
+ * const server = dgram.createSocket('udp4');
+ *
+ * server.on('error', (err) => {
+ *   console.log(`server error:\n${err.stack}`);
+ *   server.close();
+ * });
+ *
+ * server.on('message', (msg, rinfo) => {
+ *   console.log(`server got: ${msg} from ${rinfo.address}:${rinfo.port}`);
+ * });
+ *
+ * server.on('listening', () => {
+ *   const address = server.address();
+ *   console.log(`server listening ${address.address}:${address.port}`);
+ * });
+ *
+ * server.bind(41234);
+ * // Prints: server listening 0.0.0.0:41234
+ * ```
+ * @see [source](https://github.com/nodejs/node/blob/v16.9.0/lib/dgram.js)
+ */
+declare module 'dgram' {
+    import { AddressInfo } from 'node:net';
+    import * as dns from 'node:dns';
+    import { EventEmitter, Abortable } from 'node:events';
     interface RemoteInfo {
         address: string;
         family: 'IPv4' | 'IPv6';
         port: number;
         size: number;
     }
-
     interface BindOptions {
-        port?: number;
-        address?: string;
-        exclusive?: boolean;
-        fd?: number;
+        port?: number | undefined;
+        address?: string | undefined;
+        exclusive?: boolean | undefined;
+        fd?: number | undefined;
     }
-
-    type SocketType = "udp4" | "udp6";
-
-    interface SocketOptions {
+    type SocketType = 'udp4' | 'udp6';
+    interface SocketOptions extends Abortable {
         type: SocketType;
-        reuseAddr?: boolean;
+        reuseAddr?: boolean | undefined;
         /**
          * @default false
          */
-        ipv6Only?: boolean;
-        recvBufferSize?: number;
-        sendBufferSize?: number;
-        lookup?: (hostname: string, options: dns.LookupOneOptions, callback: (err: NodeJS.ErrnoException | null, address: string, family: number) => void) => void;
+        ipv6Only?: boolean | undefined;
+        recvBufferSize?: number | undefined;
+        sendBufferSize?: number | undefined;
+        lookup?: ((hostname: string, options: dns.LookupOneOptions, callback: (err: NodeJS.ErrnoException | null, address: string, family: number) => void) => void) | undefined;
     }
-
+    /**
+     * Creates a `dgram.Socket` object. Once the socket is created, calling `socket.bind()` will instruct the socket to begin listening for datagram
+     * messages. When `address` and `port` are not passed to `socket.bind()` the
+     * method will bind the socket to the "all interfaces" address on a random port
+     * (it does the right thing for both `udp4` and `udp6` sockets). The bound address
+     * and port can be retrieved using `socket.address().address` and `socket.address().port`.
+     *
+     * If the `signal` option is enabled, calling `.abort()` on the corresponding`AbortController` is similar to calling `.close()` on the socket:
+     *
+     * ```js
+     * const controller = new AbortController();
+     * const { signal } = controller;
+     * const server = dgram.createSocket({ type: 'udp4', signal });
+     * server.on('message', (msg, rinfo) => {
+     *   console.log(`server got: ${msg} from ${rinfo.address}:${rinfo.port}`);
+     * });
+     * // Later, when you want to close the server.
+     * controller.abort();
+     * ```
+     * @since v0.11.13
+     * @param options Available options are:
+     * @param callback Attached as a listener for `'message'` events. Optional.
+     */
     function createSocket(type: SocketType, callback?: (msg: Buffer, rinfo: RemoteInfo) => void): Socket;
     function createSocket(options: SocketOptions, callback?: (msg: Buffer, rinfo: RemoteInfo) => void): Socket;
-
-    class Socket extends events.EventEmitter {
+    /**
+     * Encapsulates the datagram functionality.
+     *
+     * New instances of `dgram.Socket` are created using {@link createSocket}.
+     * The `new` keyword is not to be used to create `dgram.Socket` instances.
+     * @since v0.1.99
+     */
+    class Socket extends EventEmitter {
+        /**
+         * Tells the kernel to join a multicast group at the given `multicastAddress` and`multicastInterface` using the `IP_ADD_MEMBERSHIP` socket option. If the`multicastInterface` argument is not
+         * specified, the operating system will choose
+         * one interface and will add membership to it. To add membership to every
+         * available interface, call `addMembership` multiple times, once per interface.
+         *
+         * When called on an unbound socket, this method will implicitly bind to a random
+         * port, listening on all interfaces.
+         *
+         * When sharing a UDP socket across multiple `cluster` workers, the`socket.addMembership()` function must be called only once or an`EADDRINUSE` error will occur:
+         *
+         * ```js
+         * import cluster from 'cluster';
+         * import dgram from 'dgram';
+         *
+         * if (cluster.isPrimary) {
+         *   cluster.fork(); // Works ok.
+         *   cluster.fork(); // Fails with EADDRINUSE.
+         * } else {
+         *   const s = dgram.createSocket('udp4');
+         *   s.bind(1234, () => {
+         *     s.addMembership('224.0.0.114');
+         *   });
+         * }
+         * ```
+         * @since v0.6.9
+         */
         addMembership(multicastAddress: string, multicastInterface?: string): void;
+        /**
+         * Returns an object containing the address information for a socket.
+         * For UDP sockets, this object will contain `address`, `family` and `port`properties.
+         *
+         * This method throws `EBADF` if called on an unbound socket.
+         * @since v0.1.99
+         */
         address(): AddressInfo;
-        bind(port?: number, address?: string, callback?: () => void): void;
-        bind(port?: number, callback?: () => void): void;
-        bind(callback?: () => void): void;
-        bind(options: BindOptions, callback?: () => void): void;
-        close(callback?: () => void): void;
+        /**
+         * For UDP sockets, causes the `dgram.Socket` to listen for datagram
+         * messages on a named `port` and optional `address`. If `port` is not
+         * specified or is `0`, the operating system will attempt to bind to a
+         * random port. If `address` is not specified, the operating system will
+         * attempt to listen on all addresses. Once binding is complete, a`'listening'` event is emitted and the optional `callback` function is
+         * called.
+         *
+         * Specifying both a `'listening'` event listener and passing a`callback` to the `socket.bind()` method is not harmful but not very
+         * useful.
+         *
+         * A bound datagram socket keeps the Node.js process running to receive
+         * datagram messages.
+         *
+         * If binding fails, an `'error'` event is generated. In rare case (e.g.
+         * attempting to bind with a closed socket), an `Error` may be thrown.
+         *
+         * Example of a UDP server listening on port 41234:
+         *
+         * ```js
+         * import dgram from 'dgram';
+         *
+         * const server = dgram.createSocket('udp4');
+         *
+         * server.on('error', (err) => {
+         *   console.log(`server error:\n${err.stack}`);
+         *   server.close();
+         * });
+         *
+         * server.on('message', (msg, rinfo) => {
+         *   console.log(`server got: ${msg} from ${rinfo.address}:${rinfo.port}`);
+         * });
+         *
+         * server.on('listening', () => {
+         *   const address = server.address();
+         *   console.log(`server listening ${address.address}:${address.port}`);
+         * });
+         *
+         * server.bind(41234);
+         * // Prints: server listening 0.0.0.0:41234
+         * ```
+         * @since v0.1.99
+         * @param callback with no parameters. Called when binding is complete.
+         */
+        bind(port?: number, address?: string, callback?: () => void): this;
+        bind(port?: number, callback?: () => void): this;
+        bind(callback?: () => void): this;
+        bind(options: BindOptions, callback?: () => void): this;
+        /**
+         * Close the underlying socket and stop listening for data on it. If a callback is
+         * provided, it is added as a listener for the `'close'` event.
+         * @since v0.1.99
+         * @param callback Called when the socket has been closed.
+         */
+        close(callback?: () => void): this;
+        /**
+         * Associates the `dgram.Socket` to a remote address and port. Every
+         * message sent by this handle is automatically sent to that destination. Also,
+         * the socket will only receive messages from that remote peer.
+         * Trying to call `connect()` on an already connected socket will result
+         * in an `ERR_SOCKET_DGRAM_IS_CONNECTED` exception. If `address` is not
+         * provided, `'127.0.0.1'` (for `udp4` sockets) or `'::1'` (for `udp6` sockets)
+         * will be used by default. Once the connection is complete, a `'connect'` event
+         * is emitted and the optional `callback` function is called. In case of failure,
+         * the `callback` is called or, failing this, an `'error'` event is emitted.
+         * @since v12.0.0
+         * @param callback Called when the connection is completed or on error.
+         */
         connect(port: number, address?: string, callback?: () => void): void;
         connect(port: number, callback: () => void): void;
+        /**
+         * A synchronous function that disassociates a connected `dgram.Socket` from
+         * its remote address. Trying to call `disconnect()` on an unbound or already
+         * disconnected socket will result in an `ERR_SOCKET_DGRAM_NOT_CONNECTED` exception.
+         * @since v12.0.0
+         */
         disconnect(): void;
+        /**
+         * Instructs the kernel to leave a multicast group at `multicastAddress` using the`IP_DROP_MEMBERSHIP` socket option. This method is automatically called by the
+         * kernel when the socket is closed or the process terminates, so most apps will
+         * never have reason to call this.
+         *
+         * If `multicastInterface` is not specified, the operating system will attempt to
+         * drop membership on all valid interfaces.
+         * @since v0.6.9
+         */
         dropMembership(multicastAddress: string, multicastInterface?: string): void;
+        /**
+         * This method throws `ERR_SOCKET_BUFFER_SIZE` if called on an unbound socket.
+         * @since v8.7.0
+         * @return the `SO_RCVBUF` socket receive buffer size in bytes.
+         */
         getRecvBufferSize(): number;
+        /**
+         * This method throws `ERR_SOCKET_BUFFER_SIZE` if called on an unbound socket.
+         * @since v8.7.0
+         * @return the `SO_SNDBUF` socket send buffer size in bytes.
+         */
         getSendBufferSize(): number;
+        /**
+         * By default, binding a socket will cause it to block the Node.js process from
+         * exiting as long as the socket is open. The `socket.unref()` method can be used
+         * to exclude the socket from the reference counting that keeps the Node.js
+         * process active. The `socket.ref()` method adds the socket back to the reference
+         * counting and restores the default behavior.
+         *
+         * Calling `socket.ref()` multiples times will have no additional effect.
+         *
+         * The `socket.ref()` method returns a reference to the socket so calls can be
+         * chained.
+         * @since v0.9.1
+         */
         ref(): this;
+        /**
+         * Returns an object containing the `address`, `family`, and `port` of the remote
+         * endpoint. This method throws an `ERR_SOCKET_DGRAM_NOT_CONNECTED` exception
+         * if the socket is not connected.
+         * @since v12.0.0
+         */
         remoteAddress(): AddressInfo;
+        /**
+         * Broadcasts a datagram on the socket.
+         * For connectionless sockets, the destination `port` and `address` must be
+         * specified. Connected sockets, on the other hand, will use their associated
+         * remote endpoint, so the `port` and `address` arguments must not be set.
+         *
+         * The `msg` argument contains the message to be sent.
