Merge pull request #3345 from github/mergeback/v4.31.7-to-main-cf1bb45a

Mergeback v4.31.7 refs/heads/releases/v4 into main
Rebuild
2025-12-06 15:58:06 +08:00 · 2025-12-05 21:43:41 +01:00 · 2025-12-05 17:21:46 +00:00 · 2025-12-05 17:19:09 +00:00 · 2025-12-05 18:17:21 +01:00 · 2025-12-05 15:18:53 +00:00
124 changed files with 3019 additions and 2399 deletions
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -18,14 +18,25 @@ For internal use only. Please select the risk level of this change:

 #### Which use cases does this change impact?

-<!-- Delete options that don't apply. -->
+<!-- Delete options that don't apply. If in doubt, do not delete an option. -->

- **Advanced setup** - Impacts users who have custom workflows.
- **Default setup** - Impacts users who use default setup.
- **Code Scanning** - Impacts Code Scanning (i.e. `analysis-kinds: code-scanning`).
- **Code Quality** - Impacts Code Quality (i.e. `analysis-kinds: code-quality`).
- **Third-party analyses** - Impacts third-party analyses (i.e. `upload-sarif`).
- **GHES** - Impacts GitHub Enterprise Server.
+Workflow types:
+
+- **Advanced setup** - Impacts users who have custom CodeQL workflows.
+- **Managed** - Impacts users with `dynamic` workflows (Default Setup, CCR, ...).
+
+Products:
+
+- **Code Scanning** - The changes impact analyses when `analysis-kinds: code-scanning`.
+- **Code Quality** - The changes impact analyses when `analysis-kinds: code-quality`.
+- **CCR** - The changes impact analyses for Copilot Code Reviews.
+- **Third-party analyses** - The changes affect the `upload-sarif` action.
+
+Environments:
+
+- **Dotcom** - Impacts CodeQL workflows on `github.com`.
+- **GHES** - Impacts CodeQL workflows on GitHub Enterprise Server.
+- **Testing/None** - This change does not impact any CodeQL workflows in production.

 #### How did/will you validate this change?

@@ -54,6 +65,15 @@ For internal use only. Please select the risk level of this change:
    - **Alerts** - New or existing monitors will trip if something goes wrong with this change.
 - **Other** - Please provide details.

+#### Are there any special considerations for merging or releasing this change?
+
+<!--
+    Consider whether this change depends on a different change in another repository that should be released first.
+-->
+
+- **No special considerations** - This change can be merged at any time.
+- **Special considerations** - This change should only be merged once certain preconditions are met. Please provide details of those or link to this PR from an internal issue.
+
 ### Merge / deployment checklist

 - Confirm this change is backwards compatible with existing workflows.
--- a/.github/workflows/__all-platform-bundle.yml
+++ b/.github/workflows/__all-platform-bundle.yml
@@ -71,7 +71,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__analyze-ref-input.yml
+++ b/.github/workflows/__analyze-ref-input.yml
@@ -77,7 +77,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__autobuild-action.yml
+++ b/.github/workflows/__autobuild-action.yml
@@ -61,7 +61,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml
+++ b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml
@@ -63,7 +63,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__autobuild-working-dir.yml
+++ b/.github/workflows/__autobuild-working-dir.yml
@@ -47,7 +47,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__build-mode-autobuild.yml
+++ b/.github/workflows/__build-mode-autobuild.yml
@@ -63,7 +63,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__build-mode-manual.yml
+++ b/.github/workflows/__build-mode-manual.yml
@@ -67,7 +67,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__build-mode-none.yml
+++ b/.github/workflows/__build-mode-none.yml
@@ -49,7 +49,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__build-mode-rollback.yml
+++ b/.github/workflows/__build-mode-rollback.yml
@@ -47,7 +47,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__bundle-from-toolcache.yml
+++ b/.github/workflows/__bundle-from-toolcache.yml
@@ -47,7 +47,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__bundle-toolcache.yml
+++ b/.github/workflows/__bundle-toolcache.yml
@@ -51,7 +51,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__bundle-zstd.yml
+++ b/.github/workflows/__bundle-zstd.yml
@@ -51,7 +51,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__cleanup-db-cluster-dir.yml
+++ b/.github/workflows/__cleanup-db-cluster-dir.yml
@@ -47,7 +47,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__config-export.yml
+++ b/.github/workflows/__config-export.yml
@@ -49,7 +49,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__config-input.yml
+++ b/.github/workflows/__config-input.yml
@@ -47,7 +47,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Install Node.js
        uses: actions/setup-node@v6
        with:
--- a/.github/workflows/__cpp-deptrace-disabled.yml
+++ b/.github/workflows/__cpp-deptrace-disabled.yml
@@ -51,7 +51,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml
+++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml
@@ -49,7 +49,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__cpp-deptrace-enabled.yml
+++ b/.github/workflows/__cpp-deptrace-enabled.yml
@@ -51,7 +51,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__diagnostics-export.yml
+++ b/.github/workflows/__diagnostics-export.yml
@@ -49,7 +49,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__export-file-baseline-information.yml
+++ b/.github/workflows/__export-file-baseline-information.yml
@@ -71,7 +71,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__extractor-ram-threads.yml
+++ b/.github/workflows/__extractor-ram-threads.yml
@@ -47,7 +47,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__global-proxy.yml
+++ b/.github/workflows/__global-proxy.yml
@@ -61,7 +61,7 @@ jobs:
          apt install -y gh
        env: {}
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__go-custom-queries.yml
+++ b/.github/workflows/__go-custom-queries.yml
@@ -69,7 +69,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
@@ -57,7 +57,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
@@ -57,7 +57,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__go-indirect-tracing-workaround.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround.yml
@@ -57,7 +57,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__go-tracing-autobuilder.yml
+++ b/.github/workflows/__go-tracing-autobuilder.yml
@@ -91,7 +91,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__go-tracing-custom-build-steps.yml
+++ b/.github/workflows/__go-tracing-custom-build-steps.yml
@@ -91,7 +91,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__go-tracing-legacy-workflow.yml
+++ b/.github/workflows/__go-tracing-legacy-workflow.yml
@@ -91,7 +91,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__go.yml
+++ b/.github/workflows/__go.yml
@@ -8,9 +8,6 @@ env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
-  push:
-    paths:
-      - .github/workflows/__go.yml
  workflow_dispatch:
    inputs:
      go-version:
--- a/.github/workflows/__init-with-registries.yml
+++ b/.github/workflows/__init-with-registries.yml
@@ -52,7 +52,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__javascript-source-root.yml
+++ b/.github/workflows/__javascript-source-root.yml
@@ -51,7 +51,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__job-run-uuid-sarif.yml
+++ b/.github/workflows/__job-run-uuid-sarif.yml
@@ -47,7 +47,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__language-aliases.yml
+++ b/.github/workflows/__language-aliases.yml
@@ -47,7 +47,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__local-bundle.yml
+++ b/.github/workflows/__local-bundle.yml
@@ -77,7 +77,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__multi-language-autodetect.yml
+++ b/.github/workflows/__multi-language-autodetect.yml
@@ -111,7 +111,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__overlay-init-fallback.yml
+++ b/.github/workflows/__overlay-init-fallback.yml
@@ -49,7 +49,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml
+++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml
@@ -81,7 +81,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Install Node.js
        uses: actions/setup-node@v6
        with:
--- a/.github/workflows/__packaging-config-inputs-js.yml
+++ b/.github/workflows/__packaging-config-inputs-js.yml
@@ -71,7 +71,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Install Node.js
        uses: actions/setup-node@v6
        with:
--- a/.github/workflows/__packaging-config-js.yml
+++ b/.github/workflows/__packaging-config-js.yml
@@ -71,7 +71,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Install Node.js
        uses: actions/setup-node@v6
        with:
--- a/.github/workflows/__packaging-inputs-js.yml
+++ b/.github/workflows/__packaging-inputs-js.yml
@@ -71,7 +71,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Install Node.js
        uses: actions/setup-node@v6
        with:
--- a/.github/workflows/__quality-queries.yml
+++ b/.github/workflows/__quality-queries.yml
@@ -63,7 +63,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__remote-config.yml
+++ b/.github/workflows/__remote-config.yml
@@ -79,7 +79,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__resolve-environment-action.yml
+++ b/.github/workflows/__resolve-environment-action.yml
@@ -51,7 +51,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__rubocop-multi-language.yml
+++ b/.github/workflows/__rubocop-multi-language.yml
@@ -47,7 +47,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__ruby.yml
+++ b/.github/workflows/__ruby.yml
@@ -57,7 +57,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__rust.yml
+++ b/.github/workflows/__rust.yml
@@ -55,7 +55,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__split-workflow.yml
+++ b/.github/workflows/__split-workflow.yml
@@ -77,7 +77,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__start-proxy.yml
+++ b/.github/workflows/__start-proxy.yml
@@ -51,7 +51,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__submit-sarif-failure.yml
+++ b/.github/workflows/__submit-sarif-failure.yml
@@ -52,7 +52,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -60,7 +60,7 @@ jobs:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: ./init
        with:
          languages: javascript
--- a/.github/workflows/__swift-autobuild.yml
+++ b/.github/workflows/__swift-autobuild.yml
@@ -47,7 +47,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__swift-custom-build.yml
+++ b/.github/workflows/__swift-custom-build.yml
@@ -71,7 +71,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__unset-environment.yml
+++ b/.github/workflows/__unset-environment.yml
@@ -79,7 +79,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__upload-ref-sha-input.yml
+++ b/.github/workflows/__upload-ref-sha-input.yml
@@ -77,7 +77,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__upload-sarif.yml
+++ b/.github/workflows/__upload-sarif.yml
@@ -84,7 +84,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/__with-checkout-path.yml
+++ b/.github/workflows/__with-checkout-path.yml
@@ -77,7 +77,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
@@ -107,7 +107,7 @@ jobs:
          rm -rf ./* .github .git
  # Check out the actions repo again, but at a different location.
  # choose an arbitrary SHA so that we can later test that the commit_oid is not from main
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
          path: x/y/z/some-path
--- a/.github/workflows/check-expected-release-files.yml
+++ b/.github/workflows/check-expected-release-files.yml
@@ -22,7 +22,7 @@ jobs:

    steps:
      - name: Checkout CodeQL Action
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Check Expected Release Files
        run: |
          bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")"
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -4,7 +4,6 @@ on:
  push:
    branches: [main, releases/v*]
  pull_request:
-    branches: [main, releases/v*]
    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
    # by other workflows.
    types: [opened, synchronize, reopened, ready_for_review]
@@ -32,7 +31,7 @@ jobs:
      contents: read

    steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
    - name: Init with default CodeQL bundle from the VM image
      id: init-default
      uses: ./init
@@ -91,7 +90,7 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
    - name: Initialize CodeQL
      uses: ./init
      id: init
@@ -128,7 +127,7 @@ jobs:

    steps:
    - name: Checkout
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
    - name: Initialize CodeQL
      uses: ./init
      with:
--- a/.github/workflows/codescanning-config-cli.yml
+++ b/.github/workflows/codescanning-config-cli.yml
@@ -53,7 +53,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6

    - name: Set up Node.js
      uses: actions/setup-node@v6
@@ -70,13 +70,33 @@ jobs:
      with:
        version: ${{ matrix.version }}

-    - name: Empty file
+    # On PRs, overlay analysis may change the config that is passed to the CLI.
+    # Therefore, we have two variants of the following test, one for PRs and one for other events.
+    - name: Empty file (non-PR)
+      if: github.event_name != 'pull_request'
      uses: ./../action/.github/actions/check-codescanning-config
      with:
        expected-config-file-contents: "{}"
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}

+    - name: Empty file (PR)
+      if: github.event_name == 'pull_request'
+      uses: ./../action/.github/actions/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "query-filters": [
+              {
+                "exclude": {
+                  "tags": "exclude-from-incremental"
+                }
+              }
+            ]
+          }
+        languages: javascript
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
    - name: Packs from input
      if: success() || failure()
      uses: ./../action/.github/actions/check-codescanning-config
--- a/.github/workflows/debug-artifacts-failure-safe.yml
+++ b/.github/workflows/debug-artifacts-failure-safe.yml
@@ -45,7 +45,7 @@ jobs:
      - name: Dump GitHub event
        run: cat "${GITHUB_EVENT_PATH}"
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/debug-artifacts-safe.yml
+++ b/.github/workflows/debug-artifacts-safe.yml
@@ -41,7 +41,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
--- a/.github/workflows/post-release-mergeback.yml
+++ b/.github/workflows/post-release-mergeback.yml
@@ -44,7 +44,7 @@ jobs:
          GITHUB_CONTEXT: '${{ toJson(github) }}'
        run: echo "${GITHUB_CONTEXT}"

-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
        with:
          fetch-depth: 0  # ensure we have all tags and can push commits
      - uses: actions/setup-node@v6
@@ -142,7 +142,7 @@ jobs:
          token: "${{ secrets.GITHUB_TOKEN }}"

      - name: Generate token
-        uses: actions/create-github-app-token@v2.1.4
+        uses: actions/create-github-app-token@v2.2.0
        id: app-token
        with:
          app-id: ${{ vars.AUTOMATION_APP_ID }}
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -32,7 +32,7 @@ jobs:
        if: runner.os == 'Windows'
        run: git config --global core.autocrlf false

-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6

      - name: Set up Node.js
        uses: actions/setup-node@v6
@@ -91,7 +91,7 @@ jobs:
      contents: read

    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - id: head-version
        name: Verify all Actions use the same Node version
        run: |
@@ -106,7 +106,7 @@ jobs:
      - id: checkout-base
        name: 'Backport: Check out base ref'
        if: ${{ startsWith(github.head_ref, 'backport-') }}
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          ref: ${{ env.BASE_REF }}

--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -44,7 +44,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0 # Need full history for calculation of diffs

--- a/.github/workflows/publish-immutable-action.yml
+++ b/.github/workflows/publish-immutable-action.yml
@@ -20,7 +20,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6

      - name: Publish immutable release
        id: publish
--- a/.github/workflows/python312-windows.yml
+++ b/.github/workflows/python312-windows.yml
@@ -31,7 +31,7 @@ jobs:
      with:
        python-version: 3.12

-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6

    - name: Prepare test
      uses: ./.github/actions/prepare-test
--- a/.github/workflows/query-filters.yml
+++ b/.github/workflows/query-filters.yml
@@ -29,7 +29,7 @@ jobs:
      contents: read # This permission is needed to allow the GitHub Actions workflow to read the contents of the repository.
    steps:
    - name: Check out repository
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6

    - name: Install Node.js
      uses: actions/setup-node@v6
--- a/.github/workflows/rebuild.yml
+++ b/.github/workflows/rebuild.yml
@@ -24,7 +24,7 @@ jobs:
      pull-requests: write # needed to comment on the PR
    steps:
      - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0
          ref: ${{ env.HEAD_REF }}
--- a/.github/workflows/rollback-release.yml
+++ b/.github/workflows/rollback-release.yml
@@ -52,7 +52,7 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          fetch-depth: 0 # Need full history for calculation of diffs

@@ -137,7 +137,7 @@ jobs:

      - name: Generate token
        if: github.event_name == 'workflow_dispatch'
-        uses: actions/create-github-app-token@v2.1.4
+        uses: actions/create-github-app-token@v2.2.0
        id: app-token
        with:
          app-id: ${{ vars.AUTOMATION_APP_ID }}
--- a/.github/workflows/test-codeql-bundle-all.yml
+++ b/.github/workflows/test-codeql-bundle-all.yml
@@ -36,7 +36,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
    - name: Prepare test
      id: prepare-test
      uses: ./.github/actions/prepare-test
--- a/.github/workflows/update-bundle.yml
+++ b/.github/workflows/update-bundle.yml
@@ -33,7 +33,7 @@ jobs:
          GITHUB_CONTEXT: '${{ toJson(github) }}'
        run: echo "$GITHUB_CONTEXT"

-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6

      - name: Update git config
        run: |
--- a/.github/workflows/update-release-branch.yml
+++ b/.github/workflows/update-release-branch.yml
@@ -38,7 +38,7 @@ jobs:
      contents: write # needed to push commits
      pull-requests: write # needed to create pull request
    steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v6
      with:
        fetch-depth: 0  # Need full history for calculation of diffs
    - uses: ./.github/actions/release-initialise
@@ -93,14 +93,14 @@ jobs:
      pull-requests: write # needed to create pull request
    steps:
    - name: Generate token
-      uses: actions/create-github-app-token@v2.1.4
+      uses: actions/create-github-app-token@v2.2.0
      id: app-token
      with:
        app-id: ${{ vars.AUTOMATION_APP_ID }}
        private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}

    - name: Checkout
-      uses: actions/checkout@v5
+      uses: actions/checkout@v6
      with:
        fetch-depth: 0  # Need full history for calculation of diffs
        token: ${{ steps.app-token.outputs.token }}
--- a/.github/workflows/update-supported-enterprise-server-versions.yml
+++ b/.github/workflows/update-supported-enterprise-server-versions.yml
@@ -27,9 +27,9 @@ jobs:
        with:
          python-version: "3.13"
      - name: Checkout CodeQL Action
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
      - name: Checkout Enterprise Releases
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
        with:
          repository: github/enterprise-releases
          token: ${{ secrets.ENTERPRISE_RELEASE_TOKEN }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,22 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th

 No user facing changes.

+## 4.31.7 - 05 Dec 2025
+
+- Update default CodeQL bundle version to 2.23.7. [#3343](https://github.com/github/codeql-action/pull/3343)
+
+## 4.31.6 - 01 Dec 2025
+
+No user facing changes.
+
+## 4.31.5 - 24 Nov 2025
+
+- Update default CodeQL bundle version to 2.23.6. [#3321](https://github.com/github/codeql-action/pull/3321)
+
+## 4.31.4 - 18 Nov 2025
+
+No user facing changes.
+
 ## 4.31.3 - 13 Nov 2025

 - CodeQL Action v3 will be deprecated in December 2026.  The Action now logs a warning for customers who are running v3 but could be running v4. For more information, see [Upcoming deprecation of CodeQL Action v3](https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/).
--- a/lib/analyze-action-post.js
+++ b/lib/analyze-action-post.js
@@ -19419,7 +19419,7 @@ var require_exec = __commonJS({
    exports2.getExecOutput = exports2.exec = void 0;
    var string_decoder_1 = require("string_decoder");
    var tr = __importStar4(require_toolrunner());
-    function exec2(commandLine, args, options) {
+    function exec(commandLine, args, options) {
      return __awaiter4(this, void 0, void 0, function* () {
        const commandArgs = tr.argStringToArray(commandLine);
        if (commandArgs.length === 0) {
@@ -19431,8 +19431,8 @@ var require_exec = __commonJS({
        return runner.exec();
      });
    }
-    exports2.exec = exec2;
-    function getExecOutput2(commandLine, args, options) {
+    exports2.exec = exec;
+    function getExecOutput(commandLine, args, options) {
      var _a, _b;
      return __awaiter4(this, void 0, void 0, function* () {
        let stdout = "";
@@ -19454,7 +19454,7 @@ var require_exec = __commonJS({
          }
        };
        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
-        const exitCode = yield exec2(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
+        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
        stdout += stdoutDecoder.end();
        stderr += stderrDecoder.end();
        return {
@@ -19464,7 +19464,7 @@ var require_exec = __commonJS({
        };
      });
    }
-    exports2.getExecOutput = getExecOutput2;
+    exports2.getExecOutput = getExecOutput;
  }
 });

@@ -19532,12 +19532,12 @@ var require_platform = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getDetails = exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
    var os_1 = __importDefault4(require("os"));
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var getWindowsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout: version } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
+      const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
        silent: true
      });
-      const { stdout: name } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
+      const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
        silent: true
      });
      return {
@@ -19547,7 +19547,7 @@ var require_platform = __commonJS({
    });
    var getMacOsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
      var _a, _b, _c, _d;
-      const { stdout } = yield exec2.getExecOutput("sw_vers", void 0, {
+      const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
        silent: true
      });
      const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
@@ -19558,7 +19558,7 @@ var require_platform = __commonJS({
      };
    });
    var getLinuxInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout } = yield exec2.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
+      const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
        silent: true
      });
      const [name, version] = stdout.trim().split("\n");
@@ -27627,7 +27627,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.4",
+      version: "4.31.8",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -27662,7 +27662,6 @@ var require_package = __commonJS({
        "@actions/io": "^2.0.0",
        "@actions/tool-cache": "^2.0.2",
        "@octokit/plugin-retry": "^6.0.0",
-        "@octokit/request-error": "^7.0.2",
        "@schemastore/package": "0.0.10",
        archiver: "^7.0.1",
        "fast-deep-equal": "^3.1.3",
@@ -27671,27 +27670,26 @@ var require_package = __commonJS({
        "js-yaml": "^4.1.1",
        jsonschema: "1.4.1",
        long: "^5.3.2",
-        "node-forge": "^1.3.1",
-        octokit: "^5.0.5",
+        "node-forge": "^1.3.2",
        semver: "^7.7.3",
        uuid: "^13.0.0"
      },
      devDependencies: {
        "@ava/typescript": "6.0.0",
-        "@eslint/compat": "^1.4.1",
-        "@eslint/eslintrc": "^3.3.1",
+        "@eslint/compat": "^2.0.0",
+        "@eslint/eslintrc": "^3.3.3",
        "@eslint/js": "^9.39.1",
        "@microsoft/eslint-formatter-sarif": "^3.1.0",
        "@octokit/types": "^16.0.0",
        "@types/archiver": "^7.0.0",
        "@types/follow-redirects": "^1.14.4",
        "@types/js-yaml": "^4.0.9",
-        "@types/node": "20.19.9",
+        "@types/node": "^20.19.9",
        "@types/node-forge": "^1.3.14",
        "@types/semver": "^7.7.1",
-        "@types/sinon": "^17.0.4",
-        "@typescript-eslint/eslint-plugin": "^8.46.4",
-        "@typescript-eslint/parser": "^8.41.0",
+        "@types/sinon": "^21.0.0",
+        "@typescript-eslint/eslint-plugin": "^8.48.0",
+        "@typescript-eslint/parser": "^8.48.0",
        ava: "^6.4.1",
        esbuild: "^0.27.0",
        eslint: "^8.57.1",
@@ -27699,9 +27697,9 @@ var require_package = __commonJS({
        "eslint-plugin-filenames": "^1.3.2",
        "eslint-plugin-github": "^5.1.8",
        "eslint-plugin-import": "2.29.1",
-        "eslint-plugin-jsdoc": "^61.1.12",
+        "eslint-plugin-jsdoc": "^61.4.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
-        glob: "^11.0.3",
+        glob: "^11.1.0",
        nock: "^14.0.10",
        sinon: "^21.0.0",
        typescript: "^5.9.3"
@@ -27725,7 +27723,8 @@ var require_package = __commonJS({
        "eslint-plugin-jsx-a11y": {
          semver: ">=6.3.1"
        },
-        "brace-expansion@2.0.1": "2.0.2"
+        "brace-expansion@2.0.1": "2.0.2",
+        glob: "^11.1.0"
      }
    };
  }
@@ -33935,7 +33934,7 @@ var require_cacheUtils = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getRuntimeToken = exports2.getCacheVersion = exports2.assertDefined = exports2.getGnuTarPathOnWindows = exports2.getCacheFileName = exports2.getCompressionMethod = exports2.unlinkFile = exports2.resolvePaths = exports2.getArchiveFileSizeInBytes = exports2.createTempDirectory = void 0;
    var core14 = __importStar4(require_core());
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var glob2 = __importStar4(require_glob());
    var io6 = __importStar4(require_io3());
    var crypto = __importStar4(require("crypto"));
@@ -34019,7 +34018,7 @@ var require_cacheUtils = __commonJS({
        additionalArgs.push("--version");
        core14.debug(`Checking ${app} ${additionalArgs.join(" ")}`);
        try {
-          yield exec2.exec(`${app}`, additionalArgs, {
+          yield exec.exec(`${app}`, additionalArgs, {
            ignoreReturnCode: true,
            silent: true,
            listeners: {
@@ -97357,52 +97356,128 @@ var require_isPlainObject = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/brace-expansion/index.js
-var require_brace_expansion3 = __commonJS({
-  "node_modules/archiver-utils/node_modules/brace-expansion/index.js"(exports2, module2) {
-    var balanced = require_balanced_match();
-    module2.exports = expandTop;
+// node_modules/@isaacs/balanced-match/dist/commonjs/index.js
+var require_commonjs13 = __commonJS({
+  "node_modules/@isaacs/balanced-match/dist/commonjs/index.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.range = exports2.balanced = void 0;
+    var balanced = (a, b, str2) => {
+      const ma = a instanceof RegExp ? maybeMatch(a, str2) : a;
+      const mb = b instanceof RegExp ? maybeMatch(b, str2) : b;
+      const r = ma !== null && mb != null && (0, exports2.range)(ma, mb, str2);
+      return r && {
+        start: r[0],
+        end: r[1],
+        pre: str2.slice(0, r[0]),
+        body: str2.slice(r[0] + ma.length, r[1]),
+        post: str2.slice(r[1] + mb.length)
+      };
+    };
+    exports2.balanced = balanced;
+    var maybeMatch = (reg, str2) => {
+      const m = str2.match(reg);
+      return m ? m[0] : null;
+    };
+    var range = (a, b, str2) => {
+      let begs, beg, left, right = void 0, result;
+      let ai = str2.indexOf(a);
+      let bi = str2.indexOf(b, ai + 1);
+      let i = ai;
+      if (ai >= 0 && bi > 0) {
+        if (a === b) {
+          return [ai, bi];
+        }
+        begs = [];
+        left = str2.length;
+        while (i >= 0 && !result) {
+          if (i === ai) {
+            begs.push(i);
+            ai = str2.indexOf(a, i + 1);
+          } else if (begs.length === 1) {
+            const r = begs.pop();
+            if (r !== void 0)
+              result = [r, bi];
+          } else {
+            beg = begs.pop();
+            if (beg !== void 0 && beg < left) {
+              left = beg;
+              right = bi;
+            }
+            bi = str2.indexOf(b, i + 1);
+          }
+          i = ai < bi && ai >= 0 ? ai : bi;
+        }
+        if (begs.length && right !== void 0) {
+          result = [left, right];
+        }
+      }
+      return result;
+    };
+    exports2.range = range;
+  }
+});
+
+// node_modules/@isaacs/brace-expansion/dist/commonjs/index.js
+var require_commonjs14 = __commonJS({
+  "node_modules/@isaacs/brace-expansion/dist/commonjs/index.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.expand = expand;
+    var balanced_match_1 = require_commonjs13();
    var escSlash = "\0SLASH" + Math.random() + "\0";
    var escOpen = "\0OPEN" + Math.random() + "\0";
    var escClose = "\0CLOSE" + Math.random() + "\0";
    var escComma = "\0COMMA" + Math.random() + "\0";
    var escPeriod = "\0PERIOD" + Math.random() + "\0";
+    var escSlashPattern = new RegExp(escSlash, "g");
+    var escOpenPattern = new RegExp(escOpen, "g");
+    var escClosePattern = new RegExp(escClose, "g");
+    var escCommaPattern = new RegExp(escComma, "g");
+    var escPeriodPattern = new RegExp(escPeriod, "g");
+    var slashPattern = /\\\\/g;
+    var openPattern = /\\{/g;
+    var closePattern = /\\}/g;
+    var commaPattern = /\\,/g;
+    var periodPattern = /\\./g;
    function numeric(str2) {
-      return parseInt(str2, 10) == str2 ? parseInt(str2, 10) : str2.charCodeAt(0);
+      return !isNaN(str2) ? parseInt(str2, 10) : str2.charCodeAt(0);
    }
    function escapeBraces(str2) {
-      return str2.split("\\\\").join(escSlash).split("\\{").join(escOpen).split("\\}").join(escClose).split("\\,").join(escComma).split("\\.").join(escPeriod);
+      return str2.replace(slashPattern, escSlash).replace(openPattern, escOpen).replace(closePattern, escClose).replace(commaPattern, escComma).replace(periodPattern, escPeriod);
    }
    function unescapeBraces(str2) {
-      return str2.split(escSlash).join("\\").split(escOpen).join("{").split(escClose).join("}").split(escComma).join(",").split(escPeriod).join(".");
+      return str2.replace(escSlashPattern, "\\").replace(escOpenPattern, "{").replace(escClosePattern, "}").replace(escCommaPattern, ",").replace(escPeriodPattern, ".");
    }
    function parseCommaParts(str2) {
-      if (!str2)
+      if (!str2) {
        return [""];
-      var parts = [];
-      var m = balanced("{", "}", str2);
-      if (!m)
+      }
+      const parts = [];
+      const m = (0, balanced_match_1.balanced)("{", "}", str2);
+      if (!m) {
        return str2.split(",");
-      var pre = m.pre;
-      var body = m.body;
-      var post = m.post;
-      var p = pre.split(",");
+      }
+      const { pre, body, post } = m;
+      const p = pre.split(",");
      p[p.length - 1] += "{" + body + "}";
-      var postParts = parseCommaParts(post);
+      const postParts = parseCommaParts(post);
      if (post.length) {
+        ;
        p[p.length - 1] += postParts.shift();
        p.push.apply(p, postParts);
      }
      parts.push.apply(parts, p);
      return parts;
    }
-    function expandTop(str2) {
-      if (!str2)
+    function expand(str2) {
+      if (!str2) {
        return [];
-      if (str2.substr(0, 2) === "{}") {
-        str2 = "\\{\\}" + str2.substr(2);
      }
-      return expand(escapeBraces(str2), true).map(unescapeBraces);
+      if (str2.slice(0, 2) === "{}") {
+        str2 = "\\{\\}" + str2.slice(2);
+      }
+      return expand_(escapeBraces(str2), true).map(unescapeBraces);
    }
    function embrace(str2) {
      return "{" + str2 + "}";
@@ -97416,73 +97491,74 @@ var require_brace_expansion3 = __commonJS({
    function gte5(i, y) {
      return i >= y;
    }
-    function expand(str2, isTop) {
-      var expansions = [];
-      var m = balanced("{", "}", str2);
-      if (!m) return [str2];
-      var pre = m.pre;
-      var post = m.post.length ? expand(m.post, false) : [""];
+    function expand_(str2, isTop) {
+      const expansions = [];
+      const m = (0, balanced_match_1.balanced)("{", "}", str2);
+      if (!m)
+        return [str2];
+      const pre = m.pre;
+      const post = m.post.length ? expand_(m.post, false) : [""];
      if (/\$$/.test(m.pre)) {
-        for (var k = 0; k < post.length; k++) {
-          var expansion = pre + "{" + m.body + "}" + post[k];
+        for (let k = 0; k < post.length; k++) {
+          const expansion = pre + "{" + m.body + "}" + post[k];
          expansions.push(expansion);
        }
      } else {
-        var isNumericSequence = /^-?\d+\.\.-?\d+(?:\.\.-?\d+)?$/.test(m.body);
-        var isAlphaSequence = /^[a-zA-Z]\.\.[a-zA-Z](?:\.\.-?\d+)?$/.test(m.body);
-        var isSequence = isNumericSequence || isAlphaSequence;
-        var isOptions = m.body.indexOf(",") >= 0;
+        const isNumericSequence = /^-?\d+\.\.-?\d+(?:\.\.-?\d+)?$/.test(m.body);
+        const isAlphaSequence = /^[a-zA-Z]\.\.[a-zA-Z](?:\.\.-?\d+)?$/.test(m.body);
+        const isSequence = isNumericSequence || isAlphaSequence;
+        const isOptions = m.body.indexOf(",") >= 0;
        if (!isSequence && !isOptions) {
          if (m.post.match(/,(?!,).*\}/)) {
            str2 = m.pre + "{" + m.body + escClose + m.post;
-            return expand(str2);
+            return expand_(str2);
          }
          return [str2];
        }
-        var n;
+        let n;
        if (isSequence) {
          n = m.body.split(/\.\./);
        } else {
          n = parseCommaParts(m.body);
-          if (n.length === 1) {
-            n = expand(n[0], false).map(embrace);
+          if (n.length === 1 && n[0] !== void 0) {
+            n = expand_(n[0], false).map(embrace);
            if (n.length === 1) {
-              return post.map(function(p) {
-                return m.pre + n[0] + p;
-              });
+              return post.map((p) => m.pre + n[0] + p);
            }
          }
        }
-        var N;
-        if (isSequence) {
-          var x = numeric(n[0]);
-          var y = numeric(n[1]);
-          var width = Math.max(n[0].length, n[1].length);
-          var incr = n.length == 3 ? Math.abs(numeric(n[2])) : 1;
-          var test = lte;
-          var reverse = y < x;
+        let N;
+        if (isSequence && n[0] !== void 0 && n[1] !== void 0) {
+          const x = numeric(n[0]);
+          const y = numeric(n[1]);
+          const width = Math.max(n[0].length, n[1].length);
+          let incr = n.length === 3 && n[2] !== void 0 ? Math.abs(numeric(n[2])) : 1;
+          let test = lte;
+          const reverse = y < x;
          if (reverse) {
            incr *= -1;
            test = gte5;
          }
-          var pad = n.some(isPadded);
+          const pad = n.some(isPadded);
          N = [];
-          for (var i = x; test(i, y); i += incr) {
-            var c;
+          for (let i = x; test(i, y); i += incr) {
+            let c;
            if (isAlphaSequence) {
              c = String.fromCharCode(i);
-              if (c === "\\")
+              if (c === "\\") {
                c = "";
+              }
            } else {
              c = String(i);
              if (pad) {
-                var need = width - c.length;
+                const need = width - c.length;
                if (need > 0) {
-                  var z = new Array(need + 1).join("0");
-                  if (i < 0)
+                  const z = new Array(need + 1).join("0");
+                  if (i < 0) {
                    c = "-" + z + c.slice(1);
-                  else
+                  } else {
                    c = z + c;
+                  }
                }
              }
            }
@@ -97490,15 +97566,16 @@ var require_brace_expansion3 = __commonJS({
          }
        } else {
          N = [];
-          for (var j = 0; j < n.length; j++) {
-            N.push.apply(N, expand(n[j], false));
+          for (let j = 0; j < n.length; j++) {
+            N.push.apply(N, expand_(n[j], false));
          }
        }
-        for (var j = 0; j < N.length; j++) {
-          for (var k = 0; k < post.length; k++) {
-            var expansion = pre + N[j] + post[k];
-            if (!isTop || isSequence || expansion)
+        for (let j = 0; j < N.length; j++) {
+          for (let k = 0; k < post.length; k++) {
+            const expansion = pre + N[j] + post[k];
+            if (!isTop || isSequence || expansion) {
              expansions.push(expansion);
+            }
          }
        }
      }
@@ -97507,9 +97584,9 @@ var require_brace_expansion3 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js
 var require_assert_valid_pattern = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.assertValidPattern = void 0;
@@ -97526,9 +97603,9 @@ var require_assert_valid_pattern = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/brace-expressions.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/brace-expressions.js
 var require_brace_expressions = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/brace-expressions.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/brace-expressions.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.parseClass = void 0;
@@ -97643,22 +97720,25 @@ var require_brace_expressions = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/unescape.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/unescape.js
 var require_unescape = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/unescape.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/unescape.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.unescape = void 0;
-    var unescape = (s, { windowsPathsNoEscape = false } = {}) => {
-      return windowsPathsNoEscape ? s.replace(/\[([^\/\\])\]/g, "$1") : s.replace(/((?!\\).|^)\[([^\/\\])\]/g, "$1$2").replace(/\\([^\/])/g, "$1");
+    var unescape = (s, { windowsPathsNoEscape = false, magicalBraces = true } = {}) => {
+      if (magicalBraces) {
+        return windowsPathsNoEscape ? s.replace(/\[([^\/\\])\]/g, "$1") : s.replace(/((?!\\).|^)\[([^\/\\])\]/g, "$1$2").replace(/\\([^\/])/g, "$1");
+      }
+      return windowsPathsNoEscape ? s.replace(/\[([^\/\\{}])\]/g, "$1") : s.replace(/((?!\\).|^)\[([^\/\\{}])\]/g, "$1$2").replace(/\\([^\/{}])/g, "$1");
    };
    exports2.unescape = unescape;
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/ast.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/ast.js
 var require_ast = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/ast.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/ast.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.AST = void 0;
@@ -98014,7 +98094,7 @@ var require_ast = __commonJS({
        if (this.#root === this)
          this.#fillNegs();
        if (!this.type) {
-          const noEmpty = this.isStart() && this.isEnd();
+          const noEmpty = this.isStart() && this.isEnd() && !this.#parts.some((s) => typeof s !== "string");
          const src = this.#parts.map((p) => {
            const [re, _2, hasMagic, uflag] = typeof p === "string" ? _AST.#parseGlob(p, this.#hasMagic, noEmpty) : p.toRegExpSource(allowDot);
            this.#hasMagic = this.#hasMagic || hasMagic;
@@ -98124,10 +98204,7 @@ var require_ast = __commonJS({
            }
          }
          if (c === "*") {
-            if (noEmpty && glob2 === "*")
-              re += starNoEmpty;
-            else
-              re += star;
+            re += noEmpty && glob2 === "*" ? starNoEmpty : star;
            hasMagic = true;
            continue;
          }
@@ -98145,29 +98222,29 @@ var require_ast = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/escape.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/escape.js
 var require_escape = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/escape.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/escape.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.escape = void 0;
-    var escape = (s, { windowsPathsNoEscape = false } = {}) => {
+    var escape = (s, { windowsPathsNoEscape = false, magicalBraces = false } = {}) => {
+      if (magicalBraces) {
+        return windowsPathsNoEscape ? s.replace(/[?*()[\]{}]/g, "[$&]") : s.replace(/[?*()[\]\\{}]/g, "\\$&");
+      }
      return windowsPathsNoEscape ? s.replace(/[?*()[\]]/g, "[$&]") : s.replace(/[?*()[\]\\]/g, "\\$&");
    };
    exports2.escape = escape;
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/index.js
-var require_commonjs13 = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/index.js"(exports2) {
+// node_modules/glob/node_modules/minimatch/dist/commonjs/index.js
+var require_commonjs15 = __commonJS({
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/index.js"(exports2) {
    "use strict";
-    var __importDefault4 = exports2 && exports2.__importDefault || function(mod) {
-      return mod && mod.__esModule ? mod : { "default": mod };
-    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.unescape = exports2.escape = exports2.AST = exports2.Minimatch = exports2.match = exports2.makeRe = exports2.braceExpand = exports2.defaults = exports2.filter = exports2.GLOBSTAR = exports2.sep = exports2.minimatch = void 0;
-    var brace_expansion_1 = __importDefault4(require_brace_expansion3());
+    var brace_expansion_1 = require_commonjs14();
    var assert_valid_pattern_js_1 = require_assert_valid_pattern();
    var ast_js_1 = require_ast();
    var escape_js_1 = require_escape();
@@ -98290,7 +98367,7 @@ var require_commonjs13 = __commonJS({
      if (options.nobrace || !/\{(?:(?!\{).)*\}/.test(pattern)) {
        return [pattern];
      }
-      return (0, brace_expansion_1.default)(pattern);
+      return (0, brace_expansion_1.expand)(pattern);
    };
    exports2.braceExpand = braceExpand;
    exports2.minimatch.braceExpand = exports2.braceExpand;
@@ -98814,16 +98891,27 @@ var require_commonjs13 = __commonJS({
                pp[i] = twoStar;
              }
            } else if (next === void 0) {
-              pp[i - 1] = prev + "(?:\\/|" + twoStar + ")?";
+              pp[i - 1] = prev + "(?:\\/|\\/" + twoStar + ")?";
            } else if (next !== exports2.GLOBSTAR) {
              pp[i - 1] = prev + "(?:\\/|\\/" + twoStar + "\\/)" + next;
              pp[i + 1] = exports2.GLOBSTAR;
            }
          });
-          return pp.filter((p) => p !== exports2.GLOBSTAR).join("/");
+          const filtered = pp.filter((p) => p !== exports2.GLOBSTAR);
+          if (this.partial && filtered.length >= 1) {
+            const prefixes = [];
+            for (let i = 1; i <= filtered.length; i++) {
+              prefixes.push(filtered.slice(0, i).join("/"));
+            }
+            return "(?:" + prefixes.join("|") + ")";
+          }
+          return filtered.join("/");
        }).join("|");
        const [open, close] = set2.length > 1 ? ["(?:", ")"] : ["", ""];
        re = "^" + open + re + close + "$";
+        if (this.partial) {
+          re = "^(?:\\/|" + open + re.slice(1, -1) + close + ")$";
+        }
        if (this.negate)
          re = "^(?!" + re + ").+$";
        try {
@@ -98910,9 +98998,9 @@ var require_commonjs13 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/lru-cache/dist/commonjs/index.js
-var require_commonjs14 = __commonJS({
-  "node_modules/archiver-utils/node_modules/lru-cache/dist/commonjs/index.js"(exports2) {
+// node_modules/lru-cache/dist/commonjs/index.js
+var require_commonjs16 = __commonJS({
+  "node_modules/lru-cache/dist/commonjs/index.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.LRUCache = void 0;
@@ -99001,6 +99089,7 @@ var require_commonjs14 = __commonJS({
      #max;
      #maxSize;
      #dispose;
+      #onInsert;
      #disposeAfter;
      #fetchMethod;
      #memoMethod;
@@ -99082,6 +99171,7 @@ var require_commonjs14 = __commonJS({
      #hasDispose;
      #hasFetchMethod;
      #hasDisposeAfter;
+      #hasOnInsert;
      /**
       * Do not call this method unless you need to inspect the
       * inner workings of the cache.  If anything returned by this
@@ -99158,6 +99248,12 @@ var require_commonjs14 = __commonJS({
      get dispose() {
        return this.#dispose;
      }
+      /**
+       * {@link LRUCache.OptionsBase.onInsert} (read-only)
+       */
+      get onInsert() {
+        return this.#onInsert;
+      }
      /**
       * {@link LRUCache.OptionsBase.disposeAfter} (read-only)
       */
@@ -99165,7 +99261,7 @@ var require_commonjs14 = __commonJS({
        return this.#disposeAfter;
      }
      constructor(options) {
-        const { max = 0, ttl, ttlResolution = 1, ttlAutopurge, updateAgeOnGet, updateAgeOnHas, allowStale, dispose, disposeAfter, noDisposeOnSet, noUpdateTTL, maxSize = 0, maxEntrySize = 0, sizeCalculation, fetchMethod, memoMethod, noDeleteOnFetchRejection, noDeleteOnStaleGet, allowStaleOnFetchRejection, allowStaleOnFetchAbort, ignoreFetchAbort } = options;
+        const { max = 0, ttl, ttlResolution = 1, ttlAutopurge, updateAgeOnGet, updateAgeOnHas, allowStale, dispose, onInsert, disposeAfter, noDisposeOnSet, noUpdateTTL, maxSize = 0, maxEntrySize = 0, sizeCalculation, fetchMethod, memoMethod, noDeleteOnFetchRejection, noDeleteOnStaleGet, allowStaleOnFetchRejection, allowStaleOnFetchAbort, ignoreFetchAbort } = options;
        if (max !== 0 && !isPosInt(max)) {
          throw new TypeError("max option must be a nonnegative integer");
        }
@@ -99207,6 +99303,9 @@ var require_commonjs14 = __commonJS({
        if (typeof dispose === "function") {
          this.#dispose = dispose;
        }
+        if (typeof onInsert === "function") {
+          this.#onInsert = onInsert;
+        }
        if (typeof disposeAfter === "function") {
          this.#disposeAfter = disposeAfter;
          this.#disposed = [];
@@ -99215,6 +99314,7 @@ var require_commonjs14 = __commonJS({
          this.#disposed = void 0;
        }
        this.#hasDispose = !!this.#dispose;
+        this.#hasOnInsert = !!this.#onInsert;
        this.#hasDisposeAfter = !!this.#disposeAfter;
        this.noDisposeOnSet = !!noDisposeOnSet;
        this.noUpdateTTL = !!noUpdateTTL;
@@ -99617,7 +99717,7 @@ var require_commonjs14 = __commonJS({
      }
      /**
       * Return an array of [key, {@link LRUCache.Entry}] tuples which can be
-       * passed to {@link LRLUCache#load}.
+       * passed to {@link LRUCache#load}.
       *
       * The `start` fields are calculated relative to a portable `Date.now()`
       * timestamp, even if `performance.now()` is available.
@@ -99728,6 +99828,9 @@ var require_commonjs14 = __commonJS({
          if (status)
            status.set = "add";
          noUpdateTTL = false;
+          if (this.#hasOnInsert) {
+            this.#onInsert?.(v, k, "add");
+          }
        } else {
          this.#moveToTail(index);
          const oldVal = this.#valList[index];
@@ -99763,6 +99866,9 @@ var require_commonjs14 = __commonJS({
          } else if (status) {
            status.set = "update";
          }
+          if (this.#hasOnInsert) {
+            this.onInsert?.(v, k, v === oldVal ? "update" : "replace");
+          }
        }
        if (ttl !== 0 && !this.#ttls) {
          this.#initializeTTLTracking();
@@ -100288,7 +100394,7 @@ var require_commonjs14 = __commonJS({
 });

