Merge pull request #2036 from github/backport-v2.22.11-b374143c1

Merge releases/v3 into releases/v2

.github/update-release-branch.py

@@ -255,10 +255,13 @@ def main():
     print(f'No commits to merge from {source_branch} to {target_branch}.')
     return
 
+  # define distinct prefix in order to support specific pr checks on backports
+  branch_prefix = 'update' if is_primary_release else 'backport'
+
   # The branch name is based off of the name of branch being merged into
   # and the SHA of the branch being merged from. Thus if the branch already
   # exists we can assume we don't need to recreate it.
-  new_branch_name = f'update-v{version}-{source_branch_short_sha}'
+  new_branch_name = f'{branch_prefix}-v{version}-{source_branch_short_sha}'
   print(f'Branch name is {new_branch_name}.')
 
   # Check if the branch already exists. If so we can abort as this script

.github/workflows/debug-artifacts-failure.yml

@@ -39,11 +39,11 @@ jobs:
         uses: ./.github/actions/prepare-test
         with:
           version: latest
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: ^1.13.1
       - name: Setup Python on MacOS
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         if: |
           matrix.os == 'macos-latest' && (
           matrix.version == 'stable-20220908' ||

.github/workflows/debug-artifacts.yml

@@ -46,11 +46,11 @@ jobs:
         uses: ./.github/actions/prepare-test
         with:
           version: ${{ matrix.version }}
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v5
         with:
           go-version: ^1.13.1
       - name: Setup Python on MacOS
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         if: |
           matrix.os == 'macos-latest' && (
           matrix.version == 'stable-20220908' ||

.github/workflows/pr-checks.yml

@@ -45,7 +45,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: 3.11
 
@@ -70,7 +70,7 @@ jobs:
 
     steps:
       - name: Setup Python on MacOS
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         if: |
           matrix.os == 'macos-latest' && (
           matrix.version == 'stable-20220908' ||
@@ -88,3 +88,44 @@ jobs:
           # we won't be able to find them on Windows.
           npm config set script-shell bash
           npm test
+
+  check-node-version:
+    if: ${{ github.event.pull_request }}
+    name: Check Action Node versions
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    env:
+      BASE_REF: ${{ github.base_ref }}
+
+    steps:
+      - uses: actions/checkout@v4
+      - id: head-version
+        name: Verify all Actions use the same Node version
+        run: |
+          NODE_VERSION=$(find . -name "action.yml" -exec yq -e '.runs.using' {} \; | grep node | sort | uniq)
+          echo "NODE_VERSION: ${NODE_VERSION}"
+          if [[ $(echo "$NODE_VERSION" | wc -l) -gt 1 ]]; then
+            echo "::error::More than one node version used in 'action.yml' files."
+            exit 1
+          fi
+          echo "node_version=${NODE_VERSION}" >> $GITHUB_OUTPUT
+
+      - id: checkout-base
+        name: 'Backport: Check out base ref'
+        if: ${{ startsWith(github.head_ref, 'backport-') }}
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ env.BASE_REF }}
+
+      - name: 'Backport: Verify Node versions unchanged'
+        if: steps.checkout-base.outcome == 'success'
+        env:
+          HEAD_VERSION: ${{ steps.head-version.outputs.node_version }}
+        run: |
+          BASE_VERSION=$(find . -name "action.yml" -exec yq -e '.runs.using' {} \; | grep node | sort | uniq)
+          echo "HEAD_VERSION: ${HEAD_VERSION}"
+          echo "BASE_VERSION: ${BASE_VERSION}"
+          if [[ "$BASE_VERSION" != "$HEAD_VERSION" ]]; then
+            echo "::error::Cannot change the Node version of an Action in a backport PR."
+            exit 1
+          fi

.github/workflows/python-deps.yml

@@ -37,7 +37,7 @@ jobs:
 
     steps:
     - name: Setup Python on MacOS
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       if: |
         matrix.os == 'macos-latest' && (
         matrix.version == 'stable-20220908' ||
@@ -151,7 +151,7 @@ jobs:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
     - uses: actions/checkout@v4
 