+         * Depending on its type, different behavior can apply. If `msg` is a `Buffer`,
+         * any `TypedArray` or a `DataView`,
+         * the `offset` and `length` specify the offset within the `Buffer` where the
+         * message begins and the number of bytes in the message, respectively.
+         * If `msg` is a `String`, then it is automatically converted to a `Buffer`with `'utf8'` encoding. With messages that
+         * contain multi-byte characters, `offset` and `length` will be calculated with
+         * respect to `byte length` and not the character position.
+         * If `msg` is an array, `offset` and `length` must not be specified.
+         *
+         * The `address` argument is a string. If the value of `address` is a host name,
+         * DNS will be used to resolve the address of the host. If `address` is not
+         * provided or otherwise falsy, `'127.0.0.1'` (for `udp4` sockets) or `'::1'`(for `udp6` sockets) will be used by default.
+         *
+         * If the socket has not been previously bound with a call to `bind`, the socket
+         * is assigned a random port number and is bound to the "all interfaces" address
+         * (`'0.0.0.0'` for `udp4` sockets, `'::0'` for `udp6` sockets.)
+         *
+         * An optional `callback` function may be specified to as a way of reporting
+         * DNS errors or for determining when it is safe to reuse the `buf` object.
+         * DNS lookups delay the time to send for at least one tick of the
+         * Node.js event loop.
+         *
+         * The only way to know for sure that the datagram has been sent is by using a`callback`. If an error occurs and a `callback` is given, the error will be
+         * passed as the first argument to the `callback`. If a `callback` is not given,
+         * the error is emitted as an `'error'` event on the `socket` object.
+         *
+         * Offset and length are optional but both _must_ be set if either are used.
+         * They are supported only when the first argument is a `Buffer`, a `TypedArray`,
+         * or a `DataView`.
+         *
+         * This method throws `ERR_SOCKET_BAD_PORT` if called on an unbound socket.
+         *
+         * Example of sending a UDP packet to a port on `localhost`;
+         *
+         * ```js
+         * import dgram from 'dgram';
+         * import { Buffer } from 'buffer';
+         *
+         * const message = Buffer.from('Some bytes');
+         * const client = dgram.createSocket('udp4');
+         * client.send(message, 41234, 'localhost', (err) => {
+         *   client.close();
+         * });
+         * ```
+         *
+         * Example of sending a UDP packet composed of multiple buffers to a port on`127.0.0.1`;
+         *
+         * ```js
+         * import dgram from 'dgram';
+         * import { Buffer } from 'buffer';
+         *
+         * const buf1 = Buffer.from('Some ');
+         * const buf2 = Buffer.from('bytes');
+         * const client = dgram.createSocket('udp4');
+         * client.send([buf1, buf2], 41234, (err) => {
+         *   client.close();
+         * });
+         * ```
+         *
+         * Sending multiple buffers might be faster or slower depending on the
+         * application and operating system. Run benchmarks to
+         * determine the optimal strategy on a case-by-case basis. Generally speaking,
+         * however, sending multiple buffers is faster.
+         *
+         * Example of sending a UDP packet using a socket connected to a port on`localhost`:
+         *
+         * ```js
+         * import dgram from 'dgram';
+         * import { Buffer } from 'buffer';
+         *
+         * const message = Buffer.from('Some bytes');
+         * const client = dgram.createSocket('udp4');
+         * client.connect(41234, 'localhost', (err) => {
+         *   client.send(message, (err) => {
+         *     client.close();
+         *   });
+         * });
+         * ```
+         * @since v0.1.99
+         * @param msg Message to be sent.
+         * @param offset Offset in the buffer where the message starts.
+         * @param length Number of bytes in the message.
+         * @param port Destination port.
+         * @param address Destination host name or IP address.
+         * @param callback Called when the message has been sent.
+         */
         send(msg: string | Uint8Array | ReadonlyArray<any>, port?: number, address?: string, callback?: (error: Error | null, bytes: number) => void): void;
         send(msg: string | Uint8Array | ReadonlyArray<any>, port?: number, callback?: (error: Error | null, bytes: number) => void): void;
         send(msg: string | Uint8Array | ReadonlyArray<any>, callback?: (error: Error | null, bytes: number) => void): void;
         send(msg: string | Uint8Array, offset: number, length: number, port?: number, address?: string, callback?: (error: Error | null, bytes: number) => void): void;
         send(msg: string | Uint8Array, offset: number, length: number, port?: number, callback?: (error: Error | null, bytes: number) => void): void;
         send(msg: string | Uint8Array, offset: number, length: number, callback?: (error: Error | null, bytes: number) => void): void;
+        /**
+         * Sets or clears the `SO_BROADCAST` socket option. When set to `true`, UDP
+         * packets may be sent to a local interface's broadcast address.
+         *
+         * This method throws `EBADF` if called on an unbound socket.
+         * @since v0.6.9
+         */
         setBroadcast(flag: boolean): void;
+        /**
+         * _All references to scope in this section are referring to [IPv6 Zone Indices](https://en.wikipedia.org/wiki/IPv6_address#Scoped_literal_IPv6_addresses), which are defined by [RFC
+         * 4007](https://tools.ietf.org/html/rfc4007). In string form, an IP_
+         * _with a scope index is written as `'IP%scope'` where scope is an interface name_
+         * _or interface number._
+         *
+         * Sets the default outgoing multicast interface of the socket to a chosen
+         * interface or back to system interface selection. The `multicastInterface` must
+         * be a valid string representation of an IP from the socket's family.
+         *
+         * For IPv4 sockets, this should be the IP configured for the desired physical
+         * interface. All packets sent to multicast on the socket will be sent on the
+         * interface determined by the most recent successful use of this call.
+         *
+         * For IPv6 sockets, `multicastInterface` should include a scope to indicate the
+         * interface as in the examples that follow. In IPv6, individual `send` calls can
+         * also use explicit scope in addresses, so only packets sent to a multicast
+         * address without specifying an explicit scope are affected by the most recent
+         * successful use of this call.
+         *
+         * This method throws `EBADF` if called on an unbound socket.
+         *
+         * #### Example: IPv6 outgoing multicast interface
+         *
+         * On most systems, where scope format uses the interface name:
+         *
+         * ```js
+         * const socket = dgram.createSocket('udp6');
+         *
+         * socket.bind(1234, () => {
+         *   socket.setMulticastInterface('::%eth1');
+         * });
+         * ```
+         *
+         * On Windows, where scope format uses an interface number:
+         *
+         * ```js
+         * const socket = dgram.createSocket('udp6');
+         *
+         * socket.bind(1234, () => {
+         *   socket.setMulticastInterface('::%2');
+         * });
+         * ```
+         *
+         * #### Example: IPv4 outgoing multicast interface
+         *
+         * All systems use an IP of the host on the desired physical interface:
+         *
+         * ```js
+         * const socket = dgram.createSocket('udp4');
+         *
+         * socket.bind(1234, () => {
+         *   socket.setMulticastInterface('10.0.0.2');
+         * });
+         * ```
+         * @since v8.6.0
+         */
         setMulticastInterface(multicastInterface: string): void;
-        setMulticastLoopback(flag: boolean): void;
-        setMulticastTTL(ttl: number): void;
+        /**
+         * Sets or clears the `IP_MULTICAST_LOOP` socket option. When set to `true`,
+         * multicast packets will also be received on the local interface.
+         *
+         * This method throws `EBADF` if called on an unbound socket.
+         * @since v0.3.8
+         */
+        setMulticastLoopback(flag: boolean): boolean;
+        /**
+         * Sets the `IP_MULTICAST_TTL` socket option. While TTL generally stands for
+         * "Time to Live", in this context it specifies the number of IP hops that a
+         * packet is allowed to travel through, specifically for multicast traffic. Each
+         * router or gateway that forwards a packet decrements the TTL. If the TTL is
+         * decremented to 0 by a router, it will not be forwarded.
+         *
+         * The `ttl` argument may be between 0 and 255\. The default on most systems is `1`.
+         *
+         * This method throws `EBADF` if called on an unbound socket.
+         * @since v0.3.8
+         */
+        setMulticastTTL(ttl: number): number;
+        /**
+         * Sets the `SO_RCVBUF` socket option. Sets the maximum socket receive buffer
+         * in bytes.
+         *
+         * This method throws `ERR_SOCKET_BUFFER_SIZE` if called on an unbound socket.
+         * @since v8.7.0
+         */
         setRecvBufferSize(size: number): void;
+        /**
+         * Sets the `SO_SNDBUF` socket option. Sets the maximum socket send buffer
+         * in bytes.
+         *
+         * This method throws `ERR_SOCKET_BUFFER_SIZE` if called on an unbound socket.
+         * @since v8.7.0
+         */
         setSendBufferSize(size: number): void;
-        setTTL(ttl: number): void;
+        /**
+         * Sets the `IP_TTL` socket option. While TTL generally stands for "Time to Live",
+         * in this context it specifies the number of IP hops that a packet is allowed to
+         * travel through. Each router or gateway that forwards a packet decrements the
+         * TTL. If the TTL is decremented to 0 by a router, it will not be forwarded.
+         * Changing TTL values is typically done for network probes or when multicasting.
+         *
+         * The `ttl` argument may be between between 1 and 255\. The default on most systems
+         * is 64.
+         *
+         * This method throws `EBADF` if called on an unbound socket.
+         * @since v0.1.101
+         */
+        setTTL(ttl: number): number;
+        /**
+         * By default, binding a socket will cause it to block the Node.js process from
+         * exiting as long as the socket is open. The `socket.unref()` method can be used
+         * to exclude the socket from the reference counting that keeps the Node.js
+         * process active, allowing the process to exit even if the socket is still
+         * listening.
+         *
+         * Calling `socket.unref()` multiple times will have no addition effect.
+         *
+         * The `socket.unref()` method returns a reference to the socket so calls can be
+         * chained.
+         * @since v0.9.1
+         */
         unref(): this;
-
+        /**
+         * Tells the kernel to join a source-specific multicast channel at the given`sourceAddress` and `groupAddress`, using the `multicastInterface` with the`IP_ADD_SOURCE_MEMBERSHIP` socket
+         * option. If the `multicastInterface` argument
+         * is not specified, the operating system will choose one interface and will add
+         * membership to it. To add membership to every available interface, call`socket.addSourceSpecificMembership()` multiple times, once per interface.
+         *
+         * When called on an unbound socket, this method will implicitly bind to a random
+         * port, listening on all interfaces.
+         * @since v13.1.0, v12.16.0
+         */
+        addSourceSpecificMembership(sourceAddress: string, groupAddress: string, multicastInterface?: string): void;
+        /**
+         * Instructs the kernel to leave a source-specific multicast channel at the given`sourceAddress` and `groupAddress` using the `IP_DROP_SOURCE_MEMBERSHIP`socket option. This method is
+         * automatically called by the kernel when the
+         * socket is closed or the process terminates, so most apps will never have
+         * reason to call this.
+         *
+         * If `multicastInterface` is not specified, the operating system will attempt to
+         * drop membership on all valid interfaces.
