Add empty file poc.txt

2025-12-14 19:39:10 +08:00 · 2025-01-22 12:37:26 +00:00
5872 changed files with 68914 additions and 281062 deletions
--- a/.github/actions/check-codescanning-config/action.yml
+++ b/.github/actions/check-codescanning-config/action.yml
@@ -61,12 +61,11 @@ runs:
    - name: Check config
      working-directory: ${{ github.action_path }}
      shell: bash
-      env:
+      run: ts-node ./index.ts "${{ runner.temp }}/user-config.yaml" '${{ inputs.expected-config-file-contents }}'
-        EXPECTED_CONFIG_FILE_CONTENTS: '${{ inputs.expected-config-file-contents }}'
+
      run: ts-node ./index.ts "$RUNNER_TEMP/user-config.yaml" "$EXPECTED_CONFIG_FILE_CONTENTS"
    - name: Clean up
      shell: bash
      if: always()
      run: |
-        rm -rf $RUNNER_TEMP/codescanning-config-cli-test
+        rm -rf ${{ runner.temp }}/codescanning-config-cli-test
-        rm -rf $RUNNER_TEMP/user-config.yaml
+        rm -rf ${{ runner.temp }}/user-config.yaml
--- a/.github/actions/check-codescanning-config/index.ts
+++ b/.github/actions/check-codescanning-config/index.ts
@@ -8,7 +8,7 @@ const actualConfig = loadActualConfig()
 const rawExpectedConfig = process.argv[3].trim()
 if (!rawExpectedConfig) {
-  core.setFailed('No expected configuration provided')
+  core.info('No expected configuration provided')
 } else {
  core.startGroup('Expected generated user config')
  core.info(yaml.dump(JSON.parse(rawExpectedConfig)))
--- a/.github/codeql/codeql-actions-config.yml
+++ b/.github/codeql/codeql-actions-config.yml
@@ -1,4 +0,0 @@
 # Configuration for the CodeQL Actions Queries
 name: "CodeQL Actions Queries config"
 queries:
  - uses: security-and-quality
--- a/.github/workflows/__all-platform-bundle.yml
+++ b/.github/workflows/__all-platform-bundle.yml
@@ -32,7 +32,7 @@ jobs:
    name: All-platform bundle
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__analyze-ref-input.yml
+++ b/.github/workflows/__analyze-ref-input.yml
@@ -36,7 +36,7 @@ jobs:
    name: "Analyze: 'ref' and 'sha' from inputs"
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__autobuild-action.yml
+++ b/.github/workflows/__autobuild-action.yml
@@ -36,7 +36,7 @@ jobs:
    name: autobuild-action
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml
+++ b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml
@@ -38,7 +38,7 @@ jobs:
    name: Autobuild direct tracing (custom working directory)
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__autobuild-direct-tracing.yml
+++ b/.github/workflows/__autobuild-direct-tracing.yml
@@ -38,7 +38,7 @@ jobs:
    name: Autobuild direct tracing
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__build-mode-autobuild.yml
+++ b/.github/workflows/__build-mode-autobuild.yml
@@ -32,7 +32,7 @@ jobs:
    name: Build mode autobuild
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__build-mode-manual.yml
+++ b/.github/workflows/__build-mode-manual.yml
@@ -32,7 +32,7 @@ jobs:
    name: Build mode manual
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__build-mode-none.yml
+++ b/.github/workflows/__build-mode-none.yml
@@ -34,7 +34,7 @@ jobs:
    name: Build mode none
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__build-mode-rollback.yml
+++ b/.github/workflows/__build-mode-rollback.yml
@@ -32,7 +32,7 @@ jobs:
    name: Build mode rollback
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__cleanup-db-cluster-dir.yml
+++ b/.github/workflows/__cleanup-db-cluster-dir.yml
@@ -32,7 +32,7 @@ jobs:
    name: Clean up database cluster directory
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__config-export.yml
+++ b/.github/workflows/__config-export.yml
@@ -42,7 +42,7 @@ jobs:
    name: Config export
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__config-input.yml
+++ b/.github/workflows/__config-input.yml
@@ -32,7 +32,7 @@ jobs:
    name: Config input
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__cpp-deptrace-disabled.yml
+++ b/.github/workflows/__cpp-deptrace-disabled.yml
@@ -36,7 +36,7 @@ jobs:
    name: 'C/C++: disabling autoinstalling dependencies (Linux)'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml
+++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml
@@ -32,7 +32,7 @@ jobs:
    name: 'C/C++: autoinstalling dependencies is skipped (macOS)'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__cpp-deptrace-enabled.yml
+++ b/.github/workflows/__cpp-deptrace-enabled.yml
@@ -36,7 +36,7 @@ jobs:
    name: 'C/C++: autoinstalling dependencies (Linux)'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__diagnostics-export.yml
+++ b/.github/workflows/__diagnostics-export.yml
@@ -42,7 +42,7 @@ jobs:
    name: Diagnostic export
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__export-file-baseline-information.yml
+++ b/.github/workflows/__export-file-baseline-information.yml
@@ -36,7 +36,7 @@ jobs:
    name: Export file baseline information
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__extract-direct-to-toolcache.yml
+++ b/.github/workflows/__extract-direct-to-toolcache.yml
@@ -36,7 +36,7 @@ jobs:
    name: Extract directly to toolcache
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__extractor-ram-threads.yml
+++ b/.github/workflows/__extractor-ram-threads.yml
@@ -32,7 +32,7 @@ jobs:
    name: Extractor ram and threads options test
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__go-custom-queries.yml
+++ b/.github/workflows/__go-custom-queries.yml
@@ -34,7 +34,7 @@ jobs:
    name: 'Go: Custom queries'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
@@ -32,7 +32,7 @@ jobs:
    name: 'Go: diagnostic when Go is changed after init step'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
@@ -32,7 +32,7 @@ jobs:
    name: 'Go: diagnostic when `file` is not installed'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__go-indirect-tracing-workaround.yml
+++ b/.github/workflows/__go-indirect-tracing-workaround.yml
@@ -32,7 +32,7 @@ jobs:
    name: 'Go: workaround for indirect tracing'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__go-tracing-autobuilder.yml
+++ b/.github/workflows/__go-tracing-autobuilder.yml
@@ -62,7 +62,7 @@ jobs:
    name: 'Go: tracing with autobuilder step'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
@@ -77,7 +77,7 @@ jobs:
          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
-          go-version: ~1.24.0
+          go-version: ~1.23.0
      # to avoid potentially misleading autobuilder results where we expect it to download
      # dependencies successfully, but they actually come from a warm cache
          cache: false
--- a/.github/workflows/__go-tracing-custom-build-steps.yml
+++ b/.github/workflows/__go-tracing-custom-build-steps.yml
@@ -62,7 +62,7 @@ jobs:
    name: 'Go: tracing with custom build steps'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
@@ -77,7 +77,7 @@ jobs:
          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
-          go-version: ~1.24.0
+          go-version: ~1.23.0
      # to avoid potentially misleading autobuilder results where we expect it to download
      # dependencies successfully, but they actually come from a warm cache
          cache: false
--- a/.github/workflows/__go-tracing-legacy-workflow.yml
+++ b/.github/workflows/__go-tracing-legacy-workflow.yml
@@ -62,7 +62,7 @@ jobs:
    name: 'Go: tracing with legacy workflow'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
@@ -77,7 +77,7 @@ jobs:
          setup-kotlin: 'true'
      - uses: actions/setup-go@v5
        with:
-          go-version: ~1.24.0
+          go-version: ~1.23.0
      # to avoid potentially misleading autobuilder results where we expect it to download
      # dependencies successfully, but they actually come from a warm cache
          cache: false
--- a/.github/workflows/__javascript-source-root.yml
+++ b/.github/workflows/__javascript-source-root.yml
@@ -36,7 +36,7 @@ jobs:
    name: Custom source root
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__job-run-uuid-sarif.yml
+++ b/.github/workflows/__job-run-uuid-sarif.yml
@@ -32,7 +32,7 @@ jobs:
    name: Job run UUID added to SARIF
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__language-aliases.yml
+++ b/.github/workflows/__language-aliases.yml
@@ -32,7 +32,7 @@ jobs:
    name: Language aliases
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__multi-language-autodetect.yml
+++ b/.github/workflows/__multi-language-autodetect.yml
@@ -62,7 +62,7 @@ jobs:
    name: Multi-language repository
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml
+++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml
@@ -48,7 +48,7 @@ jobs:
    name: 'Packaging: Config and input passed to the CLI'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__packaging-config-inputs-js.yml
+++ b/.github/workflows/__packaging-config-inputs-js.yml
@@ -48,7 +48,7 @@ jobs:
    name: 'Packaging: Config and input'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__packaging-config-js.yml
+++ b/.github/workflows/__packaging-config-js.yml
@@ -48,7 +48,7 @@ jobs:
    name: 'Packaging: Config file'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__packaging-inputs-js.yml
+++ b/.github/workflows/__packaging-inputs-js.yml
@@ -48,7 +48,7 @@ jobs:
    name: 'Packaging: Action input'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__remote-config.yml
+++ b/.github/workflows/__remote-config.yml
@@ -34,7 +34,7 @@ jobs:
    name: Remote config file
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__resolve-environment-action.yml
+++ b/.github/workflows/__resolve-environment-action.yml
@@ -48,7 +48,7 @@ jobs:
    name: Resolve environment
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__rubocop-multi-language.yml
+++ b/.github/workflows/__rubocop-multi-language.yml
@@ -32,7 +32,7 @@ jobs:
    name: RuboCop multi-language
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
@@ -46,7 +46,7 @@ jobs:
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
      - name: Set up Ruby
-        uses: ruby/setup-ruby@32110d4e311bd8996b2a82bf2a43b714ccc91777 # v1.221.0
+        uses: ruby/setup-ruby@v1
        with:
          ruby-version: 2.6
      - name: Install Code Scanning integration
--- a/.github/workflows/__ruby.yml
+++ b/.github/workflows/__ruby.yml
@@ -42,7 +42,7 @@ jobs:
    name: Ruby analysis
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__rust.yml
+++ b/.github/workflows/__rust.yml
@@ -1,71 +0,0 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
 # to regenerate this file.
 name: PR Check - Rust analysis
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
  push:
    branches:
      - main
      - releases/v*
  pull_request:
    types:
      - opened
      - synchronize
      - reopened
      - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch: {}
 jobs:
  rust:
    strategy:
      fail-fast: false
      matrix:
        include:
          - os: ubuntu-latest
            version: linked
          - os: ubuntu-latest
            version: default
          - os: ubuntu-latest
            version: nightly-latest
    name: Rust analysis
    permissions:
      contents: read
      security-events: read
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
        with:
          version: ${{ matrix.version }}
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
      - uses: ./../action/init
        with:
          languages: rust
          tools: ${{ steps.prepare-test.outputs.tools-url }}
        env:
          CODEQL_ACTION_RUST_ANALYSIS: true
      - uses: ./../action/analyze
        id: analysis
        with:
          upload-database: false
      - name: Check database
        shell: bash
        run: |
          RUST_DB="${{ fromJson(steps.analysis.outputs.db-locations).rust }}"
          if [[ ! -d "$RUST_DB" ]]; then
            echo "Did not create a database for Rust."
            exit 1
          fi
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__split-workflow.yml
+++ b/.github/workflows/__split-workflow.yml
@@ -42,7 +42,7 @@ jobs:
    name: Split workflow
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__start-proxy.yml
+++ b/.github/workflows/__start-proxy.yml
@@ -36,7 +36,7 @@ jobs:
    name: Start proxy
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__submit-sarif-failure.yml
+++ b/.github/workflows/__submit-sarif-failure.yml
@@ -36,8 +36,7 @@ jobs:
    name: Submit SARIF after failure
    permissions:
      contents: read
-      security-events: write # needed to upload the SARIF file
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__swift-autobuild.yml
+++ b/.github/workflows/__swift-autobuild.yml
@@ -32,7 +32,7 @@ jobs:
    name: Swift analysis using autobuild
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__swift-custom-build.yml
+++ b/.github/workflows/__swift-custom-build.yml
@@ -36,7 +36,7 @@ jobs:
    name: Swift analysis using a custom build command
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__test-autobuild-working-dir.yml
+++ b/.github/workflows/__test-autobuild-working-dir.yml
@@ -32,7 +32,7 @@ jobs:
    name: Autobuild working directory
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__test-local-codeql.yml
+++ b/.github/workflows/__test-local-codeql.yml
@@ -32,7 +32,7 @@ jobs:
    name: Local CodeQL bundle
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__test-proxy.yml
+++ b/.github/workflows/__test-proxy.yml
@@ -34,7 +34,7 @@ jobs:
    name: Proxy test
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__unset-environment.yml
+++ b/.github/workflows/__unset-environment.yml
@@ -34,7 +34,7 @@ jobs:
    name: Test unsetting environment variables
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__upload-ref-sha-input.yml
+++ b/.github/workflows/__upload-ref-sha-input.yml
@@ -36,7 +36,7 @@ jobs:
    name: "Upload-sarif: 'ref' and 'sha' from inputs"
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__with-checkout-path.yml
+++ b/.github/workflows/__with-checkout-path.yml
@@ -36,7 +36,7 @@ jobs:
    name: Use a custom `checkout_path`
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__zstd-bundle-streaming.yml
+++ b/.github/workflows/__zstd-bundle-streaming.yml
@@ -34,7 +34,7 @@ jobs:
    name: Zstandard bundle (streaming)
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/__zstd-bundle.yml
+++ b/.github/workflows/__zstd-bundle.yml
@@ -36,7 +36,7 @@ jobs:
    name: Zstandard bundle
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/check-expected-release-files.yml
+++ b/.github/workflows/check-expected-release-files.yml
@@ -13,9 +13,6 @@ jobs:
  check-expected-release-files:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout CodeQL Action
        uses: actions/checkout@v4
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -24,7 +24,7 @@ jobs:
      versions: ${{ steps.compare.outputs.versions }}
    permissions:
-      contents: read
+      security-events: write
    steps:
    - uses: actions/checkout@v4
@@ -70,7 +70,7 @@ jobs:
        echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
        echo "versions=${VERSIONS_JSON}" >> $GITHUB_OUTPUT
-  analyze-javascript:
+  build:
    needs: [check-codeql-versions]
    strategy:
      fail-fast: false
@@ -80,7 +80,6 @@ jobs:
    runs-on: ${{ matrix.os }}
    permissions:
      contents: read
      security-events: write
    steps:
@@ -100,27 +99,3 @@ jobs:
      uses: ./analyze
      with:
        category: "/language:javascript"
  analyze-actions:
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
    permissions:
      contents: read
      security-events: write
    steps:
    - name: Checkout
      uses: actions/checkout@v4
    - name: Initialize CodeQL
      uses: ./init
      with:
        languages: actions
        config-file: ./.github/codeql/codeql-actions-config.yml
    - name: Perform CodeQL Analysis
      uses: ./analyze
      with:
        category: "/language:actions"
--- a/.github/workflows/codescanning-config-cli.yml
+++ b/.github/workflows/codescanning-config-cli.yml
@@ -23,11 +23,6 @@ jobs:
  code-scanning-config-tests:
    continue-on-error: true
    permissions:
      contents: read
      packages: read
      security-events: read
    strategy:
      fail-fast: false
      matrix:
--- a/.github/workflows/debug-artifacts-failure-safe.yml
+++ b/.github/workflows/debug-artifacts-failure-safe.yml
@@ -1,102 +0,0 @@
 # Checks logs, SARIF, and database bundle debug artifacts exist
 # when the analyze step fails.
 name: PR Check - Debug artifacts after failure
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 on:
  push:
    branches:
    - main
    - releases/v*
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch: {}
 jobs:
  upload-artifacts:
    strategy:
      fail-fast: false
      matrix:
        version:
        - stable-v2.20.3
        - default
        - linked
        - nightly-latest
    name: Upload debug artifacts after failure in analyze
    continue-on-error: true
    env:
      CODEQL_ACTION_TEST_MODE: true
    permissions:
      contents: read
    timeout-minutes: 45
    runs-on: ubuntu-latest
    steps:
      - name: Dump GitHub event
        run: cat "${GITHUB_EVENT_PATH}"
      - name: Check out repository
        uses: actions/checkout@v4
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
        with:
          version: ${{ matrix.version }}
      - uses: actions/setup-go@v5
        with:
          go-version: ^1.13.1
      - uses: ./../action/init
        with:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
          debug: true
          debug-artifact-name: my-debug-artifacts
          debug-database-name: my-db
      - name: Build code
        shell: bash
        run: ./build.sh
      - uses: ./../action/analyze
        id: analysis
        env:
          # Forces a failure in this step.
          CODEQL_ACTION_EXTRA_OPTIONS: '{ "database": { "finalize": ["--invalid-option"] } }'
        with:
          expect-error: true
  download-and-check-artifacts:
    name: Download and check debug artifacts after failure in analyze
    needs: upload-artifacts
    timeout-minutes: 45
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
      - name: Download all artifacts
        uses: actions/download-artifact@v4
      - name: Check expected artifacts exist
        shell: bash
        run: |
          LANGUAGES="cpp csharp go java javascript python"
          for version in $VERSIONS; do
            echo "Artifacts from version $version:"
            pushd "./my-debug-artifacts-${version//./}"
            for language in $LANGUAGES; do
              echo "- Checking $language"
              if [[ ! -f "my-db-$language-partial.zip" ]] ; then
                echo "Missing a partial database bundle for $language"
                exit 1
              fi
              if [[ ! -d "log" ]] ; then
                echo "Missing database initialization logs"
                exit 1
              fi
              if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then
                echo "Missing logs for $language"
                exit 1
              fi
            done
            popd
          done
        env:
          GO111MODULE: auto
--- a/.github/workflows/debug-artifacts-failure.yml
+++ b/.github/workflows/debug-artifacts-failure.yml
@@ -0,0 +1,87 @@
 # Checks logs, SARIF, and database bundle debug artifacts exist
 # when the analyze step fails.
 name: PR Check - Debug artifacts after failure
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 on:
  push:
    branches:
    - main
    - releases/v*
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch: {}
 jobs:
  upload-artifacts:
    name: Upload debug artifacts after failure in analyze
    continue-on-error: true
    env:
      CODEQL_ACTION_TEST_MODE: true
    timeout-minutes: 45
    runs-on: ubuntu-latest
    steps:
      - name: Dump GitHub event
        run: cat "${GITHUB_EVENT_PATH}"
      - name: Check out repository
        uses: actions/checkout@v4
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
        with:
          version: linked
      - uses: actions/setup-go@v5
        with:
          go-version: ^1.13.1
      - uses: ./../action/init
        with:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
          debug: true
          debug-artifact-name: my-debug-artifacts
          debug-database-name: my-db
      - name: Build code
        shell: bash
        run: ./build.sh
      - uses: ./../action/analyze
        id: analysis
        env:
          # Forces a failure in this step.
          CODEQL_ACTION_EXTRA_OPTIONS: '{ "database": { "finalize": ["--invalid-option"] } }'
        with:
          expect-error: true
  download-and-check-artifacts:
    name: Download and check debug artifacts after failure in analyze
    needs: upload-artifacts
    timeout-minutes: 45
    runs-on: ubuntu-latest
    steps:
      - name: Download all artifacts
        uses: actions/download-artifact@v4
      - name: Check expected artifacts exist
        shell: bash
        run: |
          LANGUAGES="cpp csharp go java javascript python"
          cd "./my-debug-artifacts"
          echo "Artifacts from run:"
          for language in $LANGUAGES; do
            echo "- Checking $language"
            if [[ ! -f "my-db-$language-partial.zip" ]] ; then
              echo "Missing a partial database bundle for $language"
              exit 1
            fi
            if [[ ! -d "log" ]] ; then
              echo "Missing database initialization logs"
              exit 1
            fi
            if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then
              echo "Missing logs for $language"
              exit 1
            fi
          done
        env:
          GO111MODULE: auto
--- a/.github/workflows/debug-artifacts-safe.yml
+++ b/.github/workflows/debug-artifacts-safe.yml
@@ -1,97 +0,0 @@
 # Checks logs, SARIF, and database bundle debug artifacts exist.
 name: PR Check - Debug artifact upload
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 on:
  push:
    branches:
    - main
    - releases/v*
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch: {}
 jobs:
  upload-artifacts:
    strategy:
      fail-fast: false
      matrix:
        version:
        - stable-v2.20.3
        - default
        - linked
        - nightly-latest
    name: Upload debug artifacts
    env:
      CODEQL_ACTION_TEST_MODE: true
    timeout-minutes: 45
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
        with:
          version: ${{ matrix.version }}
      - uses: actions/setup-go@v5
        with:
          go-version: ^1.13.1
      - uses: ./../action/init
        id: init
        with:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
          debug: true
          debug-artifact-name: my-debug-artifacts
          debug-database-name: my-db
          # We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
          languages: cpp,csharp,go,java,javascript,python,ruby
      - name: Build code
        shell: bash
        run: ./build.sh
      - uses: ./../action/analyze
        id: analysis
  download-and-check-artifacts:
    name: Download and check debug artifacts
    needs: upload-artifacts
    timeout-minutes: 45
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
      - name: Download all artifacts
        uses: actions/download-artifact@v4
      - name: Check expected artifacts exist
        shell: bash
        run: |
          VERSIONS="stable-v2.20.3 default linked nightly-latest"
          LANGUAGES="cpp csharp go java javascript python"
          for version in $VERSIONS; do
            pushd "./my-debug-artifacts-${version//./}"
            echo "Artifacts from version $version:"
            for language in $LANGUAGES; do
              echo "- Checking $language"
              if [[ ! -f "$language.sarif" ]] ; then
                echo "Missing a SARIF file for $language"
                exit 1
              fi
              if [[ ! -f "my-db-$language.zip" ]] ; then
                echo "Missing a database bundle for $language"
                exit 1
              fi
              if [[ ! -d "$language/log" ]] ; then
                echo "Missing logs for $language"
                exit 1
              fi
            done
            popd
          done
        env:
          GO111MODULE: auto
--- a/.github/workflows/debug-artifacts.yml
+++ b/.github/workflows/debug-artifacts.yml
@@ -0,0 +1,97 @@
 # Checks logs, SARIF, and database bundle debug artifacts exist.
 name: PR Check - Debug artifact upload
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 on:
  push:
    branches:
    - main
    - releases/v*
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch: {}
 jobs:
  upload-artifacts:
    strategy:
      fail-fast: false
      matrix:
        version:
        - stable-v2.15.5
        - stable-v2.16.6
        - stable-v2.17.6
        - stable-v2.18.4
        - stable-v2.19.4
        - default
        - linked
        - nightly-latest
    name: Upload debug artifacts
    env:
      CODEQL_ACTION_TEST_MODE: true
    timeout-minutes: 45
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository
        uses: actions/checkout@v4
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
        with:
          version: ${{ matrix.version }}
      - uses: actions/setup-go@v5
        with:
          go-version: ^1.13.1
      - uses: ./../action/init
        id: init
        with:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
          debug: true
          debug-artifact-name: my-debug-artifacts
          debug-database-name: my-db
          # We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
          languages: cpp,csharp,go,java,javascript,python,ruby
      - name: Build code
        shell: bash
        run: ./build.sh
      - uses: ./../action/analyze
        id: analysis
  download-and-check-artifacts:
    name: Download and check debug artifacts
    needs: upload-artifacts
    timeout-minutes: 45
    runs-on: ubuntu-latest
    steps:
      - name: Download all artifacts
        uses: actions/download-artifact@v4
      - name: Check expected artifacts exist
        shell: bash
        run: |
          VERSIONS="stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 stable-v2.18.4 stable-v2.19.4 default linked nightly-latest"
          LANGUAGES="cpp csharp go java javascript python"
          for version in $VERSIONS; do
            pushd "./my-debug-artifacts-${version//./}"
            echo "Artifacts from version $version:"
            for language in $LANGUAGES; do
              echo "- Checking $language"
              if [[ ! -f "$language.sarif" ]] ; then
                echo "Missing a SARIF file for $language"
                exit 1
              fi
              if [[ ! -f "my-db-$language.zip" ]] ; then
                echo "Missing a database bundle for $language"
                exit 1
              fi
              if [[ ! -d "$language/log" ]] ; then
                echo "Missing logs for $language"
                exit 1
              fi
            done
            popd
          done
        env:
          GO111MODULE: auto
--- a/.github/workflows/expected-queries-runs.yml
+++ b/.github/workflows/expected-queries-runs.yml
@@ -24,7 +24,7 @@ jobs:
    runs-on: ubuntu-latest
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
--- a/.github/workflows/post-release-mergeback.yml
+++ b/.github/workflows/post-release-mergeback.yml
@@ -27,10 +27,6 @@ jobs:
      BASE_BRANCH: "${{ github.event.inputs.baseBranch || 'main' }}"
      HEAD_BRANCH: "${{ github.head_ref || github.ref }}"
    permissions:
      contents: write # needed to create tags and push commits
      pull-requests: write
    steps:
      - name: Dump environment
        run: env
@@ -168,7 +164,7 @@ jobs:
            --draft
      - name: Generate token
-        uses: actions/create-github-app-token@v1.11.6
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755
        id: app-token
        with:
          app-id: ${{ vars.AUTOMATION_APP_ID }}
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -15,7 +15,7 @@ jobs:
    timeout-minutes: 45
    permissions:
      contents: read
-      security-events: write # needed to upload ESLint results
+      security-events: write
    strategy:
      fail-fast: false
@@ -40,8 +40,6 @@ jobs:
  check-node-modules:
    if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
    name: Check modules up to date
    permissions:
      contents: read
    runs-on: macos-latest
    timeout-minutes: 45
@@ -53,8 +51,6 @@ jobs:
  check-file-contents:
    if: github.event_name != 'push' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/releases/v')
    name: Check file contents
    permissions:
      contents: read
    runs-on: ubuntu-latest
    timeout-minutes: 45
@@ -85,8 +81,6 @@ jobs:
      fail-fast: false
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
    permissions:
      contents: read
    runs-on: ${{ matrix.os }}
    timeout-minutes: 45
@@ -107,9 +101,6 @@ jobs:
    env:
      BASE_REF: ${{ github.base_ref }}
    permissions:
      contents: read
    steps:
      - uses: actions/checkout@v4
      - id: head-version
--- a/.github/workflows/python312-windows.yml
+++ b/.github/workflows/python312-windows.yml
@@ -17,8 +17,6 @@ jobs:
    env:
      CODEQL_ACTION_TEST_MODE: true
    timeout-minutes: 45
    permissions:
      contents: read
    runs-on: windows-latest
    steps:
--- a/.github/workflows/query-filters.yml
+++ b/.github/workflows/query-filters.yml
@@ -20,8 +20,6 @@ jobs:
    name: Query Filters Tests
    timeout-minutes: 45
    runs-on: ubuntu-latest
    permissions:
      contents: read # This permission is needed to allow the GitHub Actions workflow to read the contents of the repository.
