Fix linitng issues.

We don't use them yet and will re-save them during analysis.

.github/actions/release-initialise/action.yml

@@ -16,9 +16,9 @@ runs:
       shell: bash
 
     - name: Set up Python
-      uses: actions/setup-python@v6
+      uses: actions/setup-python@v5
       with:
-        python-version: '3.12'
+        python-version: 3.12
 
     - name: Install dependencies
       run: |

.github/dependabot.yml

@@ -16,12 +16,9 @@ updates:
       - dependency-name: "eslint-plugin-import"
         versions: [">=2.30.0"]
     groups:
-      npm-minor:
+      npm:
         patterns:
           - "*"
-        update-types:
-          - "minor"
-          - "patch"
   - package-ecosystem: github-actions
     directories:
       - "/.github/workflows"
@@ -31,9 +28,6 @@ updates:
     labels:
       - Rebuild
     groups:
-      actions-minor:
+      actions:
         patterns:
           - "*"
-        update-types:
-          - "minor"
-          - "patch"

.github/pull_request_template.md

@@ -18,25 +18,14 @@ For internal use only. Please select the risk level of this change:
 
 #### Which use cases does this change impact?
 
-<!-- Delete options that don't apply. If in doubt, do not delete an option. -->
+<!-- Delete options that don't apply. -->
 
-Workflow types:
+- **Advanced setup** - Impacts users who have custom workflows.
-
+- **Default setup** - Impacts users who use default setup.
-- **Advanced setup** - Impacts users who have custom CodeQL workflows.
+- **Code Scanning** - Impacts Code Scanning (i.e. `analysis-kinds: code-scanning`).
-- **Managed** - Impacts users with `dynamic` workflows (Default Setup, CCR, ...).
+- **Code Quality** - Impacts Code Quality (i.e. `analysis-kinds: code-quality`).
-
+- **Third-party analyses** - Impacts third-party analyses (i.e. `upload-sarif`).
-Products:
+- **GHES** - Impacts GitHub Enterprise Server.
-
-- **Code Scanning** - The changes impact analyses when `analysis-kinds: code-scanning`.
-- **Code Quality** - The changes impact analyses when `analysis-kinds: code-quality`.
-- **CCR** - The changes impact analyses for Copilot Code Reviews.
-- **Third-party analyses** - The changes affect the `upload-sarif` action.
-
-Environments:
-
-- **Dotcom** - Impacts CodeQL workflows on `github.com` and/or GitHub Enterprise Cloud with Data Residency.
-- **GHES** - Impacts CodeQL workflows on GitHub Enterprise Server.
-- **Testing/None** - This change does not impact any CodeQL workflows in production.
 
 #### How did/will you validate this change?
 
@@ -65,15 +54,6 @@ Environments:
     - **Alerts** - New or existing monitors will trip if something goes wrong with this change.
 - **Other** - Please provide details.
 
-#### Are there any special considerations for merging or releasing this change?
-
-<!--
-    Consider whether this change depends on a different change in another repository that should be released first.
--->
-
-- **No special considerations** - This change can be merged at any time.
-- **Special considerations** - This change should only be merged once certain preconditions are met. Please provide details of those or link to this PR from an internal issue.
-
 ### Merge / deployment checklist
 
 - Confirm this change is backwards compatible with existing workflows.

.github/sizeup.yml

@@ -1,55 +0,0 @@
-labeling:
-  applyCategoryLabels: true
-  categoryLabelPrefix: "size/"
-
-commenting:
-  addCommentWhenScoreThresholdHasBeenExceeded: false
-
-sizeup:
-  categories:
-    - name: extra small
-      lte: 25
-      label:
-        name: XS
-        description: Should be very easy to review
-        color: 3cbf00
-    - name: small
-      lte: 100
-      label:
-        name: S
-        description: Should be easy to review
-        color: 5d9801
-    - name: medium
-      lte: 250
-      label:
-        name: M
-        description: Should be of average difficulty to review
-        color: 7f7203
-    - name: large
-      lte: 500
-      label:
-        name: L
-        description: May be hard to review
-        color: a14c05
-    - name: extra large
-      lte: 1000
-      label:
-        name: XL
-        description: May be very hard to review
-        color: c32607
-    - name: extra extra large
-      label:
-        name: XXL
-        description: May be extremely hard to review
-        color: e50009
-  ignoredFilePatterns:
-    - ".github/workflows/__*"
-    - "lib/**/*"
-    - "package-lock.json"
-  testFilePatterns:
-    - "**/*.test.ts"
-  scoring:
-    # This formula and the aliases below it are written in prefix notation.
-    # For an explanation of how this works, please see:
-    # https://github.com/lerebear/sizeup-core/blob/main/README.md#prefix-notation
-    formula: "- - + additions deletions comments whitespace"

.github/update-release-branch.py

@@ -371,10 +371,10 @@ def main():
       # releases.
       run_git('revert', vOlder_update_commits[0], '--no-edit')
 
-      # Also revert the "Rebuild" commit created by Actions.
+      # Also revert the "Update checked-in dependencies" commit created by Actions.
-      rebuild_commit = run_git('log', '--grep', '^Rebuild$', '--format=%H').split()[0]
+      update_dependencies_commit = run_git('log', '--grep', '^Update checked-in dependencies', '--format=%H').split()[0]
-      print(f'  Reverting {rebuild_commit}')
+      print(f'  Reverting {update_dependencies_commit}')
-      run_git('revert', rebuild_commit, '--no-edit')
+      run_git('revert', update_dependencies_commit, '--no-edit')
 
     else:
       print('  Nothing to revert.')