 // node_modules/minipass/dist/commonjs/index.js
-var require_commonjs15 = __commonJS({
+var require_commonjs17 = __commonJS({
  "node_modules/minipass/dist/commonjs/index.js"(exports2) {
    "use strict";
    var __importDefault4 = exports2 && exports2.__importDefault || function(mod) {
@@ -101179,9 +101285,9 @@ var require_commonjs15 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/path-scurry/dist/commonjs/index.js
-var require_commonjs16 = __commonJS({
-  "node_modules/archiver-utils/node_modules/path-scurry/dist/commonjs/index.js"(exports2) {
+// node_modules/path-scurry/dist/commonjs/index.js
+var require_commonjs18 = __commonJS({
+  "node_modules/path-scurry/dist/commonjs/index.js"(exports2) {
    "use strict";
    var __createBinding4 = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) {
      if (k2 === void 0) k2 = k;
@@ -101212,14 +101318,14 @@ var require_commonjs16 = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.PathScurry = exports2.Path = exports2.PathScurryDarwin = exports2.PathScurryPosix = exports2.PathScurryWin32 = exports2.PathScurryBase = exports2.PathPosix = exports2.PathWin32 = exports2.PathBase = exports2.ChildrenCache = exports2.ResolveCache = void 0;
-    var lru_cache_1 = require_commonjs14();
+    var lru_cache_1 = require_commonjs16();
    var node_path_1 = require("node:path");
    var node_url_1 = require("node:url");
    var fs_1 = require("fs");
    var actualFS = __importStar4(require("node:fs"));
    var realpathSync = fs_1.realpathSync.native;
    var promises_1 = require("node:fs/promises");
-    var minipass_1 = require_commonjs15();
+    var minipass_1 = require_commonjs17();
    var defaultFS = {
      lstatSync: fs_1.lstatSync,
      readdir: fs_1.readdir,
@@ -101434,6 +101540,8 @@ var require_commonjs16 = __commonJS({
      /**
       * Deprecated alias for Dirent['parentPath'] Somewhat counterintuitively,
       * this property refers to the *parent* path, not the path object itself.
+       *
+       * @deprecated
       */
      get path() {
        return this.parentPath;
@@ -102953,13 +103061,13 @@ var require_commonjs16 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/pattern.js
+// node_modules/glob/dist/commonjs/pattern.js
 var require_pattern = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/pattern.js"(exports2) {
+  "node_modules/glob/dist/commonjs/pattern.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Pattern = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var isPatternList = (pl) => pl.length >= 1;
    var isGlobList = (gl) => gl.length >= 1;
    var Pattern = class _Pattern {
@@ -103127,13 +103235,13 @@ var require_pattern = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/ignore.js
+// node_modules/glob/dist/commonjs/ignore.js
 var require_ignore = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/ignore.js"(exports2) {
+  "node_modules/glob/dist/commonjs/ignore.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Ignore = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var pattern_js_1 = require_pattern();
    var defaultPlatform = typeof process === "object" && process && typeof process.platform === "string" ? process.platform : "linux";
    var Ignore = class {
@@ -103224,13 +103332,13 @@ var require_ignore = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/processor.js
+// node_modules/glob/dist/commonjs/processor.js
 var require_processor = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/processor.js"(exports2) {
+  "node_modules/glob/dist/commonjs/processor.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Processor = exports2.SubWalks = exports2.MatchRecord = exports2.HasWalkedCache = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var HasWalkedCache = class _HasWalkedCache {
      store;
      constructor(store = /* @__PURE__ */ new Map()) {
@@ -103457,13 +103565,13 @@ var require_processor = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/walker.js
+// node_modules/glob/dist/commonjs/walker.js
 var require_walker = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/walker.js"(exports2) {
+  "node_modules/glob/dist/commonjs/walker.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.GlobStream = exports2.GlobWalker = exports2.GlobUtil = void 0;
-    var minipass_1 = require_commonjs15();
+    var minipass_1 = require_commonjs17();
    var ignore_js_1 = require_ignore();
    var processor_js_1 = require_processor();
    var makeIgnore = (ignore, opts) => typeof ignore === "string" ? new ignore_js_1.Ignore([ignore], opts) : Array.isArray(ignore) ? new ignore_js_1.Ignore(ignore, opts) : ignore;
@@ -103797,15 +103905,15 @@ var require_walker = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/glob.js
+// node_modules/glob/dist/commonjs/glob.js
 var require_glob2 = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/glob.js"(exports2) {
+  "node_modules/glob/dist/commonjs/glob.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Glob = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var node_url_1 = require("node:url");
-    var path_scurry_1 = require_commonjs16();
+    var path_scurry_1 = require_commonjs18();
    var pattern_js_1 = require_pattern();
    var walker_js_1 = require_walker();
    var defaultPlatform = typeof process === "object" && process && typeof process.platform === "string" ? process.platform : "linux";
@@ -104010,13 +104118,13 @@ var require_glob2 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/has-magic.js
+// node_modules/glob/dist/commonjs/has-magic.js
 var require_has_magic = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/has-magic.js"(exports2) {
+  "node_modules/glob/dist/commonjs/has-magic.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.hasMagic = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var hasMagic = (pattern, options = {}) => {
      if (!Array.isArray(pattern)) {
        pattern = [pattern];
@@ -104031,9 +104139,9 @@ var require_has_magic = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/index.js
-var require_commonjs17 = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/index.js"(exports2) {
+// node_modules/glob/dist/commonjs/index.js
+var require_commonjs19 = __commonJS({
+  "node_modules/glob/dist/commonjs/index.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.glob = exports2.sync = exports2.iterate = exports2.iterateSync = exports2.stream = exports2.streamSync = exports2.Ignore = exports2.hasMagic = exports2.Glob = exports2.unescape = exports2.escape = void 0;
@@ -104042,10 +104150,10 @@ var require_commonjs17 = __commonJS({
    exports2.globSync = globSync;
    exports2.globIterateSync = globIterateSync;
    exports2.globIterate = globIterate;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var glob_js_1 = require_glob2();
    var has_magic_js_1 = require_has_magic();
-    var minimatch_2 = require_commonjs13();
+    var minimatch_2 = require_commonjs15();
    Object.defineProperty(exports2, "escape", { enumerable: true, get: function() {
      return minimatch_2.escape;
    } });
@@ -104122,7 +104230,7 @@ var require_file3 = __commonJS({
    var difference = require_difference();
    var union = require_union();
    var isPlainObject = require_isPlainObject();
-    var glob2 = require_commonjs17();
+    var glob2 = require_commonjs19();
    var file = module2.exports = {};
    var pathSeparatorRe = /[\/\\]/g;
    var processPatterns = function(patterns, fn) {
@@ -116446,7 +116554,6 @@ var io2 = __toESM(require_io2());
 // src/util.ts
 var path = __toESM(require("path"));
 var core3 = __toESM(require_core());
-var exec = __toESM(require_exec());
 var io = __toESM(require_io2());

 // node_modules/get-folder-size/index.js
@@ -119094,7 +119201,7 @@ var safeDump = renamed("safeDump", "dump");
 var semver = __toESM(require_semver2());

 // src/api-compatibility.json
-var maximumVersion = "3.19";
+var maximumVersion = "3.20";
 var minimumVersion = "3.14";

 // src/util.ts
@@ -119838,7 +119945,7 @@ function withGroup(groupName, f) {
 }

 // src/overlay-database-utils.ts
-var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4";
+var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
 async function writeBaseDatabaseOidsFile(config, sourceRoot) {
@@ -119931,6 +120038,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: "2.15.0"
  },
+  ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN",
+    minimumVersion: void 0
+  },
  ["csharp_new_cache_key" /* CsharpNewCacheKey */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY",
@@ -119964,6 +120076,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -120064,6 +120181,11 @@ var featureConfig = {
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST",
    minimumVersion: void 0
  },
+  ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS",
+    minimumVersion: void 0
+  },
  ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT",
@@ -120075,21 +120197,21 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */
  },
-  ["use_repository_properties" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_QA_TELEMETRY",
    legacyApi: true,
    minimumVersion: void 0
  },
-  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+  ["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
    defaultValue: false,
-    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
-    minimumVersion: "2.23.0"
+    envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
+    minimumVersion: void 0
+  },
+  ["use_repository_properties" /* UseRepositoryProperties */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
+    minimumVersion: void 0
  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
@@ -120102,6 +120224,9 @@ var featureConfig = {
 var actionsCache2 = __toESM(require_cache3());

 // src/config-utils.ts
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
+var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
 var OVERLAY_ANALYSIS_FEATURES = {
  actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
  cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */,
@@ -120766,6 +120891,9 @@ var glob = __toESM(require_glob3());
 function getJavaTempDependencyDir() {
  return (0, import_path.join)(getTemporaryDirectory(), "codeql_java", "repository");
 }
+function getCsharpTempDependencyDir() {
+  return (0, import_path.join)(getTemporaryDirectory(), "codeql_csharp", "repository");
+}

 // src/debug-artifacts.ts
 function sanitizeArtifactName(name) {
@@ -120886,14 +121014,19 @@ async function runWrapper() {
        );
      }
    }
-    const javaTempDependencyDir = getJavaTempDependencyDir();
-    if (fs6.existsSync(javaTempDependencyDir)) {
-      try {
-        fs6.rmSync(javaTempDependencyDir, { recursive: true });
-      } catch (error3) {
-        logger.info(
-          `Failed to remove temporary Java dependencies directory: ${getErrorMessage(error3)}`
-        );
+    const tempDependencyDirs = [
+      getJavaTempDependencyDir(),
+      getCsharpTempDependencyDir()
+    ];
+    for (const tempDependencyDir of tempDependencyDirs) {
+      if (fs6.existsSync(tempDependencyDir)) {
+        try {
+          fs6.rmSync(tempDependencyDir, { recursive: true });
+        } catch (error3) {
+          logger.info(
+            `Failed to remove temporary dependencies directory: ${getErrorMessage(error3)}`
+          );
+        }
      }
    }
  } catch (error3) {
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -19419,7 +19419,7 @@ var require_exec = __commonJS({
    exports2.getExecOutput = exports2.exec = void 0;
    var string_decoder_1 = require("string_decoder");
    var tr = __importStar4(require_toolrunner());
-    function exec2(commandLine, args, options) {
+    function exec(commandLine, args, options) {
      return __awaiter4(this, void 0, void 0, function* () {
        const commandArgs = tr.argStringToArray(commandLine);
        if (commandArgs.length === 0) {
@@ -19431,8 +19431,8 @@ var require_exec = __commonJS({
        return runner.exec();
      });
    }
-    exports2.exec = exec2;
-    function getExecOutput2(commandLine, args, options) {
+    exports2.exec = exec;
+    function getExecOutput(commandLine, args, options) {
      var _a, _b;
      return __awaiter4(this, void 0, void 0, function* () {
        let stdout = "";
@@ -19454,7 +19454,7 @@ var require_exec = __commonJS({
          }
        };
        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
-        const exitCode = yield exec2(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
+        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
        stdout += stdoutDecoder.end();
        stderr += stderrDecoder.end();
        return {
@@ -19464,7 +19464,7 @@ var require_exec = __commonJS({
        };
      });
    }
-    exports2.getExecOutput = getExecOutput2;
+    exports2.getExecOutput = getExecOutput;
  }
 });

@@ -19532,12 +19532,12 @@ var require_platform = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getDetails = exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
    var os_1 = __importDefault4(require("os"));
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var getWindowsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout: version } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
+      const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
        silent: true
      });
-      const { stdout: name } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
+      const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
        silent: true
      });
      return {
@@ -19547,7 +19547,7 @@ var require_platform = __commonJS({
    });
    var getMacOsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
      var _a, _b, _c, _d;
-      const { stdout } = yield exec2.getExecOutput("sw_vers", void 0, {
+      const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
        silent: true
      });
      const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
@@ -19558,7 +19558,7 @@ var require_platform = __commonJS({
      };
    });
    var getLinuxInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout } = yield exec2.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
+      const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
        silent: true
      });
      const [name, version] = stdout.trim().split("\n");
@@ -27627,7 +27627,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.4",
+      version: "4.31.8",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -27662,7 +27662,6 @@ var require_package = __commonJS({
        "@actions/io": "^2.0.0",
        "@actions/tool-cache": "^2.0.2",
        "@octokit/plugin-retry": "^6.0.0",
-        "@octokit/request-error": "^7.0.2",
        "@schemastore/package": "0.0.10",
        archiver: "^7.0.1",
        "fast-deep-equal": "^3.1.3",
@@ -27671,27 +27670,26 @@ var require_package = __commonJS({
        "js-yaml": "^4.1.1",
        jsonschema: "1.4.1",
        long: "^5.3.2",
-        "node-forge": "^1.3.1",
-        octokit: "^5.0.5",
+        "node-forge": "^1.3.2",
        semver: "^7.7.3",
        uuid: "^13.0.0"
      },
      devDependencies: {
        "@ava/typescript": "6.0.0",
-        "@eslint/compat": "^1.4.1",
-        "@eslint/eslintrc": "^3.3.1",
+        "@eslint/compat": "^2.0.0",
+        "@eslint/eslintrc": "^3.3.3",
        "@eslint/js": "^9.39.1",
        "@microsoft/eslint-formatter-sarif": "^3.1.0",
        "@octokit/types": "^16.0.0",
        "@types/archiver": "^7.0.0",
        "@types/follow-redirects": "^1.14.4",
        "@types/js-yaml": "^4.0.9",
-        "@types/node": "20.19.9",
+        "@types/node": "^20.19.9",
        "@types/node-forge": "^1.3.14",
        "@types/semver": "^7.7.1",
-        "@types/sinon": "^17.0.4",
-        "@typescript-eslint/eslint-plugin": "^8.46.4",
-        "@typescript-eslint/parser": "^8.41.0",
+        "@types/sinon": "^21.0.0",
+        "@typescript-eslint/eslint-plugin": "^8.48.0",
+        "@typescript-eslint/parser": "^8.48.0",
        ava: "^6.4.1",
        esbuild: "^0.27.0",
        eslint: "^8.57.1",
@@ -27699,9 +27697,9 @@ var require_package = __commonJS({
        "eslint-plugin-filenames": "^1.3.2",
        "eslint-plugin-github": "^5.1.8",
        "eslint-plugin-import": "2.29.1",
-        "eslint-plugin-jsdoc": "^61.1.12",
+        "eslint-plugin-jsdoc": "^61.4.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
-        glob: "^11.0.3",
+        glob: "^11.1.0",
        nock: "^14.0.10",
        sinon: "^21.0.0",
        typescript: "^5.9.3"
@@ -27725,7 +27723,8 @@ var require_package = __commonJS({
        "eslint-plugin-jsx-a11y": {
          semver: ">=6.3.1"
        },
-        "brace-expansion@2.0.1": "2.0.2"
+        "brace-expansion@2.0.1": "2.0.2",
+        glob: "^11.1.0"
      }
    };
  }
@@ -33935,7 +33934,7 @@ var require_cacheUtils = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getRuntimeToken = exports2.getCacheVersion = exports2.assertDefined = exports2.getGnuTarPathOnWindows = exports2.getCacheFileName = exports2.getCompressionMethod = exports2.unlinkFile = exports2.resolvePaths = exports2.getArchiveFileSizeInBytes = exports2.createTempDirectory = void 0;
    var core15 = __importStar4(require_core());
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var glob2 = __importStar4(require_glob());
    var io7 = __importStar4(require_io3());
    var crypto2 = __importStar4(require("crypto"));
@@ -34019,7 +34018,7 @@ var require_cacheUtils = __commonJS({
        additionalArgs.push("--version");
        core15.debug(`Checking ${app} ${additionalArgs.join(" ")}`);
        try {
-          yield exec2.exec(`${app}`, additionalArgs, {
+          yield exec.exec(`${app}`, additionalArgs, {
            ignoreReturnCode: true,
            silent: true,
            listeners: {
@@ -84337,7 +84336,6 @@ var fsPromises = __toESM(require("fs/promises"));
 var os = __toESM(require("os"));
 var path = __toESM(require("path"));
 var core3 = __toESM(require_core());
-var exec = __toESM(require_exec());
 var io = __toESM(require_io2());

 // node_modules/get-folder-size/index.js
@@ -87095,7 +87093,7 @@ function getCgroupMemoryLimitBytes(limitFile, logger) {
  );
  return limit;
 }
-function getMemoryFlagValue(userInput, logger) {
+function getCodeQLMemoryLimit(userInput, logger) {
  return getMemoryFlagValueForPlatform(
    userInput,
    getTotalMemoryBytes(logger),
@@ -87103,7 +87101,7 @@ function getMemoryFlagValue(userInput, logger) {
  );
 }
 function getMemoryFlag(userInput, logger) {
-  const megabytes = getMemoryFlagValue(userInput, logger);
+  const megabytes = getCodeQLMemoryLimit(userInput, logger);
  return `--ram=${megabytes}`;
 }
 function getThreadsFlagValue(userInput, logger) {
@@ -88213,8 +88211,8 @@ var path4 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.5";
-var cliVersion = "2.23.5";
+var bundleVersion = "codeql-bundle-v2.23.7";
+var cliVersion = "2.23.7";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
@@ -88452,7 +88450,7 @@ function formatDuration(durationMs) {
 }

 // src/overlay-database-utils.ts
-var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4";
+var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
 async function writeBaseDatabaseOidsFile(config, sourceRoot) {
@@ -88524,7 +88522,7 @@ function checkOverlayBaseDatabase(config, logger, warningPrefix) {
  }
  return true;
 }
-async function uploadOverlayBaseDatabaseToCache(codeql, config, logger) {
+async function cleanupAndUploadOverlayBaseDatabaseToCache(codeql, config, logger) {
  const overlayDatabaseMode = config.overlayDatabaseMode;
  if (overlayDatabaseMode !== "overlay-base" /* OverlayBase */) {
    logger.debug(
@@ -88553,7 +88551,7 @@ async function uploadOverlayBaseDatabaseToCache(codeql, config, logger) {
    return false;
  }
  await withGroupAsync("Cleaning up databases", async () => {
-    await codeql.databaseCleanupCluster(config, "overlay");
+    await codeql.databaseCleanupCluster(config, "overlay" /* Overlay */);
  });
  const dbLocation = config.dbLocation;
  const databaseSizeBytes = await tryGetFolderBytes(dbLocation, logger);
@@ -88661,6 +88659,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: "2.15.0"
  },
+  ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN",
+    minimumVersion: void 0
+  },
  ["csharp_new_cache_key" /* CsharpNewCacheKey */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY",
@@ -88694,6 +88697,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -88794,6 +88802,11 @@ var featureConfig = {
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST",
    minimumVersion: void 0
  },
+  ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS",
+    minimumVersion: void 0
+  },
  ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT",
@@ -88805,21 +88818,21 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */
  },
-  ["use_repository_properties" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_QA_TELEMETRY",
    legacyApi: true,
    minimumVersion: void 0
  },
-  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+  ["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
    defaultValue: false,
-    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
-    minimumVersion: "2.23.0"
+    envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
+    minimumVersion: void 0
+  },
+  ["use_repository_properties" /* UseRepositoryProperties */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
+    minimumVersion: void 0
  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
@@ -89370,6 +89383,9 @@ async function cachePrefix(codeql, language) {
 }

 // src/config-utils.ts
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
+var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
 var OVERLAY_ANALYSIS_FEATURES = {
  actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
  cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */,
@@ -91062,7 +91078,7 @@ var CODEQL_DEPENDENCY_CACHE_VERSION = 1;
 function getJavaTempDependencyDir() {
  return (0, import_path.join)(getTemporaryDirectory(), "codeql_java", "repository");
 }
-function getJavaDependencyDirs() {
+async function getJavaDependencyDirs() {
  return [
    // Maven
    (0, import_path.join)(os3.homedir(), ".m2", "repository"),
@@ -91072,6 +91088,19 @@ function getJavaDependencyDirs() {
    getJavaTempDependencyDir()
  ];
 }
+function getCsharpTempDependencyDir() {
+  return (0, import_path.join)(getTemporaryDirectory(), "codeql_csharp", "repository");
+}
+async function getCsharpDependencyDirs(codeql, features) {
+  const dirs = [
+    // Nuget
+    (0, import_path.join)(os3.homedir(), ".nuget", "packages")
+  ];
+  if (await features.getValue("csharp_cache_bmn" /* CsharpCacheBuildModeNone */, codeql)) {
+    dirs.push(getCsharpTempDependencyDir());
+  }
+  return dirs;
+}
 async function makePatternCheck(patterns) {
  const globber = await makeGlobber(patterns);
  if ((await globber.glob()).length === 0) {
@@ -91116,11 +91145,11 @@ var defaultCacheConfigs = {
    ])
  },
  csharp: {
-    getDependencyPaths: () => [(0, import_path.join)(os3.homedir(), ".nuget", "packages")],
+    getDependencyPaths: getCsharpDependencyDirs,
    getHashPatterns: getCsharpHashPatterns
  },
  go: {
-    getDependencyPaths: () => [(0, import_path.join)(os3.homedir(), "go", "pkg", "mod")],
+    getDependencyPaths: async () => [(0, import_path.join)(os3.homedir(), "go", "pkg", "mod")],
    getHashPatterns: async () => internal.makePatternCheck(["**/go.sum"])
  }
 };
@@ -91158,8 +91187,13 @@ async function uploadDependencyCaches(codeql, features, config, logger) {
      status.push({ language, result: "no-hash" /* NoHash */ });
      continue;
    }
+    const key = await cacheKey2(codeql, features, language, patterns);
+    if (config.dependencyCachingRestoredKeys.includes(key)) {
+      status.push({ language, result: "duplicate" /* Duplicate */ });
+      continue;
+    }
    const size = await getTotalCacheSize(
-      cacheConfig.getDependencyPaths(),
+      await cacheConfig.getDependencyPaths(codeql, features),
      logger,
      true
    );
@@ -91170,13 +91204,15 @@ async function uploadDependencyCaches(codeql, features, config, logger) {
      );
      continue;
    }
-    const key = await cacheKey2(codeql, features, language, patterns);
    logger.info(
      `Uploading cache of size ${size} for ${language} with key ${key}...`
    );
    try {
      const start = performance.now();
-      await actionsCache3.saveCache(cacheConfig.getDependencyPaths(), key);
+      await actionsCache3.saveCache(
+        await cacheConfig.getDependencyPaths(codeql, features),
+        key
+      );
      const upload_duration_ms = Math.round(performance.now() - start);
      status.push({
        language,
@@ -91219,6 +91255,7 @@ async function getFeaturePrefix(codeql, features, language) {
    }
  } else if (language === "csharp" /* csharp */) {
    await addFeatureIfEnabled("csharp_new_cache_key" /* CsharpNewCacheKey */);
+    await addFeatureIfEnabled("csharp_cache_bmn" /* CsharpCacheBuildModeNone */);
  }
  if (enabledFeatures.length > 0) {
    return `${createCacheKeyHash(enabledFeatures)}-`;
@@ -91308,7 +91345,7 @@ async function setupPythonExtractor(logger) {
  );
  return;
 }
-async function runExtraction(codeql, config, logger) {
+async function runExtraction(codeql, features, config, logger) {
  for (const language of config.languages) {
    if (dbIsFinalized(config, language, logger)) {
      logger.debug(
@@ -91328,6 +91365,9 @@ async function runExtraction(codeql, config, logger) {
        if (language === "java" /* java */ && config.buildMode === "none" /* None */) {
          process.env["CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_DEPENDENCY_DIR"] = getJavaTempDependencyDir();
        }
+        if (language === "csharp" /* csharp */ && config.buildMode === "none" /* None */ && await features.getValue("csharp_cache_bmn" /* CsharpCacheBuildModeNone */)) {
+          process.env["CODEQL_EXTRACTOR_CSHARP_OPTION_BUILDLESS_DEPENDENCY_DIR"] = getCsharpTempDependencyDir();
+        }
        await codeql.extractUsingBuildMode(config, language);
      } else {
        await codeql.extractScannedLanguage(config, language);
@@ -91353,9 +91393,9 @@ function dbIsFinalized(config, language, logger) {
    return false;
  }
 }
-async function finalizeDatabaseCreation(codeql, config, threadsFlag, memoryFlag, logger) {
+async function finalizeDatabaseCreation(codeql, features, config, threadsFlag, memoryFlag, logger) {
  const extractionStart = import_perf_hooks2.performance.now();
-  await runExtraction(codeql, config, logger);
+  await runExtraction(codeql, features, config, logger);
  const extractionTime = import_perf_hooks2.performance.now() - extractionStart;
  const trapImportStart = import_perf_hooks2.performance.now();
  for (const language of config.languages) {
@@ -91610,7 +91650,7 @@ async function runQueries(sarifFolder, memoryFlag, threadsFlag, diffRangePackDir
    return perQueryAlertCounts;
  }
 }
-async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, logger) {
+async function runFinalize(features, outputDir, threadsFlag, memoryFlag, codeql, config, logger) {
  try {
    await fs12.promises.rm(outputDir, { force: true, recursive: true });
  } catch (error3) {
@@ -91621,6 +91661,7 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, l
  await fs12.promises.mkdir(outputDir, { recursive: true });
  const timings = await finalizeDatabaseCreation(
    codeql,
+    features,
    config,
    threadsFlag,
    memoryFlag,
@@ -91662,7 +91703,7 @@ async function warnIfGoInstalledAfterInit(config, logger) {

