Merge pull request #1051 from github/henrymercer/run-atm-on-windows

Run ML-powered queries on Windows with CodeQL CLI 2.9.0+
Merge remote-tracking branch 'origin/main' into henrymercer/run-atm-on-windows
2026-01-01 04:00:24 +08:00 · 2022-05-11 20:03:26 +01:00 · 2022-05-11 19:32:14 +01:00 · 2022-05-11 18:36:28 +01:00 · 2022-05-11 16:59:06 +01:00 · 2022-05-11 15:51:54 +00:00
156 changed files with 7858 additions and 1028 deletions
--- a/.github/update-release-branch.py
+++ b/.github/update-release-branch.py
@@ -19,15 +19,19 @@ V1_MODE = 'v1-release'
 # Value of the mode flag for a v2 release
 V2_MODE = 'v2-release'
 SOURCE_BRANCH_FOR_MODE = { V1_MODE: 'releases/v2', V2_MODE: 'main' }
 TARGET_BRANCH_FOR_MODE = { V1_MODE: 'releases/v1', V2_MODE: 'releases/v2' }
 # Name of the remote
 ORIGIN = 'origin'
 # Runs git with the given args and returns the stdout.
-# Raises an error if git does not exit successfully.
+# Raises an error if git does not exit successfully (unless passed
-def run_git(*args):
+# allow_non_zero_exit_code=True).
 def run_git(*args, allow_non_zero_exit_code=False):
  cmd = ['git', *args]
  p = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-  if (p.returncode != 0):
+  if not allow_non_zero_exit_code and p.returncode != 0:
    raise Exception('Call to ' + ' '.join(cmd) + ' exited with code ' + str(p.returncode) + ' stderr:' + p.stderr.decode('ascii'))
  return p.stdout.decode('ascii')
@@ -36,7 +40,9 @@ def branch_exists_on_remote(branch_name):
  return run_git('ls-remote', '--heads', ORIGIN, branch_name).strip() != ''
 # Opens a PR from the given branch to the target branch
-def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, source_branch, target_branch, conductor, is_v2_release, labels):
+def open_pr(
  repo, all_commits, source_branch_short_sha, new_branch_name, source_branch, target_branch,
  conductor, is_v2_release, labels, conflicted_files):
  # Sort the commits into the pull requests that introduced them,
  # and any commits that don't have a pull request
  pull_requests = []
@@ -81,6 +87,12 @@ def open_pr(repo, all_commits, source_branch_short_sha, new_branch_name, source_
  body.append('')
  body.append('Please review the following:')
  if len(conflicted_files) > 0:
    body.append(' - [ ] You have added commits to this branch that resolve the merge conflicts ' +
      'in the following files:')
    body.extend([f'    - [ ] `{file}`' for file in conflicted_files])
    body.append(' - [ ] Another maintainer has reviewed the additional commits you added to this ' +
      'branch to resolve the merge conflicts.')
  body.append(' - [ ] The CHANGELOG displays the correct version and date.')
  body.append(' - [ ] The CHANGELOG includes all relevant, user-facing changes since the last release.')
  body.append(' - [ ] There are no unexpected commits being merged into the ' + target_branch + ' branch.')
@@ -191,8 +203,10 @@ def main():
    type=str,
    required=True,
    choices=[V2_MODE, V1_MODE],
-    help=f"Which release to perform. '{V2_MODE}' uses main as the source branch and v2 as the target branch. " +
+    help=f"Which release to perform. '{V2_MODE}' uses {SOURCE_BRANCH_FOR_MODE[V2_MODE]} as the source " +
-      f"'{V1_MODE}' uses v2 as the source branch and v1 as the target branch."
+      f"branch and {TARGET_BRANCH_FOR_MODE[V2_MODE]} as the target branch. " +
      f"'{V1_MODE}' uses {SOURCE_BRANCH_FOR_MODE[V1_MODE]} as the source branch and " +
      f"{TARGET_BRANCH_FOR_MODE[V1_MODE]} as the target branch."
  )
  parser.add_argument(
    '--conductor',
@@ -203,14 +217,8 @@ def main():
  args = parser.parse_args()
-  if args.mode == V2_MODE:
+  source_branch = SOURCE_BRANCH_FOR_MODE[args.mode]
-    source_branch = 'main'
+  target_branch = TARGET_BRANCH_FOR_MODE[args.mode]
    target_branch = 'v2'
  elif args.mode == V1_MODE:
    source_branch = 'v2'
    target_branch = 'v1'
  else:
    raise ValueError(f"Unexpected value for release mode: '{args.mode}'")
  repo = Github(args.github_token).get_repo(args.repository_nwo)
  version = get_current_version()
@@ -246,10 +254,15 @@ def main():
  # Create the new branch and push it to the remote
  print('Creating branch ' + new_branch_name)
  # The process of creating the v1 release can run into merge conflicts. We commit the unresolved
  # conflicts so a maintainer can easily resolve them (vs erroring and requiring maintainers to
  # reconstruct the release manually)
  conflicted_files = []
  if args.mode == V1_MODE:
-    # If we're performing a backport, start from the v1 branch
+    # If we're performing a backport, start from the target branch
-    print(f'Creating {new_branch_name} from the {ORIGIN}/v1 branch')
+    print(f'Creating {new_branch_name} from the {ORIGIN}/{target_branch} branch')
-    run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/v1')
+    run_git('checkout', '-b', new_branch_name, f'{ORIGIN}/{target_branch}')
    # Revert the commit that we made as part of the last release that updated the version number and
    # changelog to refer to 1.x.x variants. This avoids merge conflicts in the changelog and
@@ -274,7 +287,12 @@ def main():
      print('  Nothing to revert.')
    print(f'Merging {ORIGIN}/{source_branch} into the release prep branch')
-    run_git('merge', f'{ORIGIN}/{source_branch}', '--no-edit')
+    # Commit any conflicts (see the comment for `conflicted_files`)
    run_git('merge', f'{ORIGIN}/{source_branch}', allow_non_zero_exit_code=True)
    conflicted_files = run_git('diff', '--name-only', '--diff-filter', 'U').splitlines()
    if len(conflicted_files) > 0:
      run_git('add', '.')
      run_git('commit', '--no-edit')
    # Migrate the package version number from a v2 version number to a v1 version number
    print(f'Setting version number to {version}')
@@ -317,6 +335,7 @@ def main():
    conductor=args.conductor,
    is_v2_release=args.mode == V2_MODE,
    labels=['Update dependencies'] if args.mode == V1_MODE else [],
    conflicted_files=conflicted_files
  )
 if __name__ == '__main__':
--- a/.github/workflows/__analyze-ref-input.yml
+++ b/.github/workflows/__analyze-ref-input.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -69,7 +70,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
--- a/.github/workflows/__debug-artifacts.yml
+++ b/.github/workflows/__debug-artifacts.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -53,7 +54,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
@@ -70,7 +71,7 @@ jobs:
      run: ./build.sh
    - uses: ./../action/analyze
      id: analysis
-    - uses: actions/download-artifact@v2
+    - uses: actions/download-artifact@v3
      with:
        name: my-debug-artifacts-${{ matrix.os }}-${{ matrix.version }}
    - shell: bash
--- a/.github/workflows/__extractor-ram-threads.yml
+++ b/.github/workflows/__extractor-ram-threads.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -31,7 +32,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
--- a/.github/workflows/__go-custom-queries.yml
+++ b/.github/workflows/__go-custom-queries.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -69,13 +70,13 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - uses: actions/setup-go@v2
+    - uses: actions/setup-go@v3
      with:
        go-version: ^1.13.1
    - uses: ./../action/init
--- a/.github/workflows/__go-custom-tracing-autobuild.yml
+++ b/.github/workflows/__go-custom-tracing-autobuild.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -53,13 +54,13 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - uses: actions/setup-go@v2
+    - uses: actions/setup-go@v3
      with:
        go-version: ^1.13.1
    - uses: ./../action/init
--- a/.github/workflows/__go-custom-tracing.yml
+++ b/.github/workflows/__go-custom-tracing.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -69,13 +70,13 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - uses: actions/setup-go@v2
+    - uses: actions/setup-go@v3
      with:
        go-version: ^1.13.1
    - uses: ./../action/init
--- a/.github/workflows/__javascript-source-root.yml
+++ b/.github/workflows/__javascript-source-root.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -35,7 +36,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
--- a/.github/workflows/__ml-powered-queries.yml
+++ b/.github/workflows/__ml-powered-queries.yml
@@ -0,0 +1,129 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - ML-powered queries
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
  push:
    branches:
    - main
    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  ml-powered-queries:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: stable-20220120
        - os: macos-latest
          version: stable-20220120
        - os: windows-latest
          version: stable-20220120
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
          version: cached
        - os: windows-latest
          version: cached
        - os: ubuntu-latest
          version: latest
        - os: macos-latest
          version: latest
        - os: windows-latest
          version: latest
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
        - os: windows-latest
          version: nightly-latest
    name: ML-powered queries
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
    - uses: ./../action/init
      with:
        languages: javascript
        queries: security-extended
        source-root: ./../action/tests/ml-powered-queries-repo
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
        upload-database: false
      env:
        TEST_MODE: true
    - name: Upload SARIF
      uses: actions/upload-artifact@v3
      with:
        name: ml-powered-queries-${{ matrix.os }}-${{ matrix.version }}.sarif.json
        path: ${{ runner.temp }}/results/javascript.sarif
        retention-days: 7
    - name: Check results
    # Running ML-powered queries on Windows requires CodeQL CLI 2.9.0+. We don't run these checks
    # against Windows and `cached` while CodeQL CLI 2.9.0 makes its way into `cached` to avoid the
    # test starting to fail when the cached CodeQL Bundle gets updated. Once the CodeQL Bundle
    # containing CodeQL CLI 2.9.0 has been fully released, we can drop this line and start running
    # these checks on Windows and `cached`.
      if: matrix.os != 'windows-latest' || matrix.version != 'cached'
      env:
      # Running on Windows requires CodeQL CLI 2.9.0+, which has so far only made it to 'latest'.
        SHOULD_RUN_ML_POWERED_QUERIES: ${{ matrix.os != 'windows-latest' || matrix.version
          == 'latest' || matrix.version == 'nightly-latest' }}
      shell: bash
      run: |
        echo "Expecting ML-powered queries to be run: ${SHOULD_RUN_ML_POWERED_QUERIES}"
        cd "$RUNNER_TEMP/results"
        # We should run at least the ML-powered queries in `expected_rules`.
        expected_rules="js/ml-powered/nosql-injection js/ml-powered/path-injection js/ml-powered/sql-injection js/ml-powered/xss"
        for rule in ${expected_rules}; do
          found_rule=$(jq --arg rule "${rule}" '[.runs[0].tool.extensions[].rules | select(. != null) |
            flatten | .[].id] | any(. == $rule)' javascript.sarif)
          echo "Did find rule '${rule}': ${found_rule}"
          if [[ "${found_rule}" != "true" && "${SHOULD_RUN_ML_POWERED_QUERIES}" == "true" ]]; then
            echo "Expected SARIF output to contain rule '${rule}', but found no such rule."
            exit 1
          elif [[ "${found_rule}" == "true" && "${SHOULD_RUN_ML_POWERED_QUERIES}" != "true" ]]; then
            echo "Found rule '${rule}' in the SARIF output which shouldn't have been part of the analysis."
            exit 1
          fi
        done
        # We should have at least one alert from an ML-powered query.
        num_alerts=$(jq '[.runs[0].results[] |
          select(.properties.score != null and (.rule.id | startswith("js/ml-powered/")))] | length' \
          javascript.sarif)
        echo "Found ${num_alerts} alerts from ML-powered queries.";
        if [[ "${num_alerts}" -eq 0 && "${SHOULD_RUN_ML_POWERED_QUERIES}" == "true" ]]; then
          echo "Expected to find at least one alert from an ML-powered query but found ${num_alerts}."
          exit 1
        elif [[ "${num_alerts}" -ne 0 && "${SHOULD_RUN_ML_POWERED_QUERIES}" != "true" ]]; then
          echo "Expected not to find any alerts from an ML-powered query but found ${num_alerts}."
          exit 1
        fi
    env:
      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
--- a/.github/workflows/__multi-language-autodetect.yml
+++ b/.github/workflows/__multi-language-autodetect.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -53,7 +54,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
--- a/.github/workflows/__packaging-config-inputs-js.yml
+++ b/.github/workflows/__packaging-config-inputs-js.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -25,15 +26,33 @@ jobs:
      matrix:
        include:
        - os: ubuntu-latest
-          version: nightly-20210831
+          version: latest
        - os: macos-latest
-          version: nightly-20210831
+          version: latest
        - os: windows-2019
          version: latest
        - os: windows-2022
          version: latest
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
          version: cached
        - os: windows-2019
          version: cached
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
        - os: windows-2019
          version: nightly-latest
        - os: windows-2022
          version: nightly-latest
    name: 'Packaging: Config and input'
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
@@ -42,7 +61,7 @@ jobs:
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@0.1.0
+        packs: +dsp-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
@@ -57,11 +76,11 @@ jobs:
      shell: bash
      run: |
        cd "$RUNNER_TEMP/results"
-        # We should have 3 hits from these rules
+        # We should have 4 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block"
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
        # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)"
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
        echo "Found matching rules '$RULES'"
        if [ "$RULES" != "$EXPECTED_RULES" ]; then
          echo "Did not match expected rules '$EXPECTED_RULES'."
--- a/.github/workflows/__packaging-config-js.yml
+++ b/.github/workflows/__packaging-config-js.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -25,15 +26,33 @@ jobs:
      matrix:
        include:
        - os: ubuntu-latest
-          version: nightly-20210831
+          version: latest
        - os: macos-latest
-          version: nightly-20210831
+          version: latest
        - os: windows-2019
          version: latest
        - os: windows-2022
          version: latest
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
          version: cached
        - os: windows-2019
          version: cached
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
        - os: windows-2019
          version: nightly-latest
        - os: windows-2022
          version: nightly-latest
    name: 'Packaging: Config file'
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
@@ -56,11 +75,11 @@ jobs:
      shell: bash
      run: |
        cd "$RUNNER_TEMP/results"
-        # We should have 3 hits from these rules
+        # We should have 4 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block"
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
        # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)"
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
        echo "Found matching rules '$RULES'"
        if [ "$RULES" != "$EXPECTED_RULES" ]; then
          echo "Did not match expected rules '$EXPECTED_RULES'."
--- a/.github/workflows/__packaging-inputs-js.yml
+++ b/.github/workflows/__packaging-inputs-js.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -25,15 +26,33 @@ jobs:
      matrix:
        include:
        - os: ubuntu-latest
-          version: nightly-20210831
+          version: latest
        - os: macos-latest
-          version: nightly-20210831
+          version: latest
        - os: windows-2019
          version: latest
        - os: windows-2022
          version: latest
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
          version: cached
        - os: windows-2019
          version: cached
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
        - os: windows-2019
          version: nightly-latest
        - os: windows-2022
          version: nightly-latest
    name: 'Packaging: Action input'
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
@@ -43,7 +62,7 @@ jobs:
      with:
        config-file: .github/codeql/codeql-config-packaging2.yml
        languages: javascript
-        packs: dsp-testing/codeql-pack1@0.1.0, dsp-testing/codeql-pack2
+        packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2, dsp-testing/codeql-pack3:other-query.ql
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
      shell: bash
@@ -57,11 +76,11 @@ jobs:
      shell: bash
      run: |
        cd "$RUNNER_TEMP/results"
-        # We should have 3 hits from these rules
+        # We should have 4 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block"
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
        # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)"
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
        echo "Found matching rules '$RULES'"
        if [ "$RULES" != "$EXPECTED_RULES" ]; then
          echo "Did not match expected rules '$EXPECTED_RULES'."