    steps:
    - name: Check out repository
      uses: actions/checkout@v4
--- a/.github/workflows/rebuild.yml
+++ b/.github/workflows/rebuild.yml
@@ -11,9 +11,6 @@ jobs:
    runs-on: ubuntu-latest
    if: github.event.label.name == 'Rebuild'
    permissions:
      contents: write # needed to push rebuilt commit
      pull-requests: write # needed to comment on the PR
    steps:
      - name: Checkout
        uses: actions/checkout@v4
--- a/.github/workflows/test-codeql-bundle-all.yml
+++ b/.github/workflows/test-codeql-bundle-all.yml
@@ -27,7 +27,7 @@ jobs:
    name: 'CodeQL Bundle All'
    permissions:
      contents: read
-      security-events: read
+      security-events: write
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
--- a/.github/workflows/update-bundle.yml
+++ b/.github/workflows/update-bundle.yml
@@ -17,9 +17,6 @@ jobs:
  update-bundle:
    if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-')
    runs-on: ubuntu-latest
    permissions:
      contents: write # needed to push commits
      pull-requests: write # needed to create pull requests
    steps:
      - name: Dump environment
        run: env
--- a/.github/workflows/update-dependencies.yml
+++ b/.github/workflows/update-dependencies.yml
@@ -9,9 +9,6 @@ jobs:
    timeout-minutes: 45
    runs-on: macos-latest
    if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'github/codeql-action')
    permissions:
      contents: write # needed to push the updated dependencies
      pull-requests: write # needed to comment on the PR
    steps:
    - name: Checkout repository
      uses: actions/checkout@v4
--- a/.github/workflows/update-release-branch.yml
+++ b/.github/workflows/update-release-branch.yml
@@ -22,8 +22,6 @@ jobs:
      latest_tag: ${{ steps.versions.outputs.latest_tag }}
      backport_source_branch: ${{ steps.branches.outputs.backport_source_branch }}
      backport_target_branches: ${{ steps.branches.outputs.backport_target_branches }}
    permissions:
      contents: read
    steps:
    - uses: actions/checkout@v4
      with:
@@ -65,9 +63,6 @@ jobs:
      REPOSITORY: "${{ github.repository }}"
      MAJOR_VERSION: "${{ needs.prepare.outputs.major_version }}"
      LATEST_TAG: "${{ needs.prepare.outputs.latest_tag }}"
    permissions:
      contents: write # needed to push commits
      pull-requests: write # needed to create pull request
    steps:
    - uses: actions/checkout@v4
      with:
@@ -119,12 +114,9 @@ jobs:
    env:
      SOURCE_BRANCH: ${{ needs.prepare.outputs.backport_source_branch }}
      TARGET_BRANCH: ${{ matrix.target_branch }}
    permissions:
      contents: write # needed to push commits
      pull-requests: write # needed to create pull request
    steps:
    - name: Generate token
-      uses: actions/create-github-app-token@v1.11.6
+      uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755
      id: app-token
      with:
        app-id: ${{ vars.AUTOMATION_APP_ID }}
--- a/.github/workflows/update-supported-enterprise-server-versions.yml
+++ b/.github/workflows/update-supported-enterprise-server-versions.yml
@@ -10,23 +10,20 @@ jobs:
    name: Update Supported Enterprise Server Versions
    timeout-minutes: 45
    runs-on: ubuntu-latest
-    if: github.repository == 'github/codeql-action'
+    if: ${{ github.repository == 'github/codeql-action' }}
    permissions:
      contents: write # needed to push commits
      pull-requests: write # needed to create pull request
    steps:
      - name: Setup Python
        uses: actions/setup-python@v5
        with:
-          python-version: "3.13"
+          python-version: "3.7"
      - name: Checkout CodeQL Action
        uses: actions/checkout@v4
      - name: Checkout Enterprise Releases
        uses: actions/checkout@v4
        with:
          repository: github/enterprise-releases
-          token: ${{ secrets.ENTERPRISE_RELEASE_TOKEN }}
+          ssh-key: ${{ secrets.ENTERPRISE_RELEASES_SSH_KEY }}
          path: ${{ github.workspace }}/enterprise-releases/
      - name: Update Supported Enterprise Server Versions
        run: |
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,20 +1,20 @@
 repos:
  - repo: local
    hooks:
      - id: lint-ts
        name: Lint typescript code
        files: \.ts$
        language: system
        entry: npm run lint -- --fix
      - id: compile-ts
        name: Compile typescript
        files: \.[tj]s$
        language: system
        entry: npm run build
        pass_filenames: false
      - id: lint-ts
        name: Lint typescript code
        files: \.ts$
        language: system
        entry: npm run lint -- --fix
      - id: pr-checks-sync
        name: Synchronize PR check workflows
        files: ^.github/workflows/__.*\.yml$|^pr-checks
        language: system
-        entry: pr-checks/sync.sh
+        entry: python3 pr-checks/sync.py
        pass_filenames: false
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,41 +6,6 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 No user facing changes.
 ## 3.28.10 - 21 Feb 2025
 - Update default CodeQL bundle version to 2.20.5. [#2772](https://github.com/github/codeql-action/pull/2772)
 - Address an issue where the CodeQL Bundle would occasionally fail to decompress on macOS. [#2768](https://github.com/github/codeql-action/pull/2768)
 ## 3.28.9 - 07 Feb 2025
 - Update default CodeQL bundle version to 2.20.4. [#2753](https://github.com/github/codeql-action/pull/2753)
 ## 3.28.8 - 29 Jan 2025
 - Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. [#2744](https://github.com/github/codeql-action/pull/2744)
 ## 3.28.7 - 29 Jan 2025
 No user facing changes.
 ## 3.28.6 - 27 Jan 2025
 - Re-enable debug artifact upload for CLI versions 2.20.3 or greater. [#2726](https://github.com/github/codeql-action/pull/2726)
 ## 3.28.5 - 24 Jan 2025
 - Update default CodeQL bundle version to 2.20.3. [#2717](https://github.com/github/codeql-action/pull/2717)
 ## 3.28.4 - 23 Jan 2025
 No user facing changes.
 ## 3.28.3 - 22 Jan 2025
 - Update default CodeQL bundle version to 2.20.2. [#2707](https://github.com/github/codeql-action/pull/2707)
 - Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the [CodeQL Action sync tool](https://github.com/github/codeql-action-sync-tool) and the Actions runner did not have Zstandard installed. [#2710](https://github.com/github/codeql-action/pull/2710)
 - Uploading debug artifacts for CodeQL analysis is temporarily disabled. [#2712](https://github.com/github/codeql-action/pull/2712)
 ## 3.28.2 - 21 Jan 2025
 No user facing changes.