 // src/database-upload.ts
 var fs13 = __toESM(require("fs"));
-async function uploadDatabases(repositoryNwo, codeql, config, apiDetails, logger) {
+async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetails, features, logger) {
  if (getRequiredInput("upload-database") !== "true") {
    logger.debug("Database upload disabled in workflow. Skipping upload.");
    return;
@@ -91685,8 +91726,9 @@ async function uploadDatabases(repositoryNwo, codeql, config, apiDetails, logger
    logger.debug("Not analyzing default branch. Skipping upload.");
    return;
  }
+  const cleanupLevel = config.overlayDatabaseMode === "overlay-base" /* OverlayBase */ && await features.getValue("upload_overlay_db_to_api" /* UploadOverlayDbToApi */) ? "overlay" /* Overlay */ : "clear" /* Clear */;
  await withGroupAsync("Cleaning up databases", async () => {
-    await codeql.databaseCleanupCluster(config, "clear");
+    await codeql.databaseCleanupCluster(config, cleanupLevel);
  });
  const client = getApiClient();
  const uploadsUrl = new URL(parseGitHubUrl(apiDetails.url));
@@ -93955,6 +93997,7 @@ async function run() {
    await warnIfGoInstalledAfterInit(config, logger);
    await runAutobuildIfLegacyGoWorkflow(config, logger);
    dbCreationTimings = await runFinalize(
+      features,
      outputDir,
      threads,
      memory,
@@ -94043,8 +94086,15 @@ async function run() {
    } else {
      logger.info("Not uploading results");
    }
-    await uploadOverlayBaseDatabaseToCache(codeql, config, logger);
-    await uploadDatabases(repositoryNwo, codeql, config, apiDetails, logger);
+    await cleanupAndUploadOverlayBaseDatabaseToCache(codeql, config, logger);
+    await cleanupAndUploadDatabases(
+      repositoryNwo,
+      codeql,
+      config,
+      apiDetails,
+      features,
+      logger
+    );
    const trapCacheUploadStartTime = import_perf_hooks3.performance.now();
    didUploadTrapCaches = await uploadTrapCaches(codeql, config, logger);
    trapCacheUploadTime = import_perf_hooks3.performance.now() - trapCacheUploadStartTime;
--- a/lib/autobuild-action.js
+++ b/lib/autobuild-action.js
@@ -19419,7 +19419,7 @@ var require_exec = __commonJS({
    exports2.getExecOutput = exports2.exec = void 0;
    var string_decoder_1 = require("string_decoder");
    var tr = __importStar4(require_toolrunner());
-    function exec2(commandLine, args, options) {
+    function exec(commandLine, args, options) {
      return __awaiter4(this, void 0, void 0, function* () {
        const commandArgs = tr.argStringToArray(commandLine);
        if (commandArgs.length === 0) {
@@ -19431,8 +19431,8 @@ var require_exec = __commonJS({
        return runner.exec();
      });
    }
-    exports2.exec = exec2;
-    function getExecOutput2(commandLine, args, options) {
+    exports2.exec = exec;
+    function getExecOutput(commandLine, args, options) {
      var _a, _b;
      return __awaiter4(this, void 0, void 0, function* () {
        let stdout = "";
@@ -19454,7 +19454,7 @@ var require_exec = __commonJS({
          }
        };
        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
-        const exitCode = yield exec2(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
+        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
        stdout += stdoutDecoder.end();
        stderr += stderrDecoder.end();
        return {
@@ -19464,7 +19464,7 @@ var require_exec = __commonJS({
        };
      });
    }
-    exports2.getExecOutput = getExecOutput2;
+    exports2.getExecOutput = getExecOutput;
  }
 });

@@ -19532,12 +19532,12 @@ var require_platform = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getDetails = exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
    var os_1 = __importDefault4(require("os"));
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var getWindowsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout: version } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
+      const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
        silent: true
      });
-      const { stdout: name } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
+      const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
        silent: true
      });
      return {
@@ -19547,7 +19547,7 @@ var require_platform = __commonJS({
    });
    var getMacOsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
      var _a, _b, _c, _d;
-      const { stdout } = yield exec2.getExecOutput("sw_vers", void 0, {
+      const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
        silent: true
      });
      const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
@@ -19558,7 +19558,7 @@ var require_platform = __commonJS({
      };
    });
    var getLinuxInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout } = yield exec2.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
+      const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
        silent: true
      });
      const [name, version] = stdout.trim().split("\n");
@@ -27627,7 +27627,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.4",
+      version: "4.31.8",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -27662,7 +27662,6 @@ var require_package = __commonJS({
        "@actions/io": "^2.0.0",
        "@actions/tool-cache": "^2.0.2",
        "@octokit/plugin-retry": "^6.0.0",
-        "@octokit/request-error": "^7.0.2",
        "@schemastore/package": "0.0.10",
        archiver: "^7.0.1",
        "fast-deep-equal": "^3.1.3",
@@ -27671,27 +27670,26 @@ var require_package = __commonJS({
        "js-yaml": "^4.1.1",
        jsonschema: "1.4.1",
        long: "^5.3.2",
-        "node-forge": "^1.3.1",
-        octokit: "^5.0.5",
+        "node-forge": "^1.3.2",
        semver: "^7.7.3",
        uuid: "^13.0.0"
      },
      devDependencies: {
        "@ava/typescript": "6.0.0",
-        "@eslint/compat": "^1.4.1",
-        "@eslint/eslintrc": "^3.3.1",
+        "@eslint/compat": "^2.0.0",
+        "@eslint/eslintrc": "^3.3.3",
        "@eslint/js": "^9.39.1",
        "@microsoft/eslint-formatter-sarif": "^3.1.0",
        "@octokit/types": "^16.0.0",
        "@types/archiver": "^7.0.0",
        "@types/follow-redirects": "^1.14.4",
        "@types/js-yaml": "^4.0.9",
-        "@types/node": "20.19.9",
+        "@types/node": "^20.19.9",
        "@types/node-forge": "^1.3.14",
        "@types/semver": "^7.7.1",
-        "@types/sinon": "^17.0.4",
-        "@typescript-eslint/eslint-plugin": "^8.46.4",
-        "@typescript-eslint/parser": "^8.41.0",
+        "@types/sinon": "^21.0.0",
+        "@typescript-eslint/eslint-plugin": "^8.48.0",
+        "@typescript-eslint/parser": "^8.48.0",
        ava: "^6.4.1",
        esbuild: "^0.27.0",
        eslint: "^8.57.1",
@@ -27699,9 +27697,9 @@ var require_package = __commonJS({
        "eslint-plugin-filenames": "^1.3.2",
        "eslint-plugin-github": "^5.1.8",
        "eslint-plugin-import": "2.29.1",
-        "eslint-plugin-jsdoc": "^61.1.12",
+        "eslint-plugin-jsdoc": "^61.4.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
-        glob: "^11.0.3",
+        glob: "^11.1.0",
        nock: "^14.0.10",
        sinon: "^21.0.0",
        typescript: "^5.9.3"
@@ -27725,7 +27723,8 @@ var require_package = __commonJS({
        "eslint-plugin-jsx-a11y": {
          semver: ">=6.3.1"
        },
-        "brace-expansion@2.0.1": "2.0.2"
+        "brace-expansion@2.0.1": "2.0.2",
+        glob: "^11.1.0"
      }
    };
  }
@@ -33935,7 +33934,7 @@ var require_cacheUtils = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getRuntimeToken = exports2.getCacheVersion = exports2.assertDefined = exports2.getGnuTarPathOnWindows = exports2.getCacheFileName = exports2.getCompressionMethod = exports2.unlinkFile = exports2.resolvePaths = exports2.getArchiveFileSizeInBytes = exports2.createTempDirectory = void 0;
    var core14 = __importStar4(require_core());
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var glob = __importStar4(require_glob());
    var io5 = __importStar4(require_io3());
    var crypto = __importStar4(require("crypto"));
@@ -34019,7 +34018,7 @@ var require_cacheUtils = __commonJS({
        additionalArgs.push("--version");
        core14.debug(`Checking ${app} ${additionalArgs.join(" ")}`);
        try {
-          yield exec2.exec(`${app}`, additionalArgs, {
+          yield exec.exec(`${app}`, additionalArgs, {
            ignoreReturnCode: true,
            silent: true,
            listeners: {
@@ -80333,7 +80332,6 @@ var io2 = __toESM(require_io2());
 var fsPromises = __toESM(require("fs/promises"));
 var path = __toESM(require("path"));
 var core3 = __toESM(require_core());
-var exec = __toESM(require_exec());
 var io = __toESM(require_io2());

 // node_modules/get-folder-size/index.js
@@ -82981,7 +82979,7 @@ var safeDump = renamed("safeDump", "dump");
 var semver = __toESM(require_semver2());

 // src/api-compatibility.json
-var maximumVersion = "3.19";
+var maximumVersion = "3.20";
 var minimumVersion = "3.14";

 // src/util.ts
@@ -83703,8 +83701,8 @@ var path3 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.5";
-var cliVersion = "2.23.5";
+var bundleVersion = "codeql-bundle-v2.23.7";
+var cliVersion = "2.23.7";

 // src/overlay-database-utils.ts
 var fs2 = __toESM(require("fs"));
@@ -83889,7 +83887,7 @@ function getActionsLogger() {
 }

 // src/overlay-database-utils.ts
-var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4";
+var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
 async function writeBaseDatabaseOidsFile(config, sourceRoot) {
@@ -83980,6 +83978,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: "2.15.0"
  },
+  ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN",
+    minimumVersion: void 0
+  },
  ["csharp_new_cache_key" /* CsharpNewCacheKey */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY",
@@ -84013,6 +84016,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -84113,6 +84121,11 @@ var featureConfig = {
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST",
    minimumVersion: void 0
  },
+  ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS",
+    minimumVersion: void 0
+  },
  ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT",
@@ -84124,21 +84137,21 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */
  },
-  ["use_repository_properties" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_QA_TELEMETRY",
    legacyApi: true,
    minimumVersion: void 0
  },
-  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+  ["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
    defaultValue: false,
-    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
-    minimumVersion: "2.23.0"
+    envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
+    minimumVersion: void 0
+  },
+  ["use_repository_properties" /* UseRepositoryProperties */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
+    minimumVersion: void 0
  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
@@ -84416,6 +84429,9 @@ var GitHubFeatureFlags = class {
 var actionsCache2 = __toESM(require_cache3());

 // src/config-utils.ts
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
+var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
 var OVERLAY_ANALYSIS_FEATURES = {
  actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
  cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */,
--- a/lib/defaults.json
+++ b/lib/defaults.json
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.23.5",
-  "cliVersion": "2.23.5",
-  "priorBundleVersion": "codeql-bundle-v2.23.3",
-  "priorCliVersion": "2.23.3"
+  "bundleVersion": "codeql-bundle-v2.23.7",
+  "cliVersion": "2.23.7",
+  "priorBundleVersion": "codeql-bundle-v2.23.6",
+  "priorCliVersion": "2.23.6"
 }
--- a/lib/init-action-post.js
+++ b/lib/init-action-post.js
@@ -19419,7 +19419,7 @@ var require_exec = __commonJS({
    exports2.getExecOutput = exports2.exec = void 0;
    var string_decoder_1 = require("string_decoder");
    var tr = __importStar4(require_toolrunner());
-    function exec2(commandLine, args, options) {
+    function exec(commandLine, args, options) {
      return __awaiter4(this, void 0, void 0, function* () {
        const commandArgs = tr.argStringToArray(commandLine);
        if (commandArgs.length === 0) {
@@ -19431,8 +19431,8 @@ var require_exec = __commonJS({
        return runner.exec();
      });
    }
-    exports2.exec = exec2;
-    function getExecOutput2(commandLine, args, options) {
+    exports2.exec = exec;
+    function getExecOutput(commandLine, args, options) {
      var _a, _b;
      return __awaiter4(this, void 0, void 0, function* () {
        let stdout = "";
@@ -19454,7 +19454,7 @@ var require_exec = __commonJS({
          }
        };
        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
-        const exitCode = yield exec2(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
+        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
        stdout += stdoutDecoder.end();
        stderr += stderrDecoder.end();
        return {
@@ -19464,7 +19464,7 @@ var require_exec = __commonJS({
        };
      });
    }
-    exports2.getExecOutput = getExecOutput2;
+    exports2.getExecOutput = getExecOutput;
  }
 });

@@ -19532,12 +19532,12 @@ var require_platform = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getDetails = exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
    var os_1 = __importDefault4(require("os"));
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var getWindowsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout: version } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
+      const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
        silent: true
      });
-      const { stdout: name } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
+      const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
        silent: true
      });
      return {
@@ -19547,7 +19547,7 @@ var require_platform = __commonJS({
    });
    var getMacOsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
      var _a, _b, _c, _d;
-      const { stdout } = yield exec2.getExecOutput("sw_vers", void 0, {
+      const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
        silent: true
      });
      const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
@@ -19558,7 +19558,7 @@ var require_platform = __commonJS({
      };
    });
    var getLinuxInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout } = yield exec2.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
+      const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
        silent: true
      });
      const [name, version] = stdout.trim().split("\n");
@@ -27627,7 +27627,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.4",
+      version: "4.31.8",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -27662,7 +27662,6 @@ var require_package = __commonJS({
        "@actions/io": "^2.0.0",
        "@actions/tool-cache": "^2.0.2",
        "@octokit/plugin-retry": "^6.0.0",
-        "@octokit/request-error": "^7.0.2",
        "@schemastore/package": "0.0.10",
        archiver: "^7.0.1",
        "fast-deep-equal": "^3.1.3",
@@ -27671,27 +27670,26 @@ var require_package = __commonJS({
        "js-yaml": "^4.1.1",
        jsonschema: "1.4.1",
        long: "^5.3.2",
-        "node-forge": "^1.3.1",
-        octokit: "^5.0.5",
+        "node-forge": "^1.3.2",
        semver: "^7.7.3",
        uuid: "^13.0.0"
      },
      devDependencies: {
        "@ava/typescript": "6.0.0",
-        "@eslint/compat": "^1.4.1",
-        "@eslint/eslintrc": "^3.3.1",
+        "@eslint/compat": "^2.0.0",
+        "@eslint/eslintrc": "^3.3.3",
        "@eslint/js": "^9.39.1",
        "@microsoft/eslint-formatter-sarif": "^3.1.0",
        "@octokit/types": "^16.0.0",
        "@types/archiver": "^7.0.0",
        "@types/follow-redirects": "^1.14.4",
        "@types/js-yaml": "^4.0.9",
-        "@types/node": "20.19.9",
+        "@types/node": "^20.19.9",
        "@types/node-forge": "^1.3.14",
        "@types/semver": "^7.7.1",
-        "@types/sinon": "^17.0.4",
-        "@typescript-eslint/eslint-plugin": "^8.46.4",
-        "@typescript-eslint/parser": "^8.41.0",
+        "@types/sinon": "^21.0.0",
+        "@typescript-eslint/eslint-plugin": "^8.48.0",
+        "@typescript-eslint/parser": "^8.48.0",
        ava: "^6.4.1",
        esbuild: "^0.27.0",
        eslint: "^8.57.1",
@@ -27699,9 +27697,9 @@ var require_package = __commonJS({
        "eslint-plugin-filenames": "^1.3.2",
        "eslint-plugin-github": "^5.1.8",
        "eslint-plugin-import": "2.29.1",
-        "eslint-plugin-jsdoc": "^61.1.12",
+        "eslint-plugin-jsdoc": "^61.4.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
-        glob: "^11.0.3",
+        glob: "^11.1.0",
        nock: "^14.0.10",
        sinon: "^21.0.0",
        typescript: "^5.9.3"
@@ -27725,7 +27723,8 @@ var require_package = __commonJS({
        "eslint-plugin-jsx-a11y": {
          semver: ">=6.3.1"
        },
-        "brace-expansion@2.0.1": "2.0.2"
+        "brace-expansion@2.0.1": "2.0.2",
+        glob: "^11.1.0"
      }
    };
  }
@@ -33935,7 +33934,7 @@ var require_cacheUtils = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getRuntimeToken = exports2.getCacheVersion = exports2.assertDefined = exports2.getGnuTarPathOnWindows = exports2.getCacheFileName = exports2.getCompressionMethod = exports2.unlinkFile = exports2.resolvePaths = exports2.getArchiveFileSizeInBytes = exports2.createTempDirectory = void 0;
    var core18 = __importStar4(require_core());
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var glob2 = __importStar4(require_glob());
    var io7 = __importStar4(require_io3());
    var crypto = __importStar4(require("crypto"));
@@ -34019,7 +34018,7 @@ var require_cacheUtils = __commonJS({
        additionalArgs.push("--version");
        core18.debug(`Checking ${app} ${additionalArgs.join(" ")}`);
        try {
-          yield exec2.exec(`${app}`, additionalArgs, {
+          yield exec.exec(`${app}`, additionalArgs, {
            ignoreReturnCode: true,
            silent: true,
            listeners: {
@@ -97357,52 +97356,128 @@ var require_isPlainObject = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/brace-expansion/index.js
-var require_brace_expansion3 = __commonJS({
-  "node_modules/archiver-utils/node_modules/brace-expansion/index.js"(exports2, module2) {
-    var balanced = require_balanced_match();
-    module2.exports = expandTop;
+// node_modules/@isaacs/balanced-match/dist/commonjs/index.js
+var require_commonjs13 = __commonJS({
+  "node_modules/@isaacs/balanced-match/dist/commonjs/index.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.range = exports2.balanced = void 0;
+    var balanced = (a, b, str2) => {
+      const ma = a instanceof RegExp ? maybeMatch(a, str2) : a;
+      const mb = b instanceof RegExp ? maybeMatch(b, str2) : b;
+      const r = ma !== null && mb != null && (0, exports2.range)(ma, mb, str2);
+      return r && {
+        start: r[0],
+        end: r[1],
+        pre: str2.slice(0, r[0]),
+        body: str2.slice(r[0] + ma.length, r[1]),
+        post: str2.slice(r[1] + mb.length)
+      };
+    };
+    exports2.balanced = balanced;
+    var maybeMatch = (reg, str2) => {
+      const m = str2.match(reg);
+      return m ? m[0] : null;
+    };
+    var range = (a, b, str2) => {
+      let begs, beg, left, right = void 0, result;
+      let ai = str2.indexOf(a);
+      let bi = str2.indexOf(b, ai + 1);
+      let i = ai;
+      if (ai >= 0 && bi > 0) {
+        if (a === b) {
+          return [ai, bi];
+        }
+        begs = [];
+        left = str2.length;
+        while (i >= 0 && !result) {
+          if (i === ai) {
+            begs.push(i);
+            ai = str2.indexOf(a, i + 1);
+          } else if (begs.length === 1) {
+            const r = begs.pop();
+            if (r !== void 0)
+              result = [r, bi];
+          } else {
+            beg = begs.pop();
+            if (beg !== void 0 && beg < left) {
+              left = beg;
+              right = bi;
+            }
+            bi = str2.indexOf(b, i + 1);
+          }
+          i = ai < bi && ai >= 0 ? ai : bi;
+        }
+        if (begs.length && right !== void 0) {
+          result = [left, right];
+        }
+      }
+      return result;
+    };
+    exports2.range = range;
+  }
+});
+
+// node_modules/@isaacs/brace-expansion/dist/commonjs/index.js
+var require_commonjs14 = __commonJS({
+  "node_modules/@isaacs/brace-expansion/dist/commonjs/index.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.expand = expand;
+    var balanced_match_1 = require_commonjs13();
    var escSlash = "\0SLASH" + Math.random() + "\0";
    var escOpen = "\0OPEN" + Math.random() + "\0";
    var escClose = "\0CLOSE" + Math.random() + "\0";
    var escComma = "\0COMMA" + Math.random() + "\0";
    var escPeriod = "\0PERIOD" + Math.random() + "\0";
+    var escSlashPattern = new RegExp(escSlash, "g");
+    var escOpenPattern = new RegExp(escOpen, "g");
+    var escClosePattern = new RegExp(escClose, "g");
+    var escCommaPattern = new RegExp(escComma, "g");
+    var escPeriodPattern = new RegExp(escPeriod, "g");
+    var slashPattern = /\\\\/g;
+    var openPattern = /\\{/g;
+    var closePattern = /\\}/g;
+    var commaPattern = /\\,/g;
+    var periodPattern = /\\./g;
    function numeric(str2) {
-      return parseInt(str2, 10) == str2 ? parseInt(str2, 10) : str2.charCodeAt(0);
+      return !isNaN(str2) ? parseInt(str2, 10) : str2.charCodeAt(0);
    }
    function escapeBraces(str2) {
-      return str2.split("\\\\").join(escSlash).split("\\{").join(escOpen).split("\\}").join(escClose).split("\\,").join(escComma).split("\\.").join(escPeriod);
+      return str2.replace(slashPattern, escSlash).replace(openPattern, escOpen).replace(closePattern, escClose).replace(commaPattern, escComma).replace(periodPattern, escPeriod);
    }
    function unescapeBraces(str2) {
-      return str2.split(escSlash).join("\\").split(escOpen).join("{").split(escClose).join("}").split(escComma).join(",").split(escPeriod).join(".");
+      return str2.replace(escSlashPattern, "\\").replace(escOpenPattern, "{").replace(escClosePattern, "}").replace(escCommaPattern, ",").replace(escPeriodPattern, ".");
    }
    function parseCommaParts(str2) {
-      if (!str2)
+      if (!str2) {
        return [""];
-      var parts = [];
-      var m = balanced("{", "}", str2);
-      if (!m)
+      }
+      const parts = [];
+      const m = (0, balanced_match_1.balanced)("{", "}", str2);
+      if (!m) {
        return str2.split(",");
-      var pre = m.pre;
-      var body = m.body;
-      var post = m.post;
-      var p = pre.split(",");
+      }
+      const { pre, body, post } = m;
+      const p = pre.split(",");
      p[p.length - 1] += "{" + body + "}";
-      var postParts = parseCommaParts(post);
+      const postParts = parseCommaParts(post);
      if (post.length) {
+        ;
        p[p.length - 1] += postParts.shift();
        p.push.apply(p, postParts);
      }
      parts.push.apply(parts, p);
      return parts;
    }
-    function expandTop(str2) {
-      if (!str2)
+    function expand(str2) {
+      if (!str2) {
        return [];
-      if (str2.substr(0, 2) === "{}") {
-        str2 = "\\{\\}" + str2.substr(2);
      }
-      return expand(escapeBraces(str2), true).map(unescapeBraces);
+      if (str2.slice(0, 2) === "{}") {
+        str2 = "\\{\\}" + str2.slice(2);
+      }
+      return expand_(escapeBraces(str2), true).map(unescapeBraces);
    }
    function embrace(str2) {
      return "{" + str2 + "}";
@@ -97416,73 +97491,74 @@ var require_brace_expansion3 = __commonJS({
    function gte5(i, y) {
      return i >= y;
    }
-    function expand(str2, isTop) {
-      var expansions = [];
-      var m = balanced("{", "}", str2);
-      if (!m) return [str2];
-      var pre = m.pre;
-      var post = m.post.length ? expand(m.post, false) : [""];
+    function expand_(str2, isTop) {
+      const expansions = [];
+      const m = (0, balanced_match_1.balanced)("{", "}", str2);
+      if (!m)
+        return [str2];
+      const pre = m.pre;
+      const post = m.post.length ? expand_(m.post, false) : [""];
      if (/\$$/.test(m.pre)) {
-        for (var k = 0; k < post.length; k++) {
-          var expansion = pre + "{" + m.body + "}" + post[k];
+        for (let k = 0; k < post.length; k++) {
+          const expansion = pre + "{" + m.body + "}" + post[k];
          expansions.push(expansion);
        }
      } else {
-        var isNumericSequence = /^-?\d+\.\.-?\d+(?:\.\.-?\d+)?$/.test(m.body);
-        var isAlphaSequence = /^[a-zA-Z]\.\.[a-zA-Z](?:\.\.-?\d+)?$/.test(m.body);
-        var isSequence = isNumericSequence || isAlphaSequence;
-        var isOptions = m.body.indexOf(",") >= 0;
+        const isNumericSequence = /^-?\d+\.\.-?\d+(?:\.\.-?\d+)?$/.test(m.body);
+        const isAlphaSequence = /^[a-zA-Z]\.\.[a-zA-Z](?:\.\.-?\d+)?$/.test(m.body);
+        const isSequence = isNumericSequence || isAlphaSequence;
+        const isOptions = m.body.indexOf(",") >= 0;
        if (!isSequence && !isOptions) {
          if (m.post.match(/,(?!,).*\}/)) {
            str2 = m.pre + "{" + m.body + escClose + m.post;
-            return expand(str2);
+            return expand_(str2);
          }
          return [str2];
        }
-        var n;
+        let n;
        if (isSequence) {
          n = m.body.split(/\.\./);
        } else {
          n = parseCommaParts(m.body);
-          if (n.length === 1) {
-            n = expand(n[0], false).map(embrace);
+          if (n.length === 1 && n[0] !== void 0) {
+            n = expand_(n[0], false).map(embrace);
            if (n.length === 1) {
-              return post.map(function(p) {
-                return m.pre + n[0] + p;
-              });
+              return post.map((p) => m.pre + n[0] + p);
            }
          }
        }
-        var N;
-        if (isSequence) {
-          var x = numeric(n[0]);
-          var y = numeric(n[1]);
-          var width = Math.max(n[0].length, n[1].length);
-          var incr = n.length == 3 ? Math.abs(numeric(n[2])) : 1;
-          var test = lte;
-          var reverse = y < x;
+        let N;
+        if (isSequence && n[0] !== void 0 && n[1] !== void 0) {
+          const x = numeric(n[0]);
+          const y = numeric(n[1]);
+          const width = Math.max(n[0].length, n[1].length);
+          let incr = n.length === 3 && n[2] !== void 0 ? Math.abs(numeric(n[2])) : 1;
+          let test = lte;
+          const reverse = y < x;
          if (reverse) {
            incr *= -1;
            test = gte5;
          }
-          var pad = n.some(isPadded);
+          const pad = n.some(isPadded);
          N = [];
-          for (var i = x; test(i, y); i += incr) {
-            var c;
+          for (let i = x; test(i, y); i += incr) {
+            let c;
            if (isAlphaSequence) {
              c = String.fromCharCode(i);
-              if (c === "\\")
+              if (c === "\\") {
                c = "";
+              }
            } else {
              c = String(i);
              if (pad) {
-                var need = width - c.length;
+                const need = width - c.length;
                if (need > 0) {
-                  var z = new Array(need + 1).join("0");
-                  if (i < 0)
+                  const z = new Array(need + 1).join("0");
+                  if (i < 0) {
                    c = "-" + z + c.slice(1);
-                  else
+                  } else {
                    c = z + c;
+                  }
                }
              }
            }
@@ -97490,15 +97566,16 @@ var require_brace_expansion3 = __commonJS({
          }
        } else {
          N = [];
-          for (var j = 0; j < n.length; j++) {
-            N.push.apply(N, expand(n[j], false));
+          for (let j = 0; j < n.length; j++) {
+            N.push.apply(N, expand_(n[j], false));
          }
        }
-        for (var j = 0; j < N.length; j++) {
-          for (var k = 0; k < post.length; k++) {
-            var expansion = pre + N[j] + post[k];
-            if (!isTop || isSequence || expansion)
+        for (let j = 0; j < N.length; j++) {
+          for (let k = 0; k < post.length; k++) {
+            const expansion = pre + N[j] + post[k];
+            if (!isTop || isSequence || expansion) {
              expansions.push(expansion);
+            }
          }
        }
      }
@@ -97507,9 +97584,9 @@ var require_brace_expansion3 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js
 var require_assert_valid_pattern = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.assertValidPattern = void 0;
@@ -97526,9 +97603,9 @@ var require_assert_valid_pattern = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/brace-expressions.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/brace-expressions.js
 var require_brace_expressions = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/brace-expressions.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/brace-expressions.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.parseClass = void 0;
@@ -97643,22 +97720,25 @@ var require_brace_expressions = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/unescape.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/unescape.js
 var require_unescape = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/unescape.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/unescape.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.unescape = void 0;
-    var unescape = (s, { windowsPathsNoEscape = false } = {}) => {
-      return windowsPathsNoEscape ? s.replace(/\[([^\/\\])\]/g, "$1") : s.replace(/((?!\\).|^)\[([^\/\\])\]/g, "$1$2").replace(/\\([^\/])/g, "$1");
+    var unescape = (s, { windowsPathsNoEscape = false, magicalBraces = true } = {}) => {
+      if (magicalBraces) {
+        return windowsPathsNoEscape ? s.replace(/\[([^\/\\])\]/g, "$1") : s.replace(/((?!\\).|^)\[([^\/\\])\]/g, "$1$2").replace(/\\([^\/])/g, "$1");
+      }
+      return windowsPathsNoEscape ? s.replace(/\[([^\/\\{}])\]/g, "$1") : s.replace(/((?!\\).|^)\[([^\/\\{}])\]/g, "$1$2").replace(/\\([^\/{}])/g, "$1");
    };
    exports2.unescape = unescape;
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/ast.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/ast.js
 var require_ast = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/ast.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/ast.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.AST = void 0;
@@ -98014,7 +98094,7 @@ var require_ast = __commonJS({
        if (this.#root === this)
          this.#fillNegs();
        if (!this.type) {
-          const noEmpty = this.isStart() && this.isEnd();
+          const noEmpty = this.isStart() && this.isEnd() && !this.#parts.some((s) => typeof s !== "string");
          const src = this.#parts.map((p) => {
            const [re, _2, hasMagic, uflag] = typeof p === "string" ? _AST.#parseGlob(p, this.#hasMagic, noEmpty) : p.toRegExpSource(allowDot);
            this.#hasMagic = this.#hasMagic || hasMagic;
@@ -98124,10 +98204,7 @@ var require_ast = __commonJS({
            }
          }
          if (c === "*") {
-            if (noEmpty && glob2 === "*")
-              re += starNoEmpty;
-            else
-              re += star;
+            re += noEmpty && glob2 === "*" ? starNoEmpty : star;
            hasMagic = true;
            continue;
          }
@@ -98145,29 +98222,29 @@ var require_ast = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/escape.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/escape.js
 var require_escape = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/escape.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/escape.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.escape = void 0;
-    var escape = (s, { windowsPathsNoEscape = false } = {}) => {
+    var escape = (s, { windowsPathsNoEscape = false, magicalBraces = false } = {}) => {
+      if (magicalBraces) {
+        return windowsPathsNoEscape ? s.replace(/[?*()[\]{}]/g, "[$&]") : s.replace(/[?*()[\]\\{}]/g, "\\$&");
+      }
      return windowsPathsNoEscape ? s.replace(/[?*()[\]]/g, "[$&]") : s.replace(/[?*()[\]\\]/g, "\\$&");
    };
    exports2.escape = escape;
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/index.js
-var require_commonjs13 = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/index.js"(exports2) {
+// node_modules/glob/node_modules/minimatch/dist/commonjs/index.js
+var require_commonjs15 = __commonJS({
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/index.js"(exports2) {
    "use strict";
-    var __importDefault4 = exports2 && exports2.__importDefault || function(mod) {
-      return mod && mod.__esModule ? mod : { "default": mod };
-    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.unescape = exports2.escape = exports2.AST = exports2.Minimatch = exports2.match = exports2.makeRe = exports2.braceExpand = exports2.defaults = exports2.filter = exports2.GLOBSTAR = exports2.sep = exports2.minimatch = void 0;
-    var brace_expansion_1 = __importDefault4(require_brace_expansion3());
+    var brace_expansion_1 = require_commonjs14();
    var assert_valid_pattern_js_1 = require_assert_valid_pattern();
    var ast_js_1 = require_ast();
    var escape_js_1 = require_escape();
@@ -98290,7 +98367,7 @@ var require_commonjs13 = __commonJS({
      if (options.nobrace || !/\{(?:(?!\{).)*\}/.test(pattern)) {
        return [pattern];
      }
-      return (0, brace_expansion_1.default)(pattern);
+      return (0, brace_expansion_1.expand)(pattern);
    };
    exports2.braceExpand = braceExpand;
    exports2.minimatch.braceExpand = exports2.braceExpand;
@@ -98814,16 +98891,27 @@ var require_commonjs13 = __commonJS({
                pp[i] = twoStar;
              }
            } else if (next === void 0) {
-              pp[i - 1] = prev + "(?:\\/|" + twoStar + ")?";
+              pp[i - 1] = prev + "(?:\\/|\\/" + twoStar + ")?";
            } else if (next !== exports2.GLOBSTAR) {
              pp[i - 1] = prev + "(?:\\/|\\/" + twoStar + "\\/)" + next;
              pp[i + 1] = exports2.GLOBSTAR;
            }
          });
-          return pp.filter((p) => p !== exports2.GLOBSTAR).join("/");
+          const filtered = pp.filter((p) => p !== exports2.GLOBSTAR);
+          if (this.partial && filtered.length >= 1) {
+            const prefixes = [];
+            for (let i = 1; i <= filtered.length; i++) {
+              prefixes.push(filtered.slice(0, i).join("/"));
+            }
+            return "(?:" + prefixes.join("|") + ")";
+          }
+          return filtered.join("/");
        }).join("|");
        const [open, close] = set2.length > 1 ? ["(?:", ")"] : ["", ""];
        re = "^" + open + re + close + "$";
+        if (this.partial) {
+          re = "^(?:\\/|" + open + re.slice(1, -1) + close + ")$";
+        }
        if (this.negate)
          re = "^(?!" + re + ").+$";
        try {
@@ -98910,9 +98998,9 @@ var require_commonjs13 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/lru-cache/dist/commonjs/index.js
-var require_commonjs14 = __commonJS({
-  "node_modules/archiver-utils/node_modules/lru-cache/dist/commonjs/index.js"(exports2) {
+// node_modules/lru-cache/dist/commonjs/index.js
+var require_commonjs16 = __commonJS({
+  "node_modules/lru-cache/dist/commonjs/index.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.LRUCache = void 0;
@@ -99001,6 +99089,7 @@ var require_commonjs14 = __commonJS({
      #max;
      #maxSize;
      #dispose;
+      #onInsert;
      #disposeAfter;
      #fetchMethod;
      #memoMethod;
@@ -99082,6 +99171,7 @@ var require_commonjs14 = __commonJS({
      #hasDispose;
      #hasFetchMethod;
      #hasDisposeAfter;
+      #hasOnInsert;
      /**
       * Do not call this method unless you need to inspect the
       * inner workings of the cache.  If anything returned by this
@@ -99158,6 +99248,12 @@ var require_commonjs14 = __commonJS({
      get dispose() {
        return this.#dispose;
      }
+      /**
+       * {@link LRUCache.OptionsBase.onInsert} (read-only)
+       */
+      get onInsert() {
+        return this.#onInsert;
+      }
      /**
       * {@link LRUCache.OptionsBase.disposeAfter} (read-only)
       */
@@ -99165,7 +99261,7 @@ var require_commonjs14 = __commonJS({
        return this.#disposeAfter;
      }
      constructor(options) {
-        const { max = 0, ttl, ttlResolution = 1, ttlAutopurge, updateAgeOnGet, updateAgeOnHas, allowStale, dispose, disposeAfter, noDisposeOnSet, noUpdateTTL, maxSize = 0, maxEntrySize = 0, sizeCalculation, fetchMethod, memoMethod, noDeleteOnFetchRejection, noDeleteOnStaleGet, allowStaleOnFetchRejection, allowStaleOnFetchAbort, ignoreFetchAbort } = options;
+        const { max = 0, ttl, ttlResolution = 1, ttlAutopurge, updateAgeOnGet, updateAgeOnHas, allowStale, dispose, onInsert, disposeAfter, noDisposeOnSet, noUpdateTTL, maxSize = 0, maxEntrySize = 0, sizeCalculation, fetchMethod, memoMethod, noDeleteOnFetchRejection, noDeleteOnStaleGet, allowStaleOnFetchRejection, allowStaleOnFetchAbort, ignoreFetchAbort } = options;
        if (max !== 0 && !isPosInt(max)) {
          throw new TypeError("max option must be a nonnegative integer");
        }
@@ -99207,6 +99303,9 @@ var require_commonjs14 = __commonJS({
        if (typeof dispose === "function") {
          this.#dispose = dispose;
        }
+        if (typeof onInsert === "function") {
+          this.#onInsert = onInsert;
+        }
        if (typeof disposeAfter === "function") {
          this.#disposeAfter = disposeAfter;
          this.#disposed = [];
@@ -99215,6 +99314,7 @@ var require_commonjs14 = __commonJS({
          this.#disposed = void 0;
        }
        this.#hasDispose = !!this.#dispose;
+        this.#hasOnInsert = !!this.#onInsert;
        this.#hasDisposeAfter = !!this.#disposeAfter;
        this.noDisposeOnSet = !!noDisposeOnSet;
        this.noUpdateTTL = !!noUpdateTTL;
@@ -99617,7 +99717,7 @@ var require_commonjs14 = __commonJS({
      }
      /**
       * Return an array of [key, {@link LRUCache.Entry}] tuples which can be
-       * passed to {@link LRLUCache#load}.
+       * passed to {@link LRUCache#load}.
       *
       * The `start` fields are calculated relative to a portable `Date.now()`
       * timestamp, even if `performance.now()` is available.
@@ -99728,6 +99828,9 @@ var require_commonjs14 = __commonJS({
          if (status)
            status.set = "add";
          noUpdateTTL = false;
+          if (this.#hasOnInsert) {
+            this.#onInsert?.(v, k, "add");
+          }
        } else {
          this.#moveToTail(index);
          const oldVal = this.#valList[index];
@@ -99763,6 +99866,9 @@ var require_commonjs14 = __commonJS({
          } else if (status) {
            status.set = "update";
          }
+          if (this.#hasOnInsert) {
+            this.onInsert?.(v, k, v === oldVal ? "update" : "replace");
+          }
        }
        if (ttl !== 0 && !this.#ttls) {
          this.#initializeTTLTracking();
@@ -100288,7 +100394,7 @@ var require_commonjs14 = __commonJS({
 });