.github/workflows/__all-platform-bundle.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -71,7 +61,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -84,10 +74,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - id: init
         uses: ./../action/init
         with:

.github/workflows/__analyze-ref-input.yml

@@ -27,16 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -44,16 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -77,7 +57,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -90,15 +70,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__autobuild-action.yml

@@ -21,19 +21,9 @@ on:
   schedule:
     - cron: '0 5 * * *'
   workflow_dispatch:
-    inputs:
+    inputs: {}
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
-    inputs:
+    inputs: {}
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -61,7 +51,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -69,10 +59,6 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         with:
           languages: csharp

.github/workflows/__autobuild-direct-tracing-with-working-dir.yml

@@ -63,7 +63,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__autobuild-working-dir.yml

@@ -47,7 +47,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__build-mode-autobuild.yml

@@ -63,7 +63,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__build-mode-manual.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -67,7 +57,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -80,10 +70,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__build-mode-none.yml

@@ -49,7 +49,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__build-mode-rollback.yml

@@ -47,7 +47,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__bundle-from-toolcache.yml

@@ -47,7 +47,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -67,9 +67,10 @@ jobs:
             if (allCodeqlVersions.length === 0) {
               throw new Error(`CodeQL could not be found in the toolcache`);
             }
-      - id: setup-codeql
+      - id: init
-        uses: ./../action/setup-codeql
+        uses: ./../action/init
         with:
+          languages: javascript
           tools: ${{ steps.prepare-test.outputs.tools-url }}
       - name: Check CodeQL is installed within the toolcache
         uses: actions/github-script@v8

.github/workflows/__bundle-toolcache.yml

@@ -51,7 +51,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__bundle-zstd.yml

@@ -51,7 +51,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -79,7 +79,7 @@ jobs:
           output: ${{ runner.temp }}/results
           upload-database: false
       - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.os }}-zstd-bundle.sarif
           path: ${{ runner.temp }}/results/javascript.sarif

.github/workflows/__cleanup-db-cluster-dir.yml

@@ -47,7 +47,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__config-export.yml

@@ -49,7 +49,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -67,7 +67,7 @@ jobs:
           output: ${{ runner.temp }}/results
           upload-database: false
       - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v4
         with:
           name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
           path: ${{ runner.temp }}/results/javascript.sarif

.github/workflows/__config-input.yml

@@ -47,9 +47,9 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Install Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v5
         with:
           node-version: 20.x
           cache: npm

.github/workflows/__cpp-deptrace-disabled.yml

@@ -51,7 +51,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -49,7 +49,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__cpp-deptrace-enabled.yml

@@ -51,7 +51,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__diagnostics-export.yml

@@ -49,7 +49,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -78,7 +78,7 @@ jobs:
           output: ${{ runner.temp }}/results
           upload-database: false
       - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v4
         with:
           name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
           path: ${{ runner.temp }}/results/javascript.sarif

.github/workflows/__export-file-baseline-information.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -71,7 +61,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -84,10 +74,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         id: init
         with:
@@ -99,7 +85,7 @@ jobs:
         with:
           output: ${{ runner.temp }}/results
       - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v4
         with:
           name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json
           path: ${{ runner.temp }}/results/javascript.sarif

.github/workflows/__extractor-ram-threads.yml

@@ -47,7 +47,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__global-proxy.yml

@@ -61,7 +61,7 @@ jobs:
           apt install -y gh
         env: {}
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__go-custom-queries.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -69,7 +59,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -82,10 +72,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         with:
           languages: go

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -57,7 +57,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml

@@ -57,7 +57,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -57,7 +57,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__go-tracing-autobuilder.yml

@@ -91,7 +91,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -91,7 +91,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -91,7 +91,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__go.yml

@@ -8,6 +8,9 @@ env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   GO111MODULE: auto
 on:
+  push:
+    paths:
+      - .github/workflows/__go.yml
   workflow_dispatch:
     inputs:
       go-version:
@@ -15,11 +18,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 jobs:
   go-custom-queries:
     name: 'Go: Custom queries'
@@ -29,7 +27,6 @@ jobs:
     uses: ./.github/workflows/__go-custom-queries.yml
     with:
       go-version: ${{ inputs.go-version }}
-      dotnet-version: ${{ inputs.dotnet-version }}
   go-indirect-tracing-workaround-diagnostic:
     name: 'Go: diagnostic when Go is changed after init step'
     permissions:

.github/workflows/__init-with-registries.yml

@@ -52,7 +52,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__javascript-source-root.yml

@@ -51,7 +51,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__job-run-uuid-sarif.yml

@@ -47,7 +47,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -64,7 +64,7 @@ jobs:
         with:
           output: ${{ runner.temp }}/results
       - name: Upload SARIF
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v4
         with:
           name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json
           path: ${{ runner.temp }}/results/javascript.sarif

.github/workflows/__language-aliases.yml

@@ -47,7 +47,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__local-bundle.yml

@@ -27,16 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -44,16 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -77,7 +57,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -90,15 +70,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - name: Fetch latest CodeQL bundle
         run: |
           wget https://github.com/github/codeql-action/releases/latest/download/codeql-bundle-linux64.tar.zst

.github/workflows/__multi-language-autodetect.yml

@@ -27,16 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -44,16 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -111,7 +91,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -124,15 +104,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - name: Use Xcode 16
         if: runner.os == 'macOS' && matrix.version != 'nightly-latest'
         run: sudo xcode-select -s "/Applications/Xcode_16.app"

.github/workflows/__overlay-init-fallback.yml

@@ -49,7 +49,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -27,16 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -44,16 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -81,9 +61,9 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Install Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v5
         with:
           node-version: 20.x
           cache: npm
@@ -101,15 +81,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging3.yml