+         * @since v13.1.0, v12.16.0
+         */
+        dropSourceSpecificMembership(sourceAddress: string, groupAddress: string, multicastInterface?: string): void;
         /**
          * events.EventEmitter
          * 1. close
@@ -74,45 +503,43 @@ declare module "dgram" {
          * 5. message
          */
         addListener(event: string, listener: (...args: any[]) => void): this;
-        addListener(event: "close", listener: () => void): this;
-        addListener(event: "connect", listener: () => void): this;
-        addListener(event: "error", listener: (err: Error) => void): this;
-        addListener(event: "listening", listener: () => void): this;
-        addListener(event: "message", listener: (msg: Buffer, rinfo: RemoteInfo) => void): this;
-
+        addListener(event: 'close', listener: () => void): this;
+        addListener(event: 'connect', listener: () => void): this;
+        addListener(event: 'error', listener: (err: Error) => void): this;
+        addListener(event: 'listening', listener: () => void): this;
+        addListener(event: 'message', listener: (msg: Buffer, rinfo: RemoteInfo) => void): this;
         emit(event: string | symbol, ...args: any[]): boolean;
-        emit(event: "close"): boolean;
-        emit(event: "connect"): boolean;
-        emit(event: "error", err: Error): boolean;
-        emit(event: "listening"): boolean;
-        emit(event: "message", msg: Buffer, rinfo: RemoteInfo): boolean;
-
+        emit(event: 'close'): boolean;
+        emit(event: 'connect'): boolean;
+        emit(event: 'error', err: Error): boolean;
+        emit(event: 'listening'): boolean;
+        emit(event: 'message', msg: Buffer, rinfo: RemoteInfo): boolean;
         on(event: string, listener: (...args: any[]) => void): this;
-        on(event: "close", listener: () => void): this;
-        on(event: "connect", listener: () => void): this;
-        on(event: "error", listener: (err: Error) => void): this;
-        on(event: "listening", listener: () => void): this;
-        on(event: "message", listener: (msg: Buffer, rinfo: RemoteInfo) => void): this;
-
+        on(event: 'close', listener: () => void): this;
+        on(event: 'connect', listener: () => void): this;
+        on(event: 'error', listener: (err: Error) => void): this;
+        on(event: 'listening', listener: () => void): this;
+        on(event: 'message', listener: (msg: Buffer, rinfo: RemoteInfo) => void): this;
         once(event: string, listener: (...args: any[]) => void): this;
-        once(event: "close", listener: () => void): this;
-        once(event: "connect", listener: () => void): this;
-        once(event: "error", listener: (err: Error) => void): this;
-        once(event: "listening", listener: () => void): this;
-        once(event: "message", listener: (msg: Buffer, rinfo: RemoteInfo) => void): this;
-
+        once(event: 'close', listener: () => void): this;
+        once(event: 'connect', listener: () => void): this;
+        once(event: 'error', listener: (err: Error) => void): this;
+        once(event: 'listening', listener: () => void): this;
+        once(event: 'message', listener: (msg: Buffer, rinfo: RemoteInfo) => void): this;
         prependListener(event: string, listener: (...args: any[]) => void): this;
-        prependListener(event: "close", listener: () => void): this;
-        prependListener(event: "connect", listener: () => void): this;
-        prependListener(event: "error", listener: (err: Error) => void): this;
-        prependListener(event: "listening", listener: () => void): this;
-        prependListener(event: "message", listener: (msg: Buffer, rinfo: RemoteInfo) => void): this;
-
+        prependListener(event: 'close', listener: () => void): this;
+        prependListener(event: 'connect', listener: () => void): this;
+        prependListener(event: 'error', listener: (err: Error) => void): this;
+        prependListener(event: 'listening', listener: () => void): this;
+        prependListener(event: 'message', listener: (msg: Buffer, rinfo: RemoteInfo) => void): this;
         prependOnceListener(event: string, listener: (...args: any[]) => void): this;
-        prependOnceListener(event: "close", listener: () => void): this;
-        prependOnceListener(event: "connect", listener: () => void): this;
-        prependOnceListener(event: "error", listener: (err: Error) => void): this;
-        prependOnceListener(event: "listening", listener: () => void): this;
-        prependOnceListener(event: "message", listener: (msg: Buffer, rinfo: RemoteInfo) => void): this;
+        prependOnceListener(event: 'close', listener: () => void): this;
+        prependOnceListener(event: 'connect', listener: () => void): this;
+        prependOnceListener(event: 'error', listener: (err: Error) => void): this;
+        prependOnceListener(event: 'listening', listener: () => void): this;
+        prependOnceListener(event: 'message', listener: (msg: Buffer, rinfo: RemoteInfo) => void): this;
     }
 }
+declare module 'node:dgram' {
+    export * from 'dgram';
+}

node_modules/@types/node/diagnostics_channel.d.ts

@@ -0,0 +1,134 @@
+/**
+ * The `diagnostics_channel` module provides an API to create named channels
+ * to report arbitrary message data for diagnostics purposes.
+ *
+ * It can be accessed using:
+ *
+ * ```js
+ * import diagnostics_channel from 'diagnostics_channel';
+ * ```
+ *
+ * It is intended that a module writer wanting to report diagnostics messages
+ * will create one or many top-level channels to report messages through.
+ * Channels may also be acquired at runtime but it is not encouraged
+ * due to the additional overhead of doing so. Channels may be exported for
+ * convenience, but as long as the name is known it can be acquired anywhere.
+ *
+ * If you intend for your module to produce diagnostics data for others to
+ * consume it is recommended that you include documentation of what named
+ * channels are used along with the shape of the message data. Channel names
+ * should generally include the module name to avoid collisions with data from
+ * other modules.
+ * @experimental
+ * @see [source](https://github.com/nodejs/node/blob/v16.9.0/lib/diagnostics_channel.js)
+ */
+declare module 'diagnostics_channel' {
+    /**
+     * Check if there are active subscribers to the named channel. This is helpful if
+     * the message you want to send might be expensive to prepare.
+     *
+     * This API is optional but helpful when trying to publish messages from very
+     * performance-sensitive code.
+     *
+     * ```js
+     * import diagnostics_channel from 'diagnostics_channel';
+     *
+     * if (diagnostics_channel.hasSubscribers('my-channel')) {
+     *   // There are subscribers, prepare and publish message
+     * }
+     * ```
+     * @since v15.1.0, v14.17.0
+     * @param name The channel name
+     * @return If there are active subscribers
+     */
+    function hasSubscribers(name: string): boolean;
+    /**
+     * This is the primary entry-point for anyone wanting to interact with a named
+     * channel. It produces a channel object which is optimized to reduce overhead at
+     * publish time as much as possible.
+     *
+     * ```js
+     * import diagnostics_channel from 'diagnostics_channel';
+     *
+     * const channel = diagnostics_channel.channel('my-channel');
+     * ```
+     * @since v15.1.0, v14.17.0
+     * @param name The channel name
+     * @return The named channel object
+     */
+    function channel(name: string): Channel;
+    type ChannelListener = (name: string, message: unknown) => void;
+    /**
+     * The class `Channel` represents an individual named channel within the data
+     * pipeline. It is use to track subscribers and to publish messages when there
+     * are subscribers present. It exists as a separate object to avoid channel
+     * lookups at publish time, enabling very fast publish speeds and allowing
+     * for heavy use while incurring very minimal cost. Channels are created with {@link channel}, constructing a channel directly
+     * with `new Channel(name)` is not supported.
+     * @since v15.1.0, v14.17.0
+     */
+    class Channel {
+        readonly name: string;
+        /**
+         * Check if there are active subscribers to this channel. This is helpful if
+         * the message you want to send might be expensive to prepare.
+         *
+         * This API is optional but helpful when trying to publish messages from very
+         * performance-sensitive code.
+         *
+         * ```js
+         * import diagnostics_channel from 'diagnostics_channel';
+         *
+         * const channel = diagnostics_channel.channel('my-channel');
+         *
+         * if (channel.hasSubscribers) {
+         *   // There are subscribers, prepare and publish message
+         * }
+         * ```
+         * @since v15.1.0, v14.17.0
+         */
+        readonly hasSubscribers: boolean;
+        private constructor(name: string);
+        /**
+         * Register a message handler to subscribe to this channel. This message handler
+         * will be run synchronously whenever a message is published to the channel. Any
+         * errors thrown in the message handler will trigger an `'uncaughtException'`.
+         *
+         * ```js
+         * import diagnostics_channel from 'diagnostics_channel';
+         *
+         * const channel = diagnostics_channel.channel('my-channel');
+         *
+         * channel.subscribe((message, name) => {
+         *   // Received data
+         * });
+         * ```
+         * @since v15.1.0, v14.17.0
+         * @param onMessage The handler to receive channel messages
+         */
+        subscribe(onMessage: ChannelListener): void;
+        /**
+         * Remove a message handler previously registered to this channel with `channel.subscribe(onMessage)`.
+         *
+         * ```js
+         * import diagnostics_channel from 'diagnostics_channel';
+         *
+         * const channel = diagnostics_channel.channel('my-channel');
+         *
+         * function onMessage(message, name) {
+         *   // Received data
+         * }
+         *
+         * channel.subscribe(onMessage);
+         *
+         * channel.unsubscribe(onMessage);
+         * ```
+         * @since v15.1.0, v14.17.0
+         * @param onMessage The previous subscribed handler to remove
+         */
+        unsubscribe(onMessage: ChannelListener): void;
+    }
+}
+declare module 'node:diagnostics_channel' {
+    export * from 'diagnostics_channel';
+}

node_modules/@types/node/dns.d.ts

@@ -1,81 +1,191 @@
-declare module "dns" {
+/**
+ * The `dns` module enables name resolution. For example, use it to look up IP
+ * addresses of host names.
+ *
+ * Although named for the [Domain Name System (DNS)](https://en.wikipedia.org/wiki/Domain_Name_System), it does not always use the
+ * DNS protocol for lookups. {@link lookup} uses the operating system
+ * facilities to perform name resolution. It may not need to perform any network
+ * communication. To perform name resolution the way other applications on the same
+ * system do, use {@link lookup}.
+ *
+ * ```js
+ * const dns = require('dns');
+ *
+ * dns.lookup('example.org', (err, address, family) => {
+ *   console.log('address: %j family: IPv%s', address, family);
+ * });
+ * // address: "93.184.216.34" family: IPv4
+ * ```
+ *
+ * All other functions in the `dns` module connect to an actual DNS server to
+ * perform name resolution. They will always use the network to perform DNS
+ * queries. These functions do not use the same set of configuration files used by {@link lookup} (e.g. `/etc/hosts`). Use these functions to always perform
+ * DNS queries, bypassing other name-resolution facilities.
+ *
+ * ```js
+ * const dns = require('dns');
+ *
+ * dns.resolve4('archive.org', (err, addresses) => {
+ *   if (err) throw err;
+ *
+ *   console.log(`addresses: ${JSON.stringify(addresses)}`);
+ *
+ *   addresses.forEach((a) => {
+ *     dns.reverse(a, (err, hostnames) => {
+ *       if (err) {
+ *         throw err;
+ *       }
+ *       console.log(`reverse for ${a}: ${JSON.stringify(hostnames)}`);
+ *     });
+ *   });
+ * });
+ * ```
+ *
+ * See the `Implementation considerations section` for more information.