 // node_modules/minipass/dist/commonjs/index.js
-var require_commonjs15 = __commonJS({
+var require_commonjs17 = __commonJS({
  "node_modules/minipass/dist/commonjs/index.js"(exports2) {
    "use strict";
    var __importDefault4 = exports2 && exports2.__importDefault || function(mod) {
@@ -101179,9 +101285,9 @@ var require_commonjs15 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/path-scurry/dist/commonjs/index.js
-var require_commonjs16 = __commonJS({
-  "node_modules/archiver-utils/node_modules/path-scurry/dist/commonjs/index.js"(exports2) {
+// node_modules/path-scurry/dist/commonjs/index.js
+var require_commonjs18 = __commonJS({
+  "node_modules/path-scurry/dist/commonjs/index.js"(exports2) {
    "use strict";
    var __createBinding4 = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) {
      if (k2 === void 0) k2 = k;
@@ -101212,14 +101318,14 @@ var require_commonjs16 = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.PathScurry = exports2.Path = exports2.PathScurryDarwin = exports2.PathScurryPosix = exports2.PathScurryWin32 = exports2.PathScurryBase = exports2.PathPosix = exports2.PathWin32 = exports2.PathBase = exports2.ChildrenCache = exports2.ResolveCache = void 0;
-    var lru_cache_1 = require_commonjs14();
+    var lru_cache_1 = require_commonjs16();
    var node_path_1 = require("node:path");
    var node_url_1 = require("node:url");
    var fs_1 = require("fs");
    var actualFS = __importStar4(require("node:fs"));
    var realpathSync = fs_1.realpathSync.native;
    var promises_1 = require("node:fs/promises");
-    var minipass_1 = require_commonjs15();
+    var minipass_1 = require_commonjs17();
    var defaultFS = {
      lstatSync: fs_1.lstatSync,
      readdir: fs_1.readdir,
@@ -101434,6 +101540,8 @@ var require_commonjs16 = __commonJS({
      /**
       * Deprecated alias for Dirent['parentPath'] Somewhat counterintuitively,
       * this property refers to the *parent* path, not the path object itself.
+       *
+       * @deprecated
       */
      get path() {
        return this.parentPath;
@@ -102953,13 +103061,13 @@ var require_commonjs16 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/pattern.js
+// node_modules/glob/dist/commonjs/pattern.js
 var require_pattern = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/pattern.js"(exports2) {
+  "node_modules/glob/dist/commonjs/pattern.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Pattern = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var isPatternList = (pl) => pl.length >= 1;
    var isGlobList = (gl) => gl.length >= 1;
    var Pattern = class _Pattern {
@@ -103127,13 +103235,13 @@ var require_pattern = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/ignore.js
+// node_modules/glob/dist/commonjs/ignore.js
 var require_ignore = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/ignore.js"(exports2) {
+  "node_modules/glob/dist/commonjs/ignore.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Ignore = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var pattern_js_1 = require_pattern();
    var defaultPlatform = typeof process === "object" && process && typeof process.platform === "string" ? process.platform : "linux";
    var Ignore = class {
@@ -103224,13 +103332,13 @@ var require_ignore = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/processor.js
+// node_modules/glob/dist/commonjs/processor.js
 var require_processor = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/processor.js"(exports2) {
+  "node_modules/glob/dist/commonjs/processor.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Processor = exports2.SubWalks = exports2.MatchRecord = exports2.HasWalkedCache = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var HasWalkedCache = class _HasWalkedCache {
      store;
      constructor(store = /* @__PURE__ */ new Map()) {
@@ -103457,13 +103565,13 @@ var require_processor = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/walker.js
+// node_modules/glob/dist/commonjs/walker.js
 var require_walker = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/walker.js"(exports2) {
+  "node_modules/glob/dist/commonjs/walker.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.GlobStream = exports2.GlobWalker = exports2.GlobUtil = void 0;
-    var minipass_1 = require_commonjs15();
+    var minipass_1 = require_commonjs17();
    var ignore_js_1 = require_ignore();
    var processor_js_1 = require_processor();
    var makeIgnore = (ignore, opts) => typeof ignore === "string" ? new ignore_js_1.Ignore([ignore], opts) : Array.isArray(ignore) ? new ignore_js_1.Ignore(ignore, opts) : ignore;
@@ -103797,15 +103905,15 @@ var require_walker = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/glob.js
+// node_modules/glob/dist/commonjs/glob.js
 var require_glob2 = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/glob.js"(exports2) {
+  "node_modules/glob/dist/commonjs/glob.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Glob = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var node_url_1 = require("node:url");
-    var path_scurry_1 = require_commonjs16();
+    var path_scurry_1 = require_commonjs18();
    var pattern_js_1 = require_pattern();
    var walker_js_1 = require_walker();
    var defaultPlatform = typeof process === "object" && process && typeof process.platform === "string" ? process.platform : "linux";
@@ -104010,13 +104118,13 @@ var require_glob2 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/has-magic.js
+// node_modules/glob/dist/commonjs/has-magic.js
 var require_has_magic = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/has-magic.js"(exports2) {
+  "node_modules/glob/dist/commonjs/has-magic.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.hasMagic = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var hasMagic = (pattern, options = {}) => {
      if (!Array.isArray(pattern)) {
        pattern = [pattern];
@@ -104031,9 +104139,9 @@ var require_has_magic = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/index.js
-var require_commonjs17 = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/index.js"(exports2) {
+// node_modules/glob/dist/commonjs/index.js
+var require_commonjs19 = __commonJS({
+  "node_modules/glob/dist/commonjs/index.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.glob = exports2.sync = exports2.iterate = exports2.iterateSync = exports2.stream = exports2.streamSync = exports2.Ignore = exports2.hasMagic = exports2.Glob = exports2.unescape = exports2.escape = void 0;
@@ -104042,10 +104150,10 @@ var require_commonjs17 = __commonJS({
    exports2.globSync = globSync;
    exports2.globIterateSync = globIterateSync;
    exports2.globIterate = globIterate;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var glob_js_1 = require_glob2();
    var has_magic_js_1 = require_has_magic();
-    var minimatch_2 = require_commonjs13();
+    var minimatch_2 = require_commonjs15();
    Object.defineProperty(exports2, "escape", { enumerable: true, get: function() {
      return minimatch_2.escape;
    } });
@@ -104122,7 +104230,7 @@ var require_file3 = __commonJS({
    var difference = require_difference();
    var union = require_union();
    var isPlainObject = require_isPlainObject();
-    var glob2 = require_commonjs17();
+    var glob2 = require_commonjs19();
    var file = module2.exports = {};
    var pathSeparatorRe = /[\/\\]/g;
    var processPatterns = function(patterns, fn) {
@@ -119344,7 +119452,6 @@ var fs = __toESM(require("fs"));
 var fsPromises = __toESM(require("fs/promises"));
 var path = __toESM(require("path"));
 var core3 = __toESM(require_core());
-var exec = __toESM(require_exec());
 var io = __toESM(require_io2());

 // node_modules/get-folder-size/index.js
@@ -121992,7 +122099,7 @@ var safeDump = renamed("safeDump", "dump");
 var semver = __toESM(require_semver2());

 // src/api-compatibility.json
-var maximumVersion = "3.19";
+var maximumVersion = "3.20";
 var minimumVersion = "3.14";

 // src/util.ts
@@ -122977,8 +123084,8 @@ var path4 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.5";
-var cliVersion = "2.23.5";
+var bundleVersion = "codeql-bundle-v2.23.7";
+var cliVersion = "2.23.7";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
@@ -123216,7 +123323,7 @@ function formatDuration(durationMs) {
 }

 // src/overlay-database-utils.ts
-var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4";
+var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
 async function writeBaseDatabaseOidsFile(config, sourceRoot) {
@@ -123312,6 +123419,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: "2.15.0"
  },
+  ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN",
+    minimumVersion: void 0
+  },
  ["csharp_new_cache_key" /* CsharpNewCacheKey */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY",
@@ -123345,6 +123457,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -123445,6 +123562,11 @@ var featureConfig = {
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST",
    minimumVersion: void 0
  },
+  ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS",
+    minimumVersion: void 0
+  },
  ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT",
@@ -123456,21 +123578,21 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */
  },
-  ["use_repository_properties" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_QA_TELEMETRY",
    legacyApi: true,
    minimumVersion: void 0
  },
-  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+  ["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
    defaultValue: false,
-    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
-    minimumVersion: "2.23.0"
+    envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
+    minimumVersion: void 0
+  },
+  ["use_repository_properties" /* UseRepositoryProperties */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
+    minimumVersion: void 0
  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
@@ -123766,6 +123888,9 @@ ${jsonContents}`
 var actionsCache2 = __toESM(require_cache3());

 // src/config-utils.ts
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
+var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
 var OVERLAY_ANALYSIS_FEATURES = {
  actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
  cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */,
--- a/lib/init-action.js
+++ b/lib/init-action.js
@@ -19419,7 +19419,7 @@ var require_exec = __commonJS({
    exports2.getExecOutput = exports2.exec = void 0;
    var string_decoder_1 = require("string_decoder");
    var tr = __importStar4(require_toolrunner());
-    function exec2(commandLine, args, options) {
+    function exec(commandLine, args, options) {
      return __awaiter4(this, void 0, void 0, function* () {
        const commandArgs = tr.argStringToArray(commandLine);
        if (commandArgs.length === 0) {
@@ -19431,8 +19431,8 @@ var require_exec = __commonJS({
        return runner.exec();
      });
    }
-    exports2.exec = exec2;
-    function getExecOutput2(commandLine, args, options) {
+    exports2.exec = exec;
+    function getExecOutput(commandLine, args, options) {
      var _a, _b;
      return __awaiter4(this, void 0, void 0, function* () {
        let stdout = "";
@@ -19454,7 +19454,7 @@ var require_exec = __commonJS({
          }
        };
        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
-        const exitCode = yield exec2(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
+        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
        stdout += stdoutDecoder.end();
        stderr += stderrDecoder.end();
        return {
@@ -19464,7 +19464,7 @@ var require_exec = __commonJS({
        };
      });
    }
-    exports2.getExecOutput = getExecOutput2;
+    exports2.getExecOutput = getExecOutput;
  }
 });

@@ -19532,12 +19532,12 @@ var require_platform = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getDetails = exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
    var os_1 = __importDefault4(require("os"));
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var getWindowsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout: version } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
+      const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
        silent: true
      });
-      const { stdout: name } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
+      const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
        silent: true
      });
      return {
@@ -19547,7 +19547,7 @@ var require_platform = __commonJS({
    });
    var getMacOsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
      var _a, _b, _c, _d;
-      const { stdout } = yield exec2.getExecOutput("sw_vers", void 0, {
+      const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
        silent: true
      });
      const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
@@ -19558,7 +19558,7 @@ var require_platform = __commonJS({
      };
    });
    var getLinuxInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout } = yield exec2.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
+      const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
        silent: true
      });
      const [name, version] = stdout.trim().split("\n");
@@ -27627,7 +27627,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.4",
+      version: "4.31.8",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -27662,7 +27662,6 @@ var require_package = __commonJS({
        "@actions/io": "^2.0.0",
        "@actions/tool-cache": "^2.0.2",
        "@octokit/plugin-retry": "^6.0.0",
-        "@octokit/request-error": "^7.0.2",
        "@schemastore/package": "0.0.10",
        archiver: "^7.0.1",
        "fast-deep-equal": "^3.1.3",
@@ -27671,27 +27670,26 @@ var require_package = __commonJS({
        "js-yaml": "^4.1.1",
        jsonschema: "1.4.1",
        long: "^5.3.2",
-        "node-forge": "^1.3.1",
-        octokit: "^5.0.5",
+        "node-forge": "^1.3.2",
        semver: "^7.7.3",
        uuid: "^13.0.0"
      },
      devDependencies: {
        "@ava/typescript": "6.0.0",
-        "@eslint/compat": "^1.4.1",
-        "@eslint/eslintrc": "^3.3.1",
+        "@eslint/compat": "^2.0.0",
+        "@eslint/eslintrc": "^3.3.3",
        "@eslint/js": "^9.39.1",
        "@microsoft/eslint-formatter-sarif": "^3.1.0",
        "@octokit/types": "^16.0.0",
        "@types/archiver": "^7.0.0",
        "@types/follow-redirects": "^1.14.4",
        "@types/js-yaml": "^4.0.9",
-        "@types/node": "20.19.9",
+        "@types/node": "^20.19.9",
        "@types/node-forge": "^1.3.14",
        "@types/semver": "^7.7.1",
-        "@types/sinon": "^17.0.4",
-        "@typescript-eslint/eslint-plugin": "^8.46.4",
-        "@typescript-eslint/parser": "^8.41.0",
+        "@types/sinon": "^21.0.0",
+        "@typescript-eslint/eslint-plugin": "^8.48.0",
+        "@typescript-eslint/parser": "^8.48.0",
        ava: "^6.4.1",
        esbuild: "^0.27.0",
        eslint: "^8.57.1",
@@ -27699,9 +27697,9 @@ var require_package = __commonJS({
        "eslint-plugin-filenames": "^1.3.2",
        "eslint-plugin-github": "^5.1.8",
        "eslint-plugin-import": "2.29.1",
-        "eslint-plugin-jsdoc": "^61.1.12",
+        "eslint-plugin-jsdoc": "^61.4.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
-        glob: "^11.0.3",
+        glob: "^11.1.0",
        nock: "^14.0.10",
        sinon: "^21.0.0",
        typescript: "^5.9.3"
@@ -27725,7 +27723,8 @@ var require_package = __commonJS({
        "eslint-plugin-jsx-a11y": {
          semver: ">=6.3.1"
        },
-        "brace-expansion@2.0.1": "2.0.2"
+        "brace-expansion@2.0.1": "2.0.2",
+        glob: "^11.1.0"
      }
    };
  }
@@ -34086,7 +34085,7 @@ var require_cacheUtils = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getRuntimeToken = exports2.getCacheVersion = exports2.assertDefined = exports2.getGnuTarPathOnWindows = exports2.getCacheFileName = exports2.getCompressionMethod = exports2.unlinkFile = exports2.resolvePaths = exports2.getArchiveFileSizeInBytes = exports2.createTempDirectory = void 0;
    var core14 = __importStar4(require_core());
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var glob2 = __importStar4(require_glob());
    var io7 = __importStar4(require_io3());
    var crypto2 = __importStar4(require("crypto"));
@@ -34170,7 +34169,7 @@ var require_cacheUtils = __commonJS({
        additionalArgs.push("--version");
        core14.debug(`Checking ${app} ${additionalArgs.join(" ")}`);
        try {
-          yield exec2.exec(`${app}`, additionalArgs, {
+          yield exec.exec(`${app}`, additionalArgs, {
            ignoreReturnCode: true,
            silent: true,
            listeners: {
@@ -81642,7 +81641,6 @@ var fsPromises = __toESM(require("fs/promises"));
 var os = __toESM(require("os"));
 var path = __toESM(require("path"));
 var core3 = __toESM(require_core());
-var exec = __toESM(require_exec());
 var io = __toESM(require_io2());

 // node_modules/get-folder-size/index.js
@@ -84291,7 +84289,7 @@ var safeDump = renamed("safeDump", "dump");
 var semver = __toESM(require_semver2());

 // src/api-compatibility.json
-var maximumVersion = "3.19";
+var maximumVersion = "3.20";
 var minimumVersion = "3.14";

 // src/util.ts
@@ -84398,7 +84396,7 @@ function getCgroupMemoryLimitBytes(limitFile, logger) {
  );
  return limit;
 }
-function getMemoryFlagValue(userInput, logger) {
+function getCodeQLMemoryLimit(userInput, logger) {
  return getMemoryFlagValueForPlatform(
    userInput,
    getTotalMemoryBytes(logger),
@@ -85637,8 +85635,8 @@ var path5 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.5";
-var cliVersion = "2.23.5";
+var bundleVersion = "codeql-bundle-v2.23.7";
+var cliVersion = "2.23.7";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
@@ -85854,7 +85852,7 @@ function formatDuration(durationMs) {
 }

 // src/overlay-database-utils.ts
-var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4";
+var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
 async function writeBaseDatabaseOidsFile(config, sourceRoot) {
@@ -86075,6 +86073,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: "2.15.0"
  },
+  ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN",
+    minimumVersion: void 0
+  },
  ["csharp_new_cache_key" /* CsharpNewCacheKey */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY",
@@ -86108,6 +86111,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -86208,6 +86216,11 @@ var featureConfig = {
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST",
    minimumVersion: void 0
  },
+  ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS",
+    minimumVersion: void 0
+  },
  ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT",
@@ -86219,21 +86232,21 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */
  },
-  ["use_repository_properties" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_QA_TELEMETRY",
    legacyApi: true,
    minimumVersion: void 0
  },
-  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+  ["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
    defaultValue: false,
-    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
-    minimumVersion: "2.23.0"
+    envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
+    minimumVersion: void 0
+  },
+  ["use_repository_properties" /* UseRepositoryProperties */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
+    minimumVersion: void 0
  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
@@ -86653,6 +86666,9 @@ async function cachePrefix(codeql, language) {
 }

 // src/config-utils.ts
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
+var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
 async function getSupportedLanguageMap(codeql, logger) {
  const resolveSupportedLanguagesUsingCli = await codeql.supportsFeature(
    "builtinExtractorsSpecifyDefaultQueries" /* BuiltinExtractorsSpecifyDefaultQueries */
@@ -86827,6 +86843,7 @@ async function initActionState({
    trapCaches,
    trapCacheDownloadTime,
    dependencyCachingEnabled: getCachingKind(dependencyCachingEnabled),
+    dependencyCachingRestoredKeys: [],
    extraQueryExclusions: [],
    overlayDatabaseMode: "none" /* None */,
    useOverlayDatabaseCaching: false,
@@ -86909,7 +86926,25 @@ async function isOverlayAnalysisFeatureEnabled(features, codeql, languages, code
  }
  return true;
 }
-async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, buildMode, codeScanningConfig, logger) {
+async function runnerSupportsOverlayAnalysis(ramInput, logger) {
+  const diskUsage = await checkDiskUsage(logger);
+  if (diskUsage === void 0 || diskUsage.numAvailableBytes < OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES) {
+    const diskSpaceMb = diskUsage === void 0 ? 0 : Math.round(diskUsage.numAvailableBytes / 1e6);
+    logger.info(
+      `Setting overlay database mode to ${"none" /* None */} due to insufficient disk space (${diskSpaceMb} MB).`
+    );
+    return false;
+  }
+  const memoryFlagValue = getCodeQLMemoryLimit(ramInput, logger);
+  if (memoryFlagValue < OVERLAY_MINIMUM_MEMORY_MB) {
+    logger.info(
+      `Setting overlay database mode to ${"none" /* None */} due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB).`
+    );
+    return false;
+  }
+  return true;
+}
+async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, buildMode, ramInput, codeScanningConfig, logger) {
  let overlayDatabaseMode = "none" /* None */;
  let useOverlayDatabaseCaching = false;
  const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE;
@@ -86924,7 +86959,13 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b
    languages,
    codeScanningConfig
  )) {
-    if (isAnalyzingPullRequest()) {
+    const performResourceChecks = !await features.getValue(
+      "overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */,
+      codeql
+    );
+    if (performResourceChecks && !await runnerSupportsOverlayAnalysis(ramInput, logger)) {
+      overlayDatabaseMode = "none" /* None */;
+    } else if (isAnalyzingPullRequest()) {
      overlayDatabaseMode = "overlay" /* Overlay */;
      useOverlayDatabaseCaching = true;
      logger.info(
@@ -87030,6 +87071,7 @@ async function initConfig(features, inputs) {
    config.languages,
    inputs.sourceRoot,
    config.buildMode,
+    inputs.ramInput,
    config.computedConfig,
    logger
  );
@@ -87244,7 +87286,7 @@ var CODEQL_DEPENDENCY_CACHE_VERSION = 1;
 function getJavaTempDependencyDir() {
  return (0, import_path.join)(getTemporaryDirectory(), "codeql_java", "repository");
 }
-function getJavaDependencyDirs() {
+async function getJavaDependencyDirs() {
  return [
    // Maven
    (0, import_path.join)(os2.homedir(), ".m2", "repository"),
@@ -87254,6 +87296,19 @@ function getJavaDependencyDirs() {
    getJavaTempDependencyDir()
  ];
 }
+function getCsharpTempDependencyDir() {
+  return (0, import_path.join)(getTemporaryDirectory(), "codeql_csharp", "repository");
+}
+async function getCsharpDependencyDirs(codeql, features) {
+  const dirs = [
+    // Nuget
+    (0, import_path.join)(os2.homedir(), ".nuget", "packages")
+  ];
+  if (await features.getValue("csharp_cache_bmn" /* CsharpCacheBuildModeNone */, codeql)) {
+    dirs.push(getCsharpTempDependencyDir());
+  }
+  return dirs;
+}
 async function makePatternCheck(patterns) {
  const globber = await makeGlobber(patterns);
  if ((await globber.glob()).length === 0) {
@@ -87298,11 +87353,11 @@ var defaultCacheConfigs = {
    ])
  },
  csharp: {
-    getDependencyPaths: () => [(0, import_path.join)(os2.homedir(), ".nuget", "packages")],
+    getDependencyPaths: getCsharpDependencyDirs,
    getHashPatterns: getCsharpHashPatterns
  },
  go: {
-    getDependencyPaths: () => [(0, import_path.join)(os2.homedir(), "go", "pkg", "mod")],
+    getDependencyPaths: async () => [(0, import_path.join)(os2.homedir(), "go", "pkg", "mod")],
    getHashPatterns: async () => internal.makePatternCheck(["**/go.sum"])
  }
 };
@@ -87320,6 +87375,7 @@ async function checkHashPatterns(codeql, features, language, cacheConfig, checkT
 }
 async function downloadDependencyCaches(codeql, features, languages, logger) {
  const status = [];
+  const restoredKeys = [];
  for (const language of languages) {
    const cacheConfig = defaultCacheConfigs[language];
    if (cacheConfig === void 0) {
@@ -87351,21 +87407,29 @@ async function downloadDependencyCaches(codeql, features, languages, logger) {
    );
    const start = performance.now();
    const hitKey = await actionsCache3.restoreCache(
-      cacheConfig.getDependencyPaths(),
+      await cacheConfig.getDependencyPaths(codeql, features),
      primaryKey,
      restoreKeys
    );
    const download_duration_ms = Math.round(performance.now() - start);
    if (hitKey !== void 0) {
      logger.info(`Cache hit on key ${hitKey} for ${language}.`);
-      const hit_kind = hitKey === primaryKey ? "exact" /* Exact */ : "partial" /* Partial */;
-      status.push({ language, hit_kind, download_duration_ms });
+      let hit_kind = "partial" /* Partial */;
+      if (hitKey === primaryKey) {
+        hit_kind = "exact" /* Exact */;
+      }
+      status.push({
+        language,
+        hit_kind,
+        download_duration_ms
+      });
+      restoredKeys.push(hitKey);
    } else {
      status.push({ language, hit_kind: "miss" /* Miss */ });
      logger.info(`No suitable cache found for ${language}.`);
    }
  }
-  return status;
+  return { statusReport: status, restoredKeys };
 }
 async function cacheKey2(codeql, features, language, patterns) {
  const hash = await glob.hashFiles(patterns.join("\n"));
@@ -87388,6 +87452,7 @@ async function getFeaturePrefix(codeql, features, language) {
    }
  } else if (language === "csharp" /* csharp */) {
    await addFeatureIfEnabled("csharp_new_cache_key" /* CsharpNewCacheKey */);
+    await addFeatureIfEnabled("csharp_cache_bmn" /* CsharpCacheBuildModeNone */);
  }
  if (enabledFeatures.length > 0) {
    return `${createCacheKeyHash(enabledFeatures)}-`;
@@ -89954,6 +90019,7 @@ async function run() {
      queriesInput: getOptionalInput("queries"),
      packsInput: getOptionalInput("packs"),
      buildModeInput: getOptionalInput("build-mode"),
+      ramInput: getOptionalInput("ram"),
      configFile,
      dbLocation: getOptionalInput("db-location"),
      configInput: getOptionalInput("config"),
@@ -89997,7 +90063,7 @@ async function run() {
    return;
  }
  let overlayBaseDatabaseStats;
-  let dependencyCachingResults;
+  let dependencyCachingStatus;
  try {
    if (config.overlayDatabaseMode === "overlay" /* Overlay */ && config.useOverlayDatabaseCaching) {
      overlayBaseDatabaseStats = await downloadOverlayBaseDatabaseFromCache(
@@ -90110,7 +90176,7 @@ exec ${goBinaryPath} "$@"`
    }
    core13.exportVariable(
      "CODEQL_RAM",
-      process.env["CODEQL_RAM"] || getMemoryFlagValue(getOptionalInput("ram"), logger).toString()
+      process.env["CODEQL_RAM"] || getCodeQLMemoryLimit(getOptionalInput("ram"), logger).toString()
    );
    core13.exportVariable(
      "CODEQL_THREADS",
@@ -90138,12 +90204,14 @@ exec ${goBinaryPath} "$@"`
      }
    }
    if (shouldRestoreCache(config.dependencyCachingEnabled)) {
-      dependencyCachingResults = await downloadDependencyCaches(
+      const dependencyCachingResult = await downloadDependencyCaches(
        codeql,
        features,
        config.languages,
        logger
      );
+      dependencyCachingStatus = dependencyCachingResult.statusReport;
+      config.dependencyCachingRestoredKeys = dependencyCachingResult.restoredKeys;
    }
    if (await codeQlVersionAtLeast(codeql, "2.17.1")) {
    } else {
@@ -90244,7 +90312,7 @@ exec ${goBinaryPath} "$@"`
      toolsSource,
      toolsVersion,
      overlayBaseDatabaseStats,
-      dependencyCachingResults,
+      dependencyCachingStatus,
      logger,
      error3
    );
@@ -90262,7 +90330,7 @@ exec ${goBinaryPath} "$@"`
    toolsSource,
    toolsVersion,
    overlayBaseDatabaseStats,
-    dependencyCachingResults,
+    dependencyCachingStatus,
    logger
  );
 }
--- a/lib/resolve-environment-action.js
+++ b/lib/resolve-environment-action.js
@@ -19419,7 +19419,7 @@ var require_exec = __commonJS({
    exports2.getExecOutput = exports2.exec = void 0;
    var string_decoder_1 = require("string_decoder");
    var tr = __importStar4(require_toolrunner());
-    function exec2(commandLine, args, options) {
+    function exec(commandLine, args, options) {
      return __awaiter4(this, void 0, void 0, function* () {
        const commandArgs = tr.argStringToArray(commandLine);
        if (commandArgs.length === 0) {
@@ -19431,8 +19431,8 @@ var require_exec = __commonJS({
        return runner.exec();
      });
    }
-    exports2.exec = exec2;
-    function getExecOutput2(commandLine, args, options) {
+    exports2.exec = exec;
+    function getExecOutput(commandLine, args, options) {
      var _a, _b;
      return __awaiter4(this, void 0, void 0, function* () {
        let stdout = "";
@@ -19454,7 +19454,7 @@ var require_exec = __commonJS({
          }
        };
        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
-        const exitCode = yield exec2(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
+        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
        stdout += stdoutDecoder.end();
        stderr += stderrDecoder.end();
        return {
@@ -19464,7 +19464,7 @@ var require_exec = __commonJS({
        };
      });
    }
-    exports2.getExecOutput = getExecOutput2;
+    exports2.getExecOutput = getExecOutput;
  }
 });

@@ -19532,12 +19532,12 @@ var require_platform = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getDetails = exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
    var os_1 = __importDefault4(require("os"));
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var getWindowsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout: version } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
+      const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
        silent: true
      });
-      const { stdout: name } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
+      const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
        silent: true
      });
      return {
@@ -19547,7 +19547,7 @@ var require_platform = __commonJS({
    });
    var getMacOsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
      var _a, _b, _c, _d;
-      const { stdout } = yield exec2.getExecOutput("sw_vers", void 0, {
+      const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
        silent: true
      });
      const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
@@ -19558,7 +19558,7 @@ var require_platform = __commonJS({
      };
    });
    var getLinuxInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout } = yield exec2.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
+      const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
        silent: true
      });
      const [name, version] = stdout.trim().split("\n");
@@ -27627,7 +27627,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.4",
+      version: "4.31.8",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -27662,7 +27662,6 @@ var require_package = __commonJS({
        "@actions/io": "^2.0.0",
        "@actions/tool-cache": "^2.0.2",
        "@octokit/plugin-retry": "^6.0.0",
-        "@octokit/request-error": "^7.0.2",
        "@schemastore/package": "0.0.10",
        archiver: "^7.0.1",
        "fast-deep-equal": "^3.1.3",
@@ -27671,27 +27670,26 @@ var require_package = __commonJS({
        "js-yaml": "^4.1.1",
        jsonschema: "1.4.1",
        long: "^5.3.2",
-        "node-forge": "^1.3.1",
-        octokit: "^5.0.5",
+        "node-forge": "^1.3.2",
        semver: "^7.7.3",
        uuid: "^13.0.0"
      },
      devDependencies: {
        "@ava/typescript": "6.0.0",
-        "@eslint/compat": "^1.4.1",
-        "@eslint/eslintrc": "^3.3.1",
+        "@eslint/compat": "^2.0.0",
+        "@eslint/eslintrc": "^3.3.3",
        "@eslint/js": "^9.39.1",
        "@microsoft/eslint-formatter-sarif": "^3.1.0",
        "@octokit/types": "^16.0.0",
        "@types/archiver": "^7.0.0",
        "@types/follow-redirects": "^1.14.4",
        "@types/js-yaml": "^4.0.9",
-        "@types/node": "20.19.9",
+        "@types/node": "^20.19.9",
        "@types/node-forge": "^1.3.14",
        "@types/semver": "^7.7.1",
-        "@types/sinon": "^17.0.4",
-        "@typescript-eslint/eslint-plugin": "^8.46.4",
-        "@typescript-eslint/parser": "^8.41.0",
+        "@types/sinon": "^21.0.0",
+        "@typescript-eslint/eslint-plugin": "^8.48.0",
+        "@typescript-eslint/parser": "^8.48.0",
        ava: "^6.4.1",
        esbuild: "^0.27.0",
        eslint: "^8.57.1",
@@ -27699,9 +27697,9 @@ var require_package = __commonJS({
        "eslint-plugin-filenames": "^1.3.2",
        "eslint-plugin-github": "^5.1.8",
        "eslint-plugin-import": "2.29.1",
-        "eslint-plugin-jsdoc": "^61.1.12",
+        "eslint-plugin-jsdoc": "^61.4.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
-        glob: "^11.0.3",
+        glob: "^11.1.0",
        nock: "^14.0.10",
        sinon: "^21.0.0",
        typescript: "^5.9.3"
@@ -27725,7 +27723,8 @@ var require_package = __commonJS({
        "eslint-plugin-jsx-a11y": {
          semver: ">=6.3.1"
        },
-        "brace-expansion@2.0.1": "2.0.2"
+        "brace-expansion@2.0.1": "2.0.2",
+        glob: "^11.1.0"
      }
    };
  }
@@ -33935,7 +33934,7 @@ var require_cacheUtils = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getRuntimeToken = exports2.getCacheVersion = exports2.assertDefined = exports2.getGnuTarPathOnWindows = exports2.getCacheFileName = exports2.getCompressionMethod = exports2.unlinkFile = exports2.resolvePaths = exports2.getArchiveFileSizeInBytes = exports2.createTempDirectory = void 0;
    var core13 = __importStar4(require_core());
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var glob = __importStar4(require_glob());
    var io5 = __importStar4(require_io3());
    var crypto = __importStar4(require("crypto"));
@@ -34019,7 +34018,7 @@ var require_cacheUtils = __commonJS({
        additionalArgs.push("--version");
        core13.debug(`Checking ${app} ${additionalArgs.join(" ")}`);
        try {
-          yield exec2.exec(`${app}`, additionalArgs, {
+          yield exec.exec(`${app}`, additionalArgs, {
            ignoreReturnCode: true,
            silent: true,
            listeners: {
@@ -80333,7 +80332,6 @@ var io2 = __toESM(require_io2());
 var fsPromises = __toESM(require("fs/promises"));
 var path = __toESM(require("path"));
 var core3 = __toESM(require_core());
-var exec = __toESM(require_exec());
 var io = __toESM(require_io2());

 // node_modules/get-folder-size/index.js
@@ -82981,7 +82979,7 @@ var safeDump = renamed("safeDump", "dump");
 var semver = __toESM(require_semver2());

 // src/api-compatibility.json
-var maximumVersion = "3.19";
+var maximumVersion = "3.20";
 var minimumVersion = "3.14";

 // src/util.ts
@@ -83882,7 +83880,7 @@ function getActionsLogger() {
 }

 // src/overlay-database-utils.ts
-var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4";
+var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
 async function writeBaseDatabaseOidsFile(config, sourceRoot) {
@@ -83971,6 +83969,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: "2.15.0"
  },
+  ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN",
+    minimumVersion: void 0
+  },
  ["csharp_new_cache_key" /* CsharpNewCacheKey */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY",
@@ -84004,6 +84007,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -84104,6 +84112,11 @@ var featureConfig = {
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST",
    minimumVersion: void 0
  },
+  ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS",
+    minimumVersion: void 0
+  },
  ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT",
@@ -84115,21 +84128,21 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */
  },
-  ["use_repository_properties" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_QA_TELEMETRY",
    legacyApi: true,
    minimumVersion: void 0
  },
-  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+  ["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
    defaultValue: false,
-    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
-    minimumVersion: "2.23.0"
+    envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
+    minimumVersion: void 0
+  },
+  ["use_repository_properties" /* UseRepositoryProperties */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
+    minimumVersion: void 0
  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
@@ -84142,6 +84155,9 @@ var featureConfig = {
 var actionsCache2 = __toESM(require_cache3());

 // src/config-utils.ts
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
+var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
 var OVERLAY_ANALYSIS_FEATURES = {
  actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
  cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */,
--- a/lib/setup-codeql-action.js
+++ b/lib/setup-codeql-action.js
@@ -19419,7 +19419,7 @@ var require_exec = __commonJS({
    exports2.getExecOutput = exports2.exec = void 0;
    var string_decoder_1 = require("string_decoder");
    var tr = __importStar4(require_toolrunner());
-    function exec2(commandLine, args, options) {
+    function exec(commandLine, args, options) {
      return __awaiter4(this, void 0, void 0, function* () {
        const commandArgs = tr.argStringToArray(commandLine);
        if (commandArgs.length === 0) {
@@ -19431,8 +19431,8 @@ var require_exec = __commonJS({
        return runner.exec();
      });
    }
-    exports2.exec = exec2;
-    function getExecOutput2(commandLine, args, options) {
+    exports2.exec = exec;
+    function getExecOutput(commandLine, args, options) {
      var _a, _b;
      return __awaiter4(this, void 0, void 0, function* () {
        let stdout = "";
@@ -19454,7 +19454,7 @@ var require_exec = __commonJS({
          }
        };
        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
-        const exitCode = yield exec2(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
+        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
        stdout += stdoutDecoder.end();
        stderr += stderrDecoder.end();
        return {
@@ -19464,7 +19464,7 @@ var require_exec = __commonJS({
        };
      });
    }
-    exports2.getExecOutput = getExecOutput2;
+    exports2.getExecOutput = getExecOutput;
  }
 });