--- a/17
+++ b/17
@@ -1,17 +0,0 @@
 # Perform all working copy cleanup operations
 all: lint sync
 # Lint source typescript
 lint:
    npm run lint -- --fix
 # Sync generated files (javascript and PR checks)
 sync: build update-pr-checks
 # Perform all necessary steps to update the PR checks
 update-pr-checks:
    pr-checks/sync.sh
 # Transpile typescript code into javascript
 build:
    npm run build
--- a/lib/analyze-action-post.js
+++ b/lib/analyze-action-post.js
@@ -41,7 +41,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
 const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const debugArtifacts = __importStar(require("./debug-artifacts"));
 const environment_1 = require("./environment");
@@ -58,9 +57,7 @@ async function runWrapper() {
        if (process.env[environment_1.EnvVar.INIT_ACTION_HAS_RUN] === "true") {
            const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
            if (config !== undefined) {
-                const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+                await (0, logging_1.withGroup)("Uploading combined SARIF debug artifact", () => debugArtifacts.uploadCombinedSarifArtifacts(logger, config.gitHubVersion.type));
                const version = await codeql.getVersion();
                await debugArtifacts.uploadCombinedSarifArtifacts(logger, config.gitHubVersion.type, version.version);
            }
        }
    }
--- a/lib/analyze-action-post.js.map
+++ b/lib/analyze-action-post.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAAgD;AAChD,qCAAqC;AACrC,iDAA2C;AAC3C,kEAAoD;AACpD,+CAAuC;AACvC,uCAA6C;AAC7C,iCAAoE;AAEpE,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,WAAW,CAAC,aAAa,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,kFAAkF;QAClF,wFAAwF;QACxF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAC5B,WAAW,CAAC,qBAAqB,EAAE,EACnC,MAAM,CACP,CAAC;YACF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBACjD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC;gBAC1C,MAAM,cAAc,CAAC,4BAA4B,CAC/C,MAAM,EACN,MAAM,CAAC,aAAa,CAAC,IAAI,EACzB,OAAO,CAAC,OAAO,CAChB,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAAgD;AAChD,iDAA2C;AAC3C,kEAAoD;AACpD,+CAAuC;AACvC,uCAAwD;AACxD,iCAAoE;AAEpE,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,WAAW,CAAC,aAAa,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,kFAAkF;QAClF,wFAAwF;QACxF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAC5B,WAAW,CAAC,qBAAqB,EAAE,EACnC,MAAM,CACP,CAAC;YACF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,IAAA,mBAAS,EAAC,yCAAyC,EAAE,GAAG,EAAE,CAC9D,cAAc,CAAC,4BAA4B,CACzC,MAAM,EACN,MAAM,CAAC,aAAa,CAAC,IAAI,CAC1B,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -160,14 +160,6 @@ async function run() {
    let dbCreationTimings = undefined;
    let didUploadTrapCaches = false;
    util.initializeEnvironment(actionsUtil.getActionVersion());
    // Unset the CODEQL_PROXY_* environment variables, as they are not needed
    // and can cause issues with the CodeQL CLI
    // Check for CODEQL_PROXY_HOST: and if it is empty but set, unset it
    if (process.env.CODEQL_PROXY_HOST === "") {
        delete process.env.CODEQL_PROXY_HOST;
        delete process.env.CODEQL_PROXY_PORT;
        delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
    }
    // Make inputs accessible in the `post` step, details at
    // https://github.com/github/codeql-action/issues/2553
    actionsUtil.persistInputs();
--- a/lib/analyze-action.js.map
+++ b/lib/analyze-action.js.map
--- a/lib/analyze.js
+++ b/lib/analyze.js
@@ -55,7 +55,6 @@ const api_client_1 = require("./api-client");
 const autobuild_1 = require("./autobuild");
 const codeql_1 = require("./codeql");
 const diagnostics_1 = require("./diagnostics");
 const diff_filtering_utils_1 = require("./diff-filtering-utils");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
@@ -369,9 +368,6 @@ extensions:
    const extensionFilePath = path.join(diffRangeDir, "pr-diff-range.yml");
    fs.writeFileSync(extensionFilePath, extensionContents);
    logger.debug(`Wrote pr-diff-range extension pack to ${extensionFilePath}:\n${extensionContents}`);
    // Write the diff ranges to a JSON file, for action-side alert filtering by the
    // upload-lib module.
    (0, diff_filtering_utils_1.writeDiffRangesJsonFile)(logger, ranges);
    return diffRangeDir;
 }
 // Runs queries and creates sarif files in the given folder
--- a/lib/analyze.js.map
+++ b/lib/analyze.js.map
--- a/lib/cli-errors.js
+++ b/lib/cli-errors.js
@@ -110,7 +110,6 @@ function extractAutobuildErrors(error) {
 var CliConfigErrorCategory;
 (function (CliConfigErrorCategory) {
    CliConfigErrorCategory["AutobuildError"] = "AutobuildError";
    CliConfigErrorCategory["CouldNotCreateTempDir"] = "CouldNotCreateTempDir";
    CliConfigErrorCategory["ExternalRepositoryCloneFailed"] = "ExternalRepositoryCloneFailed";
    CliConfigErrorCategory["GradleBuildFailed"] = "GradleBuildFailed";
    CliConfigErrorCategory["IncompatibleWithActionVersion"] = "IncompatibleWithActionVersion";
@@ -127,7 +126,6 @@ var CliConfigErrorCategory;
    CliConfigErrorCategory["OutOfMemoryOrDisk"] = "OutOfMemoryOrDisk";
    CliConfigErrorCategory["PackCannotBeFound"] = "PackCannotBeFound";
    CliConfigErrorCategory["PackMissingAuth"] = "PackMissingAuth";
    CliConfigErrorCategory["RateLimitExhausted"] = "RateLimitExhausted";
    CliConfigErrorCategory["SwiftBuildFailed"] = "SwiftBuildFailed";
    CliConfigErrorCategory["UnsupportedBuildMode"] = "UnsupportedBuildMode";
 })(CliConfigErrorCategory || (exports.CliConfigErrorCategory = CliConfigErrorCategory = {}));
@@ -141,9 +139,6 @@ exports.cliErrorsConfig = {
            new RegExp("We were unable to automatically build your code"),
        ],
    },
    [CliConfigErrorCategory.CouldNotCreateTempDir]: {
        cliErrorMessageCandidates: [new RegExp("Could not create temp directory")],
    },
    [CliConfigErrorCategory.ExternalRepositoryCloneFailed]: {
        cliErrorMessageCandidates: [
            new RegExp("Failed to clone external Git repository"),
@@ -234,11 +229,6 @@ exports.cliErrorsConfig = {
            new RegExp("Do you need to specify a token to authenticate to the registry?"),
        ],
    },
    [CliConfigErrorCategory.RateLimitExhausted]: {
        cliErrorMessageCandidates: [
            new RegExp("API rate limit exceeded for installation\\. If you reach out to GitHub Support for help, please include the request ID"),
        ],
    },
    [CliConfigErrorCategory.SwiftBuildFailed]: {
        cliErrorMessageCandidates: [
            new RegExp("\\[autobuilder/build\\] \\[build-command-failed\\] `autobuild` failed to run the build command"),
--- a/lib/cli-errors.js.map
+++ b/lib/cli-errors.js.map
--- a/lib/codeql.js
+++ b/lib/codeql.js
@@ -133,11 +133,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
        };
    }
    catch (e) {
-        const ErrorClass = e instanceof util.ConfigurationError ||
+        throw new Error(`Unable to download and extract CodeQL CLI: ${(0, util_1.getErrorMessage)(e)}${e instanceof Error && e.stack ? `\n\nDetails: ${e.stack}` : ""}`);
            (e instanceof Error && e.message.includes("ENOSPC")) // out of disk space
            ? util.ConfigurationError
            : Error;
        throw new ErrorClass(`Unable to download and extract CodeQL CLI: ${(0, util_1.getErrorMessage)(e)}${e instanceof Error && e.stack ? `\n\nDetails: ${e.stack}` : ""}`);
    }
 }
 /**
@@ -262,18 +258,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                extraArgs.push(`--trace-process-name=${processName}`);
            }
            if (config.languages.indexOf(languages_1.Language.actions) >= 0) {
                // We originally added an embedded version of the Actions extractor to the CodeQL Action
                // itself in order to deploy the extractor between CodeQL releases. When we did add the
                // extractor to the CLI, though, its autobuild script was missing the execute bit.
                // 2.20.6 is the first CLI release with the fully-functional extractor in the CLI. For older
                // versions, we'll keep using the embedded extractor. We can remove the embedded extractor
                // once 2.20.6 is deployed in the runner images.
                if (!(await util.codeQlVersionAtLeast(codeql, "2.20.6"))) {
                extraArgs.push("--search-path");
                const extractorPath = path.resolve(__dirname, "../actions-extractor");
                extraArgs.push(extractorPath);
            }
            }
            const codeScanningConfigFile = await generateCodeScanningConfig(config, logger);
            const externalRepositoryToken = (0, actions_util_1.getOptionalInput)("external-repository-token");
            extraArgs.push(`--codescanning-config=${codeScanningConfigFile}`);
--- a/lib/codeql.js.map
+++ b/lib/codeql.js.map
--- a/lib/debug-artifacts.js
+++ b/lib/debug-artifacts.js
@@ -53,7 +53,6 @@ const analyze_1 = require("./analyze");
 const codeql_1 = require("./codeql");
 const environment_1 = require("./environment");
 const logging_1 = require("./logging");
 const tools_features_1 = require("./tools-features");
 const util_1 = require("./util");
 function sanitizeArtifactName(name) {
    return name.replace(/[^a-zA-Z0-9_\\-]+/g, "");
@@ -62,11 +61,10 @@ function sanitizeArtifactName(name) {
 * Upload Actions SARIF artifacts for debugging when CODEQL_ACTION_DEBUG_COMBINED_SARIF
 * environment variable is set
 */
-async function uploadCombinedSarifArtifacts(logger, gitHubVariant, codeQlVersion) {
+async function uploadCombinedSarifArtifacts(logger, gitHubVariant) {
    const tempDir = (0, actions_util_1.getTemporaryDirectory)();
    // Upload Actions SARIF artifacts for debugging when environment variable is set
    if (process.env["CODEQL_ACTION_DEBUG_COMBINED_SARIF"] === "true") {
        await (0, logging_1.withGroup)("Uploading combined SARIF debug artifact", async () => {
        logger.info("Uploading available combined SARIF files as Actions debugging artifact...");
        const baseTempDir = path.resolve(tempDir, "combined-sarif");
        const toUpload = [];
@@ -82,12 +80,11 @@ async function uploadCombinedSarifArtifacts(logger, gitHubVariant, codeQlVersion
            }
        }
        try {
-                await uploadDebugArtifacts(logger, toUpload, baseTempDir, "combined-sarif-artifacts", gitHubVariant, codeQlVersion);
+            await uploadDebugArtifacts(logger, toUpload, baseTempDir, "combined-sarif-artifacts", gitHubVariant);
        }
        catch (e) {
            logger.warning(`Failed to upload combined SARIF files as Actions debugging artifact. Reason: ${(0, util_1.getErrorMessage)(e)}`);
        }
        });
    }
 }
 /**
@@ -143,7 +140,7 @@ async function tryBundleDatabase(config, language, logger) {
 *
 * Logs and suppresses any errors that occur.