+ * @see [source](https://github.com/nodejs/node/blob/v16.9.0/lib/dns.js)
+ */
+declare module 'dns' {
+    import * as dnsPromises from 'node:dns/promises';
     // Supported getaddrinfo flags.
-    const ADDRCONFIG: number;
-    const V4MAPPED: number;
-
-    interface LookupOptions {
-        family?: number;
-        hints?: number;
-        all?: boolean;
-        verbatim?: boolean;
+    export const ADDRCONFIG: number;
+    export const V4MAPPED: number;
+    /**
+     * If `dns.V4MAPPED` is specified, return resolved IPv6 addresses as
+     * well as IPv4 mapped IPv6 addresses.
+     */
+    export const ALL: number;
+    export interface LookupOptions {
+        family?: number | undefined;
+        hints?: number | undefined;
+        all?: boolean | undefined;
+        verbatim?: boolean | undefined;
     }
-
-    interface LookupOneOptions extends LookupOptions {
-        all?: false;
+    export interface LookupOneOptions extends LookupOptions {
+        all?: false | undefined;
     }
-
-    interface LookupAllOptions extends LookupOptions {
+    export interface LookupAllOptions extends LookupOptions {
         all: true;
     }
-
-    interface LookupAddress {
+    export interface LookupAddress {
         address: string;
         family: number;
     }
-
-    function lookup(hostname: string, family: number, callback: (err: NodeJS.ErrnoException | null, address: string, family: number) => void): void;
-    function lookup(hostname: string, options: LookupOneOptions, callback: (err: NodeJS.ErrnoException | null, address: string, family: number) => void): void;
-    function lookup(hostname: string, options: LookupAllOptions, callback: (err: NodeJS.ErrnoException | null, addresses: LookupAddress[]) => void): void;
-    function lookup(hostname: string, options: LookupOptions, callback: (err: NodeJS.ErrnoException | null, address: string | LookupAddress[], family: number) => void): void;
-    function lookup(hostname: string, callback: (err: NodeJS.ErrnoException | null, address: string, family: number) => void): void;
-
-    // NOTE: This namespace provides design-time support for util.promisify. Exported members do not exist at runtime.
-    namespace lookup {
+    /**
+     * Resolves a host name (e.g. `'nodejs.org'`) into the first found A (IPv4) or
+     * AAAA (IPv6) record. All `option` properties are optional. If `options` is an
+     * integer, then it must be `4` or `6` – if `options` is not provided, then IPv4
+     * and IPv6 addresses are both returned if found.
+     *
+     * With the `all` option set to `true`, the arguments for `callback` change to`(err, addresses)`, with `addresses` being an array of objects with the
+     * properties `address` and `family`.
+     *
+     * On error, `err` is an `Error` object, where `err.code` is the error code.
+     * Keep in mind that `err.code` will be set to `'ENOTFOUND'` not only when
+     * the host name does not exist but also when the lookup fails in other ways
+     * such as no available file descriptors.
+     *
+     * `dns.lookup()` does not necessarily have anything to do with the DNS protocol.
+     * The implementation uses an operating system facility that can associate names
+     * with addresses, and vice versa. This implementation can have subtle but
+     * important consequences on the behavior of any Node.js program. Please take some
+     * time to consult the `Implementation considerations section` before using`dns.lookup()`.
+     *
+     * Example usage:
+     *
+     * ```js
+     * const dns = require('dns');
+     * const options = {
+     *   family: 6,
+     *   hints: dns.ADDRCONFIG | dns.V4MAPPED,
+     * };
+     * dns.lookup('example.com', options, (err, address, family) =>
+     *   console.log('address: %j family: IPv%s', address, family));
+     * // address: "2606:2800:220:1:248:1893:25c8:1946" family: IPv6
+     *
+     * // When options.all is true, the result will be an Array.
+     * options.all = true;
+     * dns.lookup('example.com', options, (err, addresses) =>
+     *   console.log('addresses: %j', addresses));
+     * // addresses: [{"address":"2606:2800:220:1:248:1893:25c8:1946","family":6}]
+     * ```
+     *
+     * If this method is invoked as its `util.promisify()` ed version, and `all`is not set to `true`, it returns a `Promise` for an `Object` with `address` and`family` properties.
+     * @since v0.1.90
+     */
+    export function lookup(hostname: string, family: number, callback: (err: NodeJS.ErrnoException | null, address: string, family: number) => void): void;
+    export function lookup(hostname: string, options: LookupOneOptions, callback: (err: NodeJS.ErrnoException | null, address: string, family: number) => void): void;
+    export function lookup(hostname: string, options: LookupAllOptions, callback: (err: NodeJS.ErrnoException | null, addresses: LookupAddress[]) => void): void;
+    export function lookup(hostname: string, options: LookupOptions, callback: (err: NodeJS.ErrnoException | null, address: string | LookupAddress[], family: number) => void): void;
+    export function lookup(hostname: string, callback: (err: NodeJS.ErrnoException | null, address: string, family: number) => void): void;
+    export namespace lookup {
         function __promisify__(hostname: string, options: LookupAllOptions): Promise<LookupAddress[]>;
         function __promisify__(hostname: string, options?: LookupOneOptions | number): Promise<LookupAddress>;
         function __promisify__(hostname: string, options: LookupOptions): Promise<LookupAddress | LookupAddress[]>;
     }
-
-    function lookupService(address: string, port: number, callback: (err: NodeJS.ErrnoException | null, hostname: string, service: string) => void): void;
-
-    namespace lookupService {
-        function __promisify__(address: string, port: number): Promise<{ hostname: string, service: string }>;
+    /**
+     * Resolves the given `address` and `port` into a host name and service using
+     * the operating system's underlying `getnameinfo` implementation.
+     *
+     * If `address` is not a valid IP address, a `TypeError` will be thrown.
+     * The `port` will be coerced to a number. If it is not a legal port, a `TypeError`will be thrown.
+     *
+     * On an error, `err` is an `Error` object, where `err.code` is the error code.
+     *
+     * ```js
+     * const dns = require('dns');
+     * dns.lookupService('127.0.0.1', 22, (err, hostname, service) => {
+     *   console.log(hostname, service);
+     *   // Prints: localhost ssh
+     * });
+     * ```
+     *
+     * If this method is invoked as its `util.promisify()` ed version, it returns a`Promise` for an `Object` with `hostname` and `service` properties.
+     * @since v0.11.14
+     */
+    export function lookupService(address: string, port: number, callback: (err: NodeJS.ErrnoException | null, hostname: string, service: string) => void): void;
+    export namespace lookupService {
+        function __promisify__(
+            address: string,
+            port: number
+        ): Promise<{
+            hostname: string;
+            service: string;
+        }>;
     }
-
-    interface ResolveOptions {
+    export interface ResolveOptions {
         ttl: boolean;
     }
-
-    interface ResolveWithTtlOptions extends ResolveOptions {
+    export interface ResolveWithTtlOptions extends ResolveOptions {
         ttl: true;
     }
-
-    interface RecordWithTtl {
+    export interface RecordWithTtl {
         address: string;
         ttl: number;
     }
-
-    /** @deprecated Use AnyARecord or AnyAaaaRecord instead. */
-    type AnyRecordWithTtl = AnyARecord | AnyAaaaRecord;
-
-    interface AnyARecord extends RecordWithTtl {
-        type: "A";
+    /** @deprecated Use `AnyARecord` or `AnyAaaaRecord` instead. */
+    export type AnyRecordWithTtl = AnyARecord | AnyAaaaRecord;
+    export interface AnyARecord extends RecordWithTtl {
+        type: 'A';
     }
-
-    interface AnyAaaaRecord extends RecordWithTtl {
-        type: "AAAA";
+    export interface AnyAaaaRecord extends RecordWithTtl {
+        type: 'AAAA';
     }
-
-    interface MxRecord {
+    export interface CaaRecord {
+        critial: number;
+        issue?: string | undefined;
+        issuewild?: string | undefined;
+        iodef?: string | undefined;
+        contactemail?: string | undefined;
+        contactphone?: string | undefined;
+    }
+    export interface MxRecord {
         priority: number;
         exchange: string;
     }
-
-    interface AnyMxRecord extends MxRecord {
-        type: "MX";
+    export interface AnyMxRecord extends MxRecord {
+        type: 'MX';
     }
-
-    interface NaptrRecord {
+    export interface NaptrRecord {
         flags: string;
         service: string;
         regexp: string;
@@ -83,12 +193,10 @@ declare module "dns" {
         order: number;
         preference: number;
     }
-
-    interface AnyNaptrRecord extends NaptrRecord {
-        type: "NAPTR";
+    export interface AnyNaptrRecord extends NaptrRecord {
+        type: 'NAPTR';
     }
-
-    interface SoaRecord {
+    export interface SoaRecord {
         nsname: string;
         hostmaster: string;
         serial: number;
@@ -97,183 +205,417 @@ declare module "dns" {
         expire: number;
         minttl: number;
     }
-
-    interface AnySoaRecord extends SoaRecord {
-        type: "SOA";
+    export interface AnySoaRecord extends SoaRecord {
+        type: 'SOA';
     }
-
-    interface SrvRecord {
+    export interface SrvRecord {
         priority: number;
         weight: number;
         port: number;
         name: string;
     }
-
-    interface AnySrvRecord extends SrvRecord {
-        type: "SRV";
+    export interface AnySrvRecord extends SrvRecord {
+        type: 'SRV';
     }
-
-    interface AnyTxtRecord {
-        type: "TXT";
+    export interface AnyTxtRecord {
+        type: 'TXT';
         entries: string[];
     }
-
-    interface AnyNsRecord {
-        type: "NS";
+    export interface AnyNsRecord {
+        type: 'NS';
         value: string;
     }
-
-    interface AnyPtrRecord {
-        type: "PTR";
+    export interface AnyPtrRecord {
+        type: 'PTR';
         value: string;
     }
-
-    interface AnyCnameRecord {
-        type: "CNAME";
+    export interface AnyCnameRecord {
+        type: 'CNAME';
         value: string;
     }
-
-    type AnyRecord = AnyARecord |
-        AnyAaaaRecord |
-        AnyCnameRecord |
-        AnyMxRecord |
-        AnyNaptrRecord |
-        AnyNsRecord |
-        AnyPtrRecord |
-        AnySoaRecord |
-        AnySrvRecord |
-        AnyTxtRecord;
-
-    function resolve(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
-    function resolve(hostname: string, rrtype: "A", callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
-    function resolve(hostname: string, rrtype: "AAAA", callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
-    function resolve(hostname: string, rrtype: "ANY", callback: (err: NodeJS.ErrnoException | null, addresses: AnyRecord[]) => void): void;
-    function resolve(hostname: string, rrtype: "CNAME", callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
-    function resolve(hostname: string, rrtype: "MX", callback: (err: NodeJS.ErrnoException | null, addresses: MxRecord[]) => void): void;
-    function resolve(hostname: string, rrtype: "NAPTR", callback: (err: NodeJS.ErrnoException | null, addresses: NaptrRecord[]) => void): void;
-    function resolve(hostname: string, rrtype: "NS", callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
-    function resolve(hostname: string, rrtype: "PTR", callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
-    function resolve(hostname: string, rrtype: "SOA", callback: (err: NodeJS.ErrnoException | null, addresses: SoaRecord) => void): void;
-    function resolve(hostname: string, rrtype: "SRV", callback: (err: NodeJS.ErrnoException | null, addresses: SrvRecord[]) => void): void;
-    function resolve(hostname: string, rrtype: "TXT", callback: (err: NodeJS.ErrnoException | null, addresses: string[][]) => void): void;
-    function resolve(
+    export type AnyRecord = AnyARecord | AnyAaaaRecord | AnyCnameRecord | AnyMxRecord | AnyNaptrRecord | AnyNsRecord | AnyPtrRecord | AnySoaRecord | AnySrvRecord | AnyTxtRecord;
+    /**
+     * Uses the DNS protocol to resolve a host name (e.g. `'nodejs.org'`) into an array
+     * of the resource records. The `callback` function has arguments`(err, records)`. When successful, `records` will be an array of resource
+     * records. The type and structure of individual results varies based on `rrtype`:
+     *
+     * <omitted>
+     *
+     * On error, `err` is an `Error` object, where `err.code` is one of the `DNS error codes`.