@@ -19532,12 +19532,12 @@ var require_platform = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getDetails = exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
    var os_1 = __importDefault4(require("os"));
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var getWindowsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout: version } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
+      const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
        silent: true
      });
-      const { stdout: name } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
+      const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
        silent: true
      });
      return {
@@ -19547,7 +19547,7 @@ var require_platform = __commonJS({
    });
    var getMacOsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
      var _a, _b, _c, _d;
-      const { stdout } = yield exec2.getExecOutput("sw_vers", void 0, {
+      const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
        silent: true
      });
      const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
@@ -19558,7 +19558,7 @@ var require_platform = __commonJS({
      };
    });
    var getLinuxInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout } = yield exec2.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
+      const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
        silent: true
      });
      const [name, version] = stdout.trim().split("\n");
@@ -27627,7 +27627,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.4",
+      version: "4.31.8",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -27662,7 +27662,6 @@ var require_package = __commonJS({
        "@actions/io": "^2.0.0",
        "@actions/tool-cache": "^2.0.2",
        "@octokit/plugin-retry": "^6.0.0",
-        "@octokit/request-error": "^7.0.2",
        "@schemastore/package": "0.0.10",
        archiver: "^7.0.1",
        "fast-deep-equal": "^3.1.3",
@@ -27671,27 +27670,26 @@ var require_package = __commonJS({
        "js-yaml": "^4.1.1",
        jsonschema: "1.4.1",
        long: "^5.3.2",
-        "node-forge": "^1.3.1",
-        octokit: "^5.0.5",
+        "node-forge": "^1.3.2",
        semver: "^7.7.3",
        uuid: "^13.0.0"
      },
      devDependencies: {
        "@ava/typescript": "6.0.0",
-        "@eslint/compat": "^1.4.1",
-        "@eslint/eslintrc": "^3.3.1",
+        "@eslint/compat": "^2.0.0",
+        "@eslint/eslintrc": "^3.3.3",
        "@eslint/js": "^9.39.1",
        "@microsoft/eslint-formatter-sarif": "^3.1.0",
        "@octokit/types": "^16.0.0",
        "@types/archiver": "^7.0.0",
        "@types/follow-redirects": "^1.14.4",
        "@types/js-yaml": "^4.0.9",
-        "@types/node": "20.19.9",
+        "@types/node": "^20.19.9",
        "@types/node-forge": "^1.3.14",
        "@types/semver": "^7.7.1",
-        "@types/sinon": "^17.0.4",
-        "@typescript-eslint/eslint-plugin": "^8.46.4",
-        "@typescript-eslint/parser": "^8.41.0",
+        "@types/sinon": "^21.0.0",
+        "@typescript-eslint/eslint-plugin": "^8.48.0",
+        "@typescript-eslint/parser": "^8.48.0",
        ava: "^6.4.1",
        esbuild: "^0.27.0",
        eslint: "^8.57.1",
@@ -27699,9 +27697,9 @@ var require_package = __commonJS({
        "eslint-plugin-filenames": "^1.3.2",
        "eslint-plugin-github": "^5.1.8",
        "eslint-plugin-import": "2.29.1",
-        "eslint-plugin-jsdoc": "^61.1.12",
+        "eslint-plugin-jsdoc": "^61.4.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
-        glob: "^11.0.3",
+        glob: "^11.1.0",
        nock: "^14.0.10",
        sinon: "^21.0.0",
        typescript: "^5.9.3"
@@ -27725,7 +27723,8 @@ var require_package = __commonJS({
        "eslint-plugin-jsx-a11y": {
          semver: ">=6.3.1"
        },
-        "brace-expansion@2.0.1": "2.0.2"
+        "brace-expansion@2.0.1": "2.0.2",
+        glob: "^11.1.0"
      }
    };
  }
@@ -32638,7 +32637,7 @@ var require_cacheUtils = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getRuntimeToken = exports2.getCacheVersion = exports2.assertDefined = exports2.getGnuTarPathOnWindows = exports2.getCacheFileName = exports2.getCompressionMethod = exports2.unlinkFile = exports2.resolvePaths = exports2.getArchiveFileSizeInBytes = exports2.createTempDirectory = void 0;
    var core13 = __importStar4(require_core());
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var glob = __importStar4(require_glob());
    var io6 = __importStar4(require_io3());
    var crypto = __importStar4(require("crypto"));
@@ -32722,7 +32721,7 @@ var require_cacheUtils = __commonJS({
        additionalArgs.push("--version");
        core13.debug(`Checking ${app} ${additionalArgs.join(" ")}`);
        try {
-          yield exec2.exec(`${app}`, additionalArgs, {
+          yield exec.exec(`${app}`, additionalArgs, {
            ignoreReturnCode: true,
            silent: true,
            listeners: {
@@ -80389,7 +80388,6 @@ var fs = __toESM(require("fs"));
 var fsPromises = __toESM(require("fs/promises"));
 var path = __toESM(require("path"));
 var core3 = __toESM(require_core());
-var exec = __toESM(require_exec());
 var io = __toESM(require_io2());

 // node_modules/get-folder-size/index.js
@@ -83037,7 +83035,7 @@ var safeDump = renamed("safeDump", "dump");
 var semver = __toESM(require_semver2());

 // src/api-compatibility.json
-var maximumVersion = "3.19";
+var maximumVersion = "3.20";
 var minimumVersion = "3.14";

 // src/util.ts
@@ -83591,8 +83589,8 @@ var path4 = __toESM(require("path"));
 var semver3 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.5";
-var cliVersion = "2.23.5";
+var bundleVersion = "codeql-bundle-v2.23.7";
+var cliVersion = "2.23.7";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
@@ -83791,7 +83789,7 @@ function formatDuration(durationMs) {
 }

 // src/overlay-database-utils.ts
-var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4";
+var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
 async function writeBaseDatabaseOidsFile(config, sourceRoot) {
@@ -83883,6 +83881,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: "2.15.0"
  },
+  ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN",
+    minimumVersion: void 0
+  },
  ["csharp_new_cache_key" /* CsharpNewCacheKey */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY",
@@ -83916,6 +83919,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -84016,6 +84024,11 @@ var featureConfig = {
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST",
    minimumVersion: void 0
  },
+  ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS",
+    minimumVersion: void 0
+  },
  ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT",
@@ -84027,21 +84040,21 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */
  },
-  ["use_repository_properties" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_QA_TELEMETRY",
    legacyApi: true,
    minimumVersion: void 0
  },
-  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+  ["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
    defaultValue: false,
-    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
-    minimumVersion: "2.23.0"
+    envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
+    minimumVersion: void 0
+  },
+  ["use_repository_properties" /* UseRepositoryProperties */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
+    minimumVersion: void 0
  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
@@ -84587,6 +84600,9 @@ var PACK_IDENTIFIER_PATTERN = (function() {
 var actionsCache2 = __toESM(require_cache3());

 // src/config-utils.ts
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
+var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
 var OVERLAY_ANALYSIS_FEATURES = {
  actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
  cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */,
--- a/lib/start-proxy-action-post.js
+++ b/lib/start-proxy-action-post.js
@@ -19419,7 +19419,7 @@ var require_exec = __commonJS({
    exports2.getExecOutput = exports2.exec = void 0;
    var string_decoder_1 = require("string_decoder");
    var tr = __importStar4(require_toolrunner());
-    function exec2(commandLine, args, options) {
+    function exec(commandLine, args, options) {
      return __awaiter4(this, void 0, void 0, function* () {
        const commandArgs = tr.argStringToArray(commandLine);
        if (commandArgs.length === 0) {
@@ -19431,8 +19431,8 @@ var require_exec = __commonJS({
        return runner.exec();
      });
    }
-    exports2.exec = exec2;
-    function getExecOutput2(commandLine, args, options) {
+    exports2.exec = exec;
+    function getExecOutput(commandLine, args, options) {
      var _a, _b;
      return __awaiter4(this, void 0, void 0, function* () {
        let stdout = "";
@@ -19454,7 +19454,7 @@ var require_exec = __commonJS({
          }
        };
        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
-        const exitCode = yield exec2(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
+        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
        stdout += stdoutDecoder.end();
        stderr += stderrDecoder.end();
        return {
@@ -19464,7 +19464,7 @@ var require_exec = __commonJS({
        };
      });
    }
-    exports2.getExecOutput = getExecOutput2;
+    exports2.getExecOutput = getExecOutput;
  }
 });

@@ -19532,12 +19532,12 @@ var require_platform = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getDetails = exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
    var os_1 = __importDefault4(require("os"));
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var getWindowsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout: version } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
+      const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
        silent: true
      });
-      const { stdout: name } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
+      const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
        silent: true
      });
      return {
@@ -19547,7 +19547,7 @@ var require_platform = __commonJS({
    });
    var getMacOsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
      var _a, _b, _c, _d;
-      const { stdout } = yield exec2.getExecOutput("sw_vers", void 0, {
+      const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
        silent: true
      });
      const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
@@ -19558,7 +19558,7 @@ var require_platform = __commonJS({
      };
    });
    var getLinuxInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout } = yield exec2.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
+      const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
        silent: true
      });
      const [name, version] = stdout.trim().split("\n");
@@ -27627,7 +27627,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.4",
+      version: "4.31.8",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -27662,7 +27662,6 @@ var require_package = __commonJS({
        "@actions/io": "^2.0.0",
        "@actions/tool-cache": "^2.0.2",
        "@octokit/plugin-retry": "^6.0.0",
-        "@octokit/request-error": "^7.0.2",
        "@schemastore/package": "0.0.10",
        archiver: "^7.0.1",
        "fast-deep-equal": "^3.1.3",
@@ -27671,27 +27670,26 @@ var require_package = __commonJS({
        "js-yaml": "^4.1.1",
        jsonschema: "1.4.1",
        long: "^5.3.2",
-        "node-forge": "^1.3.1",
-        octokit: "^5.0.5",
+        "node-forge": "^1.3.2",
        semver: "^7.7.3",
        uuid: "^13.0.0"
      },
      devDependencies: {
        "@ava/typescript": "6.0.0",
-        "@eslint/compat": "^1.4.1",
-        "@eslint/eslintrc": "^3.3.1",
+        "@eslint/compat": "^2.0.0",
+        "@eslint/eslintrc": "^3.3.3",
        "@eslint/js": "^9.39.1",
        "@microsoft/eslint-formatter-sarif": "^3.1.0",
        "@octokit/types": "^16.0.0",
        "@types/archiver": "^7.0.0",
        "@types/follow-redirects": "^1.14.4",
        "@types/js-yaml": "^4.0.9",
-        "@types/node": "20.19.9",
+        "@types/node": "^20.19.9",
        "@types/node-forge": "^1.3.14",
        "@types/semver": "^7.7.1",
-        "@types/sinon": "^17.0.4",
-        "@typescript-eslint/eslint-plugin": "^8.46.4",
-        "@typescript-eslint/parser": "^8.41.0",
+        "@types/sinon": "^21.0.0",
+        "@typescript-eslint/eslint-plugin": "^8.48.0",
+        "@typescript-eslint/parser": "^8.48.0",
        ava: "^6.4.1",
        esbuild: "^0.27.0",
        eslint: "^8.57.1",
@@ -27699,9 +27697,9 @@ var require_package = __commonJS({
        "eslint-plugin-filenames": "^1.3.2",
        "eslint-plugin-github": "^5.1.8",
        "eslint-plugin-import": "2.29.1",
-        "eslint-plugin-jsdoc": "^61.1.12",
+        "eslint-plugin-jsdoc": "^61.4.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
-        glob: "^11.0.3",
+        glob: "^11.1.0",
        nock: "^14.0.10",
        sinon: "^21.0.0",
        typescript: "^5.9.3"
@@ -27725,7 +27723,8 @@ var require_package = __commonJS({
        "eslint-plugin-jsx-a11y": {
          semver: ">=6.3.1"
        },
-        "brace-expansion@2.0.1": "2.0.2"
+        "brace-expansion@2.0.1": "2.0.2",
+        glob: "^11.1.0"
      }
    };
  }
@@ -33935,7 +33934,7 @@ var require_cacheUtils = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getRuntimeToken = exports2.getCacheVersion = exports2.assertDefined = exports2.getGnuTarPathOnWindows = exports2.getCacheFileName = exports2.getCompressionMethod = exports2.unlinkFile = exports2.resolvePaths = exports2.getArchiveFileSizeInBytes = exports2.createTempDirectory = void 0;
    var core14 = __importStar4(require_core());
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var glob2 = __importStar4(require_glob());
    var io6 = __importStar4(require_io3());
    var crypto = __importStar4(require("crypto"));
@@ -34019,7 +34018,7 @@ var require_cacheUtils = __commonJS({
        additionalArgs.push("--version");
        core14.debug(`Checking ${app} ${additionalArgs.join(" ")}`);
        try {
-          yield exec2.exec(`${app}`, additionalArgs, {
+          yield exec.exec(`${app}`, additionalArgs, {
            ignoreReturnCode: true,
            silent: true,
            listeners: {
@@ -94132,52 +94131,128 @@ var require_isPlainObject = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/brace-expansion/index.js
-var require_brace_expansion3 = __commonJS({
-  "node_modules/archiver-utils/node_modules/brace-expansion/index.js"(exports2, module2) {
-    var balanced = require_balanced_match();
-    module2.exports = expandTop;
+// node_modules/@isaacs/balanced-match/dist/commonjs/index.js
+var require_commonjs13 = __commonJS({
+  "node_modules/@isaacs/balanced-match/dist/commonjs/index.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.range = exports2.balanced = void 0;
+    var balanced = (a, b, str2) => {
+      const ma = a instanceof RegExp ? maybeMatch(a, str2) : a;
+      const mb = b instanceof RegExp ? maybeMatch(b, str2) : b;
+      const r = ma !== null && mb != null && (0, exports2.range)(ma, mb, str2);
+      return r && {
+        start: r[0],
+        end: r[1],
+        pre: str2.slice(0, r[0]),
+        body: str2.slice(r[0] + ma.length, r[1]),
+        post: str2.slice(r[1] + mb.length)
+      };
+    };
+    exports2.balanced = balanced;
+    var maybeMatch = (reg, str2) => {
+      const m = str2.match(reg);
+      return m ? m[0] : null;
+    };
+    var range = (a, b, str2) => {
+      let begs, beg, left, right = void 0, result;
+      let ai = str2.indexOf(a);
+      let bi = str2.indexOf(b, ai + 1);
+      let i = ai;
+      if (ai >= 0 && bi > 0) {
+        if (a === b) {
+          return [ai, bi];
+        }
+        begs = [];
+        left = str2.length;
+        while (i >= 0 && !result) {
+          if (i === ai) {
+            begs.push(i);
+            ai = str2.indexOf(a, i + 1);
+          } else if (begs.length === 1) {
+            const r = begs.pop();
+            if (r !== void 0)
+              result = [r, bi];
+          } else {
+            beg = begs.pop();
+            if (beg !== void 0 && beg < left) {
+              left = beg;
+              right = bi;
+            }
+            bi = str2.indexOf(b, i + 1);
+          }
+          i = ai < bi && ai >= 0 ? ai : bi;
+        }
+        if (begs.length && right !== void 0) {
+          result = [left, right];
+        }
+      }
+      return result;
+    };
+    exports2.range = range;
+  }
+});
+
+// node_modules/@isaacs/brace-expansion/dist/commonjs/index.js
+var require_commonjs14 = __commonJS({
+  "node_modules/@isaacs/brace-expansion/dist/commonjs/index.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.expand = expand;
+    var balanced_match_1 = require_commonjs13();
    var escSlash = "\0SLASH" + Math.random() + "\0";
    var escOpen = "\0OPEN" + Math.random() + "\0";
    var escClose = "\0CLOSE" + Math.random() + "\0";
    var escComma = "\0COMMA" + Math.random() + "\0";
    var escPeriod = "\0PERIOD" + Math.random() + "\0";
+    var escSlashPattern = new RegExp(escSlash, "g");
+    var escOpenPattern = new RegExp(escOpen, "g");
+    var escClosePattern = new RegExp(escClose, "g");
+    var escCommaPattern = new RegExp(escComma, "g");
+    var escPeriodPattern = new RegExp(escPeriod, "g");
+    var slashPattern = /\\\\/g;
+    var openPattern = /\\{/g;
+    var closePattern = /\\}/g;
+    var commaPattern = /\\,/g;
+    var periodPattern = /\\./g;
    function numeric(str2) {
-      return parseInt(str2, 10) == str2 ? parseInt(str2, 10) : str2.charCodeAt(0);
+      return !isNaN(str2) ? parseInt(str2, 10) : str2.charCodeAt(0);
    }
    function escapeBraces(str2) {
-      return str2.split("\\\\").join(escSlash).split("\\{").join(escOpen).split("\\}").join(escClose).split("\\,").join(escComma).split("\\.").join(escPeriod);
+      return str2.replace(slashPattern, escSlash).replace(openPattern, escOpen).replace(closePattern, escClose).replace(commaPattern, escComma).replace(periodPattern, escPeriod);
    }
    function unescapeBraces(str2) {
-      return str2.split(escSlash).join("\\").split(escOpen).join("{").split(escClose).join("}").split(escComma).join(",").split(escPeriod).join(".");
+      return str2.replace(escSlashPattern, "\\").replace(escOpenPattern, "{").replace(escClosePattern, "}").replace(escCommaPattern, ",").replace(escPeriodPattern, ".");
    }
    function parseCommaParts(str2) {
-      if (!str2)
+      if (!str2) {
        return [""];
-      var parts = [];
-      var m = balanced("{", "}", str2);
-      if (!m)
+      }
+      const parts = [];
+      const m = (0, balanced_match_1.balanced)("{", "}", str2);
+      if (!m) {
        return str2.split(",");
-      var pre = m.pre;
-      var body = m.body;
-      var post = m.post;
-      var p = pre.split(",");
+      }
+      const { pre, body, post } = m;
+      const p = pre.split(",");
      p[p.length - 1] += "{" + body + "}";
-      var postParts = parseCommaParts(post);
+      const postParts = parseCommaParts(post);
      if (post.length) {
+        ;
        p[p.length - 1] += postParts.shift();
        p.push.apply(p, postParts);
      }
      parts.push.apply(parts, p);
      return parts;
    }
-    function expandTop(str2) {
-      if (!str2)
+    function expand(str2) {
+      if (!str2) {
        return [];
-      if (str2.substr(0, 2) === "{}") {
-        str2 = "\\{\\}" + str2.substr(2);
      }
-      return expand(escapeBraces(str2), true).map(unescapeBraces);
+      if (str2.slice(0, 2) === "{}") {
+        str2 = "\\{\\}" + str2.slice(2);
+      }
+      return expand_(escapeBraces(str2), true).map(unescapeBraces);
    }
    function embrace(str2) {
      return "{" + str2 + "}";
@@ -94191,73 +94266,74 @@ var require_brace_expansion3 = __commonJS({
    function gte5(i, y) {
      return i >= y;
    }
-    function expand(str2, isTop) {
-      var expansions = [];
-      var m = balanced("{", "}", str2);
-      if (!m) return [str2];
-      var pre = m.pre;
-      var post = m.post.length ? expand(m.post, false) : [""];
+    function expand_(str2, isTop) {
+      const expansions = [];
+      const m = (0, balanced_match_1.balanced)("{", "}", str2);
+      if (!m)
+        return [str2];
+      const pre = m.pre;
+      const post = m.post.length ? expand_(m.post, false) : [""];
      if (/\$$/.test(m.pre)) {
-        for (var k = 0; k < post.length; k++) {
-          var expansion = pre + "{" + m.body + "}" + post[k];
+        for (let k = 0; k < post.length; k++) {
+          const expansion = pre + "{" + m.body + "}" + post[k];
          expansions.push(expansion);
        }
      } else {
-        var isNumericSequence = /^-?\d+\.\.-?\d+(?:\.\.-?\d+)?$/.test(m.body);
-        var isAlphaSequence = /^[a-zA-Z]\.\.[a-zA-Z](?:\.\.-?\d+)?$/.test(m.body);
-        var isSequence = isNumericSequence || isAlphaSequence;
-        var isOptions = m.body.indexOf(",") >= 0;
+        const isNumericSequence = /^-?\d+\.\.-?\d+(?:\.\.-?\d+)?$/.test(m.body);
+        const isAlphaSequence = /^[a-zA-Z]\.\.[a-zA-Z](?:\.\.-?\d+)?$/.test(m.body);
+        const isSequence = isNumericSequence || isAlphaSequence;
+        const isOptions = m.body.indexOf(",") >= 0;
        if (!isSequence && !isOptions) {
          if (m.post.match(/,(?!,).*\}/)) {
            str2 = m.pre + "{" + m.body + escClose + m.post;
-            return expand(str2);
+            return expand_(str2);
          }
          return [str2];
        }
-        var n;
+        let n;
        if (isSequence) {
          n = m.body.split(/\.\./);
        } else {
          n = parseCommaParts(m.body);
-          if (n.length === 1) {
-            n = expand(n[0], false).map(embrace);
+          if (n.length === 1 && n[0] !== void 0) {
+            n = expand_(n[0], false).map(embrace);
            if (n.length === 1) {
-              return post.map(function(p) {
-                return m.pre + n[0] + p;
-              });
+              return post.map((p) => m.pre + n[0] + p);
            }
          }
        }
-        var N;
-        if (isSequence) {
-          var x = numeric(n[0]);
-          var y = numeric(n[1]);
-          var width = Math.max(n[0].length, n[1].length);
-          var incr = n.length == 3 ? Math.abs(numeric(n[2])) : 1;
-          var test = lte;
-          var reverse = y < x;
+        let N;
+        if (isSequence && n[0] !== void 0 && n[1] !== void 0) {
+          const x = numeric(n[0]);
+          const y = numeric(n[1]);
+          const width = Math.max(n[0].length, n[1].length);
+          let incr = n.length === 3 && n[2] !== void 0 ? Math.abs(numeric(n[2])) : 1;
+          let test = lte;
+          const reverse = y < x;
          if (reverse) {
            incr *= -1;
            test = gte5;
          }
-          var pad = n.some(isPadded);
+          const pad = n.some(isPadded);
          N = [];
-          for (var i = x; test(i, y); i += incr) {
-            var c;
+          for (let i = x; test(i, y); i += incr) {
+            let c;
            if (isAlphaSequence) {
              c = String.fromCharCode(i);
-              if (c === "\\")
+              if (c === "\\") {
                c = "";
+              }
            } else {
              c = String(i);
              if (pad) {
-                var need = width - c.length;
+                const need = width - c.length;
                if (need > 0) {
-                  var z = new Array(need + 1).join("0");
-                  if (i < 0)
+                  const z = new Array(need + 1).join("0");
+                  if (i < 0) {
                    c = "-" + z + c.slice(1);
-                  else
+                  } else {
                    c = z + c;
+                  }
                }
              }
            }
@@ -94265,15 +94341,16 @@ var require_brace_expansion3 = __commonJS({
          }
        } else {
          N = [];
-          for (var j = 0; j < n.length; j++) {
-            N.push.apply(N, expand(n[j], false));
+          for (let j = 0; j < n.length; j++) {
+            N.push.apply(N, expand_(n[j], false));
          }
        }
-        for (var j = 0; j < N.length; j++) {
-          for (var k = 0; k < post.length; k++) {
-            var expansion = pre + N[j] + post[k];
-            if (!isTop || isSequence || expansion)
+        for (let j = 0; j < N.length; j++) {
+          for (let k = 0; k < post.length; k++) {
+            const expansion = pre + N[j] + post[k];
+            if (!isTop || isSequence || expansion) {
              expansions.push(expansion);
+            }
          }
        }
      }
@@ -94282,9 +94359,9 @@ var require_brace_expansion3 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js
 var require_assert_valid_pattern = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.assertValidPattern = void 0;
@@ -94301,9 +94378,9 @@ var require_assert_valid_pattern = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/brace-expressions.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/brace-expressions.js
 var require_brace_expressions = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/brace-expressions.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/brace-expressions.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.parseClass = void 0;
@@ -94418,22 +94495,25 @@ var require_brace_expressions = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/unescape.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/unescape.js
 var require_unescape = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/unescape.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/unescape.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.unescape = void 0;
-    var unescape = (s, { windowsPathsNoEscape = false } = {}) => {
-      return windowsPathsNoEscape ? s.replace(/\[([^\/\\])\]/g, "$1") : s.replace(/((?!\\).|^)\[([^\/\\])\]/g, "$1$2").replace(/\\([^\/])/g, "$1");
+    var unescape = (s, { windowsPathsNoEscape = false, magicalBraces = true } = {}) => {
+      if (magicalBraces) {
+        return windowsPathsNoEscape ? s.replace(/\[([^\/\\])\]/g, "$1") : s.replace(/((?!\\).|^)\[([^\/\\])\]/g, "$1$2").replace(/\\([^\/])/g, "$1");
+      }
+      return windowsPathsNoEscape ? s.replace(/\[([^\/\\{}])\]/g, "$1") : s.replace(/((?!\\).|^)\[([^\/\\{}])\]/g, "$1$2").replace(/\\([^\/{}])/g, "$1");
    };
    exports2.unescape = unescape;
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/ast.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/ast.js
 var require_ast = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/ast.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/ast.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.AST = void 0;
@@ -94789,7 +94869,7 @@ var require_ast = __commonJS({
        if (this.#root === this)
          this.#fillNegs();
        if (!this.type) {
-          const noEmpty = this.isStart() && this.isEnd();
+          const noEmpty = this.isStart() && this.isEnd() && !this.#parts.some((s) => typeof s !== "string");
          const src = this.#parts.map((p) => {
            const [re, _2, hasMagic, uflag] = typeof p === "string" ? _AST.#parseGlob(p, this.#hasMagic, noEmpty) : p.toRegExpSource(allowDot);
            this.#hasMagic = this.#hasMagic || hasMagic;
@@ -94899,10 +94979,7 @@ var require_ast = __commonJS({
            }
          }
          if (c === "*") {
-            if (noEmpty && glob2 === "*")
-              re += starNoEmpty;
-            else
-              re += star;
+            re += noEmpty && glob2 === "*" ? starNoEmpty : star;
            hasMagic = true;
            continue;
          }
@@ -94920,29 +94997,29 @@ var require_ast = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/escape.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/escape.js
 var require_escape = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/escape.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/escape.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.escape = void 0;
-    var escape = (s, { windowsPathsNoEscape = false } = {}) => {
+    var escape = (s, { windowsPathsNoEscape = false, magicalBraces = false } = {}) => {
+      if (magicalBraces) {
+        return windowsPathsNoEscape ? s.replace(/[?*()[\]{}]/g, "[$&]") : s.replace(/[?*()[\]\\{}]/g, "\\$&");
+      }
      return windowsPathsNoEscape ? s.replace(/[?*()[\]]/g, "[$&]") : s.replace(/[?*()[\]\\]/g, "\\$&");
    };
    exports2.escape = escape;
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/index.js
-var require_commonjs13 = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/index.js"(exports2) {
+// node_modules/glob/node_modules/minimatch/dist/commonjs/index.js
+var require_commonjs15 = __commonJS({
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/index.js"(exports2) {
    "use strict";
-    var __importDefault4 = exports2 && exports2.__importDefault || function(mod) {
-      return mod && mod.__esModule ? mod : { "default": mod };
-    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.unescape = exports2.escape = exports2.AST = exports2.Minimatch = exports2.match = exports2.makeRe = exports2.braceExpand = exports2.defaults = exports2.filter = exports2.GLOBSTAR = exports2.sep = exports2.minimatch = void 0;
-    var brace_expansion_1 = __importDefault4(require_brace_expansion3());
+    var brace_expansion_1 = require_commonjs14();
    var assert_valid_pattern_js_1 = require_assert_valid_pattern();
    var ast_js_1 = require_ast();
    var escape_js_1 = require_escape();
@@ -95065,7 +95142,7 @@ var require_commonjs13 = __commonJS({
      if (options.nobrace || !/\{(?:(?!\{).)*\}/.test(pattern)) {
        return [pattern];
      }
-      return (0, brace_expansion_1.default)(pattern);
+      return (0, brace_expansion_1.expand)(pattern);
    };
    exports2.braceExpand = braceExpand;
    exports2.minimatch.braceExpand = exports2.braceExpand;
@@ -95589,16 +95666,27 @@ var require_commonjs13 = __commonJS({
                pp[i] = twoStar;
              }
            } else if (next === void 0) {
-              pp[i - 1] = prev + "(?:\\/|" + twoStar + ")?";
+              pp[i - 1] = prev + "(?:\\/|\\/" + twoStar + ")?";
            } else if (next !== exports2.GLOBSTAR) {
              pp[i - 1] = prev + "(?:\\/|\\/" + twoStar + "\\/)" + next;
              pp[i + 1] = exports2.GLOBSTAR;
            }
          });
-          return pp.filter((p) => p !== exports2.GLOBSTAR).join("/");
+          const filtered = pp.filter((p) => p !== exports2.GLOBSTAR);
+          if (this.partial && filtered.length >= 1) {
+            const prefixes = [];
+            for (let i = 1; i <= filtered.length; i++) {
+              prefixes.push(filtered.slice(0, i).join("/"));
+            }
+            return "(?:" + prefixes.join("|") + ")";
+          }
+          return filtered.join("/");
        }).join("|");
        const [open, close] = set2.length > 1 ? ["(?:", ")"] : ["", ""];
        re = "^" + open + re + close + "$";
+        if (this.partial) {
+          re = "^(?:\\/|" + open + re.slice(1, -1) + close + ")$";
+        }
        if (this.negate)
          re = "^(?!" + re + ").+$";
        try {
@@ -95685,9 +95773,9 @@ var require_commonjs13 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/lru-cache/dist/commonjs/index.js
-var require_commonjs14 = __commonJS({
-  "node_modules/archiver-utils/node_modules/lru-cache/dist/commonjs/index.js"(exports2) {
+// node_modules/lru-cache/dist/commonjs/index.js
+var require_commonjs16 = __commonJS({
+  "node_modules/lru-cache/dist/commonjs/index.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.LRUCache = void 0;
@@ -95776,6 +95864,7 @@ var require_commonjs14 = __commonJS({
      #max;
      #maxSize;
      #dispose;
+      #onInsert;
      #disposeAfter;
      #fetchMethod;
      #memoMethod;
@@ -95857,6 +95946,7 @@ var require_commonjs14 = __commonJS({
      #hasDispose;
      #hasFetchMethod;
      #hasDisposeAfter;
+      #hasOnInsert;
      /**
       * Do not call this method unless you need to inspect the
       * inner workings of the cache.  If anything returned by this
@@ -95933,6 +96023,12 @@ var require_commonjs14 = __commonJS({
      get dispose() {
        return this.#dispose;
      }
+      /**
+       * {@link LRUCache.OptionsBase.onInsert} (read-only)
+       */
+      get onInsert() {
+        return this.#onInsert;
+      }
      /**
       * {@link LRUCache.OptionsBase.disposeAfter} (read-only)
       */
@@ -95940,7 +96036,7 @@ var require_commonjs14 = __commonJS({
        return this.#disposeAfter;
      }
      constructor(options) {
-        const { max = 0, ttl, ttlResolution = 1, ttlAutopurge, updateAgeOnGet, updateAgeOnHas, allowStale, dispose, disposeAfter, noDisposeOnSet, noUpdateTTL, maxSize = 0, maxEntrySize = 0, sizeCalculation, fetchMethod, memoMethod, noDeleteOnFetchRejection, noDeleteOnStaleGet, allowStaleOnFetchRejection, allowStaleOnFetchAbort, ignoreFetchAbort } = options;
+        const { max = 0, ttl, ttlResolution = 1, ttlAutopurge, updateAgeOnGet, updateAgeOnHas, allowStale, dispose, onInsert, disposeAfter, noDisposeOnSet, noUpdateTTL, maxSize = 0, maxEntrySize = 0, sizeCalculation, fetchMethod, memoMethod, noDeleteOnFetchRejection, noDeleteOnStaleGet, allowStaleOnFetchRejection, allowStaleOnFetchAbort, ignoreFetchAbort } = options;
        if (max !== 0 && !isPosInt(max)) {
          throw new TypeError("max option must be a nonnegative integer");
        }
@@ -95982,6 +96078,9 @@ var require_commonjs14 = __commonJS({
        if (typeof dispose === "function") {
          this.#dispose = dispose;
        }
+        if (typeof onInsert === "function") {
+          this.#onInsert = onInsert;
+        }
        if (typeof disposeAfter === "function") {
          this.#disposeAfter = disposeAfter;
          this.#disposed = [];
@@ -95990,6 +96089,7 @@ var require_commonjs14 = __commonJS({
          this.#disposed = void 0;
        }
        this.#hasDispose = !!this.#dispose;
+        this.#hasOnInsert = !!this.#onInsert;
        this.#hasDisposeAfter = !!this.#disposeAfter;
        this.noDisposeOnSet = !!noDisposeOnSet;
        this.noUpdateTTL = !!noUpdateTTL;
@@ -96392,7 +96492,7 @@ var require_commonjs14 = __commonJS({
      }
      /**
       * Return an array of [key, {@link LRUCache.Entry}] tuples which can be
-       * passed to {@link LRLUCache#load}.
+       * passed to {@link LRUCache#load}.
       *
       * The `start` fields are calculated relative to a portable `Date.now()`
       * timestamp, even if `performance.now()` is available.
@@ -96503,6 +96603,9 @@ var require_commonjs14 = __commonJS({
          if (status)
            status.set = "add";
          noUpdateTTL = false;
+          if (this.#hasOnInsert) {
+            this.#onInsert?.(v, k, "add");
+          }
        } else {
          this.#moveToTail(index);
          const oldVal = this.#valList[index];
@@ -96538,6 +96641,9 @@ var require_commonjs14 = __commonJS({
          } else if (status) {
            status.set = "update";
          }
+          if (this.#hasOnInsert) {
+            this.onInsert?.(v, k, v === oldVal ? "update" : "replace");
+          }
        }
        if (ttl !== 0 && !this.#ttls) {
          this.#initializeTTLTracking();
@@ -97063,7 +97169,7 @@ var require_commonjs14 = __commonJS({
 });