--- a/.github/workflows/__remote-config.yml
+++ b/.github/workflows/__remote-config.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -69,7 +70,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
--- a/.github/workflows/__rubocop-multi-language.yml
+++ b/.github/workflows/__rubocop-multi-language.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -41,7 +42,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
--- a/.github/workflows/__split-workflow.yml
+++ b/.github/workflows/__split-workflow.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -25,15 +26,23 @@ jobs:
      matrix:
        include:
        - os: ubuntu-latest
-          version: nightly-20210831
+          version: latest
        - os: macos-latest
-          version: nightly-20210831
+          version: latest
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
          version: cached
        - os: ubuntu-latest
          version: nightly-latest
        - os: macos-latest
          version: nightly-latest
    name: Split workflow
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
@@ -42,7 +51,7 @@ jobs:
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
-        packs: +dsp-testing/codeql-pack1@0.1.0
+        packs: +dsp-testing/codeql-pack1@1.0.0
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - name: Build code
@@ -71,11 +80,11 @@ jobs:
      shell: bash
      run: |
        cd "$RUNNER_TEMP/results"
-        # We should have 3 hits from these rules
+        # We should have 4 hits from these rules
-        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block"
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
        # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
-        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)"
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
        echo "Found matching rules '$RULES'"
        if [ "$RULES" != "$EXPECTED_RULES" ]; then
          echo "Did not match expected rules '$EXPECTED_RULES'."
--- a/.github/workflows/__test-autobuild-working-dir.yml
+++ b/.github/workflows/__test-autobuild-working-dir.yml
@@ -0,0 +1,67 @@
 # Warning: This file is generated automatically, and should not be modified.
 # Instead, please modify the template in the pr-checks directory and run:
 #     pip install ruamel.yaml && python3 sync.py
 # to regenerate this file.
 name: PR Check - Autobuild working directory
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
 on:
  push:
    branches:
    - main
    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  workflow_dispatch: {}
 jobs:
  test-autobuild-working-dir:
    strategy:
      matrix:
        include:
        - os: ubuntu-latest
          version: latest
    name: Autobuild working directory
    timeout-minutes: 45
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
    - name: Test setup
      shell: bash
      run: |
        # Make sure that Gradle build succeeds in autobuild-dir ...
        cp -a ../action/tests/java-repo autobuild-dir
        # ... and fails if attempted in the current directory
        echo > build.gradle
    - uses: ./../action/init
      with:
        languages: java
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/autobuild
      with:
        working-directory: autobuild-dir
    - uses: ./../action/analyze
      env:
        TEST_MODE: true
    - name: Check database
      shell: bash
      run: |
        cd "$RUNNER_TEMP/codeql_databases"
        if [[ ! -d java ]]; then
          echo "Did not find a Java database"
          exit 1
        fi
    env:
      INTERNAL_CODEQL_ACTION_DEBUG_LOC: true
--- a/.github/workflows/__test-local-codeql.yml
+++ b/.github/workflows/__test-local-codeql.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -31,7 +32,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
--- a/.github/workflows/__test-proxy.yml
+++ b/.github/workflows/__test-proxy.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -31,7 +32,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
--- a/.github/workflows/__test-ruby.yml
+++ b/.github/workflows/__test-ruby.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -41,7 +42,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
--- a/.github/workflows/__unset-environment.yml
+++ b/.github/workflows/__unset-environment.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -41,7 +42,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
--- a/.github/workflows/__upload-ref-sha-input.yml
+++ b/.github/workflows/__upload-ref-sha-input.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -69,7 +70,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
--- a/.github/workflows/__with-checkout-path.yml
+++ b/.github/workflows/__with-checkout-path.yml
@@ -11,7 +11,8 @@ on:
  push:
    branches:
    - main
-    - v1
+    - releases/v1
    - releases/v2
  pull_request:
    types:
    - opened
@@ -69,13 +70,13 @@ jobs:
    runs-on: ${{ matrix.os }}
    steps:
    - name: Check out repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Prepare test
      id: prepare-test
      uses: ./.github/prepare-test
      with:
        version: ${{ matrix.version }}
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
      with:
        ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
        path: x/y/z/some-path
--- a/.github/workflows/check-expected-release-files.yml
+++ b/.github/workflows/check-expected-release-files.yml
@@ -15,7 +15,7 @@ jobs:
    steps:
      - name: Checkout CodeQL Action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Check Expected Release Files
        run: |
          bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")"
--- a/.github/workflows/check-for-conflicts.yml
+++ b/.github/workflows/check-for-conflicts.yml
@@ -0,0 +1,31 @@
 # Checks for any conflict markers created by git. This check is primarily intended to validate that
 # any merge conflicts in the v2 -> v1 backport PR are fixed before the PR is merged.
 name: Check for conflicts
 on:
  pull_request:
    branches: [main, v1, v2]
    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
    # by other workflows.
    types: [opened, synchronize, reopened, ready_for_review]
 jobs:
  check-for-conflicts:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Check for conflicts
        run: |
          # Use `|| true` since grep returns exit code 1 if there are no matches, and we don't want
          # this to fail the workflow.
          FILES_WITH_CONFLICTS=$(grep --extended-regexp --ignore-case --line-number --recursive \
            '^(<<<<<<<|>>>>>>>)' . || true)
          if [[ "${FILES_WITH_CONFLICTS}" ]]; then
            echo "Fail: Found merge conflict markers in the following files:"
            echo ""
            echo "${FILES_WITH_CONFLICTS}"
            exit 1
          else
            echo "Success: Found no merge conflict markers."
          fi
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -2,9 +2,9 @@ name: "CodeQL action"
 on:
  push:
-    branches: [main, v1, v2]
+    branches: [main, releases/v1, releases/v2]
  pull_request:
-    branches: [main, v1, v2]
+    branches: [main, releases/v1, releases/v2]
    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
    # by other workflows.
    types: [opened, synchronize, reopened, ready_for_review]
@@ -20,7 +20,7 @@ jobs:
      security-events: write
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
    - name: Init with default CodeQL bundle from the VM image
      id: init-default
      uses: ./init
@@ -75,7 +75,7 @@ jobs:
      security-events: write
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
    - uses: ./init
      id: init
      with:
--- a/.github/workflows/post-release-mergeback.yml
+++ b/.github/workflows/post-release-mergeback.yml
@@ -1,7 +1,8 @@
-# This workflow runs after a release of the action.
+# This workflow runs after a release of the action. For v2 releases, it merges any changes from the
-# It merges any changes from the release back into the
+# release back into the main branch. Typically, this is just a single commit that updates the
-# main branch. Typically, this is just a single commit
+# changelog. For v2 and v1 releases, it then (a) tags the merge commit on the release branch that
-# that updates the changelog.
+# represents the new release with an `vx.y.z` tag and (b) updates the `vx` tag to refer to this
 # commit.
 name: Tag release and merge back
 on:
@@ -14,8 +15,8 @@ on:
  push:
    branches:
-      - v1
+      - releases/v1
-      - v2
+      - releases/v2
 jobs:
  merge-back:
@@ -32,10 +33,10 @@ jobs:
      - name: Dump GitHub context
        env:
          GITHUB_CONTEXT: '${{ toJson(github) }}'
-        run: echo "$GITHUB_CONTEXT"
+        run: echo "${GITHUB_CONTEXT}"
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v2
+      - uses: actions/setup-node@v3
      - name: Update git config
        run: |
@@ -46,25 +47,25 @@ jobs:
        id: getVersion
        run: |
          VERSION="v$(jq '.version' -r 'package.json')"
-          SHORT_SHA="${GITHUB_SHA:0:8}"
+          echo "::set-output name=version::${VERSION}"
-          echo "::set-output name=version::$VERSION"
+          short_sha="${GITHUB_SHA:0:8}"
-          NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${SHORT_SHA}"
+          NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${short_sha}"
-          echo "::set-output name=newBranch::$NEW_BRANCH"
+          echo "::set-output name=newBranch::${NEW_BRANCH}"
      - name: Dump branches
        env:
          NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}"
        run: |
-          echo "BASE_BRANCH $BASE_BRANCH"
+          echo "BASE_BRANCH ${BASE_BRANCH}"
-          echo "HEAD_BRANCH $HEAD_BRANCH"
+          echo "HEAD_BRANCH ${HEAD_BRANCH}"
-          echo "NEW_BRANCH $NEW_BRANCH"
+          echo "NEW_BRANCH ${NEW_BRANCH}"
      - name: Create mergeback branch
        env:
          NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}"
        run: |
-          git checkout -b "$NEW_BRANCH"
+          git checkout -b "${NEW_BRANCH}"
      - name: Check for tag
        id: check
@@ -72,13 +73,13 @@ jobs:
          VERSION: "${{ steps.getVersion.outputs.version }}"
        run: |
          set +e # don't fail on an errored command
-          git ls-remote --tags origin | grep "$VERSION"
+          git ls-remote --tags origin | grep "${VERSION}"
-          EXISTS="$?"
+          exists="$?"
-          if [ "$EXISTS" -eq 0 ]; then
+          if [ "${exists}" -eq 0 ]; then
-            echo "Tag $TAG exists. Not going to re-release."
+            echo "Tag ${VERSION} exists. Not going to re-release."
            echo "::set-output name=exists::true"
          else
-            echo "Tag $TAG does not exist yet."
+            echo "Tag ${VERSION} does not exist yet."
          fi
      # we didn't tag the release during the update-release-branch workflow because the
@@ -89,20 +90,31 @@ jobs:
        env:
          VERSION: ${{ steps.getVersion.outputs.version }}
        run: |
-          git tag -a "$VERSION" -m "$VERSION"
+          # Unshallow the repo in order to allow pushes
-          git fetch --unshallow  # unshallow the repo in order to allow pushes
+          git fetch --unshallow
-          git push origin --follow-tags "$VERSION"
+          # Create the `vx.y.z` tag
          git tag --annotate "${VERSION}" --message "${VERSION}"
          # Update the `vx` tag
          major_version_tag=$(cut -d '.' -f1 <<< "${VERSION}")
          # Use `--force` to overwrite the major version tag
          git tag --annotate "${major_version_tag}" --message "${major_version_tag}" --force
          # Push the tags, using:
          # - `--atomic` to make sure we either update both tags or neither (an intermediate state,
          #   e.g. where we update the v2.x.y tag on the remote but not the v2 tag, could result in
          #   unwanted Dependabot updates, e.g. from v2 to v2.x.y)
          # - `--force` since we're overwriting the `vx` tag
          git push origin --atomic --force refs/tags/"${VERSION}" refs/tags/"${major_version_tag}"
      - name: Create mergeback branch
-        if: steps.check.outputs.exists != 'true' && contains(github.ref, 'v2')
+        if: steps.check.outputs.exists != 'true' && contains(github.ref, 'releases/v2')
        env:
          VERSION: "${{ steps.getVersion.outputs.version }}"
          NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}"
          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
        run: |
          set -exu
-          PR_TITLE="Mergeback $VERSION $HEAD_BRANCH into $BASE_BRANCH"
+          pr_title="Mergeback ${VERSION} ${HEAD_BRANCH} into ${BASE_BRANCH}"
-          PR_BODY="Updates version and changelog."
+          pr_body="Updates version and changelog."
          # Update the version number ready for the next release
          npm version patch --no-git-tag-version
@@ -110,16 +122,16 @@ jobs:
          # Update the changelog
          perl -i -pe 's/^/## \[UNRELEASED\]\n\nNo user facing changes.\n\n/ if($.==3)' CHANGELOG.md
          git add .
-          git commit -m "Update changelog and version after $VERSION"
+          git commit -m "Update changelog and version after ${VERSION}"
-          git push origin "$NEW_BRANCH"
+          git push origin "${NEW_BRANCH}"
          # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft
          # so that a maintainer can take the PR out of draft, thereby triggering the PR checks.
          gh pr create \
-            --head "$NEW_BRANCH" \
+            --head "${NEW_BRANCH}" \
-            --base "$BASE_BRANCH" \
+            --base "${BASE_BRANCH}" \
-            --title "$PR_TITLE" \
+            --title "${pr_title}" \
            --label "Update dependencies" \
-            --body "$PR_BODY" \
+            --body "${pr_body}" \
            --draft
--- a/.github/workflows/pr-checks.yml
+++ b/.github/workflows/pr-checks.yml
@@ -2,7 +2,7 @@ name: PR Checks (Basic Checks and Runner)
 on:
  push:
-    branches: [main, v1]
+    branches: [main, releases/v1, releases/v2]
  pull_request:
    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
    # by other workflows.
@@ -16,7 +16,7 @@ jobs:
    timeout-minutes: 45
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Run Lint
        run: npm run-script lint
@@ -30,7 +30,7 @@ jobs:
        node-types-version: [12.12, current]
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Update version of @types/node
        if: matrix.node-types-version != 'current'
@@ -46,11 +46,13 @@ jobs:
          # `npm install` on Linux.
          npm install
          if [ ! -z "$(git status --porcelain)" ]; then
            git config --global user.email "github-actions@github.com"
            git config --global user.name "github-actions[bot]"
            # The period in `git add --all .` ensures that we stage deleted files too.
            git add --all .
            git commit -m "Use @types/node=${NODE_TYPES_VERSION}"
          fi
      - name: Check generated JS
        run: .github/workflows/script/check-js.sh
@@ -61,7 +63,7 @@ jobs:
    timeout-minutes: 45
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Check node modules up to date
        run: .github/workflows/script/check-node-modules.sh
@@ -71,9 +73,9 @@ jobs:
    timeout-minutes: 45
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Set up Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v3
        with:
          python-version: 3.8
      - name: Install dependencies
@@ -93,7 +95,7 @@ jobs:
    timeout-minutes: 45
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: npm run-script test
        run: npm run-script test
@@ -104,7 +106,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Build runner
        run: |
@@ -133,7 +135,7 @@ jobs:
    runs-on: windows-latest
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Build runner
        run: |
@@ -158,7 +160,7 @@ jobs:
    runs-on: macos-latest
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Build runner
        run: |
@@ -183,7 +185,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Move codeql-action
        shell: bash
@@ -223,7 +225,7 @@ jobs:
    runs-on: windows-2019
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Move codeql-action
        shell: bash
@@ -251,7 +253,7 @@ jobs:
          & $Env:CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false
      - name: Upload tracer logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
        with:
          name: tracer-logs
          path: ./codeql-runner/compound-build-tracer.log
@@ -269,7 +271,7 @@ jobs:
    runs-on: macos-latest
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Move codeql-action
        shell: bash
@@ -308,7 +310,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Move codeql-action
        shell: bash
@@ -347,7 +349,7 @@ jobs:
    runs-on: windows-2019
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Move codeql-action
        shell: bash
@@ -385,7 +387,7 @@ jobs:
    timeout-minutes: 45
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Move codeql-action
        shell: bash
@@ -425,7 +427,7 @@ jobs:
    if: ${{ github.event_name != 'pull_request' || github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }}
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Build runner
        run: |
@@ -446,7 +448,7 @@ jobs:
    timeout-minutes: 45
    steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
      - name: Build runner
        run: |
--- a/.github/workflows/python-deps.yml
+++ b/.github/workflows/python-deps.yml
@@ -2,7 +2,7 @@ name: Test Python Package Installation on Linux and Mac
 on:
  push:
-    branches: [main, v1]
+    branches: [main, releases/v1, releases/v2]
  pull_request:
    # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
    # by other workflows.
@@ -25,7 +25,7 @@ jobs:
    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
    - name: Initialize CodeQL
      uses: ./init
@@ -71,7 +71,7 @@ jobs:
    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
    - name: Initialize CodeQL
      uses: ./init
@@ -122,9 +122,9 @@ jobs:
    steps:
    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
-    - uses: actions/setup-python@v2
+    - uses: actions/setup-python@v3
      with:
        python-version: ${{ matrix.python_version }}
--- a/.github/workflows/release-runner.yml
+++ b/.github/workflows/release-runner.yml
@@ -1,55 +0,0 @@
 name: Release runner
 on:
  workflow_dispatch:
    inputs:
      bundle-tag:
        description: 'Tag of the bundle release (e.g., "codeql-bundle-20200826")'
        required: false
 jobs:
  release-runner:
    timeout-minutes: 45
    runs-on: ubuntu-latest
    env:
      RELEASE_TAG: "${{ github.event.inputs.bundle-tag }}"
    strategy:
      matrix:
        extension: ["linux", "macos", "win.exe"]
    steps:
      - uses: actions/checkout@v2
      - name: Build runner
        run: |
          cd runner
          npm install
          npm run build-runner
      - uses: actions/upload-artifact@v2
        with:
          name: codeql-runner-${{matrix.extension}}
          path: runner/dist/codeql-runner-${{matrix.extension}}
      - name: Resolve Upload URL for the release
        if: ${{ github.event.inputs.bundle-tag != null }}
        id: save_url
        run: |
          UPLOAD_URL=$(curl -sS \
                "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/${RELEASE_TAG}" \
                -H "Accept: application/json" \
                -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" | jq .upload_url | sed s/\"//g)
          echo ${UPLOAD_URL}
          echo "::set-output name=upload_url::${UPLOAD_URL}"
      - name: Upload Platform Package
        if: ${{ github.event.inputs.bundle-tag != null }}
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ steps.save_url.outputs.upload_url }}
          asset_path: runner/dist/codeql-runner-${{matrix.extension}}
          asset_name: codeql-runner-${{matrix.extension}}
          asset_content_type: application/octet-stream
--- a/.github/workflows/script/update-required-checks.sh
+++ b/.github/workflows/script/update-required-checks.sh
@@ -0,0 +1,35 @@
 #!/usr/bin/env bash
 # Update the required checks based on the current branch.
 # Typically, this will be main.
 if [ -z "$GITHUB_TOKEN" ]; then
  echo "Failed: No GitHub token found. This script requires admin access to `github/codeql-action`."