+     * @since v0.1.27
+     * @param hostname Host name to resolve.
+     * @param [rrtype='A'] Resource record type.
+     */
+    export function resolve(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
+    export function resolve(hostname: string, rrtype: 'A', callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
+    export function resolve(hostname: string, rrtype: 'AAAA', callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
+    export function resolve(hostname: string, rrtype: 'ANY', callback: (err: NodeJS.ErrnoException | null, addresses: AnyRecord[]) => void): void;
+    export function resolve(hostname: string, rrtype: 'CNAME', callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
+    export function resolve(hostname: string, rrtype: 'MX', callback: (err: NodeJS.ErrnoException | null, addresses: MxRecord[]) => void): void;
+    export function resolve(hostname: string, rrtype: 'NAPTR', callback: (err: NodeJS.ErrnoException | null, addresses: NaptrRecord[]) => void): void;
+    export function resolve(hostname: string, rrtype: 'NS', callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
+    export function resolve(hostname: string, rrtype: 'PTR', callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
+    export function resolve(hostname: string, rrtype: 'SOA', callback: (err: NodeJS.ErrnoException | null, addresses: SoaRecord) => void): void;
+    export function resolve(hostname: string, rrtype: 'SRV', callback: (err: NodeJS.ErrnoException | null, addresses: SrvRecord[]) => void): void;
+    export function resolve(hostname: string, rrtype: 'TXT', callback: (err: NodeJS.ErrnoException | null, addresses: string[][]) => void): void;
+    export function resolve(
         hostname: string,
         rrtype: string,
-        callback: (err: NodeJS.ErrnoException | null, addresses: string[] | MxRecord[] | NaptrRecord[] | SoaRecord | SrvRecord[] | string[][] | AnyRecord[]) => void,
+        callback: (err: NodeJS.ErrnoException | null, addresses: string[] | MxRecord[] | NaptrRecord[] | SoaRecord | SrvRecord[] | string[][] | AnyRecord[]) => void
     ): void;
-
-    // NOTE: This namespace provides design-time support for util.promisify. Exported members do not exist at runtime.
-    namespace resolve {
-        function __promisify__(hostname: string, rrtype?: "A" | "AAAA" | "CNAME" | "NS" | "PTR"): Promise<string[]>;
-        function __promisify__(hostname: string, rrtype: "ANY"): Promise<AnyRecord[]>;
-        function __promisify__(hostname: string, rrtype: "MX"): Promise<MxRecord[]>;
-        function __promisify__(hostname: string, rrtype: "NAPTR"): Promise<NaptrRecord[]>;
-        function __promisify__(hostname: string, rrtype: "SOA"): Promise<SoaRecord>;
-        function __promisify__(hostname: string, rrtype: "SRV"): Promise<SrvRecord[]>;
-        function __promisify__(hostname: string, rrtype: "TXT"): Promise<string[][]>;
+    export namespace resolve {
+        function __promisify__(hostname: string, rrtype?: 'A' | 'AAAA' | 'CNAME' | 'NS' | 'PTR'): Promise<string[]>;
+        function __promisify__(hostname: string, rrtype: 'ANY'): Promise<AnyRecord[]>;
+        function __promisify__(hostname: string, rrtype: 'MX'): Promise<MxRecord[]>;
+        function __promisify__(hostname: string, rrtype: 'NAPTR'): Promise<NaptrRecord[]>;
+        function __promisify__(hostname: string, rrtype: 'SOA'): Promise<SoaRecord>;
+        function __promisify__(hostname: string, rrtype: 'SRV'): Promise<SrvRecord[]>;
+        function __promisify__(hostname: string, rrtype: 'TXT'): Promise<string[][]>;
         function __promisify__(hostname: string, rrtype: string): Promise<string[] | MxRecord[] | NaptrRecord[] | SoaRecord | SrvRecord[] | string[][] | AnyRecord[]>;
     }
-
-    function resolve4(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
-    function resolve4(hostname: string, options: ResolveWithTtlOptions, callback: (err: NodeJS.ErrnoException | null, addresses: RecordWithTtl[]) => void): void;
-    function resolve4(hostname: string, options: ResolveOptions, callback: (err: NodeJS.ErrnoException | null, addresses: string[] | RecordWithTtl[]) => void): void;
-
-    // NOTE: This namespace provides design-time support for util.promisify. Exported members do not exist at runtime.
-    namespace resolve4 {
+    /**
+     * Uses the DNS protocol to resolve a IPv4 addresses (`A` records) for the`hostname`. The `addresses` argument passed to the `callback` function
+     * will contain an array of IPv4 addresses (e.g.`['74.125.79.104', '74.125.79.105', '74.125.79.106']`).
+     * @since v0.1.16
+     * @param hostname Host name to resolve.
+     */
+    export function resolve4(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
+    export function resolve4(hostname: string, options: ResolveWithTtlOptions, callback: (err: NodeJS.ErrnoException | null, addresses: RecordWithTtl[]) => void): void;
+    export function resolve4(hostname: string, options: ResolveOptions, callback: (err: NodeJS.ErrnoException | null, addresses: string[] | RecordWithTtl[]) => void): void;
+    export namespace resolve4 {
         function __promisify__(hostname: string): Promise<string[]>;
         function __promisify__(hostname: string, options: ResolveWithTtlOptions): Promise<RecordWithTtl[]>;
         function __promisify__(hostname: string, options?: ResolveOptions): Promise<string[] | RecordWithTtl[]>;
     }
-
-    function resolve6(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
-    function resolve6(hostname: string, options: ResolveWithTtlOptions, callback: (err: NodeJS.ErrnoException | null, addresses: RecordWithTtl[]) => void): void;
-    function resolve6(hostname: string, options: ResolveOptions, callback: (err: NodeJS.ErrnoException | null, addresses: string[] | RecordWithTtl[]) => void): void;
-
-    // NOTE: This namespace provides design-time support for util.promisify. Exported members do not exist at runtime.
-    namespace resolve6 {
+    /**
+     * Uses the DNS protocol to resolve a IPv6 addresses (`AAAA` records) for the`hostname`. The `addresses` argument passed to the `callback` function
+     * will contain an array of IPv6 addresses.
+     * @since v0.1.16
+     * @param hostname Host name to resolve.
+     */
+    export function resolve6(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
+    export function resolve6(hostname: string, options: ResolveWithTtlOptions, callback: (err: NodeJS.ErrnoException | null, addresses: RecordWithTtl[]) => void): void;
+    export function resolve6(hostname: string, options: ResolveOptions, callback: (err: NodeJS.ErrnoException | null, addresses: string[] | RecordWithTtl[]) => void): void;
+    export namespace resolve6 {
         function __promisify__(hostname: string): Promise<string[]>;
         function __promisify__(hostname: string, options: ResolveWithTtlOptions): Promise<RecordWithTtl[]>;
         function __promisify__(hostname: string, options?: ResolveOptions): Promise<string[] | RecordWithTtl[]>;
     }
-
-    function resolveCname(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
-    namespace resolveCname {
+    /**
+     * Uses the DNS protocol to resolve `CNAME` records for the `hostname`. The`addresses` argument passed to the `callback` function
+     * will contain an array of canonical name records available for the `hostname`(e.g. `['bar.example.com']`).
+     * @since v0.3.2
+     */
+    export function resolveCname(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
+    export namespace resolveCname {
         function __promisify__(hostname: string): Promise<string[]>;
     }
-
-    function resolveMx(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: MxRecord[]) => void): void;
-    namespace resolveMx {
+    /**
+     * Uses the DNS protocol to resolve `CAA` records for the `hostname`. The`addresses` argument passed to the `callback` function
+     * will contain an array of certification authority authorization records
+     * available for the `hostname` (e.g. `[{critical: 0, iodef: 'mailto:pki@example.com'}, {critical: 128, issue: 'pki.example.com'}]`).
+     * @since v15.0.0
+     */
+    export function resolveCaa(hostname: string, callback: (err: NodeJS.ErrnoException | null, records: CaaRecord[]) => void): void;
+    export namespace resolveCaa {
+        function __promisify__(hostname: string): Promise<CaaRecord[]>;
+    }
+    /**
+     * Uses the DNS protocol to resolve mail exchange records (`MX` records) for the`hostname`. The `addresses` argument passed to the `callback` function will
+     * contain an array of objects containing both a `priority` and `exchange`property (e.g. `[{priority: 10, exchange: 'mx.example.com'}, ...]`).
+     * @since v0.1.27
+     */
+    export function resolveMx(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: MxRecord[]) => void): void;
+    export namespace resolveMx {
         function __promisify__(hostname: string): Promise<MxRecord[]>;
     }
-
-    function resolveNaptr(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: NaptrRecord[]) => void): void;
-    namespace resolveNaptr {
+    /**
+     * Uses the DNS protocol to resolve regular expression based records (`NAPTR`records) for the `hostname`. The `addresses` argument passed to the `callback`function will contain an array of
+     * objects with the following properties:
+     *
+     * * `flags`
+     * * `service`
+     * * `regexp`
+     * * `replacement`
+     * * `order`
+     * * `preference`
+     *
+     * ```js
+     * {
+     *   flags: 's',
+     *   service: 'SIP+D2U',
+     *   regexp: '',
+     *   replacement: '_sip._udp.example.com',
+     *   order: 30,
+     *   preference: 100
+     * }
+     * ```
+     * @since v0.9.12
+     */
+    export function resolveNaptr(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: NaptrRecord[]) => void): void;
+    export namespace resolveNaptr {
         function __promisify__(hostname: string): Promise<NaptrRecord[]>;
     }
-
-    function resolveNs(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
-    namespace resolveNs {
+    /**
+     * Uses the DNS protocol to resolve name server records (`NS` records) for the`hostname`. The `addresses` argument passed to the `callback` function will
+     * contain an array of name server records available for `hostname`(e.g. `['ns1.example.com', 'ns2.example.com']`).