.github/workflows/__packaging-config-inputs-js.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -71,9 +61,9 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Install Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v5
         with:
           node-version: 20.x
           cache: npm
@@ -91,10 +81,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging3.yml

.github/workflows/__packaging-config-js.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -71,9 +61,9 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Install Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v5
         with:
           node-version: 20.x
           cache: npm
@@ -91,10 +81,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging.yml

.github/workflows/__packaging-inputs-js.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -71,9 +61,9 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Install Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v5
         with:
           node-version: 20.x
           cache: npm
@@ -91,10 +81,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging2.yml

.github/workflows/__quality-queries.yml

@@ -63,7 +63,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -80,10 +80,9 @@ jobs:
         with:
           output: ${{ runner.temp }}/results
           upload-database: false
-          post-processed-sarif-path: ${{ runner.temp }}/post-processed
       - name: Upload security SARIF
         if: contains(matrix.analysis-kinds, 'code-scanning')
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v4
         with:
           name: |
             quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
@@ -91,20 +90,12 @@ jobs:
           retention-days: 7
       - name: Upload quality SARIF
         if: contains(matrix.analysis-kinds, 'code-quality')
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v4
         with:
           name: |
             quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.quality.sarif.json
           path: ${{ runner.temp }}/results/javascript.quality.sarif
           retention-days: 7
-      - name: Upload post-processed SARIF
-        uses: actions/upload-artifact@v6
-        with:
-          name: |
-            post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
-          path: ${{ runner.temp }}/post-processed
-          retention-days: 7
-          if-no-files-found: error
       - name: Check quality query does not appear in security SARIF
         if: contains(matrix.analysis-kinds, 'code-scanning')
         uses: actions/github-script@v8

.github/workflows/__remote-config.yml

@@ -27,16 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -44,16 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -79,7 +59,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -92,15 +72,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__resolve-environment-action.yml

@@ -51,7 +51,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__rubocop-multi-language.yml

@@ -47,7 +47,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -56,7 +56,7 @@ jobs:
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
       - name: Set up Ruby
-        uses: ruby/setup-ruby@ac793fdd38cc468a4dd57246fa9d0e868aba9085 # v1.270.0
+        uses: ruby/setup-ruby@0481980f17b760ef6bca5e8c55809102a0af1e5a # v1.263.0
         with:
           ruby-version: 2.6
       - name: Install Code Scanning integration

.github/workflows/__ruby.yml

@@ -57,7 +57,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__rust.yml

@@ -55,7 +55,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__split-workflow.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -77,7 +67,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -90,10 +80,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         with:
           config-file: .github/codeql/codeql-config-packaging3.yml

.github/workflows/__start-proxy.yml

@@ -51,7 +51,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__submit-sarif-failure.yml

@@ -52,7 +52,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -60,7 +60,7 @@ jobs:
           version: ${{ matrix.version }}
           use-all-platform-bundle: 'false'
           setup-kotlin: 'true'
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
       - uses: ./init
         with:
           languages: javascript

.github/workflows/__swift-autobuild.yml

@@ -47,7 +47,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test

.github/workflows/__swift-custom-build.yml

@@ -27,11 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -39,11 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -71,7 +61,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -84,10 +74,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - name: Use Xcode 16
         if: runner.os == 'macOS' && matrix.version != 'nightly-latest'
         run: sudo xcode-select -s "/Applications/Xcode_16.app"

.github/workflows/__unset-environment.yml

@@ -27,16 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -44,16 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -79,7 +59,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -92,15 +72,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         id: init
         with:

.github/workflows/__upload-ref-sha-input.yml

@@ -27,16 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -44,16 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -77,7 +57,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -90,15 +70,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__upload-sarif.yml

@@ -27,16 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -44,16 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -84,7 +64,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -97,15 +77,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}

.github/workflows/__with-checkout-path.yml

@@ -27,16 +27,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
   workflow_call:
     inputs:
       go-version:
@@ -44,16 +34,6 @@ on:
         description: The version of Go to install
         required: false
         default: '>=1.21.0'
-      python-version:
-        type: string
-        description: The version of Python to install
-        required: false
-        default: '3.13'
-      dotnet-version:
-        type: string
-        description: The version of .NET to install
-        required: false
-        default: 9.x
 defaults:
   run:
     shell: bash
@@ -77,7 +57,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -90,15 +70,6 @@ jobs:
         with:
           go-version: ${{ inputs.go-version || '>=1.21.0' }}
           cache: false
-      - name: Install Python
-        if: matrix.version != 'nightly-latest'
-        uses: actions/setup-python@v6
-        with:
-          python-version: ${{ inputs.python-version || '3.13' }}
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: ${{ inputs.dotnet-version || '9.x' }}
       - name: Delete original checkout
         run: |
           # delete the original checkout so we don't accidentally use it.
@@ -107,7 +78,7 @@ jobs:
           rm -rf ./* .github .git
   # Check out the actions repo again, but at a different location.
   # choose an arbitrary SHA so that we can later test that the commit_oid is not from main
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
         with:
           ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
           path: x/y/z/some-path

.github/workflows/check-expected-release-files.yml

@@ -15,14 +15,14 @@ defaults:
 
 jobs:
   check-expected-release-files:
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
 
     permissions:
       contents: read
 
     steps:
       - name: Checkout CodeQL Action
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Check Expected Release Files
         run: |
           bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")"

.github/workflows/codeql.yml

@@ -4,6 +4,7 @@ on:
   push:
     branches: [main, releases/v*]
   pull_request:
+    branches: [main, releases/v*]
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
     types: [opened, synchronize, reopened, ready_for_review]
@@ -31,7 +32,7 @@ jobs:
       contents: read
 