  exit 1
 fi
 if [ "$#" -eq 1 ]; then
  # If we were passed an argument, pass it as a query to fzf
  GITHUB_SHA="$@"
 elif [ "$#" -gt 1 ]; then
  echo "Usage: $0 [SHA]"
  echo "Update the required checks based on the SHA, or main."
 elif [ -z "$GITHUB_SHA" ]; then
  # If we don't have a SHA, use main
  GITHUB_SHA="$(git rev-parse main)"
 fi
 echo "Getting checks for $GITHUB_SHA"
 # Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
 CHECKS="$(gh api repos/github/codeql-action/commits/${GITHUB_SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") | not)] | sort')"
 echo "$CHECKS" | jq
 echo "{\"contexts\": ${CHECKS}}" > checks.json
 for BRANCH in main releases/v2 releases/v1; do
  echo "Updating $BRANCH"
  gh api --silent -X "PATCH" "repos/github/codeql-action/branches/$BRANCH/protection/required_status_checks" --input checks.json
 done
 rm checks.json
--- a/.github/workflows/split.yml
+++ b/.github/workflows/split.yml
@@ -1,74 +0,0 @@
 #
 # Split the CodeQL Bundle into platform bundles
 #
 # Instructions:
 #  1. Upload the new codeql-bundle (codeql-bundle.tar.gz) as an asset of the
 #     release (codeql-bundle-20200826)
 #  2. Take note of the CLI Release used by the bundle (e.g., v2.2.5)
 #  3. Manually launch this workflow file (via the Actions UI) specifying
 #     - The CLI Release (e.g., v2.2.5)
 #     - The release tag (e.g., codeql-bundle-20200826)
 #  4. If everything succeeds you should see 3 new assets.
 #
 name: Split Bundle
 on:
 workflow_dispatch:
    inputs:
      cli-release:
        description: 'CodeQL CLI Release (e.g., "v2.2.5")'
        required: true
      bundle-tag:
        description: 'Tag of the bundle release (e.g., "codeql-bundle-20200826")'
        required: true
 jobs:
  build:
    runs-on: ubuntu-latest
    timeout-minutes: 45
    env:
      CLI_RELEASE: "${{ github.event.inputs.cli-release }}"
      RELEASE_TAG: "${{ github.event.inputs.bundle-tag }}"
    strategy:
      fail-fast: false
      matrix:
        platform: ["linux64", "osx64", "win64"]
    steps:
      - name: Resolve Upload URL for the release
        id: save_url
        run: |
          UPLOAD_URL=$(curl -sS \
               "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/${RELEASE_TAG}" \
               -H "Accept: application/json" \
               -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" | jq .upload_url | sed s/\"//g)
          echo ${UPLOAD_URL}
          echo "::set-output name=upload_url::${UPLOAD_URL}"
      - name: Download CodeQL CLI and Bundle
        run: |
          wget --no-verbose "https://github.com/${GITHUB_REPOSITORY}/releases/download/${RELEASE_TAG}/codeql-bundle.tar.gz"
          wget --no-verbose "https://github.com/github/codeql-cli-binaries/releases/download/${CLI_RELEASE}/codeql-${{matrix.platform}}.zip"
      - name: Create Platform Package
        # Replace the codeql-binaries with the platform specific ones
        run: |
          gunzip codeql-bundle.tar.gz
          tar -f codeql-bundle.tar --delete codeql
          unzip -q codeql-${{matrix.platform}}.zip
          tar -f codeql-bundle.tar --append codeql
          gzip codeql-bundle.tar
          mv codeql-bundle.tar.gz codeql-bundle-${{matrix.platform}}.tar.gz
          du -sh codeql-bundle-${{matrix.platform}}.tar.gz
      - name: Upload Platform Package
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          upload_url: ${{ steps.save_url.outputs.upload_url }}
          asset_path: ./codeql-bundle-${{matrix.platform}}.tar.gz
          asset_name: codeql-bundle-${{matrix.platform}}.tar.gz
          asset_content_type: application/tar+gzip
--- a/.github/workflows/update-dependencies.yml
+++ b/.github/workflows/update-dependencies.yml
@@ -11,7 +11,7 @@ jobs:
    if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'github/codeql-action')
    steps:
    - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
    - name: Remove PR label
      env:
--- a/.github/workflows/update-release-branch.yml
+++ b/.github/workflows/update-release-branch.yml
@@ -7,7 +7,7 @@ on:
  # When the v2 release is complete, this workflow will open a PR to update the v1 release branch.
  push:
    branches:
-      - v2
+      - releases/v2
 jobs:
  update:
@@ -23,13 +23,13 @@ jobs:
        GITHUB_CONTEXT: '${{ toJson(github) }}'
      run: echo "$GITHUB_CONTEXT"
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
      with:
        # Need full history so we calculate diffs
        fetch-depth: 0
    - name: Set up Python
-      uses: actions/setup-python@v2
+      uses: actions/setup-python@v3
      with:
        python-version: 3.8
--- a/.github/workflows/update-supported-enterprise-server-versions.yml
+++ b/.github/workflows/update-supported-enterprise-server-versions.yml
@@ -13,13 +13,13 @@ jobs:
    steps:
      - name: Setup Python
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v3
        with:
          python-version: "3.7"
      - name: Checkout CodeQL Action
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      - name: Checkout Enterprise Releases
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
        with:
          repository: github/enterprise-releases
          ssh-key: ${{ secrets.ENTERPRISE_RELEASES_SSH_KEY }}
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,30 @@
 # CodeQL Action Changelog
 ## [UNRELEASED]
 No user facing changes.
 ## 2.1.10 - 10 May 2022
 - Update default CodeQL bundle version to 2.9.5. [#1056](https://github.com/github/codeql-action/pull/1056)
 - When `wait-for-processing` is enabled, the workflow will now fail if there were any errors that occurred during processing of the analysis results.
 ## 2.1.9 - 27 Apr 2022
 - Add `working-directory` input to the `autobuild` action. [#1024](https://github.com/github/codeql-action/pull/1024)
 - The `analyze` and `upload-sarif` actions will now wait up to 2 minutes for processing to complete after they have uploaded the results so they can report any processing errors that occurred. This behavior can be disabled by setting the `wait-for-processing` action input to `"false"`. [#1007](https://github.com/github/codeql-action/pull/1007)
 - Update default CodeQL bundle version to 2.9.0.
 - Fix a bug where [status reporting fails on Windows](https://github.com/github/codeql-action/issues/1041). [#1042](https://github.com/github/codeql-action/pull/1042)
 ## 2.1.8 - 08 Apr 2022
 - Update default CodeQL bundle version to 2.8.5. [#1014](https://github.com/github/codeql-action/pull/1014)
 - Fix error where the init action would fail due to a GitHub API request that was taking too long to complete [#1025](https://github.com/github/codeql-action/pull/1025)
 ## 2.1.7 - 05 Apr 2022
 - A bug where additional queries specified in the workflow file would sometimes not be respected has been fixed. [#1018](https://github.com/github/codeql-action/pull/1018)
 ## 2.1.6 - 30 Mar 2022
 - [v2+ only] The CodeQL Action now runs on Node.js v16. [#1000](https://github.com/github/codeql-action/pull/1000)
--- a/2
+++ b/2
@@ -1 +1,3 @@
 **/* @github/codeql-action-reviewers
 /python-setup/ @github/codeql-python @github/codeql-action-reviewers
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -61,41 +61,30 @@ Here are a few things you can do that will increase the likelihood of your pull
 ## Releasing (write access required)
 1. The first step of releasing a new version of the `codeql-action` is running the "Update release branch" workflow.
-    This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `v2` release branch.
+    This workflow goes through the pull requests that have been merged to `main` since the last release, creates a changelog, then opens a pull request to merge the changes since the last release into the `releases/v2` release branch.
    You can start a release by triggering this workflow via [workflow dispatch](https://github.com/github/codeql-action/actions/workflows/update-release-branch.yml).
-1. The workflow run will open a pull request titled "Merge main into v2". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks.
+1. The workflow run will open a pull request titled "Merge main into releases/v2". Mark the pull request as [ready for review](https://docs.github.com/en/github/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/changing-the-stage-of-a-pull-request#marking-a-pull-request-as-ready-for-review) to trigger the PR checks.
 1. Review the checklist items in the pull request description.
    Once you've checked off all but the last two of these, approve the PR and automerge it.
-1. When the "Merge main into v2" pull request is merged into the `v2` branch, the "Tag release and merge back" workflow will create a mergeback PR.
+1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Tag release and merge back" workflow will create a mergeback PR.
-    This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into v2" pull request, and bumps the patch version of the CodeQL Action.
+    This mergeback incorporates the changelog updates into `main`, tags the release using the merge commit of the "Merge main into releases/v2" pull request, and bumps the patch version of the CodeQL Action.
    Approve the mergeback PR and automerge it.
-1. When the "Merge main into v2" pull request is merged into the `v2` branch, the "Update release branch" workflow will create a "Merge v2 into v1" pull request to merge the changes since the last release into the `v1` release branch.
+1. When the "Merge main into releases/v2" pull request is merged into the `releases/v2` branch, the "Update release branch" workflow will create a "Merge releases/v2 into releases/v1" pull request to merge the changes since the last release into the `releases/v1` release branch.
-    This ensures we keep both the `v1` and `v2` release branches up to date and fully supported.
+    This ensures we keep both the `releases/v1` and `releases/v2` release branches up to date and fully supported.
    Review the checklist items in the pull request description.
    Once you've checked off all the items, approve the PR and automerge it.
-1. Once the mergeback has been merged to `main` and the "Merge v2 into v1" PR has been merged to `v1`, the release is complete.
+1. Once the mergeback has been merged to `main` and the "Merge releases/v2 into releases/v1" PR has been merged to `releases/v1`, the release is complete.
 ## Keeping the PR checks up to date (admin access required)
-Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. Managing these PR checks manually is time consuming and complex. Here is a semi-automated approach.
+Since the `codeql-action` runs most of its testing through individual Actions workflows, there are over two hundred jobs that need to pass in order for a PR to turn green. You can regenerate the checks automatically by running the [update-required-checks.sh](.github/workflows/script/update-required-checks.sh) script:
-To regenerate the PR jobs for the action:
+1. By default, this script retrieves the checks from the latest SHA on `main`, so make sure that your `main` branch is up to date.
-
+2. Run the script. If there's a reason to, you can pass in a different SHA as a CLI argument.
-1. From a terminal, run the following commands (replace `SHA` with the sha of the commit whose checks you want to use, typically this should be the latest from `main`):
+3. After running, go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules for `main`, `v1`, and `v2` have been updated.
    ```sh
    SHA= ####
    CHECKS="$(gh api repos/github/codeql-action/commits/${SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or . == "Update dependencies" or . == "Update Supported Enterprise Server Versions" | not)]')"
    echo "{\"contexts\": ${CHECKS}}" > checks.json
    gh api -X "PATCH" repos/github/codeql-action/branches/main/protection/required_status_checks --input checks.json
    gh api -X "PATCH" repos/github/codeql-action/branches/v2/protection/required_status_checks --input checks.json
    gh api -X "PATCH" repos/github/codeql-action/branches/v1/protection/required_status_checks --input checks.json
    ````
 2. Go to the [branch protection rules settings page](https://github.com/github/codeql-action/settings/branches) and validate that the rules have been updated.
 ## Resources
--- a/README.md
+++ b/README.md
@@ -52,11 +52,11 @@ jobs:
    steps:
      - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
        # Override language selection by uncommenting this and choosing your languages
        # with:
        #   languages: go, javascript, csharp, python, cpp, java
@@ -64,10 +64,10 @@ jobs:
      # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
      # If this step fails, then you should remove it and run the build manually (see below).
      - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@v2
      # ℹ️ Command-line programs to run using the OS shell.
-      # 📚 https://git.io/JvXDl
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
      # ✏️ If the Autobuild fails above, remove it and uncomment the following
      #    three lines and modify them (or add more) to build your code if your
@@ -78,14 +78,14 @@ jobs:
      #     make release
      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2
 ```
 If you prefer to integrate this within an existing CI workflow, it should end up looking something like this:
 ```yaml
 - name: Initialize CodeQL
-  uses: github/codeql-action/init@v1
+  uses: github/codeql-action/init@v2
  with:
    languages: go, javascript
@@ -95,7 +95,7 @@ If you prefer to integrate this within an existing CI workflow, it should end up
    make release
 - name: Perform CodeQL Analysis
-  uses: github/codeql-action/analyze@v1
+  uses: github/codeql-action/analyze@v2
 ```
 ### Configuration file
@@ -103,7 +103,7 @@ If you prefer to integrate this within an existing CI workflow, it should end up
 Use the `config-file` parameter of the `init` action to enable the configuration file. The value of `config-file` is the path to the configuration file you want to use. This example loads the configuration file `./.github/codeql/codeql-config.yml`.
 ```yaml
- uses: github/codeql-action/init@v1
+- uses: github/codeql-action/init@v2
  with:
    config-file: ./.github/codeql/codeql-config.yml
 ```
@@ -111,7 +111,7 @@ Use the `config-file` parameter of the `init` action to enable the configuration
 The configuration file can be located in a different repository. This is useful if you want to share the same configuration across multiple repositories. If the configuration file is in a private repository you can also specify an `external-repository-token` option. This should be a personal access token that has read access to any repositories containing referenced config files and queries.