 */
-async function tryUploadAllAvailableDebugArtifacts(config, logger, codeQlVersion) {
+async function tryUploadAllAvailableDebugArtifacts(config, logger) {
    const filesToUpload = [];
    try {
        for (const language of config.languages) {
@@ -183,23 +180,18 @@ async function tryUploadAllAvailableDebugArtifacts(config, logger, codeQlVersion
        return;
    }
    try {
-        await (0, logging_1.withGroup)("Uploading debug artifacts", async () => uploadDebugArtifacts(logger, filesToUpload, config.dbLocation, config.debugArtifactName, config.gitHubVersion.type, codeQlVersion));
+        await (0, logging_1.withGroup)("Uploading debug artifacts", async () => uploadDebugArtifacts(logger, filesToUpload, config.dbLocation, config.debugArtifactName, config.gitHubVersion.type));
    }
    catch (e) {
        logger.warning(`Failed to upload debug artifacts. Reason: ${(0, util_1.getErrorMessage)(e)}`);
    }
 }
-async function uploadDebugArtifacts(logger, toUpload, rootDir, artifactName, ghVariant, codeQlVersion) {
+async function uploadDebugArtifacts(logger, toUpload, rootDir, artifactName, ghVariant) {
    if (toUpload.length === 0) {
-        return "no-artifacts-to-upload";
+        return;
    }
    const uploadSupported = (0, tools_features_1.isSafeArtifactUpload)(codeQlVersion);
    if (!uploadSupported) {
        core.info(`Skipping debug artifact upload because the current CLI does not support safe upload. Please upgrade to CLI v${tools_features_1.SafeArtifactUploadVersion} or later.`);
        return "upload-not-supported";
    }
    let suffix = "";
-    const matrix = (0, actions_util_1.getOptionalInput)("matrix");
+    const matrix = (0, actions_util_1.getRequiredInput)("matrix");
    if (matrix) {
        try {
            for (const [, matrixVal] of Object.entries(JSON.parse(matrix)).sort())
@@ -215,12 +207,10 @@ async function uploadDebugArtifacts(logger, toUpload, rootDir, artifactName, ghV
            // ensure we don't keep the debug artifacts around for too long since they can be large.
            retentionDays: 7,
        });
        return "upload-successful";
    }
    catch (e) {
        // A failure to upload debug artifacts should not fail the entire action.
        core.warning(`Failed to upload debug artifacts: ${e}`);
        return "upload-failed";
    }
 }
 // `@actions/artifact@v2` is not yet supported on GHES so the legacy version of the client will be used on GHES
--- a/lib/debug-artifacts.js.map
+++ b/lib/debug-artifacts.js.map
--- a/lib/debug-artifacts.test.js
+++ b/lib/debug-artifacts.test.js
@@ -46,47 +46,9 @@ const util_1 = require("./util");
    t.deepEqual(debugArtifacts.sanitizeArtifactName("hello===123"), "hello123");
    t.deepEqual(debugArtifacts.sanitizeArtifactName("*m)a&n^y%i££n+v!a:l[i]d"), "manyinvalid");
 });
-// These next tests check the correctness of the logic to determine whether or not
+(0, ava_1.default)("uploadDebugArtifacts", async (t) => {
 // artifacts are uploaded in debug mode. Since it's not easy to mock the actual
 // call to upload an artifact, we just check that we get an "upload-failed" result,
 // instead of actually uploading the artifact.
 //
 // For tests where we expect artifact upload to be blocked, we check for a different
 // response from the function.
 (0, ava_1.default)("uploadDebugArtifacts when artifacts empty should emit 'no-artifacts-to-upload'", async (t) => {
    // Test that no error is thrown if artifacts list is empty.
    const logger = (0, logging_1.getActionsLogger)();
-    await t.notThrowsAsync(async () => {
+    await t.notThrowsAsync(debugArtifacts.uploadDebugArtifacts(logger, [], "rootDir", "artifactName", util_1.GitHubVariant.DOTCOM));
        const uploaded = await debugArtifacts.uploadDebugArtifacts(logger, [], "i-dont-exist", "artifactName", util_1.GitHubVariant.DOTCOM, undefined);
        t.is(uploaded, "no-artifacts-to-upload", "Should not have uploaded any artifacts");
    });
 });
 (0, ava_1.default)("uploadDebugArtifacts when no codeql version is used should invoke artifact upload", async (t) => {
    // Test that the artifact is uploaded.
    const logger = (0, logging_1.getActionsLogger)();
    await t.notThrowsAsync(async () => {
        const uploaded = await debugArtifacts.uploadDebugArtifacts(logger, ["hucairz"], "i-dont-exist", "artifactName", util_1.GitHubVariant.DOTCOM, undefined);
        t.is(uploaded, 
        // The failure is expected since we don't want to actually upload any artifacts in unit tests.
        "upload-failed", "Expect failure to upload artifacts since root dir does not exist");
    });
 });
 (0, ava_1.default)("uploadDebugArtifacts when new codeql version is used should invoke artifact upload", async (t) => {
    // Test that the artifact is uploaded.
    const logger = (0, logging_1.getActionsLogger)();
    await t.notThrowsAsync(async () => {
        const uploaded = await debugArtifacts.uploadDebugArtifacts(logger, ["hucairz"], "i-dont-exist", "artifactName", util_1.GitHubVariant.DOTCOM, "2.20.3");
        t.is(uploaded, 
        // The failure is expected since we don't want to actually upload any artifacts in unit tests.
        "upload-failed", "Expect failure to upload artifacts since root dir does not exist");
    });
 });
 (0, ava_1.default)("uploadDebugArtifacts when old codeql is used should avoid trying to upload artifacts", async (t) => {
    // Test that the artifact is not uploaded.