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v5
     - name: Init with default CodeQL bundle from the VM image
       id: init-default
       uses: ./init
@@ -80,7 +81,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-22.04,ubuntu-24.04,windows-2022,windows-2025,macos-14,macos-15]
+        os: [ubuntu-22.04,ubuntu-24.04,windows-2022,windows-2025,macos-13,macos-14,macos-15]
         tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
     runs-on: ${{ matrix.os }}
 
@@ -90,7 +91,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v6
+      uses: actions/checkout@v5
     - name: Initialize CodeQL
       uses: ./init
       id: init
@@ -127,7 +128,7 @@ jobs:
 
     steps:
     - name: Checkout
-      uses: actions/checkout@v6
+      uses: actions/checkout@v5
     - name: Initialize CodeQL
       uses: ./init
       with:

.github/workflows/codescanning-config-cli.yml

@@ -53,10 +53,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v6
+      uses: actions/checkout@v5
 
     - name: Set up Node.js
-      uses: actions/setup-node@v6
+      uses: actions/setup-node@v5
       with:
         node-version: 24
         cache: 'npm'
@@ -70,33 +70,13 @@ jobs:
       with:
         version: ${{ matrix.version }}
 
-    # On PRs, overlay analysis may change the config that is passed to the CLI.
+    - name: Empty file
-    # Therefore, we have two variants of the following test, one for PRs and one for other events.
-    - name: Empty file (non-PR)
-      if: github.event_name != 'pull_request'
       uses: ./../action/.github/actions/check-codescanning-config
       with:
         expected-config-file-contents: "{}"
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
 
-    - name: Empty file (PR)
-      if: github.event_name == 'pull_request'
-      uses: ./../action/.github/actions/check-codescanning-config
-      with:
-        expected-config-file-contents: |
-          {
-            "query-filters": [
-              {
-                "exclude": {
-                  "tags": "exclude-from-incremental"
-                }
-              }
-            ]
-          }
-        languages: javascript
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-
     - name: Packs from input
       if: success() || failure()
       uses: ./../action/.github/actions/check-codescanning-config

.github/workflows/debug-artifacts-failure-safe.yml

@@ -45,7 +45,7 @@ jobs:
       - name: Dump GitHub event
         run: cat "${GITHUB_EVENT_PATH}"
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -54,10 +54,6 @@ jobs:
       - uses: actions/setup-go@v6
         with:
           go-version: ^1.13.1
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: '9.x'
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -83,7 +79,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download all artifacts
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v5
       - name: Check expected artifacts exist
         run: |
           LANGUAGES="cpp csharp go java javascript python"

.github/workflows/debug-artifacts-safe.yml

@@ -41,7 +41,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Prepare test
         id: prepare-test
         uses: ./.github/actions/prepare-test
@@ -50,10 +50,6 @@ jobs:
       - uses: actions/setup-go@v6
         with:
           go-version: ^1.13.1
-      - name: Install .NET
-        uses: actions/setup-dotnet@v5
-        with:
-          dotnet-version: '9.x'
       - uses: ./../action/init
         id: init
         with:
@@ -77,7 +73,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download all artifacts
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v5
       - name: Check expected artifacts exist
         run: |
           VERSIONS="stable-v2.20.3 default linked nightly-latest"

.github/workflows/label-pr-size.yml

@@ -1,26 +0,0 @@
-name: Label PR with size
-
-on:
-  pull_request:
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - edited
-      - ready_for_review
-
-permissions:
-  contents: read
-  pull-requests: write
-
-jobs:
-  sizeup:
-    name: Label PR with size
-    runs-on: ubuntu-slim
-
-    steps:
-      - name: Run sizeup
-        uses: lerebear/sizeup-action@b7beb3dd273e36039e16e48e7bc690c189e61951 # 0.8.12
-        with:
-          token: "${{ secrets.GITHUB_TOKEN }}"
-          configuration-file-path: ".github/sizeup.yml"

.github/workflows/post-release-mergeback.yml

@@ -24,7 +24,7 @@ defaults:
 
 jobs:
   merge-back:
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
     environment: Automation
     if: github.repository == 'github/codeql-action'
     env:
@@ -44,13 +44,10 @@ jobs:
           GITHUB_CONTEXT: '${{ toJson(github) }}'
         run: echo "${GITHUB_CONTEXT}"
 
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0  # ensure we have all tags and can push commits
-      - uses: actions/setup-node@v6
+      - uses: actions/setup-node@v5
-      - uses: actions/setup-python@v6
-        with:
-          python-version: '3.12'
 
       - name: Update git config
         run: |
@@ -142,14 +139,13 @@ jobs:
           token: "${{ secrets.GITHUB_TOKEN }}"
 
       - name: Generate token
-        uses: actions/create-github-app-token@v2.2.1
+        uses: actions/create-github-app-token@v2.1.4
         id: app-token
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
           private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
 
       - name: Create the GitHub release
-        if: steps.check.outputs.exists != 'true'
         env:
           PARTIAL_CHANGELOG: "${{ runner.temp }}/partial_changelog.md"
           VERSION: "${{ steps.getVersion.outputs.version }}"

.github/workflows/pr-checks.yml

@@ -32,10 +32,10 @@ jobs:
         if: runner.os == 'Windows'
         run: git config --global core.autocrlf false
 
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
 
       - name: Set up Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v5
         with:
           node-version: ${{ matrix.node-version }}
           cache: 'npm'
@@ -73,7 +73,7 @@ jobs:
         run: npm run lint-ci
 