+     * @since v0.1.90
+     */
+    export function resolveNs(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
+    export namespace resolveNs {
         function __promisify__(hostname: string): Promise<string[]>;
     }
-
-    function resolvePtr(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
-    namespace resolvePtr {
+    /**
+     * Uses the DNS protocol to resolve pointer records (`PTR` records) for the`hostname`. The `addresses` argument passed to the `callback` function will
+     * be an array of strings containing the reply records.
+     * @since v6.0.0
+     */
+    export function resolvePtr(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[]) => void): void;
+    export namespace resolvePtr {
         function __promisify__(hostname: string): Promise<string[]>;
     }
-
-    function resolveSoa(hostname: string, callback: (err: NodeJS.ErrnoException | null, address: SoaRecord) => void): void;
-    namespace resolveSoa {
+    /**
+     * Uses the DNS protocol to resolve a start of authority record (`SOA` record) for
+     * the `hostname`. The `address` argument passed to the `callback` function will
+     * be an object with the following properties:
+     *
+     * * `nsname`
+     * * `hostmaster`
+     * * `serial`
+     * * `refresh`
+     * * `retry`
+     * * `expire`
+     * * `minttl`
+     *
+     * ```js
+     * {
+     *   nsname: 'ns.example.com',
+     *   hostmaster: 'root.example.com',
+     *   serial: 2013101809,
+     *   refresh: 10000,
+     *   retry: 2400,
+     *   expire: 604800,
+     *   minttl: 3600
+     * }
+     * ```
+     * @since v0.11.10
+     */
+    export function resolveSoa(hostname: string, callback: (err: NodeJS.ErrnoException | null, address: SoaRecord) => void): void;
+    export namespace resolveSoa {
         function __promisify__(hostname: string): Promise<SoaRecord>;
     }
-
-    function resolveSrv(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: SrvRecord[]) => void): void;
-    namespace resolveSrv {
+    /**
+     * Uses the DNS protocol to resolve service records (`SRV` records) for the`hostname`. The `addresses` argument passed to the `callback` function will
+     * be an array of objects with the following properties:
+     *
+     * * `priority`
+     * * `weight`
+     * * `port`
+     * * `name`
+     *
+     * ```js
+     * {
+     *   priority: 10,
+     *   weight: 5,
+     *   port: 21223,
+     *   name: 'service.example.com'
+     * }
+     * ```
+     * @since v0.1.27
+     */
+    export function resolveSrv(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: SrvRecord[]) => void): void;
+    export namespace resolveSrv {
         function __promisify__(hostname: string): Promise<SrvRecord[]>;
     }
-
-    function resolveTxt(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[][]) => void): void;
-    namespace resolveTxt {
+    /**
+     * Uses the DNS protocol to resolve text queries (`TXT` records) for the`hostname`. The `records` argument passed to the `callback` function is a
+     * two-dimensional array of the text records available for `hostname` (e.g.`[ ['v=spf1 ip4:0.0.0.0 ', '~all' ] ]`). Each sub-array contains TXT chunks of
+     * one record. Depending on the use case, these could be either joined together or
+     * treated separately.
+     * @since v0.1.27
+     */
+    export function resolveTxt(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: string[][]) => void): void;
+    export namespace resolveTxt {
         function __promisify__(hostname: string): Promise<string[][]>;
     }
-
-    function resolveAny(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: AnyRecord[]) => void): void;
-    namespace resolveAny {
+    /**
+     * Uses the DNS protocol to resolve all records (also known as `ANY` or `*` query).
+     * The `ret` argument passed to the `callback` function will be an array containing
+     * various types of records. Each object has a property `type` that indicates the
+     * type of the current record. And depending on the `type`, additional properties
+     * will be present on the object:
+     *
+     * <omitted>
+     *
+     * Here is an example of the `ret` object passed to the callback:
+     *
+     * ```js
+     * [ { type: 'A', address: '127.0.0.1', ttl: 299 },
+     *   { type: 'CNAME', value: 'example.com' },
+     *   { type: 'MX', exchange: 'alt4.aspmx.l.example.com', priority: 50 },
+     *   { type: 'NS', value: 'ns1.example.com' },
+     *   { type: 'TXT', entries: [ 'v=spf1 include:_spf.example.com ~all' ] },
+     *   { type: 'SOA',
+     *     nsname: 'ns1.example.com',
+     *     hostmaster: 'admin.example.com',
+     *     serial: 156696742,
+     *     refresh: 900,
+     *     retry: 900,
+     *     expire: 1800,
+     *     minttl: 60 } ]
+     * ```
+     *
+     * DNS server operators may choose not to respond to `ANY`queries. It may be better to call individual methods like {@link resolve4},{@link resolveMx}, and so on. For more details, see [RFC
+     * 8482](https://tools.ietf.org/html/rfc8482).
+     */
+    export function resolveAny(hostname: string, callback: (err: NodeJS.ErrnoException | null, addresses: AnyRecord[]) => void): void;
+    export namespace resolveAny {
         function __promisify__(hostname: string): Promise<AnyRecord[]>;
     }
-
-    function reverse(ip: string, callback: (err: NodeJS.ErrnoException | null, hostnames: string[]) => void): void;
-    function setServers(servers: ReadonlyArray<string>): void;
-    function getServers(): string[];
-
+    /**
+     * Performs a reverse DNS query that resolves an IPv4 or IPv6 address to an
+     * array of host names.
+     *
+     * On error, `err` is an `Error` object, where `err.code` is
+     * one of the `DNS error codes`.
+     * @since v0.1.16
+     */
+    export function reverse(ip: string, callback: (err: NodeJS.ErrnoException | null, hostnames: string[]) => void): void;
+    /**
+     * Sets the IP address and port of servers to be used when performing DNS
+     * resolution. The `servers` argument is an array of [RFC 5952](https://tools.ietf.org/html/rfc5952#section-6) formatted
+     * addresses. If the port is the IANA default DNS port (53) it can be omitted.
+     *
+     * ```js
+     * dns.setServers([
+     *   '4.4.4.4',
+     *   '[2001:4860:4860::8888]',
+     *   '4.4.4.4:1053',
+     *   '[2001:4860:4860::8888]:1053',
+     * ]);
+     * ```
+     *
+     * An error will be thrown if an invalid address is provided.
+     *
+     * The `dns.setServers()` method must not be called while a DNS query is in
+     * progress.
+     *
+     * The {@link setServers} method affects only {@link resolve},`dns.resolve*()` and {@link reverse} (and specifically _not_ {@link lookup}).
+     *
+     * This method works much like [resolve.conf](https://man7.org/linux/man-pages/man5/resolv.conf.5.html).
+     * That is, if attempting to resolve with the first server provided results in a`NOTFOUND` error, the `resolve()` method will _not_ attempt to resolve with
+     * subsequent servers provided. Fallback DNS servers will only be used if the
+     * earlier ones time out or result in some other error.
+     * @since v0.11.3
+     * @param servers array of `RFC 5952` formatted addresses
+     */
+    export function setServers(servers: ReadonlyArray<string>): void;
+    /**
+     * Returns an array of IP address strings, formatted according to [RFC 5952](https://tools.ietf.org/html/rfc5952#section-6),
+     * that are currently configured for DNS resolution. A string will include a port
+     * section if a custom port is used.
+     *
+     * ```js
+     * [
+     *   '4.4.4.4',
+     *   '2001:4860:4860::8888',
+     *   '4.4.4.4:1053',
+     *   '[2001:4860:4860::8888]:1053',
+     * ]
+     * ```
+     * @since v0.11.3
+     */
+    export function getServers(): string[];
+    /**
+     * Set the default value of `verbatim` in {@link lookup}. The value could be:
+     * - `ipv4first`: sets default `verbatim` `false`.
+     * - `verbatim`: sets default `verbatim` `true`.
+     *
+     * The default is `ipv4first` and {@link setDefaultResultOrder} have higher priority than `--dns-result-order`.
+     * When using worker threads, {@link setDefaultResultOrder} from the main thread won't affect the default dns orders in workers.
+     * @since v14.18.0
+     * @param order must be 'ipv4first' or 'verbatim'.
+     */
+    export function setDefaultResultOrder(order: 'ipv4first' | 'verbatim'): void;
     // Error codes
-    const NODATA: string;
-    const FORMERR: string;
-    const SERVFAIL: string;
-    const NOTFOUND: string;
-    const NOTIMP: string;
-    const REFUSED: string;
-    const BADQUERY: string;
-    const BADNAME: string;
-    const BADFAMILY: string;
-    const BADRESP: string;
-    const CONNREFUSED: string;
-    const TIMEOUT: string;
-    const EOF: string;
-    const FILE: string;
-    const NOMEM: string;
-    const DESTRUCTION: string;
-    const BADSTR: string;
-    const BADFLAGS: string;
-    const NONAME: string;
-    const BADHINTS: string;
-    const NOTINITIALIZED: string;
-    const LOADIPHLPAPI: string;
-    const ADDRGETNETWORKPARAMS: string;
-    const CANCELLED: string;
-
-    class Resolver {
+    export const NODATA: string;
+    export const FORMERR: string;
+    export const SERVFAIL: string;
+    export const NOTFOUND: string;
+    export const NOTIMP: string;
+    export const REFUSED: string;
+    export const BADQUERY: string;
+    export const BADNAME: string;
+    export const BADFAMILY: string;
+    export const BADRESP: string;
+    export const CONNREFUSED: string;
+    export const TIMEOUT: string;
+    export const EOF: string;
+    export const FILE: string;
+    export const NOMEM: string;
+    export const DESTRUCTION: string;
+    export const BADSTR: string;
+    export const BADFLAGS: string;
+    export const NONAME: string;
+    export const BADHINTS: string;
+    export const NOTINITIALIZED: string;
+    export const LOADIPHLPAPI: string;
+    export const ADDRGETNETWORKPARAMS: string;
+    export const CANCELLED: string;
+    export interface ResolverOptions {
+        timeout?: number | undefined;
+        /**
+         * @default 4
+         */
+        tries?: number;
+    }
+    /**
+     * An independent resolver for DNS requests.
+     *
+     * Creating a new resolver uses the default server settings. Setting
+     * the servers used for a resolver using `resolver.setServers()` does not affect
+     * other resolvers:
+     *
+     * ```js
+     * const { Resolver } = require('dns');
+     * const resolver = new Resolver();
+     * resolver.setServers(['4.4.4.4']);
+     *
+     * // This request will use the server at 4.4.4.4, independent of global settings.
+     * resolver.resolve4('example.org', (err, addresses) => {
+     *   // ...