 ```yaml
- uses: github/codeql-action/init@v1
+- uses: github/codeql-action/init@v2
  with:
    config-file: owner/repo/codeql-config.yml@branch
    external-repository-token: ${{ secrets.EXTERNAL_REPOSITORY_TOKEN }}
@@ -122,7 +122,7 @@ For information on how to write a configuration file, see "[Using a custom confi
 If you only want to customise the queries used, you can specify them in your workflow instead of creating a config file, using the `queries` property of the `init` action:
 ```yaml
- uses: github/codeql-action/init@v1
+- uses: github/codeql-action/init@v2
  with:
    queries: <local-or-remote-query>,<another-query>
 ```
@@ -130,7 +130,7 @@ If you only want to customise the queries used, you can specify them in your wor
 By default, this will override any queries specified in a config file. If you wish to use both sets of queries, prefix the list of queries in the workflow with `+`:
 ```yaml
- uses: github/codeql-action/init@v1
+- uses: github/codeql-action/init@v2
  with:
    queries: +<local-or-remote-query>,<another-query>
 ```
--- a/analyze/action.yml
+++ b/analyze/action.yml
@@ -61,7 +61,7 @@ inputs:
  wait-for-processing:
    description: If true, the Action will wait for the uploaded SARIF to be processed before completing.
    required: true
-    default: "false"
+    default: "true"
  token:
    default: ${{ github.token }}
  matrix:
--- a/autobuild/action.yml
+++ b/autobuild/action.yml
@@ -6,6 +6,12 @@ inputs:
    default: ${{ github.token }}
  matrix:
    default: ${{ toJson(matrix) }}
  working-directory:
    description: >-
      Run the autobuilder using this path (relative to $GITHUB_WORKSPACE) as
      working directory. If this input is not set, the autobuilder runs with
      $GITHUB_WORKSPACE as its working directory.
    required: false
 runs:
  using: 'node16'
  main: '../lib/autobuild-action.js'
--- a/lib/actions-util.js
+++ b/lib/actions-util.js
@@ -357,7 +357,7 @@ async function getWorkflowPath() {
    const repo = repo_nwo[1];
    const run_id = Number((0, util_1.getRequiredEnvParam)("GITHUB_RUN_ID"));
    const apiClient = api.getActionsApiClient();
-    const runsResponse = await apiClient.request("GET /repos/:owner/:repo/actions/runs/:run_id", {
+    const runsResponse = await apiClient.request("GET /repos/:owner/:repo/actions/runs/:run_id?exclude_pull_requests=true", {
        owner,
        repo,
        run_id,
@@ -455,7 +455,7 @@ async function getRef() {
        return ref;
    }
    const head = await (0, exports.getCommitOid)(checkoutPath, "HEAD");
-    // in actions/checkout@v2 we can check if git rev-parse HEAD == GITHUB_SHA
+    // in actions/checkout@v2+ we can check if git rev-parse HEAD == GITHUB_SHA
    // in actions/checkout@v1 this may not be true as it checks out the repository
    // using GITHUB_REF. There is a subtle race condition where
    // git rev-parse GITHUB_REF != GITHUB_SHA, so we must check
@@ -584,8 +584,7 @@ async function sendStatusReport(statusReport) {
    const statusReportJSON = JSON.stringify(statusReport);
    core.debug(`Sending status report: ${statusReportJSON}`);
    // If in test mode we don't want to upload the results
-    const testMode = process.env["TEST_MODE"] === "true" || false;
+    if ((0, util_1.isInTestMode)()) {
    if (testMode) {
        core.debug("In test mode. Status reports are not uploaded.");
        return true;
    }
--- a/lib/actions-util.js.map
+++ b/lib/actions-util.js.map
--- a/lib/analyze-action-env.test.js
+++ b/lib/analyze-action-env.test.js
@@ -38,14 +38,17 @@ const util = __importStar(require("./util"));
 // but the first test would fail.
 (0, ava_1.default)("analyze action with RAM & threads from environment variables", async (t) => {
    await util.withTmpDir(async (tmpDir) => {
-        process.env["GITHUB_SERVER_URL"] = "fake-server-url";
+        process.env["GITHUB_SERVER_URL"] = util.GITHUB_DOTCOM_URL;
-        process.env["GITHUB_REPOSITORY"] = "fake/repository";
+        process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
        sinon
            .stub(actionsUtil, "createStatusReportBase")
            .resolves({});
        sinon.stub(actionsUtil, "sendStatusReport").resolves(true);
        const gitHubVersion = {
            type: util.GitHubVariant.DOTCOM,
        };
        sinon.stub(configUtils, "getConfig").resolves({
-            gitHubVersion: { type: util.GitHubVariant.DOTCOM },
+            gitHubVersion,
            languages: [],
            packs: [],
        });
@@ -54,6 +57,7 @@ const util = __importStar(require("./util"));
        requiredInputStub.withArgs("upload-database").returns("false");
        const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
        optionalInputStub.withArgs("cleanup-level").returns("none");
        sinon.stub(util, "getGitHubVersion").resolves(gitHubVersion);
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});
        // When there are no action inputs for RAM and threads, the action uses
--- a/lib/analyze-action-env.test.js.map
+++ b/lib/analyze-action-env.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;YAClD,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
--- a/lib/analyze-action-input.test.js
+++ b/lib/analyze-action-input.test.js
@@ -38,14 +38,17 @@ const util = __importStar(require("./util"));
 // but the first test would fail.
 (0, ava_1.default)("analyze action with RAM & threads from action inputs", async (t) => {
    await util.withTmpDir(async (tmpDir) => {
-        process.env["GITHUB_SERVER_URL"] = "fake-server-url";
+        process.env["GITHUB_SERVER_URL"] = util.GITHUB_DOTCOM_URL;
-        process.env["GITHUB_REPOSITORY"] = "fake/repository";
+        process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
        sinon
            .stub(actionsUtil, "createStatusReportBase")
            .resolves({});
        sinon.stub(actionsUtil, "sendStatusReport").resolves(true);
        const gitHubVersion = {
            type: util.GitHubVariant.DOTCOM,
        };
        sinon.stub(configUtils, "getConfig").resolves({
-            gitHubVersion: { type: util.GitHubVariant.DOTCOM },
+            gitHubVersion,
            languages: [],
            packs: [],
        });
@@ -54,6 +57,7 @@ const util = __importStar(require("./util"));
        requiredInputStub.withArgs("upload-database").returns("false");
        const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
        optionalInputStub.withArgs("cleanup-level").returns("none");
        sinon.stub(util, "getGitHubVersion").resolves(gitHubVersion);
        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
        (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});
        process.env["CODEQL_THREADS"] = "1";
--- a/lib/analyze-action-input.test.js.map
+++ b/lib/analyze-action-input.test.js.map
@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;YAClD,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -57,6 +57,7 @@ async function run() {
    let runStats = undefined;
    let config = undefined;
    util.initializeEnvironment(util.Mode.actions, pkg.version);
    await util.checkActionVersion(pkg.version);
    try {
        if (!(await actionsUtil.sendStatusReport(await actionsUtil.createStatusReportBase("finish", "starting", startedAt)))) {
            return;
@@ -117,7 +118,11 @@ async function run() {
        }
        // Possibly upload the database bundles for remote queries
        await (0, database_upload_1.uploadDatabases)(repositoryNwo, config, apiDetails, logger);
-        if (uploadResult !== undefined &&
+        // We don't upload results in test mode, so don't wait for processing
        if (util.isInTestMode()) {
            core.debug("In test mode. Waiting for processing is disabled.");
        }
        else if (uploadResult !== undefined &&
            actionsUtil.getRequiredInput("wait-for-processing") === "true") {
            await upload_lib.waitForProcessing((0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), uploadResult.sarifID, apiDetails, (0, logging_1.getActionsLogger)());
        }
--- a/lib/analyze-action.js.map
+++ b/lib/analyze-action.js.map
--- a/lib/analyze.js
+++ b/lib/analyze.js
@@ -133,8 +133,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
        }
        const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
        try {
-            if (hasPackWithCustomQueries &&
+            if (hasPackWithCustomQueries) {
                !(await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_CONFIG_FILES))) {
                logger.info("Performing analysis with custom CodeQL Packs.");
                logger.startGroup(`Downloading custom packs for ${language}`);
                const results = await codeql.packDownload(packsWithVersion);
@@ -160,7 +159,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
                }
            }
            if (packsWithVersion.length > 0) {
-                querySuitePaths.push(await runQueryGroup(language, "packs", createPackSuiteContents(packsWithVersion), undefined));
+                querySuitePaths.push(...(await runQueryPacks(language, "packs", packsWithVersion, undefined)));
                ranCustom = true;
            }
            if (ranCustom) {
@@ -218,21 +217,23 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
        logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
        return querySuitePath;
    }
    async function runQueryPacks(language, type, packs, searchPath) {
        const databasePath = util.getCodeQLDatabasePath(config, language);
        // Run the queries individually instead of all at once to avoid command
        // line length restrictions, particularly on windows.
        for (const pack of packs) {
            logger.debug(`Running query pack for ${language}-${type}: ${pack}`);
            const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
            await codeql.databaseRunQueries(databasePath, searchPath, pack, memoryFlag, threadsFlag);
            logger.debug(`BQRS results produced for ${language} (queries: ${type})"`);
        }
        return packs;
    }
 }
 exports.runQueries = runQueries;
 function createQuerySuiteContents(queries) {
    return queries.map((q) => `- query: ${q}`).join("\n");
 }
 function createPackSuiteContents(packsWithVersion) {
    return packsWithVersion.map(packWithVersionToQuerySuiteEntry).join("\n");
 }
 function packWithVersionToQuerySuiteEntry(pack) {
    let text = `- qlpack: ${pack.packName}`;
    if (pack.version) {
        text += `\n  version: ${pack.version}`;
    }
    return text;
 }
 async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger) {
    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
    if (await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
--- a/lib/analyze.js.map
+++ b/lib/analyze.js.map
--- a/lib/analyze.test.js
+++ b/lib/analyze.test.js
@@ -26,7 +26,6 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
 const yaml = __importStar(require("js-yaml"));
 const semver_1 = require("semver");
 const sinon = __importStar(require("sinon"));
 const analyze_1 = require("./analyze");
 const codeql_1 = require("./codeql");
@@ -53,18 +52,8 @@ const util = __importStar(require("./util"));
        const addSnippetsFlag = "";
        const threadsFlag = "";
        const packs = {
-            [languages_1.Language.cpp]: [
+            [languages_1.Language.cpp]: ["a/b@1.0.0"],
-                {
+            [languages_1.Language.java]: ["c/d@2.0.0"],
                    packName: "a/b",
                    version: (0, semver_1.clean)("1.0.0"),
                },
            ],
            [languages_1.Language.java]: [
                {
                    packName: "c/d",
                    version: (0, semver_1.clean)("2.0.0"),
                },
            ],
        };
        for (const language of Object.values(languages_1.Language)) {
            (0, codeql_1.setCodeQL)({
@@ -209,32 +198,10 @@ const util = __importStar(require("./util"));
                query: "bar.ql",
            },
        ];
        const qlsPackContentCpp = [
            {
                qlpack: "a/b",
                version: "1.0.0",
            },
        ];
        const qlsPackContentJava = [
            {
                qlpack: "c/d",
                version: "2.0.0",
            },
        ];
        for (const lang of Object.values(languages_1.Language)) {
            t.deepEqual(readContents(`${lang}-queries-builtin.qls`), qlsContent);
            t.deepEqual(readContents(`${lang}-queries-custom-0.qls`), qlsContent);
            t.deepEqual(readContents(`${lang}-queries-custom-1.qls`), qlsContent2);
            const packSuiteName = `${lang}-queries-packs.qls`;
            if (lang === languages_1.Language.cpp) {
                t.deepEqual(readContents(packSuiteName), qlsPackContentCpp);
            }
            else if (lang === languages_1.Language.java) {
                t.deepEqual(readContents(packSuiteName), qlsPackContentJava);
            }
            else {
                t.false(fs.existsSync(path.join(tmpDir, "codeql_databases", packSuiteName)));
            }
        }
        function readContents(name) {
            const x = fs.readFileSync(path.join(tmpDir, "codeql_databases", name), "utf8");
--- a/lib/analyze.test.js.map
+++ b/lib/analyze.test.js.map
--- a/lib/autobuild-action.js
+++ b/lib/autobuild-action.js
@@ -39,8 +39,9 @@ async function sendCompletedStatusReport(startedAt, allLanguages, failingLanguag
    await (0, actions_util_1.sendStatusReport)(statusReport);
 }
 async function run() {
    const logger = (0, logging_1.getActionsLogger)();
    const startedAt = new Date();
    const logger = (0, logging_1.getActionsLogger)();
    await (0, util_1.checkActionVersion)(pkg.version);
    let language = undefined;
    try {
        if (!(await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("autobuild", "starting", startedAt)))) {
@@ -52,6 +53,11 @@ async function run() {
        }
        language = (0, autobuild_1.determineAutobuildLanguage)(config, logger);
        if (language !== undefined) {
            const workingDirectory = (0, actions_util_1.getOptionalInput)("working-directory");
            if (workingDirectory) {
                logger.info(`Changing autobuilder working directory to ${workingDirectory}`);
                process.chdir(workingDirectory);
            }
            await (0, autobuild_1.runAutobuild)(language, config, logger);
        }
    }
--- a/lib/autobuild-action.js.map
+++ b/lib/autobuild-action.js.map
@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAMwB;AACxB,2CAAuE;AACvE,6DAA+C;AAE/C,uCAA6C;AAC7C,iCAAqD;AAErD,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AASvC,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,EACd,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,QAAQ,GAAyB,SAAS,CAAC;IAC/C,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,CACzC,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QACF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QACD,QAAQ,GAAG,IAAA,sCAA0B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;SAC9C;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAC1B,QAAQ,EACR,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAOwB;AACxB,2CAAuE;AACvE,6DAA+C;AAE/C,uCAA6C;AAC7C,iCAAyE;AAEzE,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AASvC,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,EACd,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,IAAA,yBAAkB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,IAAI,QAAQ,GAAyB,SAAS,CAAC;IAC/C,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,CACzC,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QACF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QACD,QAAQ,GAAG,IAAA,sCAA0B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;SAC9C;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAC1B,QAAQ,EACR,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
--- a/lib/codeql.js
+++ b/lib/codeql.js
@@ -22,12 +22,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getExtraOptions = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.convertToSemVer = exports.getCodeQLURLVersion = exports.setupCodeQL = exports.getCodeQLActionRepository = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_ML_POWERED_QUERIES = exports.CODEQL_VERSION_CONFIG_FILES = exports.CODEQL_VERSION_COUNTS_LINES = exports.CommandInvocationError = void 0;
+exports.getExtraOptions = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.convertToSemVer = exports.getCodeQLURLVersion = exports.setupCodeQL = exports.getCodeQLActionRepository = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_ML_POWERED_QUERIES = exports.CODEQL_VERSION_COUNTS_LINES = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const fast_deep_equal_1 = __importDefault(require("fast-deep-equal"));
 const yaml = __importStar(require("js-yaml"));
 const query_string_1 = __importDefault(require("query-string"));
 const semver = __importStar(require("semver"));
 const actions_util_1 = require("./actions-util");
@@ -76,7 +75,6 @@ const CODEQL_VERSION_GROUP_RULES = "2.5.5";
 const CODEQL_VERSION_SARIF_GROUP = "2.5.3";
 exports.CODEQL_VERSION_COUNTS_LINES = "2.6.2";
 const CODEQL_VERSION_CUSTOM_QUERY_HELP = "2.7.1";
 exports.CODEQL_VERSION_CONFIG_FILES = "2.8.2"; // Versions before 2.8.2 weren't tolerant to unknown properties
 exports.CODEQL_VERSION_ML_POWERED_QUERIES = "2.7.5";
 /**
 * This variable controls using the new style of tracing from the CodeQL
@@ -88,6 +86,12 @@ exports.CODEQL_VERSION_ML_POWERED_QUERIES = "2.7.5";
 * versions above that.
 */
 exports.CODEQL_VERSION_NEW_TRACING = "2.7.0";
 /**
 * Versions 2.9.0+ of the CodeQL CLI run machine learning models from a temporary directory, which
 * resolves an issue on Windows where TensorFlow models are not correctly loaded due to the path of
 * some of their files being greater than MAX_PATH (260 characters).