       - name: Upload sarif
-        uses: github/codeql-action/upload-sarif@v4
+        uses: github/codeql-action/upload-sarif@v3
         if: matrix.os == 'ubuntu-latest' && matrix.node-version == 24
         with:
           sarif_file: eslint.sarif
@@ -91,7 +91,7 @@ jobs:
       contents: read
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
       - id: head-version
         name: Verify all Actions use the same Node version
         run: |
@@ -106,7 +106,7 @@ jobs:
       - id: checkout-base
         name: 'Backport: Check out base ref'
         if: ${{ startsWith(github.head_ref, 'backport-') }}
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           ref: ${{ env.BASE_REF }}
 

.github/workflows/prepare-release.yml

@@ -29,7 +29,7 @@ defaults:
 jobs:
   prepare:
     name: "Prepare release"
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
     if: github.repository == 'github/codeql-action'
 
     permissions:
@@ -44,7 +44,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0 # Need full history for calculation of diffs
 

.github/workflows/publish-immutable-action.yml

@@ -1,10 +1,8 @@
 name: 'Publish Immutable Action Version'
 
 on:
-  push:
+  release:
-    tags:
+    types: [published]
-      # Match version tags, but not the major version tags.
-      - 'v[0-9]+.**'
 
 defaults:
   run:
@@ -12,16 +10,30 @@ defaults:
 
 jobs:
   publish:
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
     permissions:
       contents: read
       id-token: write
       packages: write
 
     steps:
-      - name: Checkout repository
+      - name: Check release name
-        uses: actions/checkout@v6
+        id: check
-
+        env:
-      - name: Publish immutable release
+          RELEASE_NAME: ${{ github.event.release.name }}
+        run: |
+          echo "Release name: ${{ github.event.release.name }}"
+          if [[ $RELEASE_NAME == v* ]]; then
+            echo "This is a CodeQL Action release. Create an Immutable Action"
+            echo "is-action-release=true" >> $GITHUB_OUTPUT
+          else
+            echo "This is a CodeQL Bundle release. Do not create an Immutable Action"
+            echo "is-action-release=false" >> $GITHUB_OUTPUT
+          fi
+      - name: Checking out
+        if: steps.check.outputs.is-action-release == 'true'
+        uses: actions/checkout@v5
+      - name: Publish
+        if: steps.check.outputs.is-action-release == 'true'
         id: publish
         uses: actions/publish-immutable-action@v0.0.4

.github/workflows/python312-windows.yml

@@ -31,7 +31,7 @@ jobs:
       with:
         python-version: 3.12
 
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v5
 
     - name: Prepare test
       uses: ./.github/actions/prepare-test

.github/workflows/query-filters.yml

@@ -29,10 +29,10 @@ jobs:
       contents: read # This permission is needed to allow the GitHub Actions workflow to read the contents of the repository.
     steps:
     - name: Check out repository
-      uses: actions/checkout@v6
+      uses: actions/checkout@v5
 
     - name: Install Node.js
-      uses: actions/setup-node@v6
+      uses: actions/setup-node@v5
       with:
         node-version: 24
         cache: npm

.github/workflows/rebuild.yml

@@ -24,7 +24,7 @@ jobs:
       pull-requests: write # needed to comment on the PR
     steps:
       - name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
           ref: ${{ env.HEAD_REF }}

.github/workflows/rollback-release.yml

@@ -52,7 +52,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0 # Need full history for calculation of diffs
 
@@ -137,7 +137,7 @@ jobs:
 
       - name: Generate token
         if: github.event_name == 'workflow_dispatch'
-        uses: actions/create-github-app-token@v2.2.1
+        uses: actions/create-github-app-token@v2.1.4
         id: app-token
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}

.github/workflows/script/bundle_changelog.py

@@ -1,18 +0,0 @@
-import os
-import re
-
-# Get the PR number from the PR URL.
-pr_number = os.environ['PR_URL'].split('/')[-1]
-changelog_note = f"- Update default CodeQL bundle version to {os.environ['CLI_VERSION']}. [#{pr_number}]({os.environ['PR_URL']})"
-
-# If the "[UNRELEASED]" section starts with "no user facing changes", remove that line.
-with open('CHANGELOG.md', 'r') as f:
-    changelog = f.read()
-
-changelog = changelog.replace('## [UNRELEASED]\n\nNo user facing changes.', '## [UNRELEASED]\n')
-
-# Add the changelog note to the bottom of the "[UNRELEASED]" section.
-changelog = re.sub(r'\n## (\d+\.\d+\.\d+)', f'{changelog_note}\n\n## \\1', changelog, count=1)
-
-with open('CHANGELOG.md', 'w') as f:
-    f.write(changelog)

.github/workflows/script/update-required-checks.sh

@@ -29,7 +29,7 @@ fi
 echo "Getting checks for $GITHUB_SHA"
 
 # Ignore any checks with "https://", CodeQL, LGTM, Update, and ESLint checks.
-CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs.[] | select(.conclusion != "skipped") | .name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("ESLint") or contains("update") or contains("test-setup-python-scripts") or . == "Agent" or . == "Cleanup artifacts" or . == "Prepare" or . == "Upload results" | not)] | unique | sort')"
+CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs.[] | select(.conclusion != "skipped") | .name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("ESLint") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
 
 echo "$CHECKS" | jq
 

.github/workflows/test-codeql-bundle-all.yml

@@ -36,17 +36,13 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
     - name: Check out repository
-      uses: actions/checkout@v6
+      uses: actions/checkout@v5
     - name: Prepare test
       id: prepare-test
       uses: ./.github/actions/prepare-test
       with:
         version: ${{ matrix.version }}
         use-all-platform-bundle: true
-    - name: Install .NET
-      uses: actions/setup-dotnet@v5
-      with:
-        dotnet-version: '9.x'
     - id: init
       uses: ./../action/init
       with:

.github/workflows/update-bundle.yml

@@ -20,7 +20,7 @@ defaults:
 jobs:
   update-bundle:
     if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-')
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
     permissions:
       contents: write # needed to push commits
       pull-requests: write # needed to create pull requests
@@ -33,20 +33,15 @@ jobs:
           GITHUB_CONTEXT: '${{ toJson(github) }}'
         run: echo "$GITHUB_CONTEXT"
 
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@v5
 
       - name: Update git config
         run: |
           git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
           git config --global user.name "github-actions[bot]"
 
-      - name: Set up Python
-        uses: actions/setup-python@v6
-        with:
-          python-version: '3.12'
-
       - name: Set up Node.js
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@v5
         with:
           node-version: 24
           cache: 'npm'
@@ -83,8 +78,28 @@ jobs:
           echo "PR_URL=$pr_url" | tee -a "$GITHUB_ENV"
 
       - name: Create changelog note
+        shell: python
         run: |
-          python .github/workflows/script/bundle_changelog.py
+          import os
+          import re
+
+          # Get the PR number from the PR URL.
+          pr_number = os.environ['PR_URL'].split('/')[-1]
+          changelog_note = f"- Update default CodeQL bundle version to {os.environ['CLI_VERSION']}. [#{pr_number}]({os.environ['PR_URL']})"
+
+          # If the "[UNRELEASED]" section starts with "no user facing changes", remove that line.
+          # Use perl to avoid having to escape the newline character.
+
+          with open('CHANGELOG.md', 'r') as f:
+              changelog = f.read()
+
+          changelog = changelog.replace('## [UNRELEASED]\n\nNo user facing changes.', '## [UNRELEASED]\n')
+
+          # Add the changelog note to the bottom of the "[UNRELEASED]" section.
+          changelog = re.sub(r'\n## (\d+\.\d+\.\d+)', f'{changelog_note}\n\n## \\1', changelog, count=1)
+
+          with open('CHANGELOG.md', 'w') as f:
+              f.write(changelog)
 
       - name: Push changelog note
         run: |

.github/workflows/update-release-branch.yml

@@ -26,7 +26,7 @@ jobs:
 
   update:
     timeout-minutes: 45
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
     if: github.event_name == 'workflow_dispatch'
     needs: [prepare]
     env:
@@ -38,7 +38,7 @@ jobs:
       contents: write # needed to push commits
       pull-requests: write # needed to create pull request
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v5
       with:
         fetch-depth: 0  # Need full history for calculation of diffs
     - uses: ./.github/actions/release-initialise
@@ -77,7 +77,7 @@ jobs:
 
   backport:
     timeout-minutes: 45
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
     environment: Automation
     needs: [prepare]
     if: ${{ (github.event_name == 'push') && needs.prepare.outputs.backport_target_branches != '[]' }}
@@ -93,14 +93,14 @@ jobs:
       pull-requests: write # needed to create pull request
     steps:
     - name: Generate token
-      uses: actions/create-github-app-token@v2.2.1
+      uses: actions/create-github-app-token@v2.1.4
       id: app-token
       with:
         app-id: ${{ vars.AUTOMATION_APP_ID }}
         private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
 
     - name: Checkout
-      uses: actions/checkout@v6
+      uses: actions/checkout@v5
       with:
         fetch-depth: 0  # Need full history for calculation of diffs
         token: ${{ steps.app-token.outputs.token }}

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -4,18 +4,12 @@ on:
   schedule:
     - cron: "0 0 * * *"
   workflow_dispatch:
-  pull_request:
-    branches:
-      - main
-    paths:
-      - .github/workflows/update-supported-enterprise-server-versions.yml
-      - .github/workflows/update-supported-enterprise-server-versions/update.py
 
 jobs:
   update-supported-enterprise-server-versions:
     name: Update Supported Enterprise Server Versions
     timeout-minutes: 45
-    runs-on: ubuntu-slim
+    runs-on: ubuntu-latest
     if: github.repository == 'github/codeql-action'
     permissions:
       contents: write # needed to push commits
@@ -27,14 +21,13 @@ jobs:
         with:
           python-version: "3.13"
       - name: Checkout CodeQL Action
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
       - name: Checkout Enterprise Releases
-        uses: actions/checkout@v6
+        uses: actions/checkout@v5
         with:
           repository: github/enterprise-releases
           token: ${{ secrets.ENTERPRISE_RELEASE_TOKEN }}
           path: ${{ github.workspace }}/enterprise-releases/
-          sparse-checkout: releases.json
       - name: Update Supported Enterprise Server Versions
         run: |
           cd ./.github/workflows/update-supported-enterprise-server-versions/
@@ -42,7 +35,6 @@ jobs:
           pipenv install
           pipenv run ./update.py
           rm --recursive "$ENTERPRISE_RELEASES_PATH"
-          npm ci
           npm run build
         env:
           ENTERPRISE_RELEASES_PATH: ${{ github.workspace }}/enterprise-releases/
@@ -52,25 +44,16 @@ jobs:
           git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
           git config --global user.name "github-actions[bot]"
 
-      - name: Commit changes
+      - name: Commit changes and open PR
-        id: prepare-commit
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           if [[ -z $(git status --porcelain) ]]; then
             echo "No changes to commit"
-            echo "committed=false" >> $GITHUB_OUTPUT
           else
             git checkout -b update-supported-enterprise-server-versions
             git add .
             git commit --message "Update supported GitHub Enterprise Server versions"
-
-            echo "committed=true" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Open PR
-        if: github.event_name != 'pull_request' && steps.prepare-commit.outputs.committed == 'true'
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
             git push origin update-supported-enterprise-server-versions
 
             body="This PR updates the list of supported GitHub Enterprise Server versions, either because a new "
@@ -82,3 +65,4 @@ jobs:
             gh pr create --draft \
               --title "Update supported GitHub Enterprise Server versions" \
               --body "$body"
+          fi

CHANGELOG.md

@@ -6,57 +6,6 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 No user facing changes.
 