 // node_modules/minipass/dist/commonjs/index.js
-var require_commonjs15 = __commonJS({
+var require_commonjs17 = __commonJS({
  "node_modules/minipass/dist/commonjs/index.js"(exports2) {
    "use strict";
    var __importDefault4 = exports2 && exports2.__importDefault || function(mod) {
@@ -97954,9 +98060,9 @@ var require_commonjs15 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/path-scurry/dist/commonjs/index.js
-var require_commonjs16 = __commonJS({
-  "node_modules/archiver-utils/node_modules/path-scurry/dist/commonjs/index.js"(exports2) {
+// node_modules/path-scurry/dist/commonjs/index.js
+var require_commonjs18 = __commonJS({
+  "node_modules/path-scurry/dist/commonjs/index.js"(exports2) {
    "use strict";
    var __createBinding4 = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) {
      if (k2 === void 0) k2 = k;
@@ -97987,14 +98093,14 @@ var require_commonjs16 = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.PathScurry = exports2.Path = exports2.PathScurryDarwin = exports2.PathScurryPosix = exports2.PathScurryWin32 = exports2.PathScurryBase = exports2.PathPosix = exports2.PathWin32 = exports2.PathBase = exports2.ChildrenCache = exports2.ResolveCache = void 0;
-    var lru_cache_1 = require_commonjs14();
+    var lru_cache_1 = require_commonjs16();
    var node_path_1 = require("node:path");
    var node_url_1 = require("node:url");
    var fs_1 = require("fs");
    var actualFS = __importStar4(require("node:fs"));
    var realpathSync = fs_1.realpathSync.native;
    var promises_1 = require("node:fs/promises");
-    var minipass_1 = require_commonjs15();
+    var minipass_1 = require_commonjs17();
    var defaultFS = {
      lstatSync: fs_1.lstatSync,
      readdir: fs_1.readdir,
@@ -98209,6 +98315,8 @@ var require_commonjs16 = __commonJS({
      /**
       * Deprecated alias for Dirent['parentPath'] Somewhat counterintuitively,
       * this property refers to the *parent* path, not the path object itself.
+       *
+       * @deprecated
       */
      get path() {
        return this.parentPath;
@@ -99728,13 +99836,13 @@ var require_commonjs16 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/pattern.js
+// node_modules/glob/dist/commonjs/pattern.js
 var require_pattern = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/pattern.js"(exports2) {
+  "node_modules/glob/dist/commonjs/pattern.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Pattern = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var isPatternList = (pl) => pl.length >= 1;
    var isGlobList = (gl) => gl.length >= 1;
    var Pattern = class _Pattern {
@@ -99902,13 +100010,13 @@ var require_pattern = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/ignore.js
+// node_modules/glob/dist/commonjs/ignore.js
 var require_ignore = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/ignore.js"(exports2) {
+  "node_modules/glob/dist/commonjs/ignore.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Ignore = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var pattern_js_1 = require_pattern();
    var defaultPlatform = typeof process === "object" && process && typeof process.platform === "string" ? process.platform : "linux";
    var Ignore = class {
@@ -99999,13 +100107,13 @@ var require_ignore = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/processor.js
+// node_modules/glob/dist/commonjs/processor.js
 var require_processor = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/processor.js"(exports2) {
+  "node_modules/glob/dist/commonjs/processor.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Processor = exports2.SubWalks = exports2.MatchRecord = exports2.HasWalkedCache = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var HasWalkedCache = class _HasWalkedCache {
      store;
      constructor(store = /* @__PURE__ */ new Map()) {
@@ -100232,13 +100340,13 @@ var require_processor = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/walker.js
+// node_modules/glob/dist/commonjs/walker.js
 var require_walker = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/walker.js"(exports2) {
+  "node_modules/glob/dist/commonjs/walker.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.GlobStream = exports2.GlobWalker = exports2.GlobUtil = void 0;
-    var minipass_1 = require_commonjs15();
+    var minipass_1 = require_commonjs17();
    var ignore_js_1 = require_ignore();
    var processor_js_1 = require_processor();
    var makeIgnore = (ignore, opts) => typeof ignore === "string" ? new ignore_js_1.Ignore([ignore], opts) : Array.isArray(ignore) ? new ignore_js_1.Ignore(ignore, opts) : ignore;
@@ -100572,15 +100680,15 @@ var require_walker = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/glob.js
+// node_modules/glob/dist/commonjs/glob.js
 var require_glob2 = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/glob.js"(exports2) {
+  "node_modules/glob/dist/commonjs/glob.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Glob = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var node_url_1 = require("node:url");
-    var path_scurry_1 = require_commonjs16();
+    var path_scurry_1 = require_commonjs18();
    var pattern_js_1 = require_pattern();
    var walker_js_1 = require_walker();
    var defaultPlatform = typeof process === "object" && process && typeof process.platform === "string" ? process.platform : "linux";
@@ -100785,13 +100893,13 @@ var require_glob2 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/has-magic.js
+// node_modules/glob/dist/commonjs/has-magic.js
 var require_has_magic = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/has-magic.js"(exports2) {
+  "node_modules/glob/dist/commonjs/has-magic.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.hasMagic = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var hasMagic = (pattern, options = {}) => {
      if (!Array.isArray(pattern)) {
        pattern = [pattern];
@@ -100806,9 +100914,9 @@ var require_has_magic = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/index.js
-var require_commonjs17 = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/index.js"(exports2) {
+// node_modules/glob/dist/commonjs/index.js
+var require_commonjs19 = __commonJS({
+  "node_modules/glob/dist/commonjs/index.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.glob = exports2.sync = exports2.iterate = exports2.iterateSync = exports2.stream = exports2.streamSync = exports2.Ignore = exports2.hasMagic = exports2.Glob = exports2.unescape = exports2.escape = void 0;
@@ -100817,10 +100925,10 @@ var require_commonjs17 = __commonJS({
    exports2.globSync = globSync;
    exports2.globIterateSync = globIterateSync;
    exports2.globIterate = globIterate;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var glob_js_1 = require_glob2();
    var has_magic_js_1 = require_has_magic();
-    var minimatch_2 = require_commonjs13();
+    var minimatch_2 = require_commonjs15();
    Object.defineProperty(exports2, "escape", { enumerable: true, get: function() {
      return minimatch_2.escape;
    } });
@@ -100897,7 +101005,7 @@ var require_file3 = __commonJS({
    var difference = require_difference();
    var union = require_union();
    var isPlainObject = require_isPlainObject();
-    var glob2 = require_commonjs17();
+    var glob2 = require_commonjs19();
    var file = module2.exports = {};
    var pathSeparatorRe = /[\/\\]/g;
    var processPatterns = function(patterns, fn) {
@@ -116443,7 +116551,6 @@ var io2 = __toESM(require_io2());

 // src/util.ts
 var core3 = __toESM(require_core());
-var exec = __toESM(require_exec());
 var io = __toESM(require_io2());

 // node_modules/get-folder-size/index.js
@@ -119091,7 +119198,7 @@ var safeDump = renamed("safeDump", "dump");
 var semver = __toESM(require_semver2());

 // src/api-compatibility.json
-var maximumVersion = "3.19";
+var maximumVersion = "3.20";
 var minimumVersion = "3.14";

 // src/util.ts
@@ -119307,7 +119414,7 @@ function getActionsLogger() {
 }

 // src/overlay-database-utils.ts
-var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4";
+var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;

@@ -119337,6 +119444,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: "2.15.0"
  },
+  ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN",
+    minimumVersion: void 0
+  },
  ["csharp_new_cache_key" /* CsharpNewCacheKey */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY",
@@ -119370,6 +119482,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -119470,6 +119587,11 @@ var featureConfig = {
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST",
    minimumVersion: void 0
  },
+  ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS",
+    minimumVersion: void 0
+  },
  ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT",
@@ -119481,21 +119603,21 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */
  },
-  ["use_repository_properties" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_QA_TELEMETRY",
    legacyApi: true,
    minimumVersion: void 0
  },
-  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+  ["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
    defaultValue: false,
-    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
-    minimumVersion: "2.23.0"
+    envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
+    minimumVersion: void 0
+  },
+  ["use_repository_properties" /* UseRepositoryProperties */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
+    minimumVersion: void 0
  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
@@ -119508,6 +119630,9 @@ var featureConfig = {
 var actionsCache2 = __toESM(require_cache3());

 // src/config-utils.ts
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
+var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
 var OVERLAY_ANALYSIS_FEATURES = {
  actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
  cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */,
--- a/lib/start-proxy-action.js
+++ b/lib/start-proxy-action.js
@@ -19419,7 +19419,7 @@ var require_exec = __commonJS({
    exports2.getExecOutput = exports2.exec = void 0;
    var string_decoder_1 = require("string_decoder");
    var tr = __importStar4(require_toolrunner());
-    function exec2(commandLine, args, options) {
+    function exec(commandLine, args, options) {
      return __awaiter4(this, void 0, void 0, function* () {
        const commandArgs = tr.argStringToArray(commandLine);
        if (commandArgs.length === 0) {
@@ -19431,8 +19431,8 @@ var require_exec = __commonJS({
        return runner.exec();
      });
    }
-    exports2.exec = exec2;
-    function getExecOutput2(commandLine, args, options) {
+    exports2.exec = exec;
+    function getExecOutput(commandLine, args, options) {
      var _a, _b;
      return __awaiter4(this, void 0, void 0, function* () {
        let stdout = "";
@@ -19454,7 +19454,7 @@ var require_exec = __commonJS({
          }
        };
        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
-        const exitCode = yield exec2(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
+        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
        stdout += stdoutDecoder.end();
        stderr += stderrDecoder.end();
        return {
@@ -19464,7 +19464,7 @@ var require_exec = __commonJS({
        };
      });
    }
-    exports2.getExecOutput = getExecOutput2;
+    exports2.getExecOutput = getExecOutput;
  }
 });

@@ -19532,12 +19532,12 @@ var require_platform = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getDetails = exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
    var os_1 = __importDefault4(require("os"));
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var getWindowsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout: version } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
+      const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
        silent: true
      });
-      const { stdout: name } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
+      const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
        silent: true
      });
      return {
@@ -19547,7 +19547,7 @@ var require_platform = __commonJS({
    });
    var getMacOsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
      var _a, _b, _c, _d;
-      const { stdout } = yield exec2.getExecOutput("sw_vers", void 0, {
+      const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
        silent: true
      });
      const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
@@ -19558,7 +19558,7 @@ var require_platform = __commonJS({
      };
    });
    var getLinuxInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout } = yield exec2.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
+      const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
        silent: true
      });
      const [name, version] = stdout.trim().split("\n");
@@ -24935,7 +24935,7 @@ var require_util8 = __commonJS({
              parts.push("<?>");
            }
            break;
-          // FIXME: do proper formating for numbers, etc
+          // FIXME: do proper formatting for numbers, etc
          //case 'f':
          //case 'd':
          case "%":
@@ -26386,6 +26386,7 @@ var require_asn1 = __commonJS({
      GENERALIZEDTIME: 24,
      BMPSTRING: 30
    };
+    asn1.maxDepth = 256;
    asn1.create = function(tagClass, type2, constructed, value, options) {
      if (forge.util.isArray(value)) {
        var tmp = [];
@@ -26527,6 +26528,9 @@ var require_asn1 = __commonJS({
      if (!("decodeBitStrings" in options)) {
        options.decodeBitStrings = true;
      }
+      if (!("maxDepth" in options)) {
+        options.maxDepth = asn1.maxDepth;
+      }
      if (typeof bytes === "string") {
        bytes = forge.util.createBuffer(bytes);
      }
@@ -26541,6 +26545,9 @@ var require_asn1 = __commonJS({
      return value;
    };
    function _fromDer(bytes, remaining, depth, options) {
+      if (depth >= options.maxDepth) {
+        throw new Error("ASN.1 parsing error: Max depth exceeded.");
+      }
      var start;
      _checkBufferLength(bytes, remaining, 2);
      var b1 = bytes.getByte();
@@ -26716,6 +26723,9 @@ var require_asn1 = __commonJS({
        last = true;
        valueBytes = [];
        value = parseInt(values[i], 10);
+        if (value > 4294967295) {
+          throw new Error("OID value too large; max is 32-bits.");
+        }
        do {
          b = value & 127;
          value = value >>> 7;
@@ -26740,8 +26750,11 @@ var require_asn1 = __commonJS({
      oid = Math.floor(b / 40) + "." + b % 40;
      var value = 0;
      while (bytes.length() > 0) {
+        if (value > 70368744177663) {
+          throw new Error("OID value too large; max is 53-bits.");
+        }
        b = bytes.getByte();
-        value = value << 7;
+        value = value * 128;
        if (b & 128) {
          value += b & 127;
        } else {
@@ -26902,19 +26915,40 @@ var require_asn1 = __commonJS({
          if (v.value && forge.util.isArray(v.value)) {
            var j = 0;
            for (var i = 0; rval && i < v.value.length; ++i) {
-              rval = v.value[i].optional || false;
-              if (obj.value[j]) {
-                rval = asn1.validate(obj.value[j], v.value[i], capture, errors);
-                if (rval) {
-                  ++j;
-                } else if (v.value[i].optional) {
+              var schemaItem = v.value[i];
+              rval = !!schemaItem.optional;
+              var objChild = obj.value[j];
+              if (!objChild) {
+                if (!schemaItem.optional) {
+                  rval = false;
+                  if (errors) {
+                    errors.push("[" + v.name + '] Missing required element. Expected tag class "' + schemaItem.tagClass + '", type "' + schemaItem.type + '"');
+                  }
+                }
+                continue;
+              }
+              var schemaHasTag = typeof schemaItem.tagClass !== "undefined" && typeof schemaItem.type !== "undefined";
+              if (schemaHasTag && (objChild.tagClass !== schemaItem.tagClass || objChild.type !== schemaItem.type)) {
+                if (schemaItem.optional) {
                  rval = true;
+                  continue;
+                } else {
+                  rval = false;
+                  if (errors) {
+                    errors.push("[" + v.name + "] Tag mismatch. Expected (" + schemaItem.tagClass + "," + schemaItem.type + "), got (" + objChild.tagClass + "," + objChild.type + ")");
+                  }
+                  break;
                }
              }
-              if (!rval && errors) {
-                errors.push(
-                  "[" + v.name + '] Tag class "' + v.tagClass + '", type "' + v.type + '" expected value length "' + v.value.length + '", got "' + obj.value.length + '"'
-                );
+              var childRval = asn1.validate(objChild, schemaItem, capture, errors);
+              if (childRval) {
+                ++j;
+                rval = true;
+              } else if (schemaItem.optional) {
+                rval = true;
+              } else {
+                rval = false;
+                break;
              }
            }
          }
@@ -30955,7 +30989,7 @@ var require_rsa = __commonJS({
          constructed: false,
          capture: "algorithmIdentifier"
        }, {
-          // NULL paramters
+          // NULL parameters
          name: "DigestInfo.DigestAlgorithm.parameters",
          tagClass: asn1.Class.UNIVERSAL,
          type: asn1.Type.NULL,
@@ -31468,7 +31502,7 @@ var require_rsa = __commonJS({
              if (oid === forge.oids.md2 || oid === forge.oids.md5) {
                if (!("parameters" in capture)) {
                  throw new Error(
-                    "ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 DigestInfo value. Missing algorithm identifer NULL parameters."
+                    "ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 DigestInfo value. Missing algorithm identifier NULL parameters."
                  );
                }
              }
@@ -35665,6 +35699,8 @@ var require_pkcs12 = __commonJS({
        if (macValue.getBytes() !== capture.macDigest) {
          throw new Error("PKCS#12 MAC could not be verified. Invalid password?");
        }
+      } else if (Array.isArray(obj.value) && obj.value.length > 2) {
+        throw new Error("Invalid PKCS#12. macData field present but MAC was not validated.");
      }
      _decodeAuthenticatedSafe(pfx, data.value, strict, password);
      return pfx;
@@ -47285,7 +47321,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.4",
+      version: "4.31.8",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -47320,7 +47356,6 @@ var require_package = __commonJS({
        "@actions/io": "^2.0.0",
        "@actions/tool-cache": "^2.0.2",
        "@octokit/plugin-retry": "^6.0.0",
-        "@octokit/request-error": "^7.0.2",
        "@schemastore/package": "0.0.10",
        archiver: "^7.0.1",
        "fast-deep-equal": "^3.1.3",
@@ -47329,27 +47364,26 @@ var require_package = __commonJS({
        "js-yaml": "^4.1.1",
        jsonschema: "1.4.1",
        long: "^5.3.2",
-        "node-forge": "^1.3.1",
-        octokit: "^5.0.5",
+        "node-forge": "^1.3.2",
        semver: "^7.7.3",
        uuid: "^13.0.0"
      },
      devDependencies: {
        "@ava/typescript": "6.0.0",
-        "@eslint/compat": "^1.4.1",
-        "@eslint/eslintrc": "^3.3.1",
+        "@eslint/compat": "^2.0.0",
+        "@eslint/eslintrc": "^3.3.3",
        "@eslint/js": "^9.39.1",
        "@microsoft/eslint-formatter-sarif": "^3.1.0",
        "@octokit/types": "^16.0.0",
        "@types/archiver": "^7.0.0",
        "@types/follow-redirects": "^1.14.4",
        "@types/js-yaml": "^4.0.9",
-        "@types/node": "20.19.9",
+        "@types/node": "^20.19.9",
        "@types/node-forge": "^1.3.14",
        "@types/semver": "^7.7.1",
-        "@types/sinon": "^17.0.4",
-        "@typescript-eslint/eslint-plugin": "^8.46.4",
-        "@typescript-eslint/parser": "^8.41.0",
+        "@types/sinon": "^21.0.0",
+        "@typescript-eslint/eslint-plugin": "^8.48.0",
+        "@typescript-eslint/parser": "^8.48.0",
        ava: "^6.4.1",
        esbuild: "^0.27.0",
        eslint: "^8.57.1",
@@ -47357,9 +47391,9 @@ var require_package = __commonJS({
        "eslint-plugin-filenames": "^1.3.2",
        "eslint-plugin-github": "^5.1.8",
        "eslint-plugin-import": "2.29.1",
-        "eslint-plugin-jsdoc": "^61.1.12",
+        "eslint-plugin-jsdoc": "^61.4.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
-        glob: "^11.0.3",
+        glob: "^11.1.0",
        nock: "^14.0.10",
        sinon: "^21.0.0",
        typescript: "^5.9.3"
@@ -47383,7 +47417,8 @@ var require_package = __commonJS({
        "eslint-plugin-jsx-a11y": {
          semver: ">=6.3.1"
        },
-        "brace-expansion@2.0.1": "2.0.2"
+        "brace-expansion@2.0.1": "2.0.2",
+        glob: "^11.1.0"
      }
    };
  }
@@ -53593,7 +53628,7 @@ var require_cacheUtils = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getRuntimeToken = exports2.getCacheVersion = exports2.assertDefined = exports2.getGnuTarPathOnWindows = exports2.getCacheFileName = exports2.getCompressionMethod = exports2.unlinkFile = exports2.resolvePaths = exports2.getArchiveFileSizeInBytes = exports2.createTempDirectory = void 0;
    var core12 = __importStar4(require_core());
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var glob = __importStar4(require_glob());
    var io4 = __importStar4(require_io4());
    var crypto = __importStar4(require("crypto"));
@@ -53677,7 +53712,7 @@ var require_cacheUtils = __commonJS({
        additionalArgs.push("--version");
        core12.debug(`Checking ${app} ${additionalArgs.join(" ")}`);
        try {
-          yield exec2.exec(`${app}`, additionalArgs, {
+          yield exec.exec(`${app}`, additionalArgs, {
            ignoreReturnCode: true,
            silent: true,
            listeners: {
@@ -96768,7 +96803,6 @@ var io2 = __toESM(require_io3());
 // src/util.ts
 var fsPromises = __toESM(require("fs/promises"));
 var core3 = __toESM(require_core());
-var exec = __toESM(require_exec());
 var io = __toESM(require_io3());

 // node_modules/get-folder-size/index.js
@@ -99686,8 +99720,8 @@ function getActionsLogger() {
 var core7 = __toESM(require_core());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.5";
-var cliVersion = "2.23.5";
+var bundleVersion = "codeql-bundle-v2.23.7";
+var cliVersion = "2.23.7";

 // src/languages.ts
 var KnownLanguage = /* @__PURE__ */ ((KnownLanguage2) => {
@@ -99969,7 +100003,7 @@ async function getRef() {
 }

 // src/overlay-database-utils.ts
-var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4";
+var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;

@@ -99999,6 +100033,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: "2.15.0"
  },
+  ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN",
+    minimumVersion: void 0
+  },
  ["csharp_new_cache_key" /* CsharpNewCacheKey */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY",
@@ -100032,6 +100071,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -100132,6 +100176,11 @@ var featureConfig = {
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST",
    minimumVersion: void 0
  },
+  ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS",
+    minimumVersion: void 0
+  },
  ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT",
@@ -100143,21 +100192,21 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */
  },
-  ["use_repository_properties" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_QA_TELEMETRY",
    legacyApi: true,
    minimumVersion: void 0
  },
-  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+  ["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
    defaultValue: false,
-    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
-    minimumVersion: "2.23.0"
+    envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
+    minimumVersion: void 0
+  },
+  ["use_repository_properties" /* UseRepositoryProperties */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
+    minimumVersion: void 0
  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
@@ -100170,6 +100219,9 @@ var featureConfig = {
 var actionsCache2 = __toESM(require_cache3());

 // src/config-utils.ts
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
+var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
 var OVERLAY_ANALYSIS_FEATURES = {
  actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
  cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */,
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@@ -19419,7 +19419,7 @@ var require_exec = __commonJS({
    exports2.getExecOutput = exports2.exec = void 0;
    var string_decoder_1 = require("string_decoder");
    var tr = __importStar4(require_toolrunner());
-    function exec2(commandLine, args, options) {
+    function exec(commandLine, args, options) {
      return __awaiter4(this, void 0, void 0, function* () {
        const commandArgs = tr.argStringToArray(commandLine);
        if (commandArgs.length === 0) {
@@ -19431,8 +19431,8 @@ var require_exec = __commonJS({
        return runner.exec();
      });
    }
-    exports2.exec = exec2;
-    function getExecOutput2(commandLine, args, options) {
+    exports2.exec = exec;
+    function getExecOutput(commandLine, args, options) {
      var _a, _b;
      return __awaiter4(this, void 0, void 0, function* () {
        let stdout = "";
@@ -19454,7 +19454,7 @@ var require_exec = __commonJS({
          }
        };
        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
-        const exitCode = yield exec2(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
+        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
        stdout += stdoutDecoder.end();
        stderr += stderrDecoder.end();
        return {
@@ -19464,7 +19464,7 @@ var require_exec = __commonJS({
        };
      });
    }
-    exports2.getExecOutput = getExecOutput2;
+    exports2.getExecOutput = getExecOutput;
  }
 });

@@ -19532,12 +19532,12 @@ var require_platform = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getDetails = exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
    var os_1 = __importDefault4(require("os"));
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var getWindowsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout: version } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
+      const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
        silent: true
      });
-      const { stdout: name } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
+      const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
        silent: true
      });
      return {
@@ -19547,7 +19547,7 @@ var require_platform = __commonJS({
    });
    var getMacOsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
      var _a, _b, _c, _d;
-      const { stdout } = yield exec2.getExecOutput("sw_vers", void 0, {
+      const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
        silent: true
      });
      const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
@@ -19558,7 +19558,7 @@ var require_platform = __commonJS({
      };
    });
    var getLinuxInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout } = yield exec2.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
+      const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
        silent: true
      });
      const [name, version] = stdout.trim().split("\n");
@@ -28924,7 +28924,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.4",
+      version: "4.31.8",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -28959,7 +28959,6 @@ var require_package = __commonJS({
        "@actions/io": "^2.0.0",
        "@actions/tool-cache": "^2.0.2",
        "@octokit/plugin-retry": "^6.0.0",
-        "@octokit/request-error": "^7.0.2",
        "@schemastore/package": "0.0.10",
        archiver: "^7.0.1",
        "fast-deep-equal": "^3.1.3",
@@ -28968,27 +28967,26 @@ var require_package = __commonJS({
        "js-yaml": "^4.1.1",
        jsonschema: "1.4.1",
        long: "^5.3.2",
-        "node-forge": "^1.3.1",
-        octokit: "^5.0.5",
+        "node-forge": "^1.3.2",
        semver: "^7.7.3",
        uuid: "^13.0.0"
      },
      devDependencies: {
        "@ava/typescript": "6.0.0",
-        "@eslint/compat": "^1.4.1",
-        "@eslint/eslintrc": "^3.3.1",
+        "@eslint/compat": "^2.0.0",
+        "@eslint/eslintrc": "^3.3.3",
        "@eslint/js": "^9.39.1",
        "@microsoft/eslint-formatter-sarif": "^3.1.0",
        "@octokit/types": "^16.0.0",
        "@types/archiver": "^7.0.0",
        "@types/follow-redirects": "^1.14.4",
        "@types/js-yaml": "^4.0.9",
-        "@types/node": "20.19.9",
+        "@types/node": "^20.19.9",
        "@types/node-forge": "^1.3.14",
        "@types/semver": "^7.7.1",
-        "@types/sinon": "^17.0.4",
-        "@typescript-eslint/eslint-plugin": "^8.46.4",
-        "@typescript-eslint/parser": "^8.41.0",
+        "@types/sinon": "^21.0.0",
+        "@typescript-eslint/eslint-plugin": "^8.48.0",
+        "@typescript-eslint/parser": "^8.48.0",
        ava: "^6.4.1",
        esbuild: "^0.27.0",
        eslint: "^8.57.1",
@@ -28996,9 +28994,9 @@ var require_package = __commonJS({
        "eslint-plugin-filenames": "^1.3.2",
        "eslint-plugin-github": "^5.1.8",
        "eslint-plugin-import": "2.29.1",
-        "eslint-plugin-jsdoc": "^61.1.12",
+        "eslint-plugin-jsdoc": "^61.4.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
-        glob: "^11.0.3",
+        glob: "^11.1.0",
        nock: "^14.0.10",
        sinon: "^21.0.0",
        typescript: "^5.9.3"
@@ -29022,7 +29020,8 @@ var require_package = __commonJS({
        "eslint-plugin-jsx-a11y": {
          semver: ">=6.3.1"
        },
-        "brace-expansion@2.0.1": "2.0.2"
+        "brace-expansion@2.0.1": "2.0.2",
+        glob: "^11.1.0"
      }
    };
  }
@@ -33935,7 +33934,7 @@ var require_cacheUtils = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getRuntimeToken = exports2.getCacheVersion = exports2.assertDefined = exports2.getGnuTarPathOnWindows = exports2.getCacheFileName = exports2.getCompressionMethod = exports2.unlinkFile = exports2.resolvePaths = exports2.getArchiveFileSizeInBytes = exports2.createTempDirectory = void 0;
    var core12 = __importStar4(require_core());
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var glob = __importStar4(require_glob());
    var io6 = __importStar4(require_io3());
    var crypto = __importStar4(require("crypto"));
@@ -34019,7 +34018,7 @@ var require_cacheUtils = __commonJS({
        additionalArgs.push("--version");
        core12.debug(`Checking ${app} ${additionalArgs.join(" ")}`);
        try {
-          yield exec2.exec(`${app}`, additionalArgs, {
+          yield exec.exec(`${app}`, additionalArgs, {
            ignoreReturnCode: true,
            silent: true,
            listeners: {
@@ -83222,7 +83221,6 @@ __export(upload_lib_exports, {
  buildPayload: () => buildPayload,
  findSarifFilesInDir: () => findSarifFilesInDir,
  getGroupedSarifFilePaths: () => getGroupedSarifFilePaths,
-  getSarifFilePaths: () => getSarifFilePaths,
  populateRunAutomationDetails: () => populateRunAutomationDetails,
  postProcessSarifFiles: () => postProcessSarifFiles,
  readSarifFile: () => readSarifFile,
@@ -83258,7 +83256,6 @@ var io2 = __toESM(require_io2());
 var fs = __toESM(require("fs"));
 var path = __toESM(require("path"));
 var core3 = __toESM(require_core());
-var exec = __toESM(require_exec());
 var io = __toESM(require_io2());

 // node_modules/get-folder-size/index.js
@@ -86727,8 +86724,8 @@ var path4 = __toESM(require("path"));
 var semver4 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.5";
-var cliVersion = "2.23.5";
+var bundleVersion = "codeql-bundle-v2.23.7";
+var cliVersion = "2.23.7";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
@@ -86947,7 +86944,7 @@ function formatDuration(durationMs) {
 }

 // src/overlay-database-utils.ts
-var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4";
+var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
 async function writeBaseDatabaseOidsFile(config, sourceRoot) {
@@ -87037,6 +87034,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: "2.15.0"
  },
+  ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN",
+    minimumVersion: void 0
+  },
  ["csharp_new_cache_key" /* CsharpNewCacheKey */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY",
@@ -87070,6 +87072,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -87170,6 +87177,11 @@ var featureConfig = {
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST",
    minimumVersion: void 0
  },
+  ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS",
+    minimumVersion: void 0
+  },
  ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT",
@@ -87181,21 +87193,21 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */
  },
-  ["use_repository_properties" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_QA_TELEMETRY",
    legacyApi: true,
    minimumVersion: void 0
  },
-  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+  ["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
    defaultValue: false,
-    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
-    minimumVersion: "2.23.0"
+    envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
+    minimumVersion: void 0
+  },
+  ["use_repository_properties" /* UseRepositoryProperties */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
+    minimumVersion: void 0
  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
@@ -87226,6 +87238,9 @@ ${jsonContents}`
 var actionsCache2 = __toESM(require_cache3());

 // src/config-utils.ts
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
+var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
 var OVERLAY_ANALYSIS_FEATURES = {
  actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
  cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */,
@@ -90653,7 +90668,6 @@ function filterAlertsByDiffRange(logger, sarif) {
  buildPayload,
  findSarifFilesInDir,
  getGroupedSarifFilePaths,
-  getSarifFilePaths,
  populateRunAutomationDetails,
  postProcessSarifFiles,
  readSarifFile,
--- a/lib/upload-sarif-action-post.js
+++ b/lib/upload-sarif-action-post.js
@@ -19419,7 +19419,7 @@ var require_exec = __commonJS({
    exports2.getExecOutput = exports2.exec = void 0;
    var string_decoder_1 = require("string_decoder");
    var tr = __importStar4(require_toolrunner());
-    function exec2(commandLine, args, options) {
+    function exec(commandLine, args, options) {
      return __awaiter4(this, void 0, void 0, function* () {
        const commandArgs = tr.argStringToArray(commandLine);
        if (commandArgs.length === 0) {
@@ -19431,8 +19431,8 @@ var require_exec = __commonJS({
        return runner.exec();
      });
    }
-    exports2.exec = exec2;
-    function getExecOutput2(commandLine, args, options) {
+    exports2.exec = exec;
+    function getExecOutput(commandLine, args, options) {
      var _a, _b;
      return __awaiter4(this, void 0, void 0, function* () {
        let stdout = "";
@@ -19454,7 +19454,7 @@ var require_exec = __commonJS({
          }
        };
        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
-        const exitCode = yield exec2(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
+        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
        stdout += stdoutDecoder.end();
        stderr += stderrDecoder.end();
        return {
@@ -19464,7 +19464,7 @@ var require_exec = __commonJS({
        };
      });
    }
-    exports2.getExecOutput = getExecOutput2;
+    exports2.getExecOutput = getExecOutput;
  }
 });