+     * });
+     * ```
+     *
+     * The following methods from the `dns` module are available:
+     *
+     * * `resolver.getServers()`
+     * * `resolver.resolve()`
+     * * `resolver.resolve4()`
+     * * `resolver.resolve6()`
+     * * `resolver.resolveAny()`
+     * * `resolver.resolveCaa()`
+     * * `resolver.resolveCname()`
+     * * `resolver.resolveMx()`
+     * * `resolver.resolveNaptr()`
+     * * `resolver.resolveNs()`
+     * * `resolver.resolvePtr()`
+     * * `resolver.resolveSoa()`
+     * * `resolver.resolveSrv()`
+     * * `resolver.resolveTxt()`
+     * * `resolver.reverse()`
+     * * `resolver.setServers()`
+     * @since v8.3.0
+     */
+    export class Resolver {
+        constructor(options?: ResolverOptions);
+        /**
+         * Cancel all outstanding DNS queries made by this resolver. The corresponding
+         * callbacks will be called with an error with code `ECANCELLED`.
+         * @since v8.3.0
+         */
+        cancel(): void;
         getServers: typeof getServers;
-        setServers: typeof setServers;
         resolve: typeof resolve;
         resolve4: typeof resolve4;
         resolve6: typeof resolve6;
@@ -287,80 +629,26 @@ declare module "dns" {
         resolveSrv: typeof resolveSrv;
         resolveTxt: typeof resolveTxt;
         reverse: typeof reverse;
-        cancel(): void;
-    }
-
-    namespace promises {
-        function getServers(): string[];
-
-        function lookup(hostname: string, family: number): Promise<LookupAddress>;
-        function lookup(hostname: string, options: LookupOneOptions): Promise<LookupAddress>;
-        function lookup(hostname: string, options: LookupAllOptions): Promise<LookupAddress[]>;
-        function lookup(hostname: string, options: LookupOptions): Promise<LookupAddress | LookupAddress[]>;
-        function lookup(hostname: string): Promise<LookupAddress>;
-
-        function lookupService(address: string, port: number): Promise<{ hostname: string, service: string }>;
-
-        function resolve(hostname: string): Promise<string[]>;
-        function resolve(hostname: string, rrtype: "A"): Promise<string[]>;
-        function resolve(hostname: string, rrtype: "AAAA"): Promise<string[]>;
-        function resolve(hostname: string, rrtype: "ANY"): Promise<AnyRecord[]>;
-        function resolve(hostname: string, rrtype: "CNAME"): Promise<string[]>;
-        function resolve(hostname: string, rrtype: "MX"): Promise<MxRecord[]>;
-        function resolve(hostname: string, rrtype: "NAPTR"): Promise<NaptrRecord[]>;
-        function resolve(hostname: string, rrtype: "NS"): Promise<string[]>;
-        function resolve(hostname: string, rrtype: "PTR"): Promise<string[]>;
-        function resolve(hostname: string, rrtype: "SOA"): Promise<SoaRecord>;
-        function resolve(hostname: string, rrtype: "SRV"): Promise<SrvRecord[]>;
-        function resolve(hostname: string, rrtype: "TXT"): Promise<string[][]>;
-        function resolve(hostname: string, rrtype: string): Promise<string[] | MxRecord[] | NaptrRecord[] | SoaRecord | SrvRecord[] | string[][] | AnyRecord[]>;
-
-        function resolve4(hostname: string): Promise<string[]>;
-        function resolve4(hostname: string, options: ResolveWithTtlOptions): Promise<RecordWithTtl[]>;
-        function resolve4(hostname: string, options: ResolveOptions): Promise<string[] | RecordWithTtl[]>;
-
-        function resolve6(hostname: string): Promise<string[]>;
-        function resolve6(hostname: string, options: ResolveWithTtlOptions): Promise<RecordWithTtl[]>;
-        function resolve6(hostname: string, options: ResolveOptions): Promise<string[] | RecordWithTtl[]>;
-
-        function resolveAny(hostname: string): Promise<AnyRecord[]>;
-
-        function resolveCname(hostname: string): Promise<string[]>;
-
-        function resolveMx(hostname: string): Promise<MxRecord[]>;
-
-        function resolveNaptr(hostname: string): Promise<NaptrRecord[]>;
-
-        function resolveNs(hostname: string): Promise<string[]>;
-
-        function resolvePtr(hostname: string): Promise<string[]>;
-
-        function resolveSoa(hostname: string): Promise<SoaRecord>;
-
-        function resolveSrv(hostname: string): Promise<SrvRecord[]>;
-
-        function resolveTxt(hostname: string): Promise<string[][]>;
-
-        function reverse(ip: string): Promise<string[]>;
-
-        function setServers(servers: ReadonlyArray<string>): void;
-
-        class Resolver {
-            getServers: typeof getServers;
-            resolve: typeof resolve;
-            resolve4: typeof resolve4;
-            resolve6: typeof resolve6;
-            resolveAny: typeof resolveAny;
-            resolveCname: typeof resolveCname;
-            resolveMx: typeof resolveMx;
-            resolveNaptr: typeof resolveNaptr;
-            resolveNs: typeof resolveNs;
-            resolvePtr: typeof resolvePtr;
-            resolveSoa: typeof resolveSoa;
-            resolveSrv: typeof resolveSrv;
-            resolveTxt: typeof resolveTxt;
-            reverse: typeof reverse;
-            setServers: typeof setServers;
-        }
+        /**
+         * The resolver instance will send its requests from the specified IP address.
+         * This allows programs to specify outbound interfaces when used on multi-homed
+         * systems.
+         *
+         * If a v4 or v6 address is not specified, it is set to the default, and the
+         * operating system will choose a local address automatically.
+         *
+         * The resolver will use the v4 local address when making requests to IPv4 DNS
+         * servers, and the v6 local address when making requests to IPv6 DNS servers.
+         * The `rrtype` of resolution requests has no impact on the local address used.
+         * @since v15.1.0
+         * @param [ipv4='0.0.0.0'] A string representation of an IPv4 address.
+         * @param [ipv6='::0'] A string representation of an IPv6 address.
+         */
+        setLocalAddress(ipv4?: string, ipv6?: string): void;
+        setServers: typeof setServers;
     }
+    export { dnsPromises as promises };
+}
+declare module 'node:dns' {
+    export * from 'dns';
 }

node_modules/@types/node/dns/promises.d.ts

@@ -0,0 +1,368 @@
+/**
+ * The `dns.promises` API provides an alternative set of asynchronous DNS methods
+ * that return `Promise` objects rather than using callbacks. The API is accessible
+ * via `require('dns').promises` or `require('dns/promises')`.
+ * @since v10.6.0
+ */
+declare module 'dns/promises' {
+    import {
+        LookupAddress,
+        LookupOneOptions,
+        LookupAllOptions,
+        LookupOptions,
+        AnyRecord,
+        CaaRecord,
+        MxRecord,
+        NaptrRecord,
+        SoaRecord,
+        SrvRecord,
+        ResolveWithTtlOptions,
+        RecordWithTtl,
+        ResolveOptions,
+        ResolverOptions,
+    } from 'node:dns';
+    /**
+     * Returns an array of IP address strings, formatted according to [RFC 5952](https://tools.ietf.org/html/rfc5952#section-6),
+     * that are currently configured for DNS resolution. A string will include a port
+     * section if a custom port is used.
+     *
+     * ```js
+     * [
+     *   '4.4.4.4',
+     *   '2001:4860:4860::8888',
+     *   '4.4.4.4:1053',
+     *   '[2001:4860:4860::8888]:1053',
+     * ]
+     * ```
+     * @since v10.6.0
+     */
+    function getServers(): string[];
+    /**
+     * Resolves a host name (e.g. `'nodejs.org'`) into the first found A (IPv4) or
+     * AAAA (IPv6) record. All `option` properties are optional. If `options` is an
+     * integer, then it must be `4` or `6` – if `options` is not provided, then IPv4
+     * and IPv6 addresses are both returned if found.
+     *
+     * With the `all` option set to `true`, the `Promise` is resolved with `addresses`being an array of objects with the properties `address` and `family`.
+     *
+     * On error, the `Promise` is rejected with an `Error` object, where `err.code`is the error code.
+     * Keep in mind that `err.code` will be set to `'ENOTFOUND'` not only when
+     * the host name does not exist but also when the lookup fails in other ways
+     * such as no available file descriptors.
+     *
+     * `dnsPromises.lookup()` does not necessarily have anything to do with the DNS
+     * protocol. The implementation uses an operating system facility that can
+     * associate names with addresses, and vice versa. This implementation can have
+     * subtle but important consequences on the behavior of any Node.js program. Please
+     * take some time to consult the `Implementation considerations section` before
+     * using `dnsPromises.lookup()`.
+     *
+     * Example usage:
+     *
+     * ```js
+     * const dns = require('dns');
+     * const dnsPromises = dns.promises;
+     * const options = {
+     *   family: 6,
+     *   hints: dns.ADDRCONFIG | dns.V4MAPPED,
+     * };
+     *
+     * dnsPromises.lookup('example.com', options).then((result) => {
+     *   console.log('address: %j family: IPv%s', result.address, result.family);
+     *   // address: "2606:2800:220:1:248:1893:25c8:1946" family: IPv6
+     * });
+     *
+     * // When options.all is true, the result will be an Array.
+     * options.all = true;
+     * dnsPromises.lookup('example.com', options).then((result) => {
+     *   console.log('addresses: %j', result);
+     *   // addresses: [{"address":"2606:2800:220:1:248:1893:25c8:1946","family":6}]
+     * });
+     * ```
+     * @since v10.6.0
+     */
+    function lookup(hostname: string, family: number): Promise<LookupAddress>;
+    function lookup(hostname: string, options: LookupOneOptions): Promise<LookupAddress>;
+    function lookup(hostname: string, options: LookupAllOptions): Promise<LookupAddress[]>;
+    function lookup(hostname: string, options: LookupOptions): Promise<LookupAddress | LookupAddress[]>;
+    function lookup(hostname: string): Promise<LookupAddress>;
+    /**
+     * Resolves the given `address` and `port` into a host name and service using
+     * the operating system's underlying `getnameinfo` implementation.
+     *
+     * If `address` is not a valid IP address, a `TypeError` will be thrown.
+     * The `port` will be coerced to a number. If it is not a legal port, a `TypeError`will be thrown.
+     *
+     * On error, the `Promise` is rejected with an `Error` object, where `err.code`is the error code.
+     *
+     * ```js
+     * const dnsPromises = require('dns').promises;
+     * dnsPromises.lookupService('127.0.0.1', 22).then((result) => {
+     *   console.log(result.hostname, result.service);
+     *   // Prints: localhost ssh
+     * });
+     * ```
+     * @since v10.6.0
+     */
+    function lookupService(
+        address: string,
+        port: number
+    ): Promise<{
+        hostname: string;
+        service: string;
+    }>;
+    /**
+     * Uses the DNS protocol to resolve a host name (e.g. `'nodejs.org'`) into an array
+     * of the resource records. When successful, the `Promise` is resolved with an
+     * array of resource records. The type and structure of individual results vary
+     * based on `rrtype`:
+     *
+     * <omitted>
+     *
+     * On error, the `Promise` is rejected with an `Error` object, where `err.code`is one of the `DNS error codes`.
+     * @since v10.6.0
+     * @param hostname Host name to resolve.
+     * @param [rrtype='A'] Resource record type.