-    - uses: actions/setup-python@v4
+    - uses: actions/setup-python@v5
       with:
         python-version: ${{ matrix.python_version }}
 

.github/workflows/python312-windows.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: windows-latest
 
     steps:
-    - uses: actions/setup-python@v4
+    - uses: actions/setup-python@v5
       with:
         python-version: 3.12
 

.github/workflows/rebuild.yml

@@ -31,7 +31,7 @@ jobs:
           npm run build
 
       - name: Set up Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: 3.11
 

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Setup Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.7"
       - name: Checkout CodeQL Action

CHANGELOG.md

@@ -2,10 +2,14 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
-## [UNRELEASED]
+## 2.22.11 - 13 Dec 2023
 
 No user facing changes.
 
+## 2.22.10 - 12 Dec 2023
+
+- Update default CodeQL bundle version to 2.15.4. [#2016](https://github.com/github/codeql-action/pull/2016)
+
 ## 2.22.9 - 07 Dec 2023
 
 No user facing changes.

analyze/action.yml

@@ -84,6 +84,6 @@ outputs:
   sarif-id:
     description: The ID of the uploaded SARIF file.
 runs:
-  using: "node16"
+  using: node16
   main: "../lib/analyze-action.js"
   post: "../lib/analyze-action-post.js"

autobuild/action.yml

@@ -13,5 +13,5 @@ inputs:
       $GITHUB_WORKSPACE as its working directory.
     required: false
 runs:
-  using: 'node16'
+  using: node16
   main: '../lib/autobuild-action.js'

init/action.yml

@@ -109,6 +109,6 @@ outputs:
   codeql-path:
     description: The path of the CodeQL binary used for analysis
 runs:
-  using: 'node16'
+  using: node16
   main: '../lib/init-action.js'
   post: '../lib/init-action-post.js'

lib/autobuild.js

@@ -51,11 +51,11 @@ async function determineAutobuildLanguages(config, logger) {
      * For example, consider a user with the following workflow file:
      *
      * ```yml
-     * - uses: github/codeql-action/init@v2
+     * - uses: github/codeql-action/init@v3
      *   with:
      *     languages: go, java
-     * - uses: github/codeql-action/autobuild@v2
-     * - uses: github/codeql-action/analyze@v2
+     * - uses: github/codeql-action/autobuild@v3
+     * - uses: github/codeql-action/analyze@v3
      * ```
      *
      * - With Go extraction disabled, we will run the Java autobuilder in the

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.15.3",
-    "cliVersion": "2.15.3",
-    "priorBundleVersion": "codeql-bundle-v2.15.2",
-    "priorCliVersion": "2.15.2"
+    "bundleVersion": "codeql-bundle-v2.15.4",
+    "cliVersion": "2.15.4",
+    "priorBundleVersion": "codeql-bundle-v2.15.3",
+    "priorCliVersion": "2.15.3"
 }

lib/init-action-post-helper.test.js

@@ -92,14 +92,14 @@ const workflow = __importStar(require("./workflow"));
         },
         {
             name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
+            uses: "github/codeql-action/init@v3",
             with: {
                 languages: "javascript",
             },
         },
         {
             name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
+            uses: "github/codeql-action/analyze@v3",
             with: {
                 category: "my-category",
             },
@@ -115,14 +115,14 @@ const workflow = __importStar(require("./workflow"));
         },
         {
             name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
+            uses: "github/codeql-action/init@v3",
             with: {
                 languages: "javascript",
             },
         },
         {
             name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
+            uses: "github/codeql-action/analyze@v3",
             with: {
                 category: "my-category",
             },
@@ -141,14 +141,14 @@ const workflow = __importStar(require("./workflow"));
         },
         {
             name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
+            uses: "github/codeql-action/init@v3",
             with: {
                 languages: "javascript",
             },
         },
         {
             name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
+            uses: "github/codeql-action/analyze@v3",
             with: {
                 category: "my-category",
             },
@@ -194,14 +194,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
             },
             {
                 name: "Initialize CodeQL",
-                uses: "github/codeql-action/init@v2",
+                uses: "github/codeql-action/init@v3",
                 with: {
                     languages: "javascript",
                 },
             },
             {
                 name: "Perform CodeQL Analysis",
-                uses: "github/codeql-action/analyze@v2",
+                uses: "github/codeql-action/analyze@v3",
                 with: {
                     category: "my-category",
                     upload: uploadInput,
@@ -225,14 +225,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
         },
         {
             name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
+            uses: "github/codeql-action/init@v3",
             with: {
                 languages: "javascript",
             },
         },
         {
             name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
+            uses: "github/codeql-action/analyze@v3",
             with: {
                 category: "/language:${{ matrix.language }}",
             },
@@ -251,14 +251,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
         },
         {
             name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
+            uses: "github/codeql-action/init@v3",
             with: {
                 languages: "javascript",
             },
         },
         {
             name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
+            uses: "github/codeql-action/analyze@v3",
             with: {
                 upload: "${{ matrix.language != 'csharp' }}",
             },