 */
 exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = "2.9.0";
 function getCodeQLBundleName() {
    let platform;
    if (process.platform === "win32") {
@@ -396,7 +400,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
        async getVersion() {
            let result = util.getCachedCodeQlVersion();
            if (result === undefined) {
-                result = await runTool(cmd, ["version", "--format=terse"]);
+                result = (await runTool(cmd, ["version", "--format=terse"])).trim();
                util.cacheCodeQlVersion(result);
            }
            return result;
@@ -468,29 +472,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                    extraArgs.push(`--trace-process-level=${processLevel || 3}`);
                }
            }
            if (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_CONFIG_FILES)) {
                const configLocation = path.resolve(config.tempDir, "user-config.yaml");
                const augmentedConfig = config.originalUserInput;
                if (config.injectedMlQueries) {
                    // We need to inject the ML queries into the original user input before
                    // we pass this on to the CLI, to make sure these get run.
                    let packString = util_1.ML_POWERED_JS_QUERIES_PACK.packName;
                    if (util_1.ML_POWERED_JS_QUERIES_PACK.version)
                        packString = `${packString}@${util_1.ML_POWERED_JS_QUERIES_PACK.version}`;
                    if (augmentedConfig.packs === undefined)
                        augmentedConfig.packs = [];
                    if (Array.isArray(augmentedConfig.packs)) {
                        augmentedConfig.packs.push(packString);
                    }
                    else {
                        if (!augmentedConfig.packs.javascript)
                            augmentedConfig.packs["javascript"] = [];
                        augmentedConfig.packs["javascript"].push(packString);
                    }
                }
                fs.writeFileSync(configLocation, yaml.dump(augmentedConfig));
                extraArgs.push(`--codescanning-config=${configLocation}`);
            }
            await runTool(cmd, [
                "database",
                "init",
@@ -611,9 +592,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
            if (extraSearchPath !== undefined) {
                codeqlArgs.push("--additional-packs", extraSearchPath);
            }
            if (!(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_CONFIG_FILES))) {
            codeqlArgs.push(querySuitePath);
            }
            await runTool(cmd, codeqlArgs);
        },
        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, automationDetailsId) {
@@ -640,9 +619,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                codeqlArgs.push("--sarif-category", automationDetailsId);
            }
            codeqlArgs.push(databasePath);
            if (!(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_CONFIG_FILES))) {
            codeqlArgs.push(...querySuitePaths);
            }
            // capture stdout, which contains analysis summaries
            return await runTool(cmd, codeqlArgs);
        },
@@ -670,8 +647,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                "pack",
                "download",
                "--format=json",
                "--resolve-query-specs",
                ...getExtraOptionsFromEnv(["pack", "download"]),
-                ...packs.map(packWithVersionToString),
+                ...packs,
            ];
            const output = await runTool(cmd, codeqlArgs);
            try {
@@ -727,9 +705,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
    }
    return codeql;
 }
 function packWithVersionToString(pack) {
    return pack.version ? `${pack.packName}@${pack.version}` : pack.packName;
 }
 /**
 * Gets the options for `path` of `options` as an array of extra option strings.
 */
--- a/lib/codeql.js.map
+++ b/lib/codeql.js.map
--- a/lib/config-utils.js
+++ b/lib/config-utils.js
@@ -19,7 +19,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.parsePacksFromConfig = exports.getDefaultConfig = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPacksRequireLanguage = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = void 0;
+exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePacksSpecification = exports.parsePacksFromConfig = exports.getDefaultConfig = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPacksRequireLanguage = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const yaml = __importStar(require("js-yaml"));
@@ -130,21 +130,30 @@ async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suite
    // If we're running the JavaScript security-extended analysis (or a superset of it), the repo is
    // opted into the ML-powered queries beta, and a user hasn't already added the ML-powered query
    // pack, then add the ML-powered query pack so that we run ML-powered queries.
-    if (languages.includes("javascript") &&
+    if (
    // Only run ML-powered queries on Windows if we have a CLI that supports it.
    (process.platform !== "win32" ||
        (await (0, util_1.codeQlVersionAbove)(codeQL, codeql_1.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS))) &&
        languages.includes("javascript") &&
        (found === "security-extended" || found === "security-and-quality") &&
-        !((_a = packs.javascript) === null || _a === void 0 ? void 0 : _a.some((pack) => pack.packName === util_1.ML_POWERED_JS_QUERIES_PACK.packName)) &&
+        !((_a = packs.javascript) === null || _a === void 0 ? void 0 : _a.some(isMlPoweredJsQueriesPack)) &&
        (await featureFlags.getValue(feature_flags_1.FeatureFlag.MlPoweredQueriesEnabled)) &&
        (await (0, util_1.codeQlVersionAbove)(codeQL, codeql_1.CODEQL_VERSION_ML_POWERED_QUERIES))) {
        if (!packs.javascript) {
            packs.javascript = [];
        }
-        packs.javascript.push(util_1.ML_POWERED_JS_QUERIES_PACK);
+        packs.javascript.push(await (0, util_1.getMlPoweredJsQueriesPack)(codeQL));
        injectedMlQueries = true;
    }
    const suites = languages.map((l) => `${l}-${suiteName}.qls`);
    await runResolveQueries(codeQL, resultMap, suites, undefined);
    return injectedMlQueries;
 }
 function isMlPoweredJsQueriesPack(pack) {
    return (pack === util_1.ML_POWERED_JS_QUERIES_PACK_NAME ||
        pack.startsWith(`${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}@`) ||
        pack.startsWith(`${util_1.ML_POWERED_JS_QUERIES_PACK_NAME}:`));
 }
 /**
 * Retrieve the set of queries at localQueryPath and add them to resultMap.
 */
@@ -631,7 +640,7 @@ function parsePacksFromConfig(packsByLanguage, languages, configFile) {
        }
        packs[lang] = [];
        for (const packStr of packsArr) {
-            packs[lang].push(toPackWithVersion(packStr, configFile));
+            packs[lang].push(validatePacksSpecification(packStr, configFile));
        }
    }
    return packs;
@@ -656,32 +665,74 @@ function parsePacksFromInput(packsInput, languages) {
    }
    return {
        [languages[0]]: packsInput.split(",").reduce((packs, pack) => {
-            packs.push(toPackWithVersion(pack, ""));
+            packs.push(validatePacksSpecification(pack, ""));
            return packs;
        }, []),
    };
 }
-function toPackWithVersion(packStr, configFile) {
+/**
 * Validates that this package specification is syntactically correct.
 * It may not point to any real package, but after this function returns
 * without throwing, we are guaranteed that the package specification
 * is roughly correct.
 *
 * The CLI itself will do a more thorough validation of the package
 * specification.
 *
 * A package specification looks like this:
 *
 * `scope/name@version:path`
 *
 * Version and path are optional.
 *
 * @param packStr the package specification to verify.
 * @param configFile Config file to use for error reporting
 */
 function validatePacksSpecification(packStr, configFile) {
    if (typeof packStr !== "string") {
        throw new Error(getPacksStrInvalid(packStr, configFile));
    }
-    const nameWithVersion = packStr.trim().split("@");
+    packStr = packStr.trim();
-    let version;
+    const atIndex = packStr.indexOf("@");
-    if (nameWithVersion.length > 2 ||
+    const colonIndex = packStr.indexOf(":", atIndex);
-        !PACK_IDENTIFIER_PATTERN.test(nameWithVersion[0])) {
+    const packStart = 0;
    const versionStart = atIndex + 1 || undefined;
    const pathStart = colonIndex + 1 || undefined;
    const packEnd = Math.min(atIndex > 0 ? atIndex : Infinity, colonIndex > 0 ? colonIndex : Infinity, packStr.length);
    const versionEnd = versionStart
        ? Math.min(colonIndex > 0 ? colonIndex : Infinity, packStr.length)
        : undefined;
    const pathEnd = pathStart ? packStr.length : undefined;
    const packName = packStr.slice(packStart, packEnd).trim();
    const version = versionStart
        ? packStr.slice(versionStart, versionEnd).trim()
        : undefined;
    const packPath = pathStart
        ? packStr.slice(pathStart, pathEnd).trim()
        : undefined;
    if (!PACK_IDENTIFIER_PATTERN.test(packName)) {
        throw new Error(getPacksStrInvalid(packStr, configFile));
    }
-    else if (nameWithVersion.length === 2) {
+    if (version) {
-        version = semver.clean(nameWithVersion[1]) || undefined;
+        try {
-        if (!version) {
+            new semver.Range(version);
        }
        catch (e) {
            // The range string is invalid. OK to ignore the caught error
            throw new Error(getPacksStrInvalid(packStr, configFile));
        }
    }
-    return {
+    if (packPath &&
-        packName: nameWithVersion[0].trim(),
+        (path.isAbsolute(packPath) || path.normalize(packPath) !== packPath)) {
-        version,
+        throw new Error(getPacksStrInvalid(packStr, configFile));
-    };
+    }
    if (!packPath && pathStart) {
        // 0 length path
        throw new Error(getPacksStrInvalid(packStr, configFile));
    }
    return (packName + (version ? `@${version}` : "") + (packPath ? `:${packPath}` : ""));
 }
 exports.validatePacksSpecification = validatePacksSpecification;
 // exported for testing
 function parsePacks(rawPacksFromConfig, rawPacksInput, languages, configFile) {
    const packsFromInput = parsePacksFromInput(rawPacksInput, languages);
--- a/lib/config-utils.js.map
+++ b/lib/config-utils.js.map
--- a/lib/config-utils.test.js
+++ b/lib/config-utils.test.js
@@ -26,7 +26,6 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
 const semver_1 = require("semver");
 const sinon = __importStar(require("sinon"));
 const api = __importStar(require("./api-client"));
 const codeql_1 = require("./codeql");
@@ -601,12 +600,7 @@ function queriesToResolvedQueryForm(queries) {
        const languages = "javascript";
        const { packs } = await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, "", "", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
        t.deepEqual(packs, {
-            [languages_1.Language.javascript]: [
+            [languages_1.Language.javascript]: ["a/b@1.2.3"],
                {
                    packName: "a/b",
                    version: (0, semver_1.clean)("1.2.3"),
                },
            ],
        });
    });
 });
@@ -640,18 +634,8 @@ function queriesToResolvedQueryForm(queries) {
        const languages = "javascript,python,cpp";
        const { packs, queries } = await configUtils.initConfig(languages, undefined, undefined, configFile, undefined, false, "", "", { owner: "github", repo: "example" }, tmpDir, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, feature_flags_1.createFeatureFlags)([]), (0, logging_1.getRunnerLogger)(true));
        t.deepEqual(packs, {
-            [languages_1.Language.javascript]: [
+            [languages_1.Language.javascript]: ["a/b@1.2.3"],
-                {
+            [languages_1.Language.python]: ["c/d@1.2.3"],
                    packName: "a/b",
                    version: (0, semver_1.clean)("1.2.3"),
                },
            ],
            [languages_1.Language.python]: [
                {
                    packName: "c/d",
                    version: (0, semver_1.clean)("1.2.3"),
                },
            ],
        });
        t.deepEqual(queries, {
            cpp: {
@@ -786,28 +770,47 @@ const invalidPackNameMacro = ava_1.default.macro({
 });
 (0, ava_1.default)("no packs", parsePacksMacro, {}, [], {});
 (0, ava_1.default)("two packs", parsePacksMacro, ["a/b", "c/d@1.2.3"], [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
        { packName: "a/b", version: undefined },
        { packName: "c/d", version: (0, semver_1.clean)("1.2.3") },
    ],
 });
 (0, ava_1.default)("two packs with spaces", parsePacksMacro, [" a/b ", " c/d@1.2.3 "], [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
        { packName: "a/b", version: undefined },
        { packName: "c/d", version: (0, semver_1.clean)("1.2.3") },
    ],
 });
 (0, ava_1.default)("two packs with language", parsePacksMacro, {
    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
    [languages_1.Language.java]: ["d/e", "f/g@1.2.3"],
 }, [languages_1.Language.cpp, languages_1.Language.java, languages_1.Language.csharp], {
    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
    [languages_1.Language.java]: ["d/e", "f/g@1.2.3"],
 });
 (0, ava_1.default)("packs with other valid names", parsePacksMacro, [
    // ranges are ok
    "c/d@1.0",
    "c/d@~1.0.0",
    "c/d@~1.0.0:a/b",
    "c/d@~1.0.0+abc:a/b",
    "c/d@~1.0.0-abc:a/b",
    "c/d:a/b",
    // whitespace is removed
    " c/d      @     ~1.0.0    :    b.qls   ",
    // and it is retained within a path
    " c/d      @     ~1.0.0    :    b/a path with/spaces.qls   ",
    // this is valid. the path is '@'. It will probably fail when passed to the CLI
    "c/d@1.2.3:@",
    // this is valid, too. It will fail if it doesn't match a path
    // (globbing is not done)
    "c/d@1.2.3:+*)_(",
 ], [languages_1.Language.cpp], {
    [languages_1.Language.cpp]: [
-        { packName: "a/b", version: undefined },
+        "c/d@1.0",
-        { packName: "c/d", version: (0, semver_1.clean)("1.2.3") },
+        "c/d@~1.0.0",
-    ],
+        "c/d@~1.0.0:a/b",
-    [languages_1.Language.java]: [
+        "c/d@~1.0.0+abc:a/b",
-        { packName: "d/e", version: undefined },
+        "c/d@~1.0.0-abc:a/b",
-        { packName: "f/g", version: (0, semver_1.clean)("1.2.3") },
+        "c/d:a/b",
        "c/d@~1.0.0:b.qls",
        "c/d@~1.0.0:b/a path with/spaces.qls",
        "c/d@1.2.3:@",
        "c/d@1.2.3:+*)_(",
    ],
 });
 (0, ava_1.default)("no language", parsePacksErrorMacro, ["a/b@1.2.3"], [languages_1.Language.java, languages_1.Language.python], /The configuration file "\/a\/b" is invalid: property "packs" must split packages by language/);
@@ -817,7 +820,14 @@ const invalidPackNameMacro = ava_1.default.macro({
 (0, ava_1.default)(invalidPackNameMacro, "c-/d");
 (0, ava_1.default)(invalidPackNameMacro, "-c/d");
 (0, ava_1.default)(invalidPackNameMacro, "c/d_d");
-(0, ava_1.default)(invalidPackNameMacro, "c/d@x");
+(0, ava_1.default)(invalidPackNameMacro, "c/d@@");
 (0, ava_1.default)(invalidPackNameMacro, "c/d@1.0.0:");
 (0, ava_1.default)(invalidPackNameMacro, "c/d:");
 (0, ava_1.default)(invalidPackNameMacro, "c/d:/a");
 (0, ava_1.default)(invalidPackNameMacro, "@1.0.0:a");
 (0, ava_1.default)(invalidPackNameMacro, "c/d@../a");
 (0, ava_1.default)(invalidPackNameMacro, "c/d@b/../a");
 (0, ava_1.default)(invalidPackNameMacro, "c/d:z@1");
 /**
 * Test macro for testing the packs block and the packs input
 */
@@ -834,39 +844,22 @@ function parseInputAndConfigErrorMacro(t, packsFromConfig, packsFromInput, langu
 }
 parseInputAndConfigErrorMacro.title = (providedTitle) => `Parse Packs input and config Error: ${providedTitle}`;
 (0, ava_1.default)("input only", parseInputAndConfigMacro, {}, " c/d ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [{ packName: "c/d", version: undefined }],
+    [languages_1.Language.cpp]: ["c/d"],
 });
 (0, ava_1.default)("input only with multiple", parseInputAndConfigMacro, {}, "a/b , c/d@1.2.3", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
        { packName: "a/b", version: undefined },
        { packName: "c/d", version: "1.2.3" },
    ],
 });
 (0, ava_1.default)("input only with +", parseInputAndConfigMacro, {}, "  +  a/b , c/d@1.2.3 ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["a/b", "c/d@1.2.3"],
        { packName: "a/b", version: undefined },
        { packName: "c/d", version: "1.2.3" },
    ],
 });
 (0, ava_1.default)("config only", parseInputAndConfigMacro, ["a/b", "c/d"], "  ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["a/b", "c/d"],
        { packName: "a/b", version: undefined },
        { packName: "c/d", version: undefined },
    ],
 });
 (0, ava_1.default)("input overrides", parseInputAndConfigMacro, ["a/b", "c/d"], " e/f, g/h@1.2.3 ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["e/f", "g/h@1.2.3"],
        { packName: "e/f", version: undefined },
        { packName: "g/h", version: "1.2.3" },
    ],
 });
 (0, ava_1.default)("input and config", parseInputAndConfigMacro, ["a/b", "c/d"], " +e/f, g/h@1.2.3 ", [languages_1.Language.cpp], {
-    [languages_1.Language.cpp]: [
+    [languages_1.Language.cpp]: ["e/f", "g/h@1.2.3", "a/b", "c/d"],
        { packName: "e/f", version: undefined },
        { packName: "g/h", version: "1.2.3" },
        { packName: "a/b", version: undefined },
        { packName: "c/d", version: undefined },
    ],
 });
 (0, ava_1.default)("input with no language", parseInputAndConfigErrorMacro, {}, "c/d", [], /No languages specified/);
 (0, ava_1.default)("input with two languages", parseInputAndConfigErrorMacro, {}, "c/d", [languages_1.Language.cpp, languages_1.Language.csharp], /multi-language analysis/);
@@ -895,10 +888,7 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
            if (expectedVersionString !== undefined) {
                t.deepEqual(packs, {
                    [languages_1.Language.javascript]: [
-                        {
+                        `codeql/javascript-experimental-atm-queries@${expectedVersionString}`,
                            packName: "codeql/javascript-experimental-atm-queries",
                            version: expectedVersionString,
                        },
                    ],
                });
            }
@@ -911,11 +901,28 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
        ? `${expectedVersionString} are`
        : "aren't"} loaded for packs: ${packsInput}, queries: ${queriesInput} using CLI v${codeQLVersion} when feature flag is ${isMlPoweredQueriesFlagEnabled ? "enabled" : "disabled"}`,
 });
-// macro, isMlPoweredQueriesFlagEnabled, packsInput, queriesInput, versionString
+// macro, codeQLVersion, isMlPoweredQueriesFlagEnabled, packsInput, queriesInput, expectedVersionString
 // Test that ML-powered queries aren't run on v2.7.4 of the CLI.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.4", true, undefined, "security-extended", undefined);
 // Test that ML-powered queries aren't run when the feature flag is off.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", false, undefined, "security-extended", undefined);
 // Test that the ~0.1.0 version of ML-powered queries is run on v2.8.3 of the CLI.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.8.3", true, undefined, "security-extended", process.platform === "win32" ? undefined : "~0.1.0");
 // Test that ML-powered queries aren't run when the user hasn't specified that we should run the
 // `security-extended` or `security-and-quality` query suite.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, undefined, undefined);
-(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, "security-extended", "~0.1.0");
+// Test that ML-powered queries are run on non-Windows platforms running `security-extended` on
-(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, undefined, "security-and-quality", "~0.1.0");
+// versions of the CodeQL CLI prior to 2.9.0.