-## 4.31.9 - 16 Dec 2025
-
-No user facing changes.
-
-## 4.31.8 - 11 Dec 2025
-
-- Update default CodeQL bundle version to 2.23.8. [#3354](https://github.com/github/codeql-action/pull/3354)
-
-## 4.31.7 - 05 Dec 2025
-
-- Update default CodeQL bundle version to 2.23.7. [#3343](https://github.com/github/codeql-action/pull/3343)
-
-## 4.31.6 - 01 Dec 2025
-
-No user facing changes.
-
-## 4.31.5 - 24 Nov 2025
-
-- Update default CodeQL bundle version to 2.23.6. [#3321](https://github.com/github/codeql-action/pull/3321)
-
-## 4.31.4 - 18 Nov 2025
-
-No user facing changes.
-
-## 4.31.3 - 13 Nov 2025
-
-- CodeQL Action v3 will be deprecated in December 2026.  The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see [Upcoming deprecation of CodeQL Action v3](https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/).
-- Update default CodeQL bundle version to 2.23.5. [#3288](https://github.com/github/codeql-action/pull/3288)
-
-## 4.31.2 - 30 Oct 2025
-
-No user facing changes.
-
-## 4.31.1 - 30 Oct 2025
-
-- The `add-snippets` input has been removed from the `analyze` action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.
-
-## 4.31.0 - 24 Oct 2025
-
-- Bump minimum CodeQL bundle version to 2.17.6. [#3223](https://github.com/github/codeql-action/pull/3223)
-- When SARIF files are uploaded by the `analyze` or `upload-sarif` actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the `upload-sarif` action. For `analyze`, this may affect Advanced Setup for CodeQL users who specify a value other than `always` for the `upload` input. [#3222](https://github.com/github/codeql-action/pull/3222)
-
-## 4.30.9 - 17 Oct 2025
-
-- Update default CodeQL bundle version to 2.23.3. [#3205](https://github.com/github/codeql-action/pull/3205)
-- Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#3204](https://github.com/github/codeql-action/pull/3204)
-
-## 4.30.8 - 10 Oct 2025
-
-No user facing changes.
-
 ## 4.30.7 - 06 Oct 2025
 
 - [v4+ only] The CodeQL Action now runs on Node.js v24. [#3169](https://github.com/github/codeql-action/pull/3169)

README.md

@@ -34,7 +34,6 @@ Actions with special purposes and unlikely to be used directly:
 - `autobuild`: Attempts to automatically build the code. Only used for analyzing languages that require a build. Use the `build-mode: autobuild` input in the `init` action instead. For information about input parameters, see the [autobuild action definition](https://github.com/github/codeql-action/blob/main/autobuild/action.yml).
 - `resolve-environment`: [Experimental] Attempts to infer a build environment suitable for automatic builds. For information about input parameters, see the [resolve-environment action definition](https://github.com/github/codeql-action/blob/main/resolve-environment/action.yml).
 - `start-proxy`: [Experimental] Start the HTTP proxy server. Internal use only and will change without notice. For information about input parameters, see the [start-proxy action definition](https://github.com/github/codeql-action/blob/main/start-proxy/action.yml).
-- `setup-codeql`: [Experimental] Similar to `init`, except it only installs the CodeQL CLI and does not initialize a database.
 
 ### Workflow Permissions
 

analyze/action.yml

@@ -6,7 +6,7 @@ inputs:
     description: The name of the check run to add text to.
     required: false
   output:
-    description: The path of the directory in which to save the SARIF results from the CodeQL CLI.
+    description: The path of the directory in which to save the SARIF results
     required: false
     default: "../results"
   upload:
@@ -32,10 +32,14 @@ inputs:
       and 13GB for macOS).
     required: false
   add-snippets:
-    description: Does not have any effect.
+    description: Specify whether or not to add code snippets to the output sarif file.
     required: false
+    default: "false"
     deprecationMessage: >-
-      The input "add-snippets" has been removed and no longer has any effect.
+      The input "add-snippets" is deprecated and will be removed on the first release in August 2025.
+      When this input is set to true it is expected to add code snippets with an alert to the SARIF file.
+      However, since Code Scanning ignores code snippets provided as part of a SARIF file this is currently
+      a no operation. No alternative is available.
   skip-queries:
     description: If this option is set, the CodeQL database will be built but no queries will be run on it. Thus, no results will be produced.
     required: false
@@ -66,12 +70,6 @@ inputs:
     description: Whether to upload the resulting CodeQL database
     required: false
     default: "true"
-  post-processed-sarif-path:
-    description: >-
-      Before uploading the SARIF files produced by the CodeQL CLI, the CodeQL Action may perform some post-processing
-      on them. Ordinarily, these post-processed SARIF files are not saved to disk. However, if a path is provided as an
-      argument for this input, they are written to the specified directory.
-    required: false
   wait-for-processing:
     description: If true, the Action will wait for the uploaded SARIF to be processed before completing.
     required: true

eslint.config.mjs

@@ -12,7 +12,6 @@ import filenames from "eslint-plugin-filenames";
 import github from "eslint-plugin-github";
 import _import from "eslint-plugin-import";
 import noAsyncForeach from "eslint-plugin-no-async-foreach";
-import jsdoc from "eslint-plugin-jsdoc";
 import globals from "globals";
 