+     */
+    function resolve(hostname: string): Promise<string[]>;
+    function resolve(hostname: string, rrtype: 'A'): Promise<string[]>;
+    function resolve(hostname: string, rrtype: 'AAAA'): Promise<string[]>;
+    function resolve(hostname: string, rrtype: 'ANY'): Promise<AnyRecord[]>;
+    function resolve(hostname: string, rrtype: 'CAA'): Promise<CaaRecord[]>;
+    function resolve(hostname: string, rrtype: 'CNAME'): Promise<string[]>;
+    function resolve(hostname: string, rrtype: 'MX'): Promise<MxRecord[]>;
+    function resolve(hostname: string, rrtype: 'NAPTR'): Promise<NaptrRecord[]>;
+    function resolve(hostname: string, rrtype: 'NS'): Promise<string[]>;
+    function resolve(hostname: string, rrtype: 'PTR'): Promise<string[]>;
+    function resolve(hostname: string, rrtype: 'SOA'): Promise<SoaRecord>;
+    function resolve(hostname: string, rrtype: 'SRV'): Promise<SrvRecord[]>;
+    function resolve(hostname: string, rrtype: 'TXT'): Promise<string[][]>;
+    function resolve(hostname: string, rrtype: string): Promise<string[] | MxRecord[] | NaptrRecord[] | SoaRecord | SrvRecord[] | string[][] | AnyRecord[]>;
+    /**
+     * Uses the DNS protocol to resolve IPv4 addresses (`A` records) for the`hostname`. On success, the `Promise` is resolved with an array of IPv4
+     * addresses (e.g. `['74.125.79.104', '74.125.79.105', '74.125.79.106']`).
+     * @since v10.6.0
+     * @param hostname Host name to resolve.
+     */
+    function resolve4(hostname: string): Promise<string[]>;
+    function resolve4(hostname: string, options: ResolveWithTtlOptions): Promise<RecordWithTtl[]>;
+    function resolve4(hostname: string, options: ResolveOptions): Promise<string[] | RecordWithTtl[]>;
+    /**
+     * Uses the DNS protocol to resolve IPv6 addresses (`AAAA` records) for the`hostname`. On success, the `Promise` is resolved with an array of IPv6
+     * addresses.
+     * @since v10.6.0
+     * @param hostname Host name to resolve.
+     */
+    function resolve6(hostname: string): Promise<string[]>;
+    function resolve6(hostname: string, options: ResolveWithTtlOptions): Promise<RecordWithTtl[]>;
+    function resolve6(hostname: string, options: ResolveOptions): Promise<string[] | RecordWithTtl[]>;
+    /**
+     * Uses the DNS protocol to resolve all records (also known as `ANY` or `*` query).
+     * On success, the `Promise` is resolved with an array containing various types of
+     * records. Each object has a property `type` that indicates the type of the
+     * current record. And depending on the `type`, additional properties will be
+     * present on the object:
+     *
+     * <omitted>
+     *
+     * Here is an example of the result object:
+     *
+     * ```js
+     * [ { type: 'A', address: '127.0.0.1', ttl: 299 },
+     *   { type: 'CNAME', value: 'example.com' },
+     *   { type: 'MX', exchange: 'alt4.aspmx.l.example.com', priority: 50 },
+     *   { type: 'NS', value: 'ns1.example.com' },
+     *   { type: 'TXT', entries: [ 'v=spf1 include:_spf.example.com ~all' ] },
+     *   { type: 'SOA',
+     *     nsname: 'ns1.example.com',
+     *     hostmaster: 'admin.example.com',
+     *     serial: 156696742,
+     *     refresh: 900,
+     *     retry: 900,
+     *     expire: 1800,
+     *     minttl: 60 } ]
+     * ```
+     * @since v10.6.0
+     */
+    function resolveAny(hostname: string): Promise<AnyRecord[]>;
+    /**
+     * Uses the DNS protocol to resolve `CAA` records for the `hostname`. On success,
+     * the `Promise` is resolved with an array of objects containing available
+     * certification authority authorization records available for the `hostname`(e.g. `[{critical: 0, iodef: 'mailto:pki@example.com'},{critical: 128, issue: 'pki.example.com'}]`).
+     * @since v15.0.0
+     */
+    function resolveCaa(hostname: string): Promise<CaaRecord[]>;
+    /**
+     * Uses the DNS protocol to resolve `CNAME` records for the `hostname`. On success,
+     * the `Promise` is resolved with an array of canonical name records available for
+     * the `hostname` (e.g. `['bar.example.com']`).
+     * @since v10.6.0
+     */
+    function resolveCname(hostname: string): Promise<string[]>;
+    /**
+     * Uses the DNS protocol to resolve mail exchange records (`MX` records) for the`hostname`. On success, the `Promise` is resolved with an array of objects
+     * containing both a `priority` and `exchange` property (e.g.`[{priority: 10, exchange: 'mx.example.com'}, ...]`).
+     * @since v10.6.0
+     */
+    function resolveMx(hostname: string): Promise<MxRecord[]>;
+    /**
+     * Uses the DNS protocol to resolve regular expression based records (`NAPTR`records) for the `hostname`. On success, the `Promise` is resolved with an array
+     * of objects with the following properties:
+     *
+     * * `flags`
+     * * `service`
+     * * `regexp`
+     * * `replacement`
+     * * `order`
+     * * `preference`
+     *
+     * ```js
+     * {
+     *   flags: 's',
+     *   service: 'SIP+D2U',
+     *   regexp: '',
+     *   replacement: '_sip._udp.example.com',
+     *   order: 30,
+     *   preference: 100
+     * }
+     * ```
+     * @since v10.6.0
+     */
+    function resolveNaptr(hostname: string): Promise<NaptrRecord[]>;
+    /**
+     * Uses the DNS protocol to resolve name server records (`NS` records) for the`hostname`. On success, the `Promise` is resolved with an array of name server
+     * records available for `hostname` (e.g.`['ns1.example.com', 'ns2.example.com']`).
+     * @since v10.6.0
+     */
+    function resolveNs(hostname: string): Promise<string[]>;
+    /**
+     * Uses the DNS protocol to resolve pointer records (`PTR` records) for the`hostname`. On success, the `Promise` is resolved with an array of strings
+     * containing the reply records.
+     * @since v10.6.0
+     */
+    function resolvePtr(hostname: string): Promise<string[]>;
+    /**
+     * Uses the DNS protocol to resolve a start of authority record (`SOA` record) for
+     * the `hostname`. On success, the `Promise` is resolved with an object with the
+     * following properties:
+     *
+     * * `nsname`
+     * * `hostmaster`
+     * * `serial`
+     * * `refresh`
+     * * `retry`
+     * * `expire`
+     * * `minttl`
+     *
+     * ```js
+     * {
+     *   nsname: 'ns.example.com',
+     *   hostmaster: 'root.example.com',
+     *   serial: 2013101809,
+     *   refresh: 10000,
+     *   retry: 2400,
+     *   expire: 604800,
+     *   minttl: 3600
+     * }
+     * ```
+     * @since v10.6.0
+     */
+    function resolveSoa(hostname: string): Promise<SoaRecord>;
+    /**
+     * Uses the DNS protocol to resolve service records (`SRV` records) for the`hostname`. On success, the `Promise` is resolved with an array of objects with
+     * the following properties:
+     *
+     * * `priority`
+     * * `weight`
+     * * `port`
+     * * `name`
+     *
+     * ```js
+     * {
+     *   priority: 10,
+     *   weight: 5,
+     *   port: 21223,
+     *   name: 'service.example.com'
+     * }
+     * ```
+     * @since v10.6.0
+     */
+    function resolveSrv(hostname: string): Promise<SrvRecord[]>;
+    /**
+     * Uses the DNS protocol to resolve text queries (`TXT` records) for the`hostname`. On success, the `Promise` is resolved with a two-dimensional array
+     * of the text records available for `hostname` (e.g.`[ ['v=spf1 ip4:0.0.0.0 ', '~all' ] ]`). Each sub-array contains TXT chunks of
+     * one record. Depending on the use case, these could be either joined together or
+     * treated separately.
+     * @since v10.6.0
+     */
+    function resolveTxt(hostname: string): Promise<string[][]>;
+    /**
+     * Performs a reverse DNS query that resolves an IPv4 or IPv6 address to an
+     * array of host names.
+     *
+     * On error, the `Promise` is rejected with an `Error` object, where `err.code`is one of the `DNS error codes`.
+     * @since v10.6.0
+     */
+    function reverse(ip: string): Promise<string[]>;
+    /**
+     * Sets the IP address and port of servers to be used when performing DNS
+     * resolution. The `servers` argument is an array of [RFC 5952](https://tools.ietf.org/html/rfc5952#section-6) formatted
+     * addresses. If the port is the IANA default DNS port (53) it can be omitted.
+     *
+     * ```js
+     * dnsPromises.setServers([
+     *   '4.4.4.4',
+     *   '[2001:4860:4860::8888]',
+     *   '4.4.4.4:1053',
+     *   '[2001:4860:4860::8888]:1053',
+     * ]);
+     * ```
+     *
+     * An error will be thrown if an invalid address is provided.
+     *
+     * The `dnsPromises.setServers()` method must not be called while a DNS query is in
+     * progress.
+     *
+     * This method works much like [resolve.conf](https://man7.org/linux/man-pages/man5/resolv.conf.5.html).
+     * That is, if attempting to resolve with the first server provided results in a`NOTFOUND` error, the `resolve()` method will _not_ attempt to resolve with
+     * subsequent servers provided. Fallback DNS servers will only be used if the
+     * earlier ones time out or result in some other error.
+     * @since v10.6.0
+     * @param servers array of `RFC 5952` formatted addresses
+     */
+    function setServers(servers: ReadonlyArray<string>): void;
+    /**
+     * Set the default value of `verbatim` in {@link lookup}. The value could be:
+     * - `ipv4first`: sets default `verbatim` `false`.
+     * - `verbatim`: sets default `verbatim` `true`.
+     *
+     * The default is `ipv4first` and {@link setDefaultResultOrder} have higher priority than `--dns-result-order`.
+     * When using worker threads, {@link setDefaultResultOrder} from the main thread won't affect the default dns orders in workers.
+     * @since v14.18.0
+     * @param order must be 'ipv4first' or 'verbatim'.
+     */
+    function setDefaultResultOrder(order: 'ipv4first' | 'verbatim'): void;
+    class Resolver {
+        constructor(options?: ResolverOptions);
+        cancel(): void;
+        getServers: typeof getServers;
+        resolve: typeof resolve;
+        resolve4: typeof resolve4;
+        resolve6: typeof resolve6;
+        resolveAny: typeof resolveAny;
+        resolveCname: typeof resolveCname;
+        resolveMx: typeof resolveMx;
+        resolveNaptr: typeof resolveNaptr;
+        resolveNs: typeof resolveNs;
+        resolvePtr: typeof resolvePtr;
+        resolveSoa: typeof resolveSoa;
+        resolveSrv: typeof resolveSrv;
+        resolveTxt: typeof resolveTxt;
+        reverse: typeof reverse;
+        setLocalAddress(ipv4?: string, ipv6?: string): void;
+        setServers: typeof setServers;
+    }
+}
+declare module 'node:dns/promises' {
+    export * from 'dns/promises';
+}