-(0, ava_1.default)(mlPoweredQueriesMacro, "2.7.5", true, "codeql/javascript-experimental-atm-queries@0.0.1", "security-and-quality", "0.0.1");
+(0, ava_1.default)(mlPoweredQueriesMacro, "2.8.5", true, undefined, "security-extended", process.platform === "win32" ? undefined : "~0.2.0");
 // Test that ML-powered queries are run on non-Windows platforms running `security-and-quality` on
 // versions of the CodeQL CLI prior to 2.9.0.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.8.5", true, undefined, "security-and-quality", process.platform === "win32" ? undefined : "~0.2.0");
 // Test that ML-powered queries are run on all platforms running `security-extended` on CodeQL CLI
 // 2.9.0+.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.9.0", true, undefined, "security-extended", "~0.2.0");
 // Test that ML-powered queries are run on all platforms running `security-and-quality` on CodeQL
 // CLI 2.9.0+.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.9.0", true, undefined, "security-and-quality", "~0.2.0");
 // Test that we don't inject an ML-powered query pack if the user has already specified one.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.9.0", true, "codeql/javascript-experimental-atm-queries@0.0.1", "security-and-quality", "0.0.1");
 //# sourceMappingURL=config-utils.test.js.map
--- a/lib/config-utils.test.js.map
+++ b/lib/config-utils.test.js.map
--- a/lib/defaults.json
+++ b/lib/defaults.json
@@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20220322"
+    "bundleVersion": "codeql-bundle-20220428"
 }
--- a/lib/init-action.js
+++ b/lib/init-action.js
@@ -71,6 +71,7 @@ async function run() {
    const startedAt = new Date();
    const logger = (0, logging_1.getActionsLogger)();
    (0, util_1.initializeEnvironment)(util_1.Mode.actions, pkg.version);
    await (0, util_1.checkActionVersion)(pkg.version);
    let config;
    let codeql;
    let toolsVersion;
--- a/lib/init-action.js.map
+++ b/lib/init-action.js.map
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@@ -93,8 +93,7 @@ function getAutomationID(category, analysis_key, environment) {
 async function uploadPayload(payload, repositoryNwo, apiDetails, logger) {
    logger.info("Uploading results");
    // If in test mode we don't want to upload the results
-    const testMode = process.env["TEST_MODE"] === "true" || false;
+    if (util.isInTestMode()) {
    if (testMode) {
        const payloadSaveFile = path.join(actionsUtil.getTemporaryDirectory(), "payload.json");
        logger.info(`In test mode. Results are not uploaded. Saving to ${payloadSaveFile}`);
        logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`);
@@ -311,35 +310,29 @@ async function waitForProcessing(repositoryNwo, sarifID, apiDetails, logger) {
            logger.warning("Timed out waiting for analysis to finish processing. Continuing.");
            break;
        }
        let response = undefined;
        try {
-            const response = await client.request("GET /repos/:owner/:repo/code-scanning/sarifs/:sarif_id", {
+            response = await client.request("GET /repos/:owner/:repo/code-scanning/sarifs/:sarif_id", {
                owner: repositoryNwo.owner,
                repo: repositoryNwo.repo,
                sarif_id: sarifID,
            });
        }
        catch (e) {
            logger.warning(`An error occurred checking the status of the delivery. ${e} It should still be processed in the background, but errors that occur during processing may not be reported.`);
            break;
        }
        const status = response.data.processing_status;
        logger.info(`Analysis upload status is ${status}.`);
        if (status === "complete") {
            break;
        }
        else if (status === "pending") {
            logger.debug("Analysis processing is still pending...");
        }
        else if (status === "failed") {
            throw new Error(`Code Scanning could not process the submitted SARIF file:\n${response.data.errors}`);
        }
        }
        catch (e) {
            if (util.isHTTPError(e)) {
                switch (e.status) {
                    case 404:
                        logger.debug("Analysis is not found yet...");
                        break; // Note this breaks from the case statement, not the outer loop.
                    default:
                        throw e;
                }
            }
            else {
                throw e;
            }
        }
        await util.delay(STATUS_CHECK_FREQUENCY_MILLISECONDS);
    }
    logger.endGroup();
--- a/lib/upload-lib.js.map
+++ b/lib/upload-lib.js.map
--- a/lib/upload-sarif-action.js
+++ b/lib/upload-sarif-action.js
@@ -37,8 +37,9 @@ async function sendSuccessStatusReport(startedAt, uploadStats) {
    await actionsUtil.sendStatusReport(statusReport);
 }
 async function run() {
    (0, util_1.initializeEnvironment)(util_1.Mode.actions, pkg.version);
    const startedAt = new Date();
    (0, util_1.initializeEnvironment)(util_1.Mode.actions, pkg.version);
    await (0, util_1.checkActionVersion)(pkg.version);
    if (!(await actionsUtil.sendStatusReport(await actionsUtil.createStatusReportBase("upload-sarif", "starting", startedAt)))) {
        return;
    }
@@ -50,7 +51,11 @@ async function run() {
        const gitHubVersion = await (0, api_client_1.getGitHubVersionActionsOnly)();
        const uploadResult = await upload_lib.uploadFromActions(actionsUtil.getRequiredInput("sarif_file"), gitHubVersion, apiDetails, (0, logging_1.getActionsLogger)());
        core.setOutput("sarif-id", uploadResult.sarifID);
-        if (actionsUtil.getRequiredInput("wait-for-processing") === "true") {
+        // We don't upload results in test mode, so don't wait for processing
        if ((0, util_1.isInTestMode)()) {
            core.debug("In test mode. Waiting for processing is disabled.");
        }
        else if (actionsUtil.getRequiredInput("wait-for-processing") === "true") {
            await upload_lib.waitForProcessing((0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY")), uploadResult.sarifID, apiDetails, (0, logging_1.getActionsLogger)());
        }
        await sendSuccessStatusReport(startedAt, uploadResult.statusReport);
--- a/lib/upload-sarif-action.js.map
+++ b/lib/upload-sarif-action.js.map
@@ -1 +1 @@
-{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAA2D;AAC3D,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAA0E;AAE1E,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAMvC,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAC3C,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;SAC9C,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,wCAA2B,GAAE,CAAC;QAE1D,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,aAAa,EACb,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YAClE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,WAAW,CAAC,gBAAgB,CAAC,KAAK,CAAC,EACnC,SAAS,EACT,OAAO,EACP,KAAK,CACN,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAA2D;AAC3D,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAMgB;AAEhB,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAMvC,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,IAAA,yBAAkB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAC3C,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;SAC9C,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,wCAA2B,GAAE,CAAC;QAE1D,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,aAAa,EACb,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE;YAClB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;SACjE;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YACzE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,WAAW,CAAC,gBAAgB,CAAC,KAAK,CAAC,EACnC,SAAS,EACT,OAAO,EACP,KAAK,CACN,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
--- a/lib/util.js
+++ b/lib/util.js
@@ -22,13 +22,14 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getMlPoweredJsQueriesStatus = exports.ML_POWERED_JS_QUERIES_PACK = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isGitHubGhesVersionBelow = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.isActions = exports.getMode = exports.enrichEnvironment = exports.initializeEnvironment = exports.Mode = exports.assertNever = exports.getGitHubAuth = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
+exports.isInTestMode = exports.checkActionVersion = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isGitHubGhesVersionBelow = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.isActions = exports.getMode = exports.enrichEnvironment = exports.initializeEnvironment = exports.Mode = exports.assertNever = exports.getGitHubAuth = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const del_1 = __importDefault(require("del"));
 const semver = __importStar(require("semver"));
 const api = __importStar(require("./api-client"));
 const api_client_1 = require("./api-client");
 const apiCompatibility = __importStar(require("./api-compatibility.json"));
 const codeql_1 = require("./codeql");
@@ -545,24 +546,26 @@ function isGoodVersion(versionSpec) {
    return !BROKEN_VERSIONS.includes(versionSpec);
 }
 exports.isGoodVersion = isGoodVersion;
 exports.ML_POWERED_JS_QUERIES_PACK_NAME = "codeql/javascript-experimental-atm-queries";
 /**
- * The ML-powered JS query pack to add to the analysis if a repo is opted into the ML-powered
+ * Gets the ML-powered JS query pack to add to the analysis if a repo is opted into the ML-powered
 * queries beta.
 */
-exports.ML_POWERED_JS_QUERIES_PACK = {
+async function getMlPoweredJsQueriesPack(codeQL) {
-    packName: "codeql/javascript-experimental-atm-queries",
+    if (await codeQlVersionAbove(codeQL, "2.8.4")) {
-    version: "~0.1.0",
+        return `${exports.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.2.0`;
-};
+    }
    return `${exports.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`;
 }
 exports.getMlPoweredJsQueriesPack = getMlPoweredJsQueriesPack;
 /**
 * Get information about ML-powered JS queries to populate status reports with.
 *
 * This will be:
 *
- * - The version string if the analysis is using the ML-powered query pack that will be added to the
+ * - The version string if the analysis is using a single version of the ML-powered query pack.
- *   analysis if the repo is opted into the ML-powered queries beta, i.e.
+ * - "latest" if the version string of the ML-powered query pack is undefined. This is unlikely to
- *   {@link ML_POWERED_JS_QUERIES_PACK.version}. If the version string
+ *   occur in practice (see comment below).
 *   {@link ML_POWERED_JS_QUERIES_PACK.version} is undefined, then the status report string will be
 *   "latest", however this shouldn't occur in practice (see comment below).
 * - "false" if the analysis won't run any ML-powered JS queries.
 * - "other" in all other cases.
 *
@@ -572,30 +575,64 @@ exports.ML_POWERED_JS_QUERIES_PACK = {
 * version of the CodeQL Action. For instance, we might want to compare the `~0.1.0` and `~0.0.2`
 * version strings.
 *
 * We restrict the set of strings we report here by excluding other version strings and combinations
 * of version strings. We do this to limit the cardinality of the ML-powered JS queries status
 * report field, since some platforms that ingest this status report bill based on the cardinality
 * of its fields.
 *
 * This function lives here rather than in `init-action.ts` so it's easier to test, since tests for
 * `init-action.ts` would each need to live in their own file. See `analyze-action-env.ts` for an
 * explanation as to why this is.
 */
 function getMlPoweredJsQueriesStatus(config) {
-    const mlPoweredJsQueryPacks = (config.packs.javascript || []).filter((pack) => pack.packName === exports.ML_POWERED_JS_QUERIES_PACK.packName);
+    const mlPoweredJsQueryPacks = (config.packs.javascript || [])
-    if (mlPoweredJsQueryPacks.length === 0) {
+        .map((pack) => pack.split("@"))
-        return "false";
+        .filter((packNameVersion) => packNameVersion[0] === "codeql/javascript-experimental-atm-queries" &&
-    }
+        packNameVersion.length <= 2);
-    const firstVersionString = mlPoweredJsQueryPacks[0].version;
+    switch (mlPoweredJsQueryPacks.length) {
-    if (mlPoweredJsQueryPacks.length === 1 &&
+        case 1:
-        exports.ML_POWERED_JS_QUERIES_PACK.version === firstVersionString) {
+            // We should always specify an explicit version string in `getMlPoweredJsQueriesPack`,
        // We should always specify an explicit version string in `ML_POWERED_JS_QUERIES_PACK`,
            // otherwise we won't be able to make changes to the pack unless those changes are compatible
-        // with each version of the CodeQL Action. Therefore in practice, we should never hit the
+            // with each version of the CodeQL Action. Therefore in practice we should only hit the
-        // `latest` case here.
+            // `latest` case here when customers have explicitly added the ML-powered query pack to their
-        return exports.ML_POWERED_JS_QUERIES_PACK.version || "latest";
+            // CodeQL config.
-    }
+            return mlPoweredJsQueryPacks[0][1] || "latest";
        case 0:
            return "false";
        default:
            return "other";
    }
 }
 exports.getMlPoweredJsQueriesStatus = getMlPoweredJsQueriesStatus;
 /**
 * Prompt the customer to upgrade to CodeQL Action v2, if appropriate.
 *
 * Check whether a customer is running v1. If they are, and we can determine that the GitHub
 * instance supports v2, then log a warning about v1's upcoming deprecation prompting the customer
 * to upgrade to v2.
 */
 async function checkActionVersion(version) {
    var _a;
    if (!semver.satisfies(version, ">=2")) {
        const githubVersion = await api.getGitHubVersionActionsOnly();
        // Only log a warning for versions of GHES that are compatible with CodeQL Action version 2.
        //
        // GHES 3.4 shipped without the v2 tag, but it also shipped without this warning message code.
        // Therefore users who are seeing this warning message code have pulled in a new version of the
        // Action, and with it the v2 tag.
        if (githubVersion.type === GitHubVariant.DOTCOM ||
            githubVersion.type === GitHubVariant.GHAE ||
            (githubVersion.type === GitHubVariant.GHES &&
                semver.satisfies((_a = semver.coerce(githubVersion.version)) !== null && _a !== void 0 ? _a : "0.0.0", ">=3.4"))) {
            core.warning("CodeQL Action v1 will be deprecated on December 7th, 2022. Please upgrade to v2. For " +
                "more information, see " +
                "https://github.blog/changelog/2022-04-27-code-scanning-deprecation-of-codeql-action-v1/");
        }
    }
 }
 exports.checkActionVersion = checkActionVersion;
 /*
 * Returns whether we are in test mode.