lib/workflow.test.js

@@ -214,9 +214,9 @@ async function testLanguageAliases(t, matrixLanguages, aliases, expectedErrorMes
                     },
                 },
                 steps: [
-                    { uses: "actions/checkout@v2" },
-                    { uses: "github/codeql-action/init@v2" },
-                    { uses: "github/codeql-action/analyze@v2" },
+                    { uses: "actions/checkout@v3" },
+                    { uses: "github/codeql-action/init@v3" },
+                    { uses: "github/codeql-action/analyze@v3" },
                 ],
             },
         },
@@ -306,11 +306,11 @@ async function testLanguageAliases(t, matrixLanguages, aliases, expectedErrorMes
     test:
       steps:
         - run: "git checkout HEAD^2"
-  
+
     test2:
       steps:
         - run: "git checkout HEAD^2"
-  
+
     test3:
       steps: []
   `), await (0, codeql_1.getCodeQLForTesting)());
@@ -330,11 +330,11 @@ async function testLanguageAliases(t, matrixLanguages, aliases, expectedErrorMes
     test:
       steps:
         - run: "git checkout HEAD^2"
-  
+
     test2:
       steps:
         - run: "git checkout HEAD^2"
-  
+
     test3:
       steps: []
   `), await (0, codeql_1.getCodeQLForTesting)());
@@ -380,9 +380,9 @@ async function testLanguageAliases(t, matrixLanguages, aliases, expectedErrorMes
           analysis:
             runs-on: ubuntu-latest
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
-              - uses: github/codeql-action/analyze@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
+              - uses: github/codeql-action/analyze@v3
                 with:
                   category: some-category
       `), "analysis", {}), "some-category");
@@ -394,9 +394,9 @@ async function testLanguageAliases(t, matrixLanguages, aliases, expectedErrorMes
           analysis:
             runs-on: ubuntu-latest
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
-              - uses: github/codeql-action/analyze@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
+              - uses: github/codeql-action/analyze@v3
       `), "analysis", {}), undefined);
 });
 (0, ava_1.default)("getCategoryInputOrThrow returns category for workflow with multiple jobs", (t) => {
@@ -406,19 +406,19 @@ async function testLanguageAliases(t, matrixLanguages, aliases, expectedErrorMes
           foo:
             runs-on: ubuntu-latest
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
               - runs: ./build foo
-              - uses: github/codeql-action/analyze@v2
+              - uses: github/codeql-action/analyze@v3
                 with:
                   category: foo-category
           bar:
             runs-on: ubuntu-latest
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
               - runs: ./build bar
-              - uses: github/codeql-action/analyze@v2
+              - uses: github/codeql-action/analyze@v3
                 with:
                   category: bar-category
       `), "bar", {}), "bar-category");
@@ -433,11 +433,11 @@ async function testLanguageAliases(t, matrixLanguages, aliases, expectedErrorMes
               matrix:
                 language: [javascript, python]
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
                 with:
                   language: \${{ matrix.language }}
-              - uses: github/codeql-action/analyze@v2
+              - uses: github/codeql-action/analyze@v3
                 with:
                   category: "/language:\${{ matrix.language }}"
       `), "analysis", { language: "javascript" }), "/language:javascript");
@@ -448,9 +448,9 @@ async function testLanguageAliases(t, matrixLanguages, aliases, expectedErrorMes
           jobs:
             analysis:
               steps:
-                - uses: actions/checkout@v2
-                - uses: github/codeql-action/init@v2
-                - uses: github/codeql-action/analyze@v2
+                - uses: actions/checkout@v3
+                - uses: github/codeql-action/init@v3
+                - uses: github/codeql-action/analyze@v3
                   with:
                     category: "\${{ github.workflow }}"
         `), "analysis", {}), {
@@ -465,12 +465,12 @@ async function testLanguageAliases(t, matrixLanguages, aliases, expectedErrorMes
             analysis:
               runs-on: ubuntu-latest
               steps:
-                - uses: actions/checkout@v2
-                - uses: github/codeql-action/init@v2
-                - uses: github/codeql-action/analyze@v2
+                - uses: actions/checkout@v3
+                - uses: github/codeql-action/init@v3
+                - uses: github/codeql-action/analyze@v3
                   with:
                     category: some-category
-                - uses: github/codeql-action/analyze@v2
+                - uses: github/codeql-action/analyze@v3
                   with:
                     category: another-category
         `), "analysis", {}), {