@@ -19532,12 +19532,12 @@ var require_platform = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getDetails = exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
    var os_1 = __importDefault4(require("os"));
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var getWindowsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout: version } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
+      const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
        silent: true
      });
-      const { stdout: name } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
+      const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
        silent: true
      });
      return {
@@ -19547,7 +19547,7 @@ var require_platform = __commonJS({
    });
    var getMacOsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
      var _a, _b, _c, _d;
-      const { stdout } = yield exec2.getExecOutput("sw_vers", void 0, {
+      const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
        silent: true
      });
      const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
@@ -19558,7 +19558,7 @@ var require_platform = __commonJS({
      };
    });
    var getLinuxInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout } = yield exec2.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
+      const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
        silent: true
      });
      const [name, version] = stdout.trim().split("\n");
@@ -27627,7 +27627,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.4",
+      version: "4.31.8",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -27662,7 +27662,6 @@ var require_package = __commonJS({
        "@actions/io": "^2.0.0",
        "@actions/tool-cache": "^2.0.2",
        "@octokit/plugin-retry": "^6.0.0",
-        "@octokit/request-error": "^7.0.2",
        "@schemastore/package": "0.0.10",
        archiver: "^7.0.1",
        "fast-deep-equal": "^3.1.3",
@@ -27671,27 +27670,26 @@ var require_package = __commonJS({
        "js-yaml": "^4.1.1",
        jsonschema: "1.4.1",
        long: "^5.3.2",
-        "node-forge": "^1.3.1",
-        octokit: "^5.0.5",
+        "node-forge": "^1.3.2",
        semver: "^7.7.3",
        uuid: "^13.0.0"
      },
      devDependencies: {
        "@ava/typescript": "6.0.0",
-        "@eslint/compat": "^1.4.1",
-        "@eslint/eslintrc": "^3.3.1",
+        "@eslint/compat": "^2.0.0",
+        "@eslint/eslintrc": "^3.3.3",
        "@eslint/js": "^9.39.1",
        "@microsoft/eslint-formatter-sarif": "^3.1.0",
        "@octokit/types": "^16.0.0",
        "@types/archiver": "^7.0.0",
        "@types/follow-redirects": "^1.14.4",
        "@types/js-yaml": "^4.0.9",
-        "@types/node": "20.19.9",
+        "@types/node": "^20.19.9",
        "@types/node-forge": "^1.3.14",
        "@types/semver": "^7.7.1",
-        "@types/sinon": "^17.0.4",
-        "@typescript-eslint/eslint-plugin": "^8.46.4",
-        "@typescript-eslint/parser": "^8.41.0",
+        "@types/sinon": "^21.0.0",
+        "@typescript-eslint/eslint-plugin": "^8.48.0",
+        "@typescript-eslint/parser": "^8.48.0",
        ava: "^6.4.1",
        esbuild: "^0.27.0",
        eslint: "^8.57.1",
@@ -27699,9 +27697,9 @@ var require_package = __commonJS({
        "eslint-plugin-filenames": "^1.3.2",
        "eslint-plugin-github": "^5.1.8",
        "eslint-plugin-import": "2.29.1",
-        "eslint-plugin-jsdoc": "^61.1.12",
+        "eslint-plugin-jsdoc": "^61.4.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
-        glob: "^11.0.3",
+        glob: "^11.1.0",
        nock: "^14.0.10",
        sinon: "^21.0.0",
        typescript: "^5.9.3"
@@ -27725,7 +27723,8 @@ var require_package = __commonJS({
        "eslint-plugin-jsx-a11y": {
          semver: ">=6.3.1"
        },
-        "brace-expansion@2.0.1": "2.0.2"
+        "brace-expansion@2.0.1": "2.0.2",
+        glob: "^11.1.0"
      }
    };
  }
@@ -85693,52 +85692,128 @@ var require_isPlainObject = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/brace-expansion/index.js
-var require_brace_expansion2 = __commonJS({
-  "node_modules/archiver-utils/node_modules/brace-expansion/index.js"(exports2, module2) {
-    var balanced = require_balanced_match();
-    module2.exports = expandTop;
+// node_modules/@isaacs/balanced-match/dist/commonjs/index.js
+var require_commonjs13 = __commonJS({
+  "node_modules/@isaacs/balanced-match/dist/commonjs/index.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.range = exports2.balanced = void 0;
+    var balanced = (a, b, str2) => {
+      const ma = a instanceof RegExp ? maybeMatch(a, str2) : a;
+      const mb = b instanceof RegExp ? maybeMatch(b, str2) : b;
+      const r = ma !== null && mb != null && (0, exports2.range)(ma, mb, str2);
+      return r && {
+        start: r[0],
+        end: r[1],
+        pre: str2.slice(0, r[0]),
+        body: str2.slice(r[0] + ma.length, r[1]),
+        post: str2.slice(r[1] + mb.length)
+      };
+    };
+    exports2.balanced = balanced;
+    var maybeMatch = (reg, str2) => {
+      const m = str2.match(reg);
+      return m ? m[0] : null;
+    };
+    var range = (a, b, str2) => {
+      let begs, beg, left, right = void 0, result;
+      let ai = str2.indexOf(a);
+      let bi = str2.indexOf(b, ai + 1);
+      let i = ai;
+      if (ai >= 0 && bi > 0) {
+        if (a === b) {
+          return [ai, bi];
+        }
+        begs = [];
+        left = str2.length;
+        while (i >= 0 && !result) {
+          if (i === ai) {
+            begs.push(i);
+            ai = str2.indexOf(a, i + 1);
+          } else if (begs.length === 1) {
+            const r = begs.pop();
+            if (r !== void 0)
+              result = [r, bi];
+          } else {
+            beg = begs.pop();
+            if (beg !== void 0 && beg < left) {
+              left = beg;
+              right = bi;
+            }
+            bi = str2.indexOf(b, i + 1);
+          }
+          i = ai < bi && ai >= 0 ? ai : bi;
+        }
+        if (begs.length && right !== void 0) {
+          result = [left, right];
+        }
+      }
+      return result;
+    };
+    exports2.range = range;
+  }
+});
+
+// node_modules/@isaacs/brace-expansion/dist/commonjs/index.js
+var require_commonjs14 = __commonJS({
+  "node_modules/@isaacs/brace-expansion/dist/commonjs/index.js"(exports2) {
+    "use strict";
+    Object.defineProperty(exports2, "__esModule", { value: true });
+    exports2.expand = expand;
+    var balanced_match_1 = require_commonjs13();
    var escSlash = "\0SLASH" + Math.random() + "\0";
    var escOpen = "\0OPEN" + Math.random() + "\0";
    var escClose = "\0CLOSE" + Math.random() + "\0";
    var escComma = "\0COMMA" + Math.random() + "\0";
    var escPeriod = "\0PERIOD" + Math.random() + "\0";
+    var escSlashPattern = new RegExp(escSlash, "g");
+    var escOpenPattern = new RegExp(escOpen, "g");
+    var escClosePattern = new RegExp(escClose, "g");
+    var escCommaPattern = new RegExp(escComma, "g");
+    var escPeriodPattern = new RegExp(escPeriod, "g");
+    var slashPattern = /\\\\/g;
+    var openPattern = /\\{/g;
+    var closePattern = /\\}/g;
+    var commaPattern = /\\,/g;
+    var periodPattern = /\\./g;
    function numeric(str2) {
-      return parseInt(str2, 10) == str2 ? parseInt(str2, 10) : str2.charCodeAt(0);
+      return !isNaN(str2) ? parseInt(str2, 10) : str2.charCodeAt(0);
    }
    function escapeBraces(str2) {
-      return str2.split("\\\\").join(escSlash).split("\\{").join(escOpen).split("\\}").join(escClose).split("\\,").join(escComma).split("\\.").join(escPeriod);
+      return str2.replace(slashPattern, escSlash).replace(openPattern, escOpen).replace(closePattern, escClose).replace(commaPattern, escComma).replace(periodPattern, escPeriod);
    }
    function unescapeBraces(str2) {
-      return str2.split(escSlash).join("\\").split(escOpen).join("{").split(escClose).join("}").split(escComma).join(",").split(escPeriod).join(".");
+      return str2.replace(escSlashPattern, "\\").replace(escOpenPattern, "{").replace(escClosePattern, "}").replace(escCommaPattern, ",").replace(escPeriodPattern, ".");
    }
    function parseCommaParts(str2) {
-      if (!str2)
+      if (!str2) {
        return [""];
-      var parts = [];
-      var m = balanced("{", "}", str2);
-      if (!m)
+      }
+      const parts = [];
+      const m = (0, balanced_match_1.balanced)("{", "}", str2);
+      if (!m) {
        return str2.split(",");
-      var pre = m.pre;
-      var body = m.body;
-      var post = m.post;
-      var p = pre.split(",");
+      }
+      const { pre, body, post } = m;
+      const p = pre.split(",");
      p[p.length - 1] += "{" + body + "}";
-      var postParts = parseCommaParts(post);
+      const postParts = parseCommaParts(post);
      if (post.length) {
+        ;
        p[p.length - 1] += postParts.shift();
        p.push.apply(p, postParts);
      }
      parts.push.apply(parts, p);
      return parts;
    }
-    function expandTop(str2) {
-      if (!str2)
+    function expand(str2) {
+      if (!str2) {
        return [];
-      if (str2.substr(0, 2) === "{}") {
-        str2 = "\\{\\}" + str2.substr(2);
      }
-      return expand(escapeBraces(str2), true).map(unescapeBraces);
+      if (str2.slice(0, 2) === "{}") {
+        str2 = "\\{\\}" + str2.slice(2);
+      }
+      return expand_(escapeBraces(str2), true).map(unescapeBraces);
    }
    function embrace(str2) {
      return "{" + str2 + "}";
@@ -85752,73 +85827,74 @@ var require_brace_expansion2 = __commonJS({
    function gte5(i, y) {
      return i >= y;
    }
-    function expand(str2, isTop) {
-      var expansions = [];
-      var m = balanced("{", "}", str2);
-      if (!m) return [str2];
-      var pre = m.pre;
-      var post = m.post.length ? expand(m.post, false) : [""];
+    function expand_(str2, isTop) {
+      const expansions = [];
+      const m = (0, balanced_match_1.balanced)("{", "}", str2);
+      if (!m)
+        return [str2];
+      const pre = m.pre;
+      const post = m.post.length ? expand_(m.post, false) : [""];
      if (/\$$/.test(m.pre)) {
-        for (var k = 0; k < post.length; k++) {
-          var expansion = pre + "{" + m.body + "}" + post[k];
+        for (let k = 0; k < post.length; k++) {
+          const expansion = pre + "{" + m.body + "}" + post[k];
          expansions.push(expansion);
        }
      } else {
-        var isNumericSequence = /^-?\d+\.\.-?\d+(?:\.\.-?\d+)?$/.test(m.body);
-        var isAlphaSequence = /^[a-zA-Z]\.\.[a-zA-Z](?:\.\.-?\d+)?$/.test(m.body);
-        var isSequence = isNumericSequence || isAlphaSequence;
-        var isOptions = m.body.indexOf(",") >= 0;
+        const isNumericSequence = /^-?\d+\.\.-?\d+(?:\.\.-?\d+)?$/.test(m.body);
+        const isAlphaSequence = /^[a-zA-Z]\.\.[a-zA-Z](?:\.\.-?\d+)?$/.test(m.body);
+        const isSequence = isNumericSequence || isAlphaSequence;
+        const isOptions = m.body.indexOf(",") >= 0;
        if (!isSequence && !isOptions) {
          if (m.post.match(/,(?!,).*\}/)) {
            str2 = m.pre + "{" + m.body + escClose + m.post;
-            return expand(str2);
+            return expand_(str2);
          }
          return [str2];
        }
-        var n;
+        let n;
        if (isSequence) {
          n = m.body.split(/\.\./);
        } else {
          n = parseCommaParts(m.body);
-          if (n.length === 1) {
-            n = expand(n[0], false).map(embrace);
+          if (n.length === 1 && n[0] !== void 0) {
+            n = expand_(n[0], false).map(embrace);
            if (n.length === 1) {
-              return post.map(function(p) {
-                return m.pre + n[0] + p;
-              });
+              return post.map((p) => m.pre + n[0] + p);
            }
          }
        }
-        var N;
-        if (isSequence) {
-          var x = numeric(n[0]);
-          var y = numeric(n[1]);
-          var width = Math.max(n[0].length, n[1].length);
-          var incr = n.length == 3 ? Math.abs(numeric(n[2])) : 1;
-          var test = lte;
-          var reverse = y < x;
+        let N;
+        if (isSequence && n[0] !== void 0 && n[1] !== void 0) {
+          const x = numeric(n[0]);
+          const y = numeric(n[1]);
+          const width = Math.max(n[0].length, n[1].length);
+          let incr = n.length === 3 && n[2] !== void 0 ? Math.abs(numeric(n[2])) : 1;
+          let test = lte;
+          const reverse = y < x;
          if (reverse) {
            incr *= -1;
            test = gte5;
          }
-          var pad = n.some(isPadded);
+          const pad = n.some(isPadded);
          N = [];
-          for (var i = x; test(i, y); i += incr) {
-            var c;
+          for (let i = x; test(i, y); i += incr) {
+            let c;
            if (isAlphaSequence) {
              c = String.fromCharCode(i);
-              if (c === "\\")
+              if (c === "\\") {
                c = "";
+              }
            } else {
              c = String(i);
              if (pad) {
-                var need = width - c.length;
+                const need = width - c.length;
                if (need > 0) {
-                  var z = new Array(need + 1).join("0");
-                  if (i < 0)
+                  const z = new Array(need + 1).join("0");
+                  if (i < 0) {
                    c = "-" + z + c.slice(1);
-                  else
+                  } else {
                    c = z + c;
+                  }
                }
              }
            }
@@ -85826,15 +85902,16 @@ var require_brace_expansion2 = __commonJS({
          }
        } else {
          N = [];
-          for (var j = 0; j < n.length; j++) {
-            N.push.apply(N, expand(n[j], false));
+          for (let j = 0; j < n.length; j++) {
+            N.push.apply(N, expand_(n[j], false));
          }
        }
-        for (var j = 0; j < N.length; j++) {
-          for (var k = 0; k < post.length; k++) {
-            var expansion = pre + N[j] + post[k];
-            if (!isTop || isSequence || expansion)
+        for (let j = 0; j < N.length; j++) {
+          for (let k = 0; k < post.length; k++) {
+            const expansion = pre + N[j] + post[k];
+            if (!isTop || isSequence || expansion) {
              expansions.push(expansion);
+            }
          }
        }
      }
@@ -85843,9 +85920,9 @@ var require_brace_expansion2 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js
 var require_assert_valid_pattern = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/assert-valid-pattern.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.assertValidPattern = void 0;
@@ -85862,9 +85939,9 @@ var require_assert_valid_pattern = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/brace-expressions.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/brace-expressions.js
 var require_brace_expressions = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/brace-expressions.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/brace-expressions.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.parseClass = void 0;
@@ -85979,22 +86056,25 @@ var require_brace_expressions = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/unescape.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/unescape.js
 var require_unescape = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/unescape.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/unescape.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.unescape = void 0;
-    var unescape = (s, { windowsPathsNoEscape = false } = {}) => {
-      return windowsPathsNoEscape ? s.replace(/\[([^\/\\])\]/g, "$1") : s.replace(/((?!\\).|^)\[([^\/\\])\]/g, "$1$2").replace(/\\([^\/])/g, "$1");
+    var unescape = (s, { windowsPathsNoEscape = false, magicalBraces = true } = {}) => {
+      if (magicalBraces) {
+        return windowsPathsNoEscape ? s.replace(/\[([^\/\\])\]/g, "$1") : s.replace(/((?!\\).|^)\[([^\/\\])\]/g, "$1$2").replace(/\\([^\/])/g, "$1");
+      }
+      return windowsPathsNoEscape ? s.replace(/\[([^\/\\{}])\]/g, "$1") : s.replace(/((?!\\).|^)\[([^\/\\{}])\]/g, "$1$2").replace(/\\([^\/{}])/g, "$1");
    };
    exports2.unescape = unescape;
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/ast.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/ast.js
 var require_ast = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/ast.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/ast.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.AST = void 0;
@@ -86350,7 +86430,7 @@ var require_ast = __commonJS({
        if (this.#root === this)
          this.#fillNegs();
        if (!this.type) {
-          const noEmpty = this.isStart() && this.isEnd();
+          const noEmpty = this.isStart() && this.isEnd() && !this.#parts.some((s) => typeof s !== "string");
          const src = this.#parts.map((p) => {
            const [re, _2, hasMagic, uflag] = typeof p === "string" ? _AST.#parseGlob(p, this.#hasMagic, noEmpty) : p.toRegExpSource(allowDot);
            this.#hasMagic = this.#hasMagic || hasMagic;
@@ -86460,10 +86540,7 @@ var require_ast = __commonJS({
            }
          }
          if (c === "*") {
-            if (noEmpty && glob2 === "*")
-              re += starNoEmpty;
-            else
-              re += star;
+            re += noEmpty && glob2 === "*" ? starNoEmpty : star;
            hasMagic = true;
            continue;
          }
@@ -86481,29 +86558,29 @@ var require_ast = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/escape.js
+// node_modules/glob/node_modules/minimatch/dist/commonjs/escape.js
 var require_escape = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/escape.js"(exports2) {
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/escape.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.escape = void 0;
-    var escape = (s, { windowsPathsNoEscape = false } = {}) => {
+    var escape = (s, { windowsPathsNoEscape = false, magicalBraces = false } = {}) => {
+      if (magicalBraces) {
+        return windowsPathsNoEscape ? s.replace(/[?*()[\]{}]/g, "[$&]") : s.replace(/[?*()[\]\\{}]/g, "\\$&");
+      }
      return windowsPathsNoEscape ? s.replace(/[?*()[\]]/g, "[$&]") : s.replace(/[?*()[\]\\]/g, "\\$&");
    };
    exports2.escape = escape;
  }
 });

-// node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/index.js
-var require_commonjs13 = __commonJS({
-  "node_modules/archiver-utils/node_modules/minimatch/dist/commonjs/index.js"(exports2) {
+// node_modules/glob/node_modules/minimatch/dist/commonjs/index.js
+var require_commonjs15 = __commonJS({
+  "node_modules/glob/node_modules/minimatch/dist/commonjs/index.js"(exports2) {
    "use strict";
-    var __importDefault4 = exports2 && exports2.__importDefault || function(mod) {
-      return mod && mod.__esModule ? mod : { "default": mod };
-    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.unescape = exports2.escape = exports2.AST = exports2.Minimatch = exports2.match = exports2.makeRe = exports2.braceExpand = exports2.defaults = exports2.filter = exports2.GLOBSTAR = exports2.sep = exports2.minimatch = void 0;
-    var brace_expansion_1 = __importDefault4(require_brace_expansion2());
+    var brace_expansion_1 = require_commonjs14();
    var assert_valid_pattern_js_1 = require_assert_valid_pattern();
    var ast_js_1 = require_ast();
    var escape_js_1 = require_escape();
@@ -86626,7 +86703,7 @@ var require_commonjs13 = __commonJS({
      if (options.nobrace || !/\{(?:(?!\{).)*\}/.test(pattern)) {
        return [pattern];
      }
-      return (0, brace_expansion_1.default)(pattern);
+      return (0, brace_expansion_1.expand)(pattern);
    };
    exports2.braceExpand = braceExpand;
    exports2.minimatch.braceExpand = exports2.braceExpand;
@@ -87150,16 +87227,27 @@ var require_commonjs13 = __commonJS({
                pp[i] = twoStar;
              }
            } else if (next === void 0) {
-              pp[i - 1] = prev + "(?:\\/|" + twoStar + ")?";
+              pp[i - 1] = prev + "(?:\\/|\\/" + twoStar + ")?";
            } else if (next !== exports2.GLOBSTAR) {
              pp[i - 1] = prev + "(?:\\/|\\/" + twoStar + "\\/)" + next;
              pp[i + 1] = exports2.GLOBSTAR;
            }
          });
-          return pp.filter((p) => p !== exports2.GLOBSTAR).join("/");
+          const filtered = pp.filter((p) => p !== exports2.GLOBSTAR);
+          if (this.partial && filtered.length >= 1) {
+            const prefixes = [];
+            for (let i = 1; i <= filtered.length; i++) {
+              prefixes.push(filtered.slice(0, i).join("/"));
+            }
+            return "(?:" + prefixes.join("|") + ")";
+          }
+          return filtered.join("/");
        }).join("|");
        const [open, close] = set2.length > 1 ? ["(?:", ")"] : ["", ""];
        re = "^" + open + re + close + "$";
+        if (this.partial) {
+          re = "^(?:\\/|" + open + re.slice(1, -1) + close + ")$";
+        }
        if (this.negate)
          re = "^(?!" + re + ").+$";
        try {
@@ -87246,9 +87334,9 @@ var require_commonjs13 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/lru-cache/dist/commonjs/index.js
-var require_commonjs14 = __commonJS({
-  "node_modules/archiver-utils/node_modules/lru-cache/dist/commonjs/index.js"(exports2) {
+// node_modules/lru-cache/dist/commonjs/index.js
+var require_commonjs16 = __commonJS({
+  "node_modules/lru-cache/dist/commonjs/index.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.LRUCache = void 0;
@@ -87337,6 +87425,7 @@ var require_commonjs14 = __commonJS({
      #max;
      #maxSize;
      #dispose;
+      #onInsert;
      #disposeAfter;
      #fetchMethod;
      #memoMethod;
@@ -87418,6 +87507,7 @@ var require_commonjs14 = __commonJS({
      #hasDispose;
      #hasFetchMethod;
      #hasDisposeAfter;
+      #hasOnInsert;
      /**
       * Do not call this method unless you need to inspect the
       * inner workings of the cache.  If anything returned by this
@@ -87494,6 +87584,12 @@ var require_commonjs14 = __commonJS({
      get dispose() {
        return this.#dispose;
      }
+      /**
+       * {@link LRUCache.OptionsBase.onInsert} (read-only)
+       */
+      get onInsert() {
+        return this.#onInsert;
+      }
      /**
       * {@link LRUCache.OptionsBase.disposeAfter} (read-only)
       */
@@ -87501,7 +87597,7 @@ var require_commonjs14 = __commonJS({
        return this.#disposeAfter;
      }
      constructor(options) {
-        const { max = 0, ttl, ttlResolution = 1, ttlAutopurge, updateAgeOnGet, updateAgeOnHas, allowStale, dispose, disposeAfter, noDisposeOnSet, noUpdateTTL, maxSize = 0, maxEntrySize = 0, sizeCalculation, fetchMethod, memoMethod, noDeleteOnFetchRejection, noDeleteOnStaleGet, allowStaleOnFetchRejection, allowStaleOnFetchAbort, ignoreFetchAbort } = options;
+        const { max = 0, ttl, ttlResolution = 1, ttlAutopurge, updateAgeOnGet, updateAgeOnHas, allowStale, dispose, onInsert, disposeAfter, noDisposeOnSet, noUpdateTTL, maxSize = 0, maxEntrySize = 0, sizeCalculation, fetchMethod, memoMethod, noDeleteOnFetchRejection, noDeleteOnStaleGet, allowStaleOnFetchRejection, allowStaleOnFetchAbort, ignoreFetchAbort } = options;
        if (max !== 0 && !isPosInt(max)) {
          throw new TypeError("max option must be a nonnegative integer");
        }
@@ -87543,6 +87639,9 @@ var require_commonjs14 = __commonJS({
        if (typeof dispose === "function") {
          this.#dispose = dispose;
        }
+        if (typeof onInsert === "function") {
+          this.#onInsert = onInsert;
+        }
        if (typeof disposeAfter === "function") {
          this.#disposeAfter = disposeAfter;
          this.#disposed = [];
@@ -87551,6 +87650,7 @@ var require_commonjs14 = __commonJS({
          this.#disposed = void 0;
        }
        this.#hasDispose = !!this.#dispose;
+        this.#hasOnInsert = !!this.#onInsert;
        this.#hasDisposeAfter = !!this.#disposeAfter;
        this.noDisposeOnSet = !!noDisposeOnSet;
        this.noUpdateTTL = !!noUpdateTTL;
@@ -87953,7 +88053,7 @@ var require_commonjs14 = __commonJS({
      }
      /**
       * Return an array of [key, {@link LRUCache.Entry}] tuples which can be
-       * passed to {@link LRLUCache#load}.
+       * passed to {@link LRUCache#load}.
       *
       * The `start` fields are calculated relative to a portable `Date.now()`
       * timestamp, even if `performance.now()` is available.
@@ -88064,6 +88164,9 @@ var require_commonjs14 = __commonJS({
          if (status)
            status.set = "add";
          noUpdateTTL = false;
+          if (this.#hasOnInsert) {
+            this.#onInsert?.(v, k, "add");
+          }
        } else {
          this.#moveToTail(index);
          const oldVal = this.#valList[index];
@@ -88099,6 +88202,9 @@ var require_commonjs14 = __commonJS({
          } else if (status) {
            status.set = "update";
          }
+          if (this.#hasOnInsert) {
+            this.onInsert?.(v, k, v === oldVal ? "update" : "replace");
+          }
        }
        if (ttl !== 0 && !this.#ttls) {
          this.#initializeTTLTracking();
@@ -88624,7 +88730,7 @@ var require_commonjs14 = __commonJS({
 });

 // node_modules/minipass/dist/commonjs/index.js
-var require_commonjs15 = __commonJS({
+var require_commonjs17 = __commonJS({
  "node_modules/minipass/dist/commonjs/index.js"(exports2) {
    "use strict";
    var __importDefault4 = exports2 && exports2.__importDefault || function(mod) {
@@ -89515,9 +89621,9 @@ var require_commonjs15 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/path-scurry/dist/commonjs/index.js
-var require_commonjs16 = __commonJS({
-  "node_modules/archiver-utils/node_modules/path-scurry/dist/commonjs/index.js"(exports2) {
+// node_modules/path-scurry/dist/commonjs/index.js
+var require_commonjs18 = __commonJS({
+  "node_modules/path-scurry/dist/commonjs/index.js"(exports2) {
    "use strict";
    var __createBinding4 = exports2 && exports2.__createBinding || (Object.create ? (function(o, m, k, k2) {
      if (k2 === void 0) k2 = k;
@@ -89548,14 +89654,14 @@ var require_commonjs16 = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.PathScurry = exports2.Path = exports2.PathScurryDarwin = exports2.PathScurryPosix = exports2.PathScurryWin32 = exports2.PathScurryBase = exports2.PathPosix = exports2.PathWin32 = exports2.PathBase = exports2.ChildrenCache = exports2.ResolveCache = void 0;
-    var lru_cache_1 = require_commonjs14();
+    var lru_cache_1 = require_commonjs16();
    var node_path_1 = require("node:path");
    var node_url_1 = require("node:url");
    var fs_1 = require("fs");
    var actualFS = __importStar4(require("node:fs"));
    var realpathSync = fs_1.realpathSync.native;
    var promises_1 = require("node:fs/promises");
-    var minipass_1 = require_commonjs15();
+    var minipass_1 = require_commonjs17();
    var defaultFS = {
      lstatSync: fs_1.lstatSync,
      readdir: fs_1.readdir,
@@ -89770,6 +89876,8 @@ var require_commonjs16 = __commonJS({
      /**
       * Deprecated alias for Dirent['parentPath'] Somewhat counterintuitively,
       * this property refers to the *parent* path, not the path object itself.
+       *
+       * @deprecated
       */
      get path() {
        return this.parentPath;
@@ -91289,13 +91397,13 @@ var require_commonjs16 = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/pattern.js
+// node_modules/glob/dist/commonjs/pattern.js
 var require_pattern = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/pattern.js"(exports2) {
+  "node_modules/glob/dist/commonjs/pattern.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Pattern = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var isPatternList = (pl) => pl.length >= 1;
    var isGlobList = (gl) => gl.length >= 1;
    var Pattern = class _Pattern {
@@ -91463,13 +91571,13 @@ var require_pattern = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/ignore.js
+// node_modules/glob/dist/commonjs/ignore.js
 var require_ignore = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/ignore.js"(exports2) {
+  "node_modules/glob/dist/commonjs/ignore.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Ignore = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var pattern_js_1 = require_pattern();
    var defaultPlatform = typeof process === "object" && process && typeof process.platform === "string" ? process.platform : "linux";
    var Ignore = class {
@@ -91560,13 +91668,13 @@ var require_ignore = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/processor.js
+// node_modules/glob/dist/commonjs/processor.js
 var require_processor = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/processor.js"(exports2) {
+  "node_modules/glob/dist/commonjs/processor.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Processor = exports2.SubWalks = exports2.MatchRecord = exports2.HasWalkedCache = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var HasWalkedCache = class _HasWalkedCache {
      store;
      constructor(store = /* @__PURE__ */ new Map()) {
@@ -91793,13 +91901,13 @@ var require_processor = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/walker.js
+// node_modules/glob/dist/commonjs/walker.js
 var require_walker = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/walker.js"(exports2) {
+  "node_modules/glob/dist/commonjs/walker.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.GlobStream = exports2.GlobWalker = exports2.GlobUtil = void 0;
-    var minipass_1 = require_commonjs15();
+    var minipass_1 = require_commonjs17();
    var ignore_js_1 = require_ignore();
    var processor_js_1 = require_processor();
    var makeIgnore = (ignore, opts) => typeof ignore === "string" ? new ignore_js_1.Ignore([ignore], opts) : Array.isArray(ignore) ? new ignore_js_1.Ignore(ignore, opts) : ignore;
@@ -92133,15 +92241,15 @@ var require_walker = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/glob.js
+// node_modules/glob/dist/commonjs/glob.js
 var require_glob = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/glob.js"(exports2) {
+  "node_modules/glob/dist/commonjs/glob.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.Glob = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var node_url_1 = require("node:url");
-    var path_scurry_1 = require_commonjs16();
+    var path_scurry_1 = require_commonjs18();
    var pattern_js_1 = require_pattern();
    var walker_js_1 = require_walker();
    var defaultPlatform = typeof process === "object" && process && typeof process.platform === "string" ? process.platform : "linux";
@@ -92346,13 +92454,13 @@ var require_glob = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/has-magic.js
+// node_modules/glob/dist/commonjs/has-magic.js
 var require_has_magic = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/has-magic.js"(exports2) {
+  "node_modules/glob/dist/commonjs/has-magic.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.hasMagic = void 0;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var hasMagic = (pattern, options = {}) => {
      if (!Array.isArray(pattern)) {
        pattern = [pattern];
@@ -92367,9 +92475,9 @@ var require_has_magic = __commonJS({
  }
 });

-// node_modules/archiver-utils/node_modules/glob/dist/commonjs/index.js
-var require_commonjs17 = __commonJS({
-  "node_modules/archiver-utils/node_modules/glob/dist/commonjs/index.js"(exports2) {
+// node_modules/glob/dist/commonjs/index.js
+var require_commonjs19 = __commonJS({
+  "node_modules/glob/dist/commonjs/index.js"(exports2) {
    "use strict";
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.glob = exports2.sync = exports2.iterate = exports2.iterateSync = exports2.stream = exports2.streamSync = exports2.Ignore = exports2.hasMagic = exports2.Glob = exports2.unescape = exports2.escape = void 0;
@@ -92378,10 +92486,10 @@ var require_commonjs17 = __commonJS({
    exports2.globSync = globSync;
    exports2.globIterateSync = globIterateSync;
    exports2.globIterate = globIterate;
-    var minimatch_1 = require_commonjs13();
+    var minimatch_1 = require_commonjs15();
    var glob_js_1 = require_glob();
    var has_magic_js_1 = require_has_magic();
-    var minimatch_2 = require_commonjs13();
+    var minimatch_2 = require_commonjs15();
    Object.defineProperty(exports2, "escape", { enumerable: true, get: function() {
      return minimatch_2.escape;
    } });
@@ -92458,7 +92566,7 @@ var require_file3 = __commonJS({
    var difference = require_difference();
    var union = require_union();
    var isPlainObject = require_isPlainObject();
-    var glob2 = require_commonjs17();
+    var glob2 = require_commonjs19();
    var file = module2.exports = {};
    var pathSeparatorRe = /[\/\\]/g;
    var processPatterns = function(patterns, fn) {
@@ -105273,7 +105381,7 @@ var require_concat_map = __commonJS({
 });

 // node_modules/brace-expansion/index.js
-var require_brace_expansion3 = __commonJS({
+var require_brace_expansion2 = __commonJS({
  "node_modules/brace-expansion/index.js"(exports2, module2) {
    var concatMap = require_concat_map();
    var balanced = require_balanced_match();
@@ -105431,7 +105539,7 @@ var require_minimatch2 = __commonJS({
    };
    minimatch.sep = path2.sep;
    var GLOBSTAR = minimatch.GLOBSTAR = Minimatch.GLOBSTAR = {};
-    var expand = require_brace_expansion3();
+    var expand = require_brace_expansion2();
    var plTypes = {
      "!": { open: "(?:(?!(?:", close: "))[^/]*?)" },
      "?": { open: "(?:", close: ")?" },
@@ -108299,7 +108407,7 @@ var require_cacheUtils = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getRuntimeToken = exports2.getCacheVersion = exports2.assertDefined = exports2.getGnuTarPathOnWindows = exports2.getCacheFileName = exports2.getCompressionMethod = exports2.unlinkFile = exports2.resolvePaths = exports2.getArchiveFileSizeInBytes = exports2.createTempDirectory = void 0;
    var core14 = __importStar4(require_core());
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var glob2 = __importStar4(require_glob2());
    var io6 = __importStar4(require_io3());
    var crypto = __importStar4(require("crypto"));
@@ -108383,7 +108491,7 @@ var require_cacheUtils = __commonJS({
        additionalArgs.push("--version");
        core14.debug(`Checking ${app} ${additionalArgs.join(" ")}`);
        try {
-          yield exec2.exec(`${app}`, additionalArgs, {
+          yield exec.exec(`${app}`, additionalArgs, {
            ignoreReturnCode: true,
            silent: true,
            listeners: {
@@ -116443,7 +116551,6 @@ var io2 = __toESM(require_io2());

 // src/util.ts
 var core3 = __toESM(require_core());
-var exec = __toESM(require_exec());
 var io = __toESM(require_io2());

 // node_modules/get-folder-size/index.js
@@ -119091,7 +119198,7 @@ var safeDump = renamed("safeDump", "dump");
 var semver = __toESM(require_semver2());

 // src/api-compatibility.json
-var maximumVersion = "3.19";
+var maximumVersion = "3.20";
 var minimumVersion = "3.14";

 // src/util.ts
@@ -119469,7 +119576,7 @@ function withGroup(groupName, f) {
 }

 // src/overlay-database-utils.ts
-var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4";
+var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;

@@ -119503,6 +119610,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: "2.15.0"
  },
+  ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN",
+    minimumVersion: void 0
+  },
  ["csharp_new_cache_key" /* CsharpNewCacheKey */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY",
@@ -119536,6 +119648,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -119636,6 +119753,11 @@ var featureConfig = {
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST",
    minimumVersion: void 0
  },
+  ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS",
+    minimumVersion: void 0
+  },
  ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT",
@@ -119647,21 +119769,21 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */
  },
-  ["use_repository_properties" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_QA_TELEMETRY",
    legacyApi: true,
    minimumVersion: void 0
  },
-  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+  ["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
    defaultValue: false,
-    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
-    minimumVersion: "2.23.0"
+    envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
+    minimumVersion: void 0
+  },
+  ["use_repository_properties" /* UseRepositoryProperties */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
+    minimumVersion: void 0
  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
@@ -119674,6 +119796,9 @@ var featureConfig = {
 var actionsCache2 = __toESM(require_cache3());

 // src/config-utils.ts
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
+var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
 var OVERLAY_ANALYSIS_FEATURES = {
  actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
  cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */,
--- a/lib/upload-sarif-action.js
+++ b/lib/upload-sarif-action.js
@@ -19419,7 +19419,7 @@ var require_exec = __commonJS({
    exports2.getExecOutput = exports2.exec = void 0;
    var string_decoder_1 = require("string_decoder");
    var tr = __importStar4(require_toolrunner());
-    function exec2(commandLine, args, options) {
+    function exec(commandLine, args, options) {
      return __awaiter4(this, void 0, void 0, function* () {
        const commandArgs = tr.argStringToArray(commandLine);
        if (commandArgs.length === 0) {
@@ -19431,8 +19431,8 @@ var require_exec = __commonJS({
        return runner.exec();
      });
    }
-    exports2.exec = exec2;
-    function getExecOutput2(commandLine, args, options) {
+    exports2.exec = exec;
+    function getExecOutput(commandLine, args, options) {
      var _a, _b;
      return __awaiter4(this, void 0, void 0, function* () {
        let stdout = "";
@@ -19454,7 +19454,7 @@ var require_exec = __commonJS({
          }
        };
        const listeners = Object.assign(Object.assign({}, options === null || options === void 0 ? void 0 : options.listeners), { stdout: stdOutListener, stderr: stdErrListener });
-        const exitCode = yield exec2(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
+        const exitCode = yield exec(commandLine, args, Object.assign(Object.assign({}, options), { listeners }));
        stdout += stdoutDecoder.end();
        stderr += stderrDecoder.end();
        return {
@@ -19464,7 +19464,7 @@ var require_exec = __commonJS({
        };
      });
    }
-    exports2.getExecOutput = getExecOutput2;
+    exports2.getExecOutput = getExecOutput;
  }
 });

@@ -19532,12 +19532,12 @@ var require_platform = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getDetails = exports2.isLinux = exports2.isMacOS = exports2.isWindows = exports2.arch = exports2.platform = void 0;
    var os_1 = __importDefault4(require("os"));
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var getWindowsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout: version } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
+      const { stdout: version } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Version"', void 0, {
        silent: true
      });
-      const { stdout: name } = yield exec2.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
+      const { stdout: name } = yield exec.getExecOutput('powershell -command "(Get-CimInstance -ClassName Win32_OperatingSystem).Caption"', void 0, {
        silent: true
      });
      return {
@@ -19547,7 +19547,7 @@ var require_platform = __commonJS({
    });
    var getMacOsInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
      var _a, _b, _c, _d;
-      const { stdout } = yield exec2.getExecOutput("sw_vers", void 0, {
+      const { stdout } = yield exec.getExecOutput("sw_vers", void 0, {
        silent: true
      });
      const version = (_b = (_a = stdout.match(/ProductVersion:\s*(.+)/)) === null || _a === void 0 ? void 0 : _a[1]) !== null && _b !== void 0 ? _b : "";
@@ -19558,7 +19558,7 @@ var require_platform = __commonJS({
      };
    });
    var getLinuxInfo = () => __awaiter4(void 0, void 0, void 0, function* () {
-      const { stdout } = yield exec2.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
+      const { stdout } = yield exec.getExecOutput("lsb_release", ["-i", "-r", "-s"], {
        silent: true
      });
      const [name, version] = stdout.trim().split("\n");
@@ -27627,7 +27627,7 @@ var require_package = __commonJS({
  "package.json"(exports2, module2) {
    module2.exports = {
      name: "codeql",
-      version: "4.31.4",
+      version: "4.31.8",
      private: true,
      description: "CodeQL action",
      scripts: {
@@ -27662,7 +27662,6 @@ var require_package = __commonJS({
        "@actions/io": "^2.0.0",
        "@actions/tool-cache": "^2.0.2",
        "@octokit/plugin-retry": "^6.0.0",
-        "@octokit/request-error": "^7.0.2",
        "@schemastore/package": "0.0.10",
        archiver: "^7.0.1",
        "fast-deep-equal": "^3.1.3",
@@ -27671,27 +27670,26 @@ var require_package = __commonJS({
        "js-yaml": "^4.1.1",
        jsonschema: "1.4.1",
        long: "^5.3.2",
-        "node-forge": "^1.3.1",
-        octokit: "^5.0.5",
+        "node-forge": "^1.3.2",
        semver: "^7.7.3",
        uuid: "^13.0.0"
      },
      devDependencies: {
        "@ava/typescript": "6.0.0",
-        "@eslint/compat": "^1.4.1",
-        "@eslint/eslintrc": "^3.3.1",
+        "@eslint/compat": "^2.0.0",
+        "@eslint/eslintrc": "^3.3.3",
        "@eslint/js": "^9.39.1",
        "@microsoft/eslint-formatter-sarif": "^3.1.0",
        "@octokit/types": "^16.0.0",
        "@types/archiver": "^7.0.0",
        "@types/follow-redirects": "^1.14.4",
        "@types/js-yaml": "^4.0.9",
-        "@types/node": "20.19.9",
+        "@types/node": "^20.19.9",
        "@types/node-forge": "^1.3.14",
        "@types/semver": "^7.7.1",
-        "@types/sinon": "^17.0.4",
-        "@typescript-eslint/eslint-plugin": "^8.46.4",
-        "@typescript-eslint/parser": "^8.41.0",
+        "@types/sinon": "^21.0.0",
+        "@typescript-eslint/eslint-plugin": "^8.48.0",
+        "@typescript-eslint/parser": "^8.48.0",
        ava: "^6.4.1",
        esbuild: "^0.27.0",
        eslint: "^8.57.1",
@@ -27699,9 +27697,9 @@ var require_package = __commonJS({
        "eslint-plugin-filenames": "^1.3.2",
        "eslint-plugin-github": "^5.1.8",
        "eslint-plugin-import": "2.29.1",
-        "eslint-plugin-jsdoc": "^61.1.12",
+        "eslint-plugin-jsdoc": "^61.4.1",
        "eslint-plugin-no-async-foreach": "^0.1.1",
-        glob: "^11.0.3",
+        glob: "^11.1.0",
        nock: "^14.0.10",
        sinon: "^21.0.0",
        typescript: "^5.9.3"
@@ -27725,7 +27723,8 @@ var require_package = __commonJS({
        "eslint-plugin-jsx-a11y": {
          semver: ">=6.3.1"
        },
-        "brace-expansion@2.0.1": "2.0.2"
+        "brace-expansion@2.0.1": "2.0.2",
+        glob: "^11.1.0"
      }
    };
  }
@@ -32638,7 +32637,7 @@ var require_cacheUtils = __commonJS({
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2.getRuntimeToken = exports2.getCacheVersion = exports2.assertDefined = exports2.getGnuTarPathOnWindows = exports2.getCacheFileName = exports2.getCompressionMethod = exports2.unlinkFile = exports2.resolvePaths = exports2.getArchiveFileSizeInBytes = exports2.createTempDirectory = void 0;
    var core14 = __importStar4(require_core());
-    var exec2 = __importStar4(require_exec());
+    var exec = __importStar4(require_exec());
    var glob = __importStar4(require_glob());
    var io6 = __importStar4(require_io3());
    var crypto = __importStar4(require("crypto"));
@@ -32722,7 +32721,7 @@ var require_cacheUtils = __commonJS({
        additionalArgs.push("--version");
        core14.debug(`Checking ${app} ${additionalArgs.join(" ")}`);
        try {
-          yield exec2.exec(`${app}`, additionalArgs, {
+          yield exec.exec(`${app}`, additionalArgs, {
            ignoreReturnCode: true,
            silent: true,
            listeners: {
@@ -83231,7 +83230,6 @@ var fs = __toESM(require("fs"));
 var fsPromises = __toESM(require("fs/promises"));
 var path = __toESM(require("path"));
 var core3 = __toESM(require_core());
-var exec = __toESM(require_exec());
 var io = __toESM(require_io2());