 *
 * In test mode, we don't upload SARIF results or status reports to the GitHub API.
 */
 function isInTestMode() {
    return process.env["TEST_MODE"] === "true" || false;
 }
 exports.isInTestMode = isInTestMode;
 //# sourceMappingURL=util.js.map
--- a/lib/util.js.map
+++ b/lib/util.js.map
--- a/lib/util.test.js
+++ b/lib/util.test.js
@@ -25,6 +25,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const stream = __importStar(require("stream"));
 const core = __importStar(require("@actions/core"));
 const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
@@ -205,32 +206,31 @@ async function mockStdInForAuthExpectError(t, mockLogger, ...text) {
    await t.throwsAsync(async () => util.getGitHubAuth(mockLogger, undefined, true, stdin));
 }
 const ML_POWERED_JS_STATUS_TESTS = [
    // If no packs are loaded, status is false.
    [[], "false"],
-    [[{ packName: "someOtherPack" }], "false"],
+    // If another pack is loaded but not the ML-powered query pack, status is false.
    [["someOtherPack"], "false"],
    // If the ML-powered query pack is loaded with a specific version, status is that version.
    [[`${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`], "~0.1.0"],
    // If the ML-powered query pack is loaded with a specific version and another pack is loaded, the
    // status is the version of the ML-powered query pack.
    [
-        [{ packName: "someOtherPack" }, util.ML_POWERED_JS_QUERIES_PACK],
+        ["someOtherPack", `${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`],
-        util.ML_POWERED_JS_QUERIES_PACK.version,
+        "~0.1.0",
    ],
    [[util.ML_POWERED_JS_QUERIES_PACK], util.ML_POWERED_JS_QUERIES_PACK.version],
    [[{ packName: util.ML_POWERED_JS_QUERIES_PACK.packName }], "other"],
    [
        [{ packName: util.ML_POWERED_JS_QUERIES_PACK.packName, version: "~0.0.1" }],
        "other",
    ],
    // If the ML-powered query pack is loaded without a version, the status is "latest".
    [[util.ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
    // If the ML-powered query pack is loaded with two different versions, the status is "other".
    [
        [
-            { packName: util.ML_POWERED_JS_QUERIES_PACK.packName, version: "0.0.1" },
+            `${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.0.1`,
-            { packName: util.ML_POWERED_JS_QUERIES_PACK.packName, version: "0.0.2" },
+            `${util.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.0.2`,
        ],
        "other",
    ],
    [
        [
            { packName: "someOtherPack" },
            { packName: util.ML_POWERED_JS_QUERIES_PACK.packName },
        ],
        "other",
    ],
    // If the ML-powered query pack is loaded with no specific version, and another pack is loaded,
    // the status is "latest".
    [["someOtherPack", util.ML_POWERED_JS_QUERIES_PACK_NAME], "latest"],
 ];
 for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
    const packDescriptions = `[${packs
@@ -270,4 +270,50 @@ for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
    t.falsy(util.isGitHubGhesVersionBelow({ type: util.GitHubVariant.GHES, version: "3.2.0" }, "3.2.0"));
    t.true(util.isGitHubGhesVersionBelow({ type: util.GitHubVariant.GHES, version: "3.1.2" }, "3.2.0"));
 });
 function formatGitHubVersion(version) {
    switch (version.type) {
        case util.GitHubVariant.DOTCOM:
            return "dotcom";
        case util.GitHubVariant.GHAE:
            return "GHAE";
        case util.GitHubVariant.GHES:
            return `GHES ${version.version}`;
        default:
            util.assertNever(version);
    }
 }
 const CHECK_ACTION_VERSION_TESTS = [
    ["1.2.1", { type: util.GitHubVariant.DOTCOM }, true],
    ["1.2.1", { type: util.GitHubVariant.GHAE }, true],
    ["1.2.1", { type: util.GitHubVariant.GHES, version: "3.3" }, false],
    ["1.2.1", { type: util.GitHubVariant.GHES, version: "3.4" }, true],
    ["1.2.1", { type: util.GitHubVariant.GHES, version: "3.5" }, true],
    ["2.2.1", { type: util.GitHubVariant.DOTCOM }, false],
    ["2.2.1", { type: util.GitHubVariant.GHAE }, false],
    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.3" }, false],
    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.4" }, false],
    ["2.2.1", { type: util.GitHubVariant.GHES, version: "3.5" }, false],
 ];
 for (const [version, githubVersion, shouldReportWarning,] of CHECK_ACTION_VERSION_TESTS) {
    const reportWarningDescription = shouldReportWarning
        ? "reports warning"
        : "doesn't report warning";
    const versionsDescription = `CodeQL Action version ${version} and GitHub version ${formatGitHubVersion(githubVersion)}`;
    (0, ava_1.default)(`checkActionVersion ${reportWarningDescription} for ${versionsDescription}`, async (t) => {
        const warningSpy = sinon.spy(core, "warning");
        const versionStub = sinon
            .stub(api, "getGitHubVersionActionsOnly")
            .resolves(githubVersion);
        const isActionsStub = sinon.stub(util, "isActions").returns(true);
        await util.checkActionVersion(version);
        if (shouldReportWarning) {
            t.true(warningSpy.calledOnceWithExactly(sinon.match("CodeQL Action v1 will be deprecated")));
        }
        else {
            t.false(warningSpy.called);
        }
        versionStub.restore();
        isActionsStub.restore();
    });
 }
 //# sourceMappingURL=util.test.js.map
--- a/lib/util.test.js.map
+++ b/lib/util.test.js.map
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "2.1.6",
+  "version": "2.1.11",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
@@ -893,6 +893,14 @@
        "node": ">=8"
      }
    },
    "node_modules/array-uniq": {
      "version": "1.0.3",
      "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz",
      "integrity": "sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=",
      "engines": {
        "node": ">=0.10.0"
      }
    },
    "node_modules/array.prototype.flat": {
      "version": "1.2.4",
      "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.2.4.tgz",
@@ -2788,10 +2796,40 @@
        "loc": "dist/cli.js"
      }
    },
    "node_modules/github-linguist/node_modules/array-union": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz",
      "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=",
      "dependencies": {
        "array-uniq": "^1.0.1"
      },
      "engines": {
        "node": ">=0.10.0"
      }
    },
    "node_modules/github-linguist/node_modules/commander": {
      "version": "2.20.3",
      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
    },
    "node_modules/github-linguist/node_modules/glob": {
      "version": "7.2.0",
      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz",
      "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==",
      "dependencies": {
        "fs.realpath": "^1.0.0",
        "inflight": "^1.0.4",
        "inherits": "2",
        "minimatch": "^3.0.4",
        "once": "^1.3.0",
        "path-is-absolute": "^1.0.0"
      },
      "engines": {
        "node": "*"
      },
      "funding": {
        "url": "https://github.com/sponsors/isaacs"
      }
    },
    "node_modules/github-linguist/node_modules/globby": {
      "version": "6.1.0",
      "integrity": "sha1-9abXDoOV4hyFj7BInWTfAkJNUGw=",
@@ -2814,18 +2852,19 @@
      }
    },
    "node_modules/glob": {
-      "version": "7.1.7",
+      "version": "8.0.1",
-      "integrity": "sha512-OvD9ENzPLbegENnYP5UUfJIirTg4+XwMWGaQfQTY0JenxNvvIKP3U3/tAQSPIu/lHxXYSZmpXlUHeqAIdKzBLQ==",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-8.0.1.tgz",
      "integrity": "sha512-cF7FYZZ47YzmCu7dDy50xSRRfO3ErRfrXuLZcNIuyiJEco0XSrGtuilG19L5xp3NcwTx7Gn+X6Tv3fmsUPTbow==",
      "dependencies": {
        "fs.realpath": "^1.0.0",
        "inflight": "^1.0.4",
        "inherits": "2",
-        "minimatch": "^3.0.4",
+        "minimatch": "^5.0.1",
        "once": "^1.3.0",
        "path-is-absolute": "^1.0.0"
      },
      "engines": {
-        "node": "*"
+        "node": ">=12"
      },
      "funding": {
        "url": "https://github.com/sponsors/isaacs"
@@ -2842,6 +2881,25 @@
        "node": ">= 6"
      }
    },
    "node_modules/glob/node_modules/brace-expansion": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
      "dependencies": {
        "balanced-match": "^1.0.0"
      }
    },
    "node_modules/glob/node_modules/minimatch": {
      "version": "5.0.1",
      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz",
      "integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==",
      "dependencies": {
        "brace-expansion": "^2.0.1"
      },
      "engines": {
        "node": ">=10"
      }
    },
    "node_modules/globals": {
      "version": "13.10.0",
      "resolved": "https://registry.npmjs.org/globals/-/globals-13.10.0.tgz",
@@ -4449,6 +4507,25 @@
        "url": "https://github.com/sponsors/isaacs"
      }
    },
    "node_modules/rimraf/node_modules/glob": {
      "version": "7.2.0",
      "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz",
      "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==",
      "dependencies": {
        "fs.realpath": "^1.0.0",
        "inflight": "^1.0.4",
        "inherits": "2",
        "minimatch": "^3.0.4",
        "once": "^1.3.0",
        "path-is-absolute": "^1.0.0"
      },
      "engines": {
        "node": "*"
      },
      "funding": {
        "url": "https://github.com/sponsors/isaacs"
      }
    },
    "node_modules/run-parallel": {
      "version": "1.1.9",
      "integrity": "sha512-DEqnSRTDw/Tc3FXf49zedI638Z9onwUotBMiUFKmrO2sdFKIbXamXGQ3Axd4qgphxKB4kw/qP1w5kTxnfU1B9Q=="
--- a/node_modules/array-uniq/index.js
+++ b/node_modules/array-uniq/index.js
@@ -0,0 +1,62 @@
 'use strict';
 // there's 3 implementations written in increasing order of efficiency
 // 1 - no Set type is defined
 function uniqNoSet(arr) {
 	var ret = [];
 	for (var i = 0; i < arr.length; i++) {
 		if (ret.indexOf(arr[i]) === -1) {
 			ret.push(arr[i]);
 		}
 	}
 	return ret;
 }
 // 2 - a simple Set type is defined
 function uniqSet(arr) {
 	var seen = new Set();
 	return arr.filter(function (el) {
 		if (!seen.has(el)) {
 			seen.add(el);
 			return true;
 		}
 		return false;
 	});
 }
 // 3 - a standard Set type is defined and it has a forEach method
 function uniqSetWithForEach(arr) {
 	var ret = [];
 	(new Set(arr)).forEach(function (el) {
 		ret.push(el);
 	});
 	return ret;
 }
 // V8 currently has a broken implementation
 // https://github.com/joyent/node/issues/8449
 function doesForEachActuallyWork() {
 	var ret = false;
 	(new Set([true])).forEach(function (el) {
 		ret = el;
 	});
 	return ret === true;
 }
 if ('Set' in global) {
 	if (typeof Set.prototype.forEach === 'function' && doesForEachActuallyWork()) {
 		module.exports = uniqSetWithForEach;
 	} else {
 		module.exports = uniqSet;
 	}
 } else {
 	module.exports = uniqNoSet;
 }
--- a/node_modules/array-uniq/license
+++ b/node_modules/array-uniq/license
@@ -0,0 +1,21 @@
 The MIT License (MIT)
 Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
--- a/node_modules/array-uniq/package.json
+++ b/node_modules/array-uniq/package.json
@@ -0,0 +1,37 @@
 {
  "name": "array-uniq",
  "version": "1.0.3",
  "description": "Create an array without duplicates",
  "license": "MIT",
  "repository": "sindresorhus/array-uniq",
  "author": {
    "name": "Sindre Sorhus",
    "email": "sindresorhus@gmail.com",
    "url": "sindresorhus.com"
  },
  "engines": {
    "node": ">=0.10.0"
  },
  "scripts": {
    "test": "xo && ava"
  },
  "files": [
    "index.js"
  ],
  "keywords": [
    "array",
    "arr",
    "set",
    "uniq",
    "unique",
    "es6",
    "duplicate",
    "remove"
  ],
  "devDependencies": {
    "ava": "*",
    "es6-set": "^0.1.0",
    "require-uncached": "^1.0.2",
    "xo": "*"
  }
 }
--- a/node_modules/array-uniq/readme.md
+++ b/node_modules/array-uniq/readme.md
@@ -0,0 +1,30 @@
 # array-uniq [![Build Status](https://travis-ci.org/sindresorhus/array-uniq.svg?branch=master)](https://travis-ci.org/sindresorhus/array-uniq)
 > Create an array without duplicates
 It's already pretty fast, but will be much faster when [Set](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Set) becomes available in V8 (especially with large arrays).
 ## Install
 ```
 $ npm install --save array-uniq
 ```
 ## Usage
 ```js
 const arrayUniq = require('array-uniq');
 arrayUniq([1, 1, 2, 3, 3]);
 //=> [1, 2, 3]
 arrayUniq(['foo', 'foo', 'bar', 'foo']);
 //=> ['foo', 'bar']
 ```
 ## License
 MIT © [Sindre Sorhus](https://sindresorhus.com)
--- a/node_modules/github-linguist/node_modules/array-union/index.js
+++ b/node_modules/github-linguist/node_modules/array-union/index.js
@@ -0,0 +1,6 @@
 'use strict';
 var arrayUniq = require('array-uniq');
 module.exports = function () {
 	return arrayUniq([].concat.apply([], arguments));
 };
--- a/node_modules/github-linguist/node_modules/array-union/license
+++ b/node_modules/github-linguist/node_modules/array-union/license
@@ -0,0 +1,21 @@
 The MIT License (MIT)
 Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in
 all copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
--- a/node_modules/github-linguist/node_modules/array-union/package.json
+++ b/node_modules/github-linguist/node_modules/array-union/package.json
@@ -0,0 +1,40 @@
 {
  "name": "array-union",
  "version": "1.0.2",
  "description": "Create an array of unique values, in order, from the input arrays",
  "license": "MIT",
  "repository": "sindresorhus/array-union",
  "author": {
    "name": "Sindre Sorhus",
    "email": "sindresorhus@gmail.com",
    "url": "sindresorhus.com"
  },
  "engines": {
    "node": ">=0.10.0"
  },
  "scripts": {
    "test": "xo && ava"
  },
  "files": [
    "index.js"
  ],
  "keywords": [
    "array",
    "arr",
    "set",
    "uniq",
    "unique",
    "duplicate",
    "remove",
    "union",
    "combine",
    "merge"
  ],
  "dependencies": {
    "array-uniq": "^1.0.1"
  },
  "devDependencies": {
    "ava": "*",
    "xo": "*"
  }
 }
--- a/node_modules/github-linguist/node_modules/array-union/readme.md
+++ b/node_modules/github-linguist/node_modules/array-union/readme.md
@@ -0,0 +1,28 @@
 # array-union [![Build Status](https://travis-ci.org/sindresorhus/array-union.svg?branch=master)](https://travis-ci.org/sindresorhus/array-union)
 > Create an array of unique values, in order, from the input arrays
 ## Install
 ```
 $ npm install --save array-union
 ```
 ## Usage
 ```js
 const arrayUnion = require('array-union');
 arrayUnion([1, 1, 2, 3], [2, 3]);
 //=> [1, 2, 3]
 arrayUnion(['foo', 'foo', 'bar'], ['foo']);
 //=> ['foo', 'bar']
 ```
 ## License
 MIT © [Sindre Sorhus](https://sindresorhus.com)
--- a/node_modules/github-linguist/node_modules/glob/LICENSE
+++ b/node_modules/github-linguist/node_modules/glob/LICENSE
@@ -0,0 +1,21 @@
 The ISC License
 Copyright (c) Isaac Z. Schlueter and Contributors
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
 copyright notice and this permission notice appear in all copies.