    const logger = (0, logging_1.getActionsLogger)();
    await t.notThrowsAsync(async () => {
        const uploaded = await debugArtifacts.uploadDebugArtifacts(logger, ["hucairz"], "i-dont-exist", "artifactName", util_1.GitHubVariant.DOTCOM, "2.20.2");
        t.is(uploaded, "upload-not-supported", "Expected artifact upload to be blocked because of old CodeQL version");
    });
 });
 //# sourceMappingURL=debug-artifacts.test.js.map
--- a/lib/debug-artifacts.test.js.map
+++ b/lib/debug-artifacts.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AACpD,uCAA6C;AAC7C,iCAAuC;AAEvC,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,kFAAkF;AAClF,+EAA+E;AAC/E,mFAAmF;AACnF,8CAA8C;AAC9C,EAAE;AACF,oFAAoF;AACpF,8BAA8B;AAE9B,IAAA,aAAI,EAAC,gFAAgF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACjG,2DAA2D;IAC3D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,EAAE,EACF,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,wBAAwB,EACxB,wCAAwC,CACzC,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oFAAoF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sFAAsF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvG,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,sBAAsB,EACtB,sEAAsE,CACvE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AACpD,uCAA6C;AAC7C,iCAAuC;AAEvC,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvC,2DAA2D;IAC3D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CACpB,cAAc,CAAC,oBAAoB,CACjC,MAAM,EACN,EAAE,EACF,SAAS,EACT,cAAc,EACd,oBAAa,CAAC,MAAM,CACrB,CACF,CAAC;AACJ,CAAC,CAAC,CAAC"}
--- a/lib/defaults.json
+++ b/lib/defaults.json
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.20.5",
+    "bundleVersion": "codeql-bundle-v2.20.1",
-    "cliVersion": "2.20.5",
+    "cliVersion": "2.20.1",
-    "priorBundleVersion": "codeql-bundle-v2.20.4",
+    "priorBundleVersion": "codeql-bundle-v2.20.0",
-    "priorCliVersion": "2.20.4"
+    "priorCliVersion": "2.20.0"
 }
--- a/lib/diff-filtering-utils.js
+++ b/lib/diff-filtering-utils.js
@@ -1,60 +0,0 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    var desc = Object.getOwnPropertyDescriptor(m, k);
    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
      desc = { enumerable: true, get: function() { return m[k]; } };
    }
    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
    if (k2 === undefined) k2 = k;
    o[k2] = m[k];
 }));
 var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
    Object.defineProperty(o, "default", { enumerable: true, value: v });
 }) : function(o, v) {
    o["default"] = v;
 });
 var __importStar = (this && this.__importStar) || (function () {
    var ownKeys = function(o) {
        ownKeys = Object.getOwnPropertyNames || function (o) {
            var ar = [];
            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
            return ar;
        };
        return ownKeys(o);
    };
    return function (mod) {
        if (mod && mod.__esModule) return mod;
        var result = {};
        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
        __setModuleDefault(result, mod);
        return result;
    };
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.writeDiffRangesJsonFile = writeDiffRangesJsonFile;
 exports.readDiffRangesJsonFile = readDiffRangesJsonFile;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const actionsUtil = __importStar(require("./actions-util"));
 function getDiffRangesJsonFilePath() {
    return path.join(actionsUtil.getTemporaryDirectory(), "pr-diff-range.json");
 }
 function writeDiffRangesJsonFile(logger, ranges) {
    const jsonContents = JSON.stringify(ranges, null, 2);
    const jsonFilePath = getDiffRangesJsonFilePath();
    fs.writeFileSync(jsonFilePath, jsonContents);
    logger.debug(`Wrote pr-diff-range JSON file to ${jsonFilePath}:\n${jsonContents}`);
 }
 function readDiffRangesJsonFile(logger) {
    const jsonFilePath = getDiffRangesJsonFilePath();
    if (!fs.existsSync(jsonFilePath)) {
        logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`);
        return undefined;
    }
    const jsonContents = fs.readFileSync(jsonFilePath, "utf8");
    logger.debug(`Read pr-diff-range JSON file from ${jsonFilePath}:\n${jsonContents}`);
    return JSON.parse(jsonContents);
 }
 //# sourceMappingURL=diff-filtering-utils.js.map
--- a/lib/diff-filtering-utils.js.map
+++ b/lib/diff-filtering-utils.js.map
@@ -1 +0,0 @@
 {"version":3,"file":"diff-filtering-utils.js","sourceRoot":"","sources":["../src/diff-filtering-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgBA,0DAUC;AAED,wDAaC;AAzCD,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAS9C,SAAS,yBAAyB;IAChC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,oBAAoB,CAAC,CAAC;AAC9E,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAAc,EACd,MAAwB;IAExB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAC7C,MAAM,CAAC,KAAK,CACV,oCAAoC,YAAY,MAAM,YAAY,EAAE,CACrE,CAAC;AACJ,CAAC;AAED,SAAgB,sBAAsB,CACpC,MAAc;IAEd,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,KAAK,CAAC,2CAA2C,YAAY,EAAE,CAAC,CAAC;QACxE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC3D,MAAM,CAAC,KAAK,CACV,qCAAqC,YAAY,MAAM,YAAY,EAAE,CACtE,CAAC;IACF,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAqB,CAAC;AACtD,CAAC"}
--- a/lib/feature-flags.js
+++ b/lib/feature-flags.js
@@ -68,7 +68,6 @@ var Feature;
    Feature["ExtractToToolcache"] = "extract_to_toolcache";
    Feature["PythonDefaultIsToNotExtractStdlib"] = "python_default_is_to_not_extract_stdlib";
    Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
    Feature["RustAnalysis"] = "rust_analysis";
    Feature["ZstdBundleStreamingExtraction"] = "zstd_bundle_streaming_extraction";
 })(Feature || (exports.Feature = Feature = {}));
 exports.featureConfig = {
@@ -133,11 +132,6 @@ exports.featureConfig = {
        minimumVersion: undefined,
        toolsFeature: tools_features_1.ToolsFeature.PythonDefaultIsToNotExtractStdlib,
    },
    [Feature.RustAnalysis]: {
        defaultValue: false,
        envVar: "CODEQL_ACTION_RUST_ANALYSIS",
        minimumVersion: "2.19.3",
    },
    [Feature.QaTelemetryEnabled]: {
        defaultValue: false,
        envVar: "CODEQL_ACTION_QA_TELEMETRY",
--- a/lib/feature-flags.js.map
+++ b/lib/feature-flags.js.map
--- a/lib/init-action-post-helper.js
+++ b/lib/init-action-post-helper.js
@@ -142,9 +142,7 @@ async function run(uploadAllAvailableDebugArtifacts, printDebugLogs, config, rep
    // Upload appropriate Actions artifacts for debugging
    if (config.debugMode) {
        logger.info("Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...");
-        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+        await uploadAllAvailableDebugArtifacts(config, logger, features);
        const version = await codeql.getVersion();
        await uploadAllAvailableDebugArtifacts(config, logger, version.version);
        await printDebugLogs(config);
    }
    if (actionsUtil.isSelfHostedRunner()) {
--- a/lib/init-action-post-helper.js.map
+++ b/lib/init-action-post-helper.js.map
--- a/lib/init-action-post.js
+++ b/lib/init-action-post.js
@@ -64,11 +64,10 @@ async function runWrapper() {
        config = await (0, config_utils_1.getConfig)((0, actions_util_1.getTemporaryDirectory)(), logger);
        if (config === undefined) {
            logger.warning("Debugging artifacts are unavailable since the 'init' Action failed before it could produce any.");
            return;
        }
        else {
        uploadFailedSarifResult = await initActionPostHelper.run(debugArtifacts.tryUploadAllAvailableDebugArtifacts, actions_util_1.printDebugLogs, config, repositoryNwo, features, logger);
    }
    }
    catch (unwrappedError) {
        const error = (0, util_1.wrapError)(unwrappedError);
        core.setFailed(error.message);
--- a/lib/init-action-post.js.map
+++ b/lib/init-action-post.js.map
@@ -1 +1 @@
-{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,iDAAmD;AACnD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,mDAOyB;AACzB,iCAKgB;AAOhB,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,qCAAqC;QACrC,IAAA,4BAAa,GAAE,CAAC;QAEhB,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,mCAAmC,EAClD,6BAAc,EACd,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,SAAS,GAAG,oBAAoB,CAAC,iBAAiB,EAAE,CAAC;IAC3D,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAA,uCAAuB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE5E,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAAyB;YACzC,GAAG,gBAAgB;YACnB,GAAG,uBAAuB;YAC1B,UAAU,EAAE,oBAAoB,CAAC,iBAAiB,EAAE;SACrD,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,iDAAmD;AACnD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,mDAOyB;AACzB,iCAKgB;AAOhB,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,qCAAqC;QACrC,IAAA,4BAAa,GAAE,CAAC;QAEhB,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;YACF,OAAO;QACT,CAAC;QAED,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,mCAAmC,EAClD,6BAAc,EACd,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IACJ,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,SAAS,GAAG,oBAAoB,CAAC,iBAAiB,EAAE,CAAC;IAC3D,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAA,uCAAuB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE5E,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAAyB;YACzC,GAAG,gBAAgB;YACnB,GAAG,uBAAuB;YAC1B,UAAU,EAAE,oBAAoB,CAAC,iBAAiB,EAAE;SACrD,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
--- a/lib/init-action.js
+++ b/lib/init-action.js
@@ -37,7 +37,6 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const io = __importStar(require("@actions/io"));
 const semver = __importStar(require("semver"));
 const uuid_1 = require("uuid");
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
@@ -318,11 +317,6 @@ async function run() {
        if (await features.getValue(feature_flags_1.Feature.DisableKotlinAnalysisEnabled)) {
            core.exportVariable("CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN", "true");
        }
        const kotlinLimitVar = "CODEQL_EXTRACTOR_KOTLIN_OVERRIDE_MAXIMUM_VERSION_LIMIT";
        if ((await (0, util_1.codeQlVersionAtLeast)(codeql, "2.20.3")) &&
            !(await (0, util_1.codeQlVersionAtLeast)(codeql, "2.20.4"))) {
            core.exportVariable(kotlinLimitVar, "2.1.20");
        }
        if (config.languages.includes(languages_1.Language.cpp)) {
            const envVar = "CODEQL_EXTRACTOR_CPP_TRAP_CACHING";
            if (process.env[envVar]) {
@@ -346,26 +340,6 @@ async function run() {
            logger.info(`Setting C++ build-mode: none to ${value}`);
            core.exportVariable(bmnVar, value);
        }
        // Set CODEQL_ENABLE_EXPERIMENTAL_FEATURES for rust
        if (config.languages.includes(languages_1.Language.rust)) {
            const feat = feature_flags_1.Feature.RustAnalysis;
            const minVer = feature_flags_1.featureConfig[feat].minimumVersion;
            const envVar = "CODEQL_ENABLE_EXPERIMENTAL_FEATURES";
            // if in default setup, it means the feature flag was on when rust was enabled
            // if the feature flag gets turned off, let's not have rust analysis throwing a configuration error
            // in that case rust analysis will be disabled only when default setup is refreshed
            if ((0, actions_util_1.isDefaultSetup)() || (await features.getValue(feat, codeql))) {
                core.exportVariable(envVar, "true");
            }
            if (process.env[envVar] !== "true") {
                throw new util_1.ConfigurationError(`Experimental and not officially supported Rust analysis requires setting ${envVar}=true in the environment`);
            }
            const actualVer = (await codeql.getVersion()).version;
            if (semver.lt(actualVer, minVer)) {
                throw new util_1.ConfigurationError(`Experimental rust analysis is supported by CodeQL CLI version ${minVer} or higher, but found version ${actualVer}`);
            }
            logger.info("Experimental rust analysis enabled");
        }
        // Restore dependency cache(s), if they exist.