 // node_modules/get-folder-size/index.js
@@ -86507,8 +86505,8 @@ var path4 = __toESM(require("path"));
 var semver3 = __toESM(require_semver2());

 // src/defaults.json
-var bundleVersion = "codeql-bundle-v2.23.5";
-var cliVersion = "2.23.5";
+var bundleVersion = "codeql-bundle-v2.23.7";
+var cliVersion = "2.23.7";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
@@ -86741,7 +86739,7 @@ function formatDuration(durationMs) {
 }

 // src/overlay-database-utils.ts
-var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4";
+var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
 async function writeBaseDatabaseOidsFile(config, sourceRoot) {
@@ -86833,6 +86831,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: "2.15.0"
  },
+  ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN",
+    minimumVersion: void 0
+  },
  ["csharp_new_cache_key" /* CsharpNewCacheKey */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY",
@@ -86866,6 +86869,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -86966,6 +86974,11 @@ var featureConfig = {
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST",
    minimumVersion: void 0
  },
+  ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS",
+    minimumVersion: void 0
+  },
  ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT",
@@ -86977,21 +86990,21 @@ var featureConfig = {
    minimumVersion: void 0,
    toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */
  },
-  ["use_repository_properties" /* UseRepositoryProperties */]: {
-    defaultValue: false,
-    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
-    minimumVersion: void 0
-  },
  ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_QA_TELEMETRY",
    legacyApi: true,
    minimumVersion: void 0
  },
-  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+  ["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
    defaultValue: false,
-    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
-    minimumVersion: "2.23.0"
+    envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
+    minimumVersion: void 0
+  },
+  ["use_repository_properties" /* UseRepositoryProperties */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES",
+    minimumVersion: void 0
  },
  ["validate_db_config" /* ValidateDbConfig */]: {
    defaultValue: false,
@@ -87307,6 +87320,9 @@ ${jsonContents}`
 var actionsCache2 = __toESM(require_cache3());

 // src/config-utils.ts
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
+var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
+var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
 var OVERLAY_ANALYSIS_FEATURES = {
  actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
  cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */,
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "4.31.4",
+  "version": "4.31.8",
  "private": true,
  "description": "CodeQL action",
  "scripts": {
@@ -35,7 +35,6 @@
    "@actions/io": "^2.0.0",
    "@actions/tool-cache": "^2.0.2",
    "@octokit/plugin-retry": "^6.0.0",
-    "@octokit/request-error": "^7.0.2",
    "@schemastore/package": "0.0.10",
    "archiver": "^7.0.1",
    "fast-deep-equal": "^3.1.3",
@@ -44,27 +43,26 @@
    "js-yaml": "^4.1.1",
    "jsonschema": "1.4.1",
    "long": "^5.3.2",
-    "node-forge": "^1.3.1",
-    "octokit": "^5.0.5",
+    "node-forge": "^1.3.2",
    "semver": "^7.7.3",
    "uuid": "^13.0.0"
  },
  "devDependencies": {
    "@ava/typescript": "6.0.0",
-    "@eslint/compat": "^1.4.1",
-    "@eslint/eslintrc": "^3.3.1",
+    "@eslint/compat": "^2.0.0",
+    "@eslint/eslintrc": "^3.3.3",
    "@eslint/js": "^9.39.1",
    "@microsoft/eslint-formatter-sarif": "^3.1.0",
    "@octokit/types": "^16.0.0",
    "@types/archiver": "^7.0.0",
    "@types/follow-redirects": "^1.14.4",
    "@types/js-yaml": "^4.0.9",
-    "@types/node": "20.19.9",
+    "@types/node": "^20.19.9",
    "@types/node-forge": "^1.3.14",
    "@types/semver": "^7.7.1",
-    "@types/sinon": "^17.0.4",
-    "@typescript-eslint/eslint-plugin": "^8.46.4",
-    "@typescript-eslint/parser": "^8.41.0",
+    "@types/sinon": "^21.0.0",
+    "@typescript-eslint/eslint-plugin": "^8.48.0",
+    "@typescript-eslint/parser": "^8.48.0",
    "ava": "^6.4.1",
    "esbuild": "^0.27.0",
    "eslint": "^8.57.1",
@@ -72,9 +70,9 @@
    "eslint-plugin-filenames": "^1.3.2",
    "eslint-plugin-github": "^5.1.8",
    "eslint-plugin-import": "2.29.1",
-    "eslint-plugin-jsdoc": "^61.1.12",
+    "eslint-plugin-jsdoc": "^61.4.1",
    "eslint-plugin-no-async-foreach": "^0.1.1",
-    "glob": "^11.0.3",
+    "glob": "^11.1.0",
    "nock": "^14.0.10",
    "sinon": "^21.0.0",
    "typescript": "^5.9.3"
@@ -98,6 +96,7 @@
    "eslint-plugin-jsx-a11y": {
      "semver": ">=6.3.1"
    },
-    "brace-expansion@2.0.1": "2.0.2"
+    "brace-expansion@2.0.1": "2.0.2",
+    "glob": "^11.1.0"
  }
 }
--- a/pr-checks/checks/submit-sarif-failure.yml
+++ b/pr-checks/checks/submit-sarif-failure.yml
@@ -18,7 +18,7 @@ permissions:
  security-events: write # needed to upload the SARIF file

 steps:
-  - uses: actions/checkout@v5
+  - uses: actions/checkout@v6
  - uses: ./init
    with:
      languages: javascript
--- a/pr-checks/checks/with-checkout-path.yml
+++ b/pr-checks/checks/with-checkout-path.yml
@@ -14,7 +14,7 @@ steps:
      rm -rf ./* .github .git
  # Check out the actions repo again, but at a different location.
  # choose an arbitrary SHA so that we can later test that the commit_oid is not from main
-  - uses: actions/checkout@v5
+  - uses: actions/checkout@v6
    with:
      ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
      path: x/y/z/some-path
--- a/pr-checks/sync.py
+++ b/pr-checks/sync.py
@@ -107,7 +107,7 @@ for file in sorted((this_dir / 'checks').glob('*.yml')):
    steps = [
        {
            'name': 'Check out repository',
-            'uses': 'actions/checkout@v5'
+            'uses': 'actions/checkout@v6'
        },
    ]

@@ -356,11 +356,6 @@ for collection_name in collections:
                'GO111MODULE': 'auto'
            },
            'on': {
-                'push': {
-                    'paths': [
-                        f'.github/workflows/__{collection_name}.yml'
-                    ]
-                },
                'workflow_dispatch': {
                    'inputs': combinedInputs
                },
--- a/src/actions-util.ts
+++ b/src/actions-util.ts
@@ -80,7 +80,7 @@ export function isRunningLocalAction(): boolean {
 *
 * This can be used to get the Action's name or tell if we're running a local Action.
 */
-export function getRelativeScriptPath(): string {
+function getRelativeScriptPath(): string {
  const runnerTemp = getRequiredEnvParam("RUNNER_TEMP");
  const actionsDirectory = path.join(path.dirname(runnerTemp), "_actions");
  return path.relative(actionsDirectory, __filename);
--- a/src/analyses.ts
+++ b/src/analyses.ts
@@ -98,7 +98,7 @@ export async function getAnalysisKinds(
 export const codeQualityQueries: string[] = ["code-quality"];

 // Enumerates API endpoints that accept SARIF files.
-export enum SARIF_UPLOAD_ENDPOINT {
+enum SARIF_UPLOAD_ENDPOINT {
  CODE_SCANNING = "PUT /repos/:owner/:repo/code-scanning/analysis",
  CODE_QUALITY = "PUT /repos/:owner/:repo/code-quality/analysis",
 }
--- a/src/analyze-action-env.test.ts
+++ b/src/analyze-action-env.test.ts
@@ -74,11 +74,20 @@ test("analyze action with RAM & threads from environment variables", async (t) =
    // wait for the action promise to complete before starting verification.
    await analyzeAction.runPromise;

-    t.assert(runFinalizeStub.calledOnce);
-    t.deepEqual(runFinalizeStub.firstCall.args[1], "--threads=-1");
-    t.deepEqual(runFinalizeStub.firstCall.args[2], "--ram=4992");
-    t.assert(runQueriesStub.calledOnce);
-    t.deepEqual(runQueriesStub.firstCall.args[2], "--threads=-1");
-    t.deepEqual(runQueriesStub.firstCall.args[1], "--ram=4992");
+    t.assert(
+      runFinalizeStub.calledOnceWith(
+        sinon.match.any,
+        sinon.match.any,
+        "--threads=-1",
+        "--ram=4992",
+      ),
+    );
+    t.assert(
+      runQueriesStub.calledOnceWith(
+        sinon.match.any,
+        "--ram=4992",
+        "--threads=-1",
+      ),
+    );
  });
 });
--- a/src/analyze-action-input.test.ts
+++ b/src/analyze-action-input.test.ts
@@ -72,11 +72,20 @@ test("analyze action with RAM & threads from action inputs", async (t) => {
    // wait for the action promise to complete before starting verification.
    await analyzeAction.runPromise;

-    t.assert(runFinalizeStub.calledOnce);
-    t.deepEqual(runFinalizeStub.firstCall.args[1], "--threads=-1");
-    t.deepEqual(runFinalizeStub.firstCall.args[2], "--ram=3012");
-    t.assert(runQueriesStub.calledOnce);
-    t.deepEqual(runQueriesStub.firstCall.args[2], "--threads=-1");
-    t.deepEqual(runQueriesStub.firstCall.args[1], "--ram=3012");
+    t.assert(
+      runFinalizeStub.calledOnceWith(
+        sinon.match.any,
+        sinon.match.any,
+        "--threads=-1",
+        "--ram=3012",
+      ),
+    );
+    t.assert(
+      runQueriesStub.calledOnceWith(
+        sinon.match.any,
+        "--ram=3012",
+        "--threads=-1",
+      ),
+    );
  });
 });
--- a/src/analyze-action-post.ts
+++ b/src/analyze-action-post.ts
@@ -12,7 +12,10 @@ import { getGitHubVersion } from "./api-client";
 import { getCodeQL } from "./codeql";
 import { getConfig } from "./config-utils";
 import * as debugArtifacts from "./debug-artifacts";
-import { getJavaTempDependencyDir } from "./dependency-caching";
+import {
+  getCsharpTempDependencyDir,
+  getJavaTempDependencyDir,
+} from "./dependency-caching";
 import { EnvVar } from "./environment";
 import { getActionsLogger } from "./logging";
 import { checkGitHubVersionInRange, getErrorMessage } from "./util";
@@ -42,17 +45,22 @@ async function runWrapper() {
      }
    }

-    // If we analysed Java in build-mode: none, we may have downloaded dependencies
+    // If we analysed Java or C# in build-mode: none, we may have downloaded dependencies
    // to the temp directory. Clean these up so they don't persist unnecessarily
    // long on self-hosted runners.
-    const javaTempDependencyDir = getJavaTempDependencyDir();
-    if (fs.existsSync(javaTempDependencyDir)) {
-      try {
-        fs.rmSync(javaTempDependencyDir, { recursive: true });
-      } catch (error) {
-        logger.info(
-          `Failed to remove temporary Java dependencies directory: ${getErrorMessage(error)}`,
-        );
+    const tempDependencyDirs = [
+      getJavaTempDependencyDir(),
+      getCsharpTempDependencyDir(),
+    ];
+    for (const tempDependencyDir of tempDependencyDirs) {
+      if (fs.existsSync(tempDependencyDir)) {
+        try {
+          fs.rmSync(tempDependencyDir, { recursive: true });
+        } catch (error) {
+          logger.info(
+            `Failed to remove temporary dependencies directory: ${getErrorMessage(error)}`,
+          );
+        }
      }
    }
  } catch (error) {
--- a/src/analyze-action.ts
+++ b/src/analyze-action.ts
@@ -25,7 +25,7 @@ import {
  isCodeQualityEnabled,
  isCodeScanningEnabled,
 } from "./config-utils";
-import { uploadDatabases } from "./database-upload";
+import { cleanupAndUploadDatabases } from "./database-upload";
 import {
  DependencyCacheUploadStatusReport,
  uploadDependencyCaches,
@@ -35,7 +35,7 @@ import { EnvVar } from "./environment";
 import { Feature, Features } from "./feature-flags";
 import { KnownLanguage } from "./languages";
 import { getActionsLogger, Logger } from "./logging";
-import { uploadOverlayBaseDatabaseToCache } from "./overlay-database-utils";
+import { cleanupAndUploadOverlayBaseDatabaseToCache } from "./overlay-database-utils";
 import { getRepositoryNwo } from "./repository";
 import * as statusReport from "./status-report";
 import {
@@ -315,6 +315,7 @@ async function run() {
    await runAutobuildIfLegacyGoWorkflow(config, logger);

    dbCreationTimings = await runFinalize(
+      features,
      outputDir,
      threads,
      memory,
@@ -417,12 +418,21 @@ async function run() {
    }

    // Possibly upload the overlay-base database to actions cache.
-    // If databases are to be uploaded, they will first be cleaned up at the overlay level.
-    await uploadOverlayBaseDatabaseToCache(codeql, config, logger);
+    // Note: Take care with the ordering of this call since databases may be cleaned up
+    // at the `overlay` level.
+    await cleanupAndUploadOverlayBaseDatabaseToCache(codeql, config, logger);

    // Possibly upload the database bundles for remote queries.
-    // If databases are to be uploaded, they will first be cleaned up at the clear level.
-    await uploadDatabases(repositoryNwo, codeql, config, apiDetails, logger);
+    // Note: Take care with the ordering of this call since databases may be cleaned up
+    // at the `overlay` or `clear` level.
+    await cleanupAndUploadDatabases(
+      repositoryNwo,
+      codeql,
+      config,
+      apiDetails,
+      features,
+      logger,
+    );

    // Possibly upload the TRAP caches for later re-use
    const trapCacheUploadStartTime = performance.now();
--- a/src/analyze.ts
+++ b/src/analyze.ts
@@ -10,7 +10,10 @@ import * as analyses from "./analyses";
 import { setupCppAutobuild } from "./autobuild";
 import { type CodeQL } from "./codeql";
 import * as configUtils from "./config-utils";
-import { getJavaTempDependencyDir } from "./dependency-caching";
+import {
+  getCsharpTempDependencyDir,
+  getJavaTempDependencyDir,
+} from "./dependency-caching";
 import { addDiagnostic, makeDiagnostic } from "./diagnostics";
 import {
  DiffThunkRange,
@@ -98,6 +101,7 @@ async function setupPythonExtractor(logger: Logger) {

 export async function runExtraction(
  codeql: CodeQL,
+  features: FeatureEnablement,
  config: configUtils.Config,
  logger: Logger,
 ) {
@@ -122,7 +126,7 @@ export async function runExtraction(
          await setupCppAutobuild(codeql, logger);
        }

-        // The Java `build-mode: none` extractor places dependencies (.jar files) in the
+        // The Java and C# `build-mode: none` extractors place dependencies in the
        // database scratch directory by default. For dependency caching purposes, we want
        // a stable path that caches can be restored into and that we can cache at the
        // end of the workflow (i.e. that does not get removed when the scratch directory is).
@@ -133,6 +137,15 @@ export async function runExtraction(
          process.env["CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_DEPENDENCY_DIR"] =
            getJavaTempDependencyDir();
        }
+        if (
+          language === KnownLanguage.csharp &&
+          config.buildMode === BuildMode.None &&
+          (await features.getValue(Feature.CsharpCacheBuildModeNone))
+        ) {
+          process.env[
+            "CODEQL_EXTRACTOR_CSHARP_OPTION_BUILDLESS_DEPENDENCY_DIR"
+          ] = getCsharpTempDependencyDir();
+        }

        await codeql.extractUsingBuildMode(config, language);
      } else {
@@ -177,13 +190,14 @@ export function dbIsFinalized(

 async function finalizeDatabaseCreation(
  codeql: CodeQL,
+  features: FeatureEnablement,
  config: configUtils.Config,
  threadsFlag: string,
  memoryFlag: string,
  logger: Logger,
 ): Promise<DatabaseCreationTimings> {
  const extractionStart = performance.now();
-  await runExtraction(codeql, config, logger);
+  await runExtraction(codeql, features, config, logger);
  const extractionTime = performance.now() - extractionStart;

  const trapImportStart = performance.now();
@@ -597,6 +611,7 @@ export async function runQueries(
 }

 export async function runFinalize(
+  features: FeatureEnablement,
  outputDir: string,
  threadsFlag: string,
  memoryFlag: string,
@@ -615,6 +630,7 @@ export async function runFinalize(

  const timings = await finalizeDatabaseCreation(
    codeql,
+    features,
    config,
    threadsFlag,
    memoryFlag,
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Óscar San José	149d184a51	Merge pull request #3345 from github/mergeback/v4.31.7-to-main-cf1bb45a Mergeback v4.31.7 refs/heads/releases/v4 into main	2025-12-05 21:43:41 +01:00
github-actions[bot]	97c2630b10	Rebuild	2025-12-05 17:21:46 +00:00
github-actions[bot]	b93926dc35	Update changelog and version after v4.31.7	2025-12-05 17:19:09 +00:00
Óscar San José	cf1bb45a27	Merge pull request #3344 from github/update-v4.31.7-f5c63fadd Merge main into releases/v4	2025-12-05 18:17:21 +01:00
github-actions[bot]	f4ebe95061	Update changelog for v4.31.7	2025-12-05 15:18:53 +00:00
Óscar San José	f5c63fadd5	Merge pull request #3343 from github/update-bundle/codeql-bundle-v2.23.7 Update default bundle to 2.23.7	2025-12-05 15:06:47 +01:00
github-actions[bot]	a2c01e776e	Add changelog note	2025-12-05 13:39:53 +00:00
github-actions[bot]	ac34c13834	Update default bundle to codeql-bundle-v2.23.7	2025-12-05 13:39:45 +00:00
Michael B. Gale	267c4672a5	Merge pull request #3339 from github/dependabot/npm_and_yarn/npm-minor-77d26487b0 Bump @eslint/eslintrc from 3.3.1 to 3.3.3 in the npm-minor group	2025-12-03 14:27:03 +00:00
Michael B. Gale	aeabef7b69	Merge branch 'main' into dependabot/npm_and_yarn/npm-minor-77d26487b0	2025-12-03 12:43:12 +00:00
Michael B. Gale	78357d3fc9	Merge pull request #3341 from github/mbg/ci/update-cs-config-cli-tests Update CLI config test to account for overlay db changes on PRs	2025-12-03 12:39:49 +00:00
Michael B. Gale	d61a6fa793	Update CLI config test to account for overlay db changes on PRs	2025-12-03 12:11:11 +00:00
github-actions[bot]	ce27e95f79	Rebuild	2025-12-01 18:32:19 +00:00
dependabot[bot]	43224eb34e	Bump @eslint/eslintrc from 3.3.1 to 3.3.3 in the npm-minor group Bumps the npm-minor group with 1 update: [@eslint/eslintrc](https://github.com/eslint/eslintrc). Updates `@eslint/eslintrc` from 3.3.1 to 3.3.3 - [Release notes](https://github.com/eslint/eslintrc/releases) - [Changelog](https://github.com/eslint/eslintrc/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslintrc/compare/v3.3.1...eslintrc-v3.3.3) --- updated-dependencies: - dependency-name: "@eslint/eslintrc" dependency-version: 3.3.3 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-01 18:30:33 +00:00
Michael B. Gale	f0ac9bfbe3	Merge pull request #3337 from github/mergeback/v4.31.6-to-main-fe4161a2 Mergeback v4.31.6 refs/heads/releases/v4 into main	2025-12-01 10:18:06 +00:00
github-actions[bot]	c1ca379fc0	Rebuild	2025-12-01 09:55:25 +00:00
github-actions[bot]	c3455c55c1	Update changelog and version after v4.31.6	2025-12-01 09:50:22 +00:00
Michael B. Gale	fe4161a26a	Merge pull request #3336 from github/update-v4.31.6-ecec1f887 Merge main into releases/v4	2025-12-01 09:48:24 +00:00
github-actions[bot]	88c2ab5eee	Update changelog for v4.31.6	2025-12-01 09:26:09 +00:00
Michael B. Gale	ecec1f8876	Merge pull request #3335 from github/mbg/ci/run-codeql-on-all-prs Remove branch filter for PR event in CodeQL workflow	2025-11-28 12:19:33 +00:00
Kasper Svendsen	23da732778	Merge pull request #3334 from github/kaspersv/overlay-minor-comments Overlay: Small code improvements	2025-11-28 10:26:32 +01:00
Michael B. Gale	f7abc748a3	Remove branch filter for PR event in CodeQL workflow	2025-11-28 09:13:23 +00:00
Kasper Svendsen	32ada5e061	Merge branch 'main' into kaspersv/overlay-minor-comments	2025-11-28 10:02:55 +01:00
Kasper Svendsen	75b2f49aea	Merge pull request #3333 from github/kaspersv/overlay-no-resource-checks-option Overlay: Add feature flag to skip resource checks	2025-11-28 10:01:21 +01:00
Kasper Svendsen	f036b1cb78	Merge branch 'main' into kaspersv/overlay-no-resource-checks-option	2025-11-28 09:44:11 +01:00
Kasper Svendsen	58c5954801	Add comment to runnerSupportsOverlayAnalysis	2025-11-27 15:56:29 +01:00
Kasper Svendsen	b02fa13292	Order feature flags alphabetically	2025-11-27 15:56:29 +01:00
Kasper Svendsen	8d91fa189d	Rename getMemoryFlagValue	2025-11-27 15:56:29 +01:00
Kasper Svendsen	2f3bbce9a6	Overlay: Introduce overlay memory limit constant	2025-11-27 15:33:57 +01:00
Kasper Svendsen	c178e03ec8	Merge pull request #3332 from github/kaspersv/overlay-memory-limit Overlay: Fall back to full analysis if memory flag is low	2025-11-27 15:26:02 +01:00
Henry Mercer	d29b97960c	Merge pull request #3331 from github/dependabot/npm_and_yarn/node-forge-1.3.2 Bump node-forge from 1.3.1 to 1.3.2	2025-11-27 11:44:32 +00:00
Kasper Svendsen	1ffb7dd0c8	Overlay: Add feature flag to skip resource checks	2025-11-27 12:30:23 +01:00
Kasper Svendsen	bd8d26b618	Overlay: Fall back to full analysis if memory flag is low	2025-11-27 09:16:35 +01:00
Kasper Svendsen	bd30e753a6	Simplify getOverlayDatabaseMode	2025-11-27 08:34:43 +01:00
github-actions[bot]	4822f934e3	Rebuild	2025-11-26 22:34:54 +00:00
dependabot[bot]	0c204fc557	Bump node-forge from 1.3.1 to 1.3.2 Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.3.2. - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-26 22:33:20 +00:00
Michael B. Gale	59ce4c1340	Merge pull request #3286 from github/mbg/csharp/more-cache-locations C#: Cache temporary dependency directory for BMN	2025-11-26 14:36:58 +00:00
Henry Mercer	3e939667ec	Merge branch 'main' into mbg/csharp/more-cache-locations	2025-11-26 14:12:07 +00:00
Michael B. Gale	7850b1c983	Merge pull request #3330 from github/mbg/ci/remove-push-from-groups Remove `push` triggers from workflow collections	2025-11-26 10:52:53 +00:00
Henry Mercer	c370017ae8	Merge pull request #3325 from github/dependabot/npm_and_yarn/npm-minor-45ea8d913b Bump the npm-minor group with 3 updates	2025-11-26 10:34:47 +00:00
Michael B. Gale	a6909455e4	Remove `push` triggers from workflow collections	2025-11-26 10:27:48 +00:00
github-actions[bot]	510d25ff7f	Rebuild	2025-11-26 10:15:27 +00:00
github-actions[bot]	85fd3e57b5	Merge remote-tracking branch 'origin/main' into dependabot/npm_and_yarn/npm-minor-45ea8d913b	2025-11-26 10:14:31 +00:00
Henry Mercer	d8e497a759	Update version in package.json too Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-11-26 10:13:41 +00:00
Henry Mercer	99d80b4ea7	Merge pull request #3328 from github/update-supported-enterprise-server-versions Update supported GitHub Enterprise Server versions	2025-11-26 10:12:59 +00:00
Michael B. Gale	0155561719	Merge branch 'main' into mbg/csharp/more-cache-locations	2025-11-26 10:01:51 +00:00
github-actions[bot]	6b7e963cf1	Update supported GitHub Enterprise Server versions	2025-11-26 00:18:14 +00:00
Michael B. Gale	0e52774aee	Merge pull request #3326 from github/dependabot/github_actions/dot-github/workflows/actions-minor-8ee81fe642 Bump actions/create-github-app-token from 2.1.4 to 2.2.0 in /.github/workflows in the actions-minor group across 1 directory	2025-11-25 11:45:44 +00:00
Michael B. Gale	62e90525a0	Merge pull request #3327 from github/dependabot/github_actions/dot-github/workflows/actions/checkout-6 Bump actions/checkout from 5 to 6 in /.github/workflows	2025-11-25 11:20:57 +00:00
github-actions[bot]	8484f54a0a	Rebuild	2025-11-24 18:02:41 +00:00
dependabot[bot]	5bd8069afb	Bump actions/checkout from 5 to 6 in /.github/workflows Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-24 18:01:10 +00:00
dependabot[bot]	6feac2b36a	Bump actions/create-github-app-token Bumps the actions-minor group with 1 update in the /.github/workflows directory: [actions/create-github-app-token](https://github.com/actions/create-github-app-token). Updates `actions/create-github-app-token` from 2.1.4 to 2.2.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/v2.1.4...v2.2.0) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-24 17:59:04 +00:00
github-actions[bot]	514279113a	Rebuild	2025-11-24 17:38:19 +00:00
dependabot[bot]	e2a623d7cf	Bump the npm-minor group with 3 updates Bumps the npm-minor group with 3 updates: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc). Updates `@typescript-eslint/eslint-plugin` from 8.46.4 to 8.48.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.0/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.46.4 to 8.48.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.0/packages/parser) Updates `eslint-plugin-jsdoc` from 61.2.1 to 61.4.1 - [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases) - [Changelog](https://github.com/gajus/eslint-plugin-jsdoc/blob/main/.releaserc) - [Commits](https://github.com/gajus/eslint-plugin-jsdoc/compare/v61.2.1...v61.4.1) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.48.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: "@typescript-eslint/parser" dependency-version: 8.48.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: eslint-plugin-jsdoc dependency-version: 61.4.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-24 17:36:24 +00:00
Paolo Tranquilli	52f930e50a	Merge pull request #3323 from github/mergeback/v4.31.5-to-main-fdbfb4d2 Mergeback v4.31.5 refs/heads/releases/v4 into main	2025-11-24 12:18:45 +01:00
github-actions[bot]	478350182f	Rebuild	2025-11-24 10:55:14 +00:00
github-actions[bot]	29e11fdce1	Update changelog and version after v4.31.5	2025-11-24 09:31:18 +00:00
Paolo Tranquilli	fdbfb4d275	Merge pull request #3322 from github/update-v4.31.5-ec2ee575c Merge main into releases/v4	2025-11-24 10:29:19 +01:00
github-actions[bot]	81f6d649ae	Update changelog for v4.31.5	2025-11-24 09:03:58 +00:00
Paolo Tranquilli	ec2ee575c0	Merge pull request #3321 from github/update-bundle/codeql-bundle-v2.23.6 Update default bundle to 2.23.6	2025-11-24 09:14:29 +01:00
github-actions[bot]	ecc87875ee	Add changelog note	2025-11-24 07:51:53 +00:00
github-actions[bot]	1d2a238d7d	Update default bundle to codeql-bundle-v2.23.6	2025-11-24 07:51:46 +00:00
Henry Mercer	ce729e4d35	Merge pull request #3315 from github/henrymercer/dead-code-elimination Delete unused exports	2025-11-19 15:24:22 +00:00
Henry Mercer	ac359aad20	Add return type	2025-11-19 14:59:16 +00:00
Henry Mercer	112cd075bd	Merge branch 'main' into henrymercer/dead-code-elimination	2025-11-19 14:56:28 +00:00
Michael B. Gale	0b4317954f	Merge pull request #3306 from github/dependabot/npm_and_yarn/types/sinon-21.0.0 Bump @types/sinon from 17.0.4 to 21.0.0	2025-11-19 14:13:16 +00:00
Michael B. Gale	e818008b54	Merge pull request #3305 from github/dependabot/npm_and_yarn/eslint/compat-2.0.0 Bump @eslint/compat from 1.4.1 to 2.0.0	2025-11-19 13:41:43 +00:00
Michael B. Gale	90871e185b	Merge pull request #3304 from github/dependabot/npm_and_yarn/npm-minor-7439af33e4 Bump the npm-minor group with 2 updates	2025-11-19 13:18:38 +00:00
Kasper Svendsen	a102014397	Merge pull request #3317 from github/kaspersv/bump-minimum-overlay-version Overlay: Increase minimum CLI version required for overlay analysis	2025-11-19 14:18:24 +01:00
Kasper Svendsen	de74d762a3	Overlay: Increase minimum CLI version	2025-11-19 13:04:23 +01:00
Kasper Svendsen	ce07e7d196	Merge pull request #3310 from github/kaspersv/overlay-disk-available-limit Overlay: Fall back to full analysis if runner disk space is low	2025-11-19 12:57:53 +01:00
Henry Mercer	86d2aa55c0	Merge pull request #3316 from github/henrymercer/upload-overlay-to-api Upload overlay base DBs to GitHub API behind FF	2025-11-19 10:29:28 +00:00
Kasper Svendsen	4eccb3798e	Overlay: Round available disk space in MB	2025-11-19 08:40:56 +01:00
Kasper Svendsen	ed80d6e5e9	Overlay: Reorder available disk space check	2025-11-19 07:54:05 +01:00
Henry Mercer	378219ced2	Merge pull request #3313 from github/mergeback/v4.31.4-to-main-e12f0178 Mergeback v4.31.4 refs/heads/releases/v4 into main	2025-11-18 18:46:24 +00:00
Henry Mercer	c649c5993d	Upload overlay base DB to API behind FF	2025-11-18 18:43:19 +00:00
Henry Mercer	31042e9879	Rename function calls to make destructive operation clearer	2025-11-18 18:42:15 +00:00
Henry Mercer	5da2098551	Add feature flag for uploading overlay DBs to API	2025-11-18 18:40:51 +00:00
Henry Mercer	cac5926de5	Delete unused exports	2025-11-18 18:16:54 +00:00
Henry Mercer	e24190a70c	Remove unused dependencies	2025-11-18 18:14:49 +00:00
github-actions[bot]	ce9b526448	Rebuild	2025-11-18 16:17:35 +00:00
github-actions[bot]	28f4a61417	Merge remote-tracking branch 'origin/main' into mergeback/v4.31.4-to-main-e12f0178	2025-11-18 16:16:46 +00:00
github-actions[bot]	fea250010c	Update changelog and version after v4.31.4	2025-11-18 16:14:11 +00:00
Michael B. Gale	e12f017898	Merge pull request #3312 from github/update-v4.31.4-70434f6dd Merge main into releases/v4	2025-11-18 16:12:25 +00:00
Michael B. Gale	249458aab2	Merge pull request #3296 from github/mbg/dependency-caching/skip-uploads-for-exact-matches Skip uploading dependency caches if we know they exist	2025-11-18 15:44:06 +00:00
github-actions[bot]	c9cb6f9c13	Update changelog for v4.31.4	2025-11-18 15:18:43 +00:00
Kasper Svendsen	726a2a01b8	Overlay: Increase disk storage threshold to 20GB	2025-11-18 15:37:27 +01:00
Michael B. Gale	70434f6dd2	Merge pull request #3311 from github/mbg/deps/bump-glob Bump `glob` to at least `11.1.0`	2025-11-18 12:39:21 +00:00
Michael B. Gale	528362a7c1	Bump `glob` to at least `11.1.0`	2025-11-18 12:20:00 +00:00
Michael B. Gale	de12435376	Merge pull request #3308 from github/mbg/pr-template/nov25 Add additional options to PR template and clarify some	2025-11-18 11:52:08 +00:00
Kasper Svendsen	4f746e4a60	Overlay: Fall back to full analysis if runner disk space is low	2025-11-18 08:19:13 +01:00
Michael B. Gale	7bcdb4bc66	Add additional options to PR template and clarify some	2025-11-17 17:48:39 +00:00
github-actions[bot]	b595847fa5	Rebuild	2025-11-17 17:04:50 +00:00
github-actions[bot]	4f39cef4c6	Rebuild	2025-11-17 17:03:39 +00:00
github-actions[bot]	d4a7ccd1f0	Rebuild	2025-11-17 17:03:22 +00:00
dependabot[bot]	cd808e1260	Bump @types/sinon from 17.0.4 to 21.0.0 Bumps [@types/sinon](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sinon) from 17.0.4 to 21.0.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sinon) --- updated-dependencies: - dependency-name: "@types/sinon" dependency-version: 21.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-17 17:02:13 +00:00
dependabot[bot]	01577d4797	Bump @eslint/compat from 1.4.1 to 2.0.0 Bumps [@eslint/compat](https://github.com/eslint/rewrite/tree/HEAD/packages/compat) from 1.4.1 to 2.0.0. - [Release notes](https://github.com/eslint/rewrite/releases) - [Changelog](https://github.com/eslint/rewrite/blob/main/packages/compat/CHANGELOG.md) - [Commits](https://github.com/eslint/rewrite/commits/compat-v2.0.0/packages/compat) --- updated-dependencies: - dependency-name: "@eslint/compat" dependency-version: 2.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-17 17:01:53 +00:00
dependabot[bot]	3b635815d6	Bump the npm-minor group with 2 updates Bumps the npm-minor group with 2 updates: [@octokit/request-error](https://github.com/octokit/request-error.js) and [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc). Updates `@octokit/request-error` from 7.0.2 to 7.1.0 - [Release notes](https://github.com/octokit/request-error.js/releases) - [Commits](https://github.com/octokit/request-error.js/compare/v7.0.2...v7.1.0) Updates `eslint-plugin-jsdoc` from 61.1.12 to 61.2.1 - [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases) - [Changelog](https://github.com/gajus/eslint-plugin-jsdoc/blob/main/.releaserc) - [Commits](https://github.com/gajus/eslint-plugin-jsdoc/compare/v61.1.12...v61.2.1) --- updated-dependencies: - dependency-name: "@octokit/request-error" dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: eslint-plugin-jsdoc dependency-version: 61.2.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-17 17:01:47 +00:00
Michael B. Gale	1ed85b4501	Add test coverage for `uploadDependencyCaches`	2025-11-14 14:30:54 +00:00
Michael B. Gale	51c9af3a3b	Don't try to upload cache if we have restored a cache with the same key	2025-11-14 14:30:54 +00:00
Michael B. Gale	594c0cc369	Store restored keys in action state	2025-11-14 14:30:54 +00:00
Michael B. Gale	11889c27fd	Return keys of restored caches from `downloadDependencyCaches`	2025-11-14 14:30:54 +00:00
Michael B. Gale	f5f9571d61	Configure temp dependency dir for C# extractor when FF is enabled And also clean it up.	2025-11-13 14:03:44 +00:00
Michael B. Gale	ecaa6db95a	Include `getCsharpTempDependencyDir` in C# caches if FF is enabled	2025-11-13 13:40:58 +00:00
Michael B. Gale	a47d04cf9b	Add FF for extra C# cache contents	2025-11-13 13:40:57 +00:00
Michael B. Gale	d854ba6ec0	Pass `FeatureEnablement` to `getDependencyPaths`	2025-11-13 13:40:57 +00:00
Michael B. Gale	cf8b7a6e14	Refactor C# cache content paths into a function	2025-11-13 13:40:56 +00:00