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.22.10",
+  "version": "2.22.11",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "2.22.10",
+  "version": "2.22.11",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "2.22.10",
+      "version": "2.22.11",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^1.1.2",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.22.10",
+  "version": "2.22.11",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

resolve-environment/action.yml

@@ -19,5 +19,5 @@ outputs:
   environment:
     description: The inferred build environment configuration.
 runs:
-  using: 'node16'
+  using: node16
   main: '../lib/resolve-environment-action.js'

src/autobuild.ts

@@ -38,11 +38,11 @@ export async function determineAutobuildLanguages(
    * For example, consider a user with the following workflow file:
    *
    * ```yml
-   * - uses: github/codeql-action/init@v2
+   * - uses: github/codeql-action/init@v3
    *   with:
    *     languages: go, java
-   * - uses: github/codeql-action/autobuild@v2
-   * - uses: github/codeql-action/analyze@v2
+   * - uses: github/codeql-action/autobuild@v3
+   * - uses: github/codeql-action/analyze@v3
    * ```
    *
    * - With Go extraction disabled, we will run the Java autobuilder in the

src/defaults.json

@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.15.3",
-  "cliVersion": "2.15.3",
-  "priorBundleVersion": "codeql-bundle-v2.15.2",
-  "priorCliVersion": "2.15.2"
+  "bundleVersion": "codeql-bundle-v2.15.4",
+  "cliVersion": "2.15.4",
+  "priorBundleVersion": "codeql-bundle-v2.15.3",
+  "priorCliVersion": "2.15.3"
 }

src/init-action-post-helper.test.ts

@@ -91,14 +91,14 @@ test("uploads failed SARIF run with `diagnostics export` if feature flag is off"
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v2",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v2",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         category: "my-category",
       },
@@ -115,14 +115,14 @@ test("uploads failed SARIF run with `diagnostics export` if the database doesn't
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v2",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v2",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         category: "my-category",
       },
@@ -142,14 +142,14 @@ test("uploads failed SARIF run with database export-diagnostics if the database
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v2",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v2",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         category: "my-category",
       },
@@ -199,14 +199,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
       },
       {
         name: "Initialize CodeQL",
-        uses: "github/codeql-action/init@v2",
+        uses: "github/codeql-action/init@v3",
         with: {
           languages: "javascript",
         },
       },
       {
         name: "Perform CodeQL Analysis",
-        uses: "github/codeql-action/analyze@v2",
+        uses: "github/codeql-action/analyze@v3",
         with: {
           category: "my-category",
           upload: uploadInput,
@@ -234,14 +234,14 @@ test("uploading failed SARIF run succeeds when workflow uses an input with a mat
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v2",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v2",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         category: "/language:${{ matrix.language }}",
       },
@@ -261,14 +261,14 @@ test("uploading failed SARIF run fails when workflow uses a complex upload input
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v2",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v2",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         upload: "${{ matrix.language != 'csharp' }}",
       },