        if ((0, caching_utils_1.shouldRestoreCache)(config.dependencyCachingEnabled)) {
            await (0, dependency_caching_1.downloadDependencyCaches)(config.languages, logger);
--- a/Show More
+++ b/Show More
		`@@ -1 +1 @@`
			{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAAgD;AAChD,qCAAqC;AACrC,iDAA2C;AAC3C,kEAAoD;AACpD,+CAAuC;AACvC,uCAA6C;AAC7C,iCAAoE;AAEpE,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,WAAW,CAAC,aAAa,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,kFAAkF;QAClF,wFAAwF;QACxF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAC5B,WAAW,CAAC,qBAAqB,EAAE,EACnC,MAAM,CACP,CAAC;YACF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBACjD,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,UAAU,EAAE,CAAC;gBAC1C,MAAM,cAAc,CAAC,4BAA4B,CAC/C,MAAM,EACN,MAAM,CAAC,aAAa,CAAC,IAAI,EACzB,OAAO,CAAC,OAAO,CAChB,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}				{"version":3,"file":"analyze-action-post.js","sourceRoot":"","sources":["../src/analyze-action-post.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;;;;GAIG;AACH,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAAgD;AAChD,iDAA2C;AAC3C,kEAAoD;AACpD,+CAAuC;AACvC,uCAAwD;AACxD,iCAAoE;AAEpE,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,WAAW,CAAC,aAAa,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,kFAAkF;QAClF,wFAAwF;QACxF,IAAI,OAAO,CAAC,GAAG,CAAC,oBAAM,CAAC,mBAAmB,CAAC,KAAK,MAAM,EAAE,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAC5B,WAAW,CAAC,qBAAqB,EAAE,EACnC,MAAM,CACP,CAAC;YACF,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;gBACzB,MAAM,IAAA,mBAAS,EAAC,yCAAyC,EAAE,GAAG,EAAE,CAC9D,cAAc,CAAC,4BAA4B,CACzC,MAAM,EACN,MAAM,CAAC,aAAa,CAAC,IAAI,CAC1B,CACF,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CACZ,oCAAoC,IAAA,sBAAe,EAAC,KAAK,CAAC,EAAE,CAC7D,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
		`@@ -1 +1 @@`
			{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AACpD,uCAA6C;AAC7C,iCAAuC;AAEvC,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,kFAAkF;AAClF,+EAA+E;AAC/E,mFAAmF;AACnF,8CAA8C;AAC9C,EAAE;AACF,oFAAoF;AACpF,8BAA8B;AAE9B,IAAA,aAAI,EAAC,gFAAgF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACjG,2DAA2D;IAC3D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,EAAE,EACF,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,wBAAwB,EACxB,wCAAwC,CACzC,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,mFAAmF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,SAAS,CACV,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,oFAAoF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACrG,sCAAsC;IACtC,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ;QACR,8FAA8F;QAC9F,eAAe,EACf,kEAAkE,CACnE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sFAAsF,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvG,0CAA0C;IAC1C,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CAAC,KAAK,IAAI,EAAE;QAChC,MAAM,QAAQ,GAAG,MAAM,cAAc,CAAC,oBAAoB,CACxD,MAAM,EACN,CAAC,SAAS,CAAC,EACX,cAAc,EACd,cAAc,EACd,oBAAa,CAAC,MAAM,EACpB,QAAQ,CACT,CAAC;QACF,CAAC,CAAC,EAAE,CACF,QAAQ,EACR,sBAAsB,EACtB,sEAAsE,CACvE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}				{"version":3,"file":"debug-artifacts.test.js","sourceRoot":"","sources":["../src/debug-artifacts.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AAEvB,kEAAoD;AACpD,uCAA6C;AAC7C,iCAAuC;AAEvC,IAAA,aAAI,EAAC,sBAAsB,EAAE,CAAC,CAAC,EAAE,EAAE;IACjC,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,cAAc,CACf,CAAC;IACF,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,cAAc,CAAC,EACnD,YAAY,CACb,CAAC;IACF,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,oBAAoB,CAAC,aAAa,CAAC,EAAE,UAAU,CAAC,CAAC;IAC5E,CAAC,CAAC,SAAS,CACT,cAAc,CAAC,oBAAoB,CAAC,yBAAyB,CAAC,EAC9D,aAAa,CACd,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvC,2DAA2D;IAC3D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,CAAC,CAAC,cAAc,CACpB,cAAc,CAAC,oBAAoB,CACjC,MAAM,EACN,EAAE,EACF,SAAS,EACT,cAAc,EACd,oBAAa,CAAC,MAAM,CACrB,CACF,CAAC;AACJ,CAAC,CAAC,CAAC"}
		`@@ -1 +0,0 @@`
			{"version":3,"file":"diff-filtering-utils.js","sourceRoot":"","sources":["../src/diff-filtering-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgBA,0DAUC;AAED,wDAaC;AAzCD,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAS9C,SAAS,yBAAyB;IAChC,OAAO,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,oBAAoB,CAAC,CAAC;AAC9E,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAAc,EACd,MAAwB;IAExB,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACrD,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;IAC7C,MAAM,CAAC,KAAK,CACV,oCAAoC,YAAY,MAAM,YAAY,EAAE,CACrE,CAAC;AACJ,CAAC;AAED,SAAgB,sBAAsB,CACpC,MAAc;IAEd,MAAM,YAAY,GAAG,yBAAyB,EAAE,CAAC;IACjD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QACjC,MAAM,CAAC,KAAK,CAAC,2CAA2C,YAAY,EAAE,CAAC,CAAC;QACxE,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,YAAY,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IAC3D,MAAM,CAAC,KAAK,CACV,qCAAqC,YAAY,MAAM,YAAY,EAAE,CACtE,CAAC;IACF,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAqB,CAAC;AACtD,CAAC"}
		`@@ -1 +1 @@`
			{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,iDAAmD;AACnD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,mDAOyB;AACzB,iCAKgB;AAOhB,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,qCAAqC;QACrC,IAAA,4BAAa,GAAE,CAAC;QAEhB,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,mCAAmC,EAClD,6BAAc,EACd,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,SAAS,GAAG,oBAAoB,CAAC,iBAAiB,EAAE,CAAC;IAC3D,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAA,uCAAuB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE5E,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAAyB;YACzC,GAAG,gBAAgB;YACnB,GAAG,uBAAuB;YAC1B,UAAU,EAAE,oBAAoB,CAAC,iBAAiB,EAAE;SACrD,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}				{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,iDAAmD;AACnD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,mDAOyB;AACzB,iCAKgB;AAOhB,KAAK,UAAU,UAAU;IACvB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,uBAES,CAAC;IACd,IAAI,CAAC;QACH,qCAAqC;QACrC,IAAA,4BAAa,GAAE,CAAC;QAEhB,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;YACF,OAAO;QACT,CAAC;QAED,uBAAuB,GAAG,MAAM,oBAAoB,CAAC,GAAG,CACtD,cAAc,CAAC,mCAAmC,EAClD,6BAAc,EACd,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IACJ,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE9B,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,IAAA,gCAAgB,EAAC,KAAK,CAAC,EACvB,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QACD,OAAO;IACT,CAAC;IACD,MAAM,SAAS,GAAG,oBAAoB,CAAC,iBAAiB,EAAE,CAAC;IAC3D,MAAM,CAAC,IAAI,CAAC,yBAAyB,IAAA,uCAAuB,EAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAE5E,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,QAAQ,EACnB,SAAS,EACT,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAAyB;YACzC,GAAG,gBAAgB;YACnB,GAAG,uBAAuB;YAC1B,UAAU,EAAE,oBAAoB,CAAC,iBAAiB,EAAE;SACrD,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}