 const __filename = fileURLToPath(import.meta.url);
@@ -53,7 +52,6 @@ export default [
       github: fixupPluginRules(github),
       import: fixupPluginRules(_import),
       "no-async-foreach": noAsyncForeach,
-      "jsdoc": jsdoc,
     },
 
     languageOptions: {
@@ -133,18 +131,7 @@ export default [
       "no-sequences": "error",
       "no-shadow": "off",
       "@typescript-eslint/no-shadow": "error",
-      "@typescript-eslint/prefer-optional-chain": "error",
       "one-var": ["error", "never"],
-
-      // Check param names to ensure that we don't have outdated JSDocs.
-      "jsdoc/check-param-names": [
-        "error",
-        {
-          // We don't currently require full JSDoc coverage, so this rule
-          // should not error on missing @param annotations.
-          disableMissingParamChecks: true,
-        }
-      ],
     },
   },
   {

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.23.8",
+  "bundleVersion": "codeql-bundle-v2.23.2",
-  "cliVersion": "2.23.8",
+  "cliVersion": "2.23.2",
-  "priorBundleVersion": "codeql-bundle-v2.23.7",
+  "priorBundleVersion": "codeql-bundle-v2.23.1",
-  "priorCliVersion": "2.23.7"
+  "priorCliVersion": "2.23.1"
 }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "4.31.10",
+  "version": "4.30.8",
   "private": true,
   "description": "CodeQL action",
   "scripts": {
@@ -24,55 +24,60 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@actions/artifact": "^5.0.1",
+    "@actions/artifact": "^2.3.1",
     "@actions/artifact-legacy": "npm:@actions/artifact@^1.1.2",
-    "@actions/cache": "^5.0.1",
+    "@actions/cache": "^4.1.0",
-    "@actions/core": "^2.0.1",
+    "@actions/core": "^1.11.1",
-    "@actions/exec": "^2.0.0",
+    "@actions/exec": "^1.1.1",
-    "@actions/github": "^6.0.1",
+    "@actions/github": "^6.0.0",
     "@actions/glob": "^0.5.0",
-    "@actions/http-client": "^3.0.0",
+    "@actions/http-client": "^2.2.3",
-    "@actions/io": "^2.0.0",
+    "@actions/io": "^1.1.3",
     "@actions/tool-cache": "^2.0.2",
     "@octokit/plugin-retry": "^6.0.0",
+    "@octokit/request-error": "^7.0.1",
     "@schemastore/package": "0.0.10",
     "archiver": "^7.0.1",
+    "check-disk-space": "^3.4.0",
+    "console-log-level": "^1.4.1",
+    "del": "^8.0.0",
     "fast-deep-equal": "^3.1.3",
     "follow-redirects": "^1.15.11",
     "get-folder-size": "^5.0.0",
-    "js-yaml": "^4.1.1",
+    "js-yaml": "^4.1.0",
     "jsonschema": "1.4.1",
     "long": "^5.3.2",
-    "node-forge": "^1.3.3",
+    "node-forge": "^1.3.1",
-    "semver": "^7.7.3",
+    "octokit": "^5.0.3",
+    "semver": "^7.7.2",
     "uuid": "^13.0.0"
   },
   "devDependencies": {
     "@ava/typescript": "6.0.0",
-    "@eslint/compat": "^2.0.0",
+    "@eslint/compat": "^1.4.0",
-    "@eslint/eslintrc": "^3.3.3",
+    "@eslint/eslintrc": "^3.3.1",
-    "@eslint/js": "^9.39.2",
+    "@eslint/js": "^9.37.0",
     "@microsoft/eslint-formatter-sarif": "^3.1.0",
-    "@octokit/types": "^16.0.0",
+    "@octokit/types": "^15.0.0",
-    "@types/archiver": "^7.0.0",
+    "@types/archiver": "^6.0.3",
+    "@types/console-log-level": "^1.4.5",
     "@types/follow-redirects": "^1.14.4",
     "@types/js-yaml": "^4.0.9",
-    "@types/node": "^20.19.9",
+    "@types/node": "20.19.9",
     "@types/node-forge": "^1.3.14",
     "@types/semver": "^7.7.1",
-    "@types/sinon": "^21.0.0",
+    "@types/sinon": "^17.0.4",
-    "@typescript-eslint/eslint-plugin": "^8.49.0",
+    "@typescript-eslint/eslint-plugin": "^8.45.0",
-    "@typescript-eslint/parser": "^8.48.0",
+    "@typescript-eslint/parser": "^8.41.0",
     "ava": "^6.4.1",
-    "esbuild": "^0.27.1",
+    "esbuild": "^0.25.10",
     "eslint": "^8.57.1",
     "eslint-import-resolver-typescript": "^3.8.7",
     "eslint-plugin-filenames": "^1.3.2",
     "eslint-plugin-github": "^5.1.8",
     "eslint-plugin-import": "2.29.1",
-    "eslint-plugin-jsdoc": "^61.5.0",
     "eslint-plugin-no-async-foreach": "^0.1.1",
-    "glob": "^11.1.0",
+    "glob": "^11.0.3",
     "nock": "^14.0.10",
     "sinon": "^21.0.0",
     "typescript": "^5.9.3"
@@ -96,7 +101,6 @@
     "eslint-plugin-jsx-a11y": {
       "semver": ">=6.3.1"
     },
-    "brace-expansion@2.0.1": "2.0.2",
+    "brace-expansion@2.0.1": "2.0.2"
-    "glob": "^11.1.0"
   }
 }