 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
 IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 ## Glob Logo
 Glob's logo created by Tanya Brassie <http://tanyabrassie.com/>, licensed
 under a Creative Commons Attribution-ShareAlike 4.0 International License
 https://creativecommons.org/licenses/by-sa/4.0/
--- a/node_modules/github-linguist/node_modules/glob/README.md
+++ b/node_modules/github-linguist/node_modules/glob/README.md
@@ -0,0 +1,378 @@
 # Glob
 Match files using the patterns the shell uses, like stars and stuff.
 [![Build Status](https://travis-ci.org/isaacs/node-glob.svg?branch=master)](https://travis-ci.org/isaacs/node-glob/) [![Build Status](https://ci.appveyor.com/api/projects/status/kd7f3yftf7unxlsx?svg=true)](https://ci.appveyor.com/project/isaacs/node-glob) [![Coverage Status](https://coveralls.io/repos/isaacs/node-glob/badge.svg?branch=master&service=github)](https://coveralls.io/github/isaacs/node-glob?branch=master)
 This is a glob implementation in JavaScript.  It uses the `minimatch`
 library to do its matching.
 ![a fun cartoon logo made of glob characters](logo/glob.png)
 ## Usage
 Install with npm
 ```
 npm i glob
 ```
 ```javascript
 var glob = require("glob")
 // options is optional
 glob("**/*.js", options, function (er, files) {
  // files is an array of filenames.
  // If the `nonull` option is set, and nothing
  // was found, then files is ["**/*.js"]
  // er is an error object or null.
 })
 ```
 ## Glob Primer
 "Globs" are the patterns you type when you do stuff like `ls *.js` on
 the command line, or put `build/*` in a `.gitignore` file.
 Before parsing the path part patterns, braced sections are expanded
 into a set.  Braced sections start with `{` and end with `}`, with any
 number of comma-delimited sections within.  Braced sections may contain
 slash characters, so `a{/b/c,bcd}` would expand into `a/b/c` and `abcd`.
 The following characters have special magic meaning when used in a
 path portion:
 * `*` Matches 0 or more characters in a single path portion
 * `?` Matches 1 character
 * `[...]` Matches a range of characters, similar to a RegExp range.
  If the first character of the range is `!` or `^` then it matches
  any character not in the range.
 * `!(pattern|pattern|pattern)` Matches anything that does not match
  any of the patterns provided.
 * `?(pattern|pattern|pattern)` Matches zero or one occurrence of the
  patterns provided.
 * `+(pattern|pattern|pattern)` Matches one or more occurrences of the
  patterns provided.
 * `*(a|b|c)` Matches zero or more occurrences of the patterns provided
 * `@(pattern|pat*|pat?erN)` Matches exactly one of the patterns
  provided
 * `**` If a "globstar" is alone in a path portion, then it matches
  zero or more directories and subdirectories searching for matches.
  It does not crawl symlinked directories.
 ### Dots
 If a file or directory path portion has a `.` as the first character,
 then it will not match any glob pattern unless that pattern's
 corresponding path part also has a `.` as its first character.
 For example, the pattern `a/.*/c` would match the file at `a/.b/c`.
 However the pattern `a/*/c` would not, because `*` does not start with
 a dot character.
 You can make glob treat dots as normal characters by setting
 `dot:true` in the options.
 ### Basename Matching
 If you set `matchBase:true` in the options, and the pattern has no
 slashes in it, then it will seek for any file anywhere in the tree
 with a matching basename.  For example, `*.js` would match
 `test/simple/basic.js`.
 ### Empty Sets
 If no matching files are found, then an empty array is returned.  This
 differs from the shell, where the pattern itself is returned.  For
 example:
    $ echo a*s*d*f
    a*s*d*f
 To get the bash-style behavior, set the `nonull:true` in the options.
 ### See Also:
 * `man sh`
 * `man bash` (Search for "Pattern Matching")
 * `man 3 fnmatch`
 * `man 5 gitignore`
 * [minimatch documentation](https://github.com/isaacs/minimatch)
 ## glob.hasMagic(pattern, [options])
 Returns `true` if there are any special characters in the pattern, and
 `false` otherwise.
 Note that the options affect the results.  If `noext:true` is set in
 the options object, then `+(a|b)` will not be considered a magic
 pattern.  If the pattern has a brace expansion, like `a/{b/c,x/y}`
 then that is considered magical, unless `nobrace:true` is set in the
 options.
 ## glob(pattern, [options], cb)
 * `pattern` `{String}` Pattern to be matched
 * `options` `{Object}`
 * `cb` `{Function}`
  * `err` `{Error | null}`
  * `matches` `{Array<String>}` filenames found matching the pattern
 Perform an asynchronous glob search.
 ## glob.sync(pattern, [options])
 * `pattern` `{String}` Pattern to be matched
 * `options` `{Object}`
 * return: `{Array<String>}` filenames found matching the pattern
 Perform a synchronous glob search.
 ## Class: glob.Glob
 Create a Glob object by instantiating the `glob.Glob` class.
 ```javascript
 var Glob = require("glob").Glob
 var mg = new Glob(pattern, options, cb)
 ```
 It's an EventEmitter, and starts walking the filesystem to find matches
 immediately.
 ### new glob.Glob(pattern, [options], [cb])
 * `pattern` `{String}` pattern to search for
 * `options` `{Object}`
 * `cb` `{Function}` Called when an error occurs, or matches are found
  * `err` `{Error | null}`
  * `matches` `{Array<String>}` filenames found matching the pattern
 Note that if the `sync` flag is set in the options, then matches will
 be immediately available on the `g.found` member.
 ### Properties
 * `minimatch` The minimatch object that the glob uses.
 * `options` The options object passed in.
 * `aborted` Boolean which is set to true when calling `abort()`.  There
  is no way at this time to continue a glob search after aborting, but
  you can re-use the statCache to avoid having to duplicate syscalls.
 * `cache` Convenience object.  Each field has the following possible
  values:
  * `false` - Path does not exist
  * `true` - Path exists
  * `'FILE'` - Path exists, and is not a directory
  * `'DIR'` - Path exists, and is a directory
  * `[file, entries, ...]` - Path exists, is a directory, and the
    array value is the results of `fs.readdir`
 * `statCache` Cache of `fs.stat` results, to prevent statting the same
  path multiple times.
 * `symlinks` A record of which paths are symbolic links, which is
  relevant in resolving `**` patterns.
 * `realpathCache` An optional object which is passed to `fs.realpath`
  to minimize unnecessary syscalls.  It is stored on the instantiated
  Glob object, and may be re-used.
 ### Events
 * `end` When the matching is finished, this is emitted with all the
  matches found.  If the `nonull` option is set, and no match was found,
  then the `matches` list contains the original pattern.  The matches
  are sorted, unless the `nosort` flag is set.
 * `match` Every time a match is found, this is emitted with the specific
  thing that matched. It is not deduplicated or resolved to a realpath.
 * `error` Emitted when an unexpected error is encountered, or whenever
  any fs error occurs if `options.strict` is set.
 * `abort` When `abort()` is called, this event is raised.
 ### Methods
 * `pause` Temporarily stop the search
 * `resume` Resume the search
 * `abort` Stop the search forever
 ### Options
 All the options that can be passed to Minimatch can also be passed to
 Glob to change pattern matching behavior.  Also, some have been added,
 or have glob-specific ramifications.
 All options are false by default, unless otherwise noted.
 All options are added to the Glob object, as well.
 If you are running many `glob` operations, you can pass a Glob object
 as the `options` argument to a subsequent operation to shortcut some
 `stat` and `readdir` calls.  At the very least, you may pass in shared
 `symlinks`, `statCache`, `realpathCache`, and `cache` options, so that
 parallel glob operations will be sped up by sharing information about
 the filesystem.
 * `cwd` The current working directory in which to search.  Defaults
  to `process.cwd()`.
 * `root` The place where patterns starting with `/` will be mounted
  onto.  Defaults to `path.resolve(options.cwd, "/")` (`/` on Unix
  systems, and `C:\` or some such on Windows.)
 * `dot` Include `.dot` files in normal matches and `globstar` matches.
  Note that an explicit dot in a portion of the pattern will always
  match dot files.
 * `nomount` By default, a pattern starting with a forward-slash will be
  "mounted" onto the root setting, so that a valid filesystem path is
  returned.  Set this flag to disable that behavior.
 * `mark` Add a `/` character to directory matches.  Note that this
  requires additional stat calls.
 * `nosort` Don't sort the results.
 * `stat` Set to true to stat *all* results.  This reduces performance
  somewhat, and is completely unnecessary, unless `readdir` is presumed
  to be an untrustworthy indicator of file existence.
 * `silent` When an unusual error is encountered when attempting to
  read a directory, a warning will be printed to stderr.  Set the
  `silent` option to true to suppress these warnings.
 * `strict` When an unusual error is encountered when attempting to
  read a directory, the process will just continue on in search of
  other matches.  Set the `strict` option to raise an error in these
  cases.
 * `cache` See `cache` property above.  Pass in a previously generated
  cache object to save some fs calls.
 * `statCache` A cache of results of filesystem information, to prevent
  unnecessary stat calls.  While it should not normally be necessary
  to set this, you may pass the statCache from one glob() call to the
  options object of another, if you know that the filesystem will not
  change between calls.  (See "Race Conditions" below.)
 * `symlinks` A cache of known symbolic links.  You may pass in a
  previously generated `symlinks` object to save `lstat` calls when
  resolving `**` matches.
 * `sync` DEPRECATED: use `glob.sync(pattern, opts)` instead.
 * `nounique` In some cases, brace-expanded patterns can result in the
  same file showing up multiple times in the result set.  By default,
  this implementation prevents duplicates in the result set.  Set this
  flag to disable that behavior.
 * `nonull` Set to never return an empty set, instead returning a set
  containing the pattern itself.  This is the default in glob(3).
 * `debug` Set to enable debug logging in minimatch and glob.
 * `nobrace` Do not expand `{a,b}` and `{1..3}` brace sets.
 * `noglobstar` Do not match `**` against multiple filenames.  (Ie,
  treat it as a normal `*` instead.)
 * `noext` Do not match `+(a|b)` "extglob" patterns.
 * `nocase` Perform a case-insensitive match.  Note: on
  case-insensitive filesystems, non-magic patterns will match by
  default, since `stat` and `readdir` will not raise errors.
 * `matchBase` Perform a basename-only match if the pattern does not
  contain any slash characters.  That is, `*.js` would be treated as
  equivalent to `**/*.js`, matching all js files in all directories.
 * `nodir` Do not match directories, only files.  (Note: to match
  *only* directories, simply put a `/` at the end of the pattern.)
 * `ignore` Add a pattern or an array of glob patterns to exclude matches.
  Note: `ignore` patterns are *always* in `dot:true` mode, regardless
  of any other settings.
 * `follow` Follow symlinked directories when expanding `**` patterns.
  Note that this can result in a lot of duplicate references in the
  presence of cyclic links.
 * `realpath` Set to true to call `fs.realpath` on all of the results.
  In the case of a symlink that cannot be resolved, the full absolute
  path to the matched entry is returned (though it will usually be a
  broken symlink)
 * `absolute` Set to true to always receive absolute paths for matched
  files.  Unlike `realpath`, this also affects the values returned in
  the `match` event.
 * `fs` File-system object with Node's `fs` API. By default, the built-in
  `fs` module will be used. Set to a volume provided by a library like
  `memfs` to avoid using the "real" file-system.
 ## Comparisons to other fnmatch/glob implementations
 While strict compliance with the existing standards is a worthwhile
 goal, some discrepancies exist between node-glob and other
 implementations, and are intentional.
 The double-star character `**` is supported by default, unless the
 `noglobstar` flag is set.  This is supported in the manner of bsdglob
 and bash 4.3, where `**` only has special significance if it is the only
 thing in a path part.  That is, `a/**/b` will match `a/x/y/b`, but
 `a/**b` will not.
 Note that symlinked directories are not crawled as part of a `**`,
 though their contents may match against subsequent portions of the
 pattern.  This prevents infinite loops and duplicates and the like.
 If an escaped pattern has no matches, and the `nonull` flag is set,
 then glob returns the pattern as-provided, rather than
 interpreting the character escapes.  For example,
 `glob.match([], "\\*a\\?")` will return `"\\*a\\?"` rather than
 `"*a?"`.  This is akin to setting the `nullglob` option in bash, except
 that it does not resolve escaped pattern characters.
 If brace expansion is not disabled, then it is performed before any
 other interpretation of the glob pattern.  Thus, a pattern like
 `+(a|{b),c)}`, which would not be valid in bash or zsh, is expanded
 **first** into the set of `+(a|b)` and `+(a|c)`, and those patterns are
 checked for validity.  Since those two are valid, matching proceeds.
 ### Comments and Negation
 Previously, this module let you mark a pattern as a "comment" if it
 started with a `#` character, or a "negated" pattern if it started
 with a `!` character.
 These options were deprecated in version 5, and removed in version 6.
 To specify things that should not match, use the `ignore` option.
 ## Windows
 **Please only use forward-slashes in glob expressions.**
 Though windows uses either `/` or `\` as its path separator, only `/`
 characters are used by this glob implementation.  You must use
 forward-slashes **only** in glob expressions.  Back-slashes will always
 be interpreted as escape characters, not path separators.
 Results from absolute patterns such as `/foo/*` are mounted onto the
 root setting using `path.join`.  On windows, this will by default result
 in `/foo/*` matching `C:\foo\bar.txt`.
 ## Race Conditions
 Glob searching, by its very nature, is susceptible to race conditions,
 since it relies on directory walking and such.
 As a result, it is possible that a file that exists when glob looks for
 it may have been deleted or modified by the time it returns the result.
 As part of its internal implementation, this program caches all stat
 and readdir calls that it makes, in order to cut down on system
 overhead.  However, this also makes it even more susceptible to races,
 especially if the cache or statCache objects are reused between glob
 calls.
 Users are thus advised not to use a glob result as a guarantee of
 filesystem state in the face of rapid changes.  For the vast majority
 of operations, this is never a problem.
 ## Glob Logo
 Glob's logo was created by [Tanya Brassie](http://tanyabrassie.com/). Logo files can be found [here](https://github.com/isaacs/node-glob/tree/master/logo).
 The logo is licensed under a [Creative Commons Attribution-ShareAlike 4.0 International License](https://creativecommons.org/licenses/by-sa/4.0/).
 ## Contributing
 Any change to behavior (including bugfixes) must come with a test.
 Patches that fail tests or reduce performance will be rejected.
 ```
 # to run tests
 npm test
 # to re-generate test fixtures
 npm run test-regen
 # to benchmark against bash/zsh
 npm run bench
 # to profile javascript
 npm run prof
 ```
 ![](oh-my-glob.gif)
--- a/node_modules/github-linguist/node_modules/glob/common.js
+++ b/node_modules/github-linguist/node_modules/glob/common.js
@@ -0,0 +1,236 @@
 exports.setopts = setopts
 exports.ownProp = ownProp
 exports.makeAbs = makeAbs
 exports.finish = finish
 exports.mark = mark
 exports.isIgnored = isIgnored
 exports.childrenIgnored = childrenIgnored
 function ownProp (obj, field) {
  return Object.prototype.hasOwnProperty.call(obj, field)
 }
 var fs = require("fs")
 var path = require("path")
 var minimatch = require("minimatch")
 var isAbsolute = require("path-is-absolute")
 var Minimatch = minimatch.Minimatch
 function alphasort (a, b) {
  return a.localeCompare(b, 'en')
 }
 function setupIgnores (self, options) {
  self.ignore = options.ignore || []
  if (!Array.isArray(self.ignore))
    self.ignore = [self.ignore]
  if (self.ignore.length) {