src/workflow.test.ts

@@ -396,9 +396,9 @@ async function testLanguageAliases(
             },
           },
           steps: [
-            { uses: "actions/checkout@v2" },
-            { uses: "github/codeql-action/init@v2" },
-            { uses: "github/codeql-action/analyze@v2" },
+            { uses: "actions/checkout@v3" },
+            { uses: "github/codeql-action/init@v3" },
+            { uses: "github/codeql-action/analyze@v3" },
           ],
         },
       },
@@ -516,11 +516,11 @@ test("getWorkflowErrors() should only report the current job's CheckoutWrongHead
     test:
       steps:
         - run: "git checkout HEAD^2"
-  
+
     test2:
       steps:
         - run: "git checkout HEAD^2"
-  
+
     test3:
       steps: []
   `) as Workflow,
@@ -546,11 +546,11 @@ test("getWorkflowErrors() should not report a different job's CheckoutWrongHead"
     test:
       steps:
         - run: "git checkout HEAD^2"
-  
+
     test2:
       steps:
         - run: "git checkout HEAD^2"
-  
+
     test3:
       steps: []
   `) as Workflow,
@@ -652,9 +652,9 @@ test("getCategoryInputOrThrow returns category for simple workflow with category
           analysis:
             runs-on: ubuntu-latest
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
-              - uses: github/codeql-action/analyze@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
+              - uses: github/codeql-action/analyze@v3
                 with:
                   category: some-category
       `) as Workflow,
@@ -674,9 +674,9 @@ test("getCategoryInputOrThrow returns undefined for simple workflow without cate
           analysis:
             runs-on: ubuntu-latest
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
-              - uses: github/codeql-action/analyze@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
+              - uses: github/codeql-action/analyze@v3
       `) as Workflow,
       "analysis",
       {},
@@ -694,19 +694,19 @@ test("getCategoryInputOrThrow returns category for workflow with multiple jobs",
           foo:
             runs-on: ubuntu-latest
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
               - runs: ./build foo
-              - uses: github/codeql-action/analyze@v2
+              - uses: github/codeql-action/analyze@v3
                 with:
                   category: foo-category
           bar:
             runs-on: ubuntu-latest
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
               - runs: ./build bar
-              - uses: github/codeql-action/analyze@v2
+              - uses: github/codeql-action/analyze@v3
                 with:
                   category: bar-category
       `) as Workflow,
@@ -729,11 +729,11 @@ test("getCategoryInputOrThrow finds category for workflow with language matrix",
               matrix:
                 language: [javascript, python]
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
                 with:
                   language: \${{ matrix.language }}
-              - uses: github/codeql-action/analyze@v2
+              - uses: github/codeql-action/analyze@v3
                 with:
                   category: "/language:\${{ matrix.language }}"
       `) as Workflow,
@@ -753,9 +753,9 @@ test("getCategoryInputOrThrow throws error for workflow with dynamic category",
           jobs:
             analysis:
               steps:
-                - uses: actions/checkout@v2
-                - uses: github/codeql-action/init@v2
-                - uses: github/codeql-action/analyze@v2
+                - uses: actions/checkout@v3
+                - uses: github/codeql-action/init@v3
+                - uses: github/codeql-action/analyze@v3
                   with:
                     category: "\${{ github.workflow }}"
         `) as Workflow,
@@ -780,12 +780,12 @@ test("getCategoryInputOrThrow throws error for workflow with multiple calls to a
             analysis:
               runs-on: ubuntu-latest
               steps:
-                - uses: actions/checkout@v2
-                - uses: github/codeql-action/init@v2
-                - uses: github/codeql-action/analyze@v2
+                - uses: actions/checkout@v3
+                - uses: github/codeql-action/init@v3
+                - uses: github/codeql-action/analyze@v3
                   with:
                     category: some-category
-                - uses: github/codeql-action/analyze@v2
+                - uses: github/codeql-action/analyze@v3
                   with:
                     category: another-category
         `) as Workflow,

upload-sarif/action.yml

@@ -34,5 +34,5 @@ outputs:
   sarif-id:
     description: The ID of the uploaded SARIF file.
 runs:
-  using: 'node16'
+  using: node16
   main: '../lib/upload-sarif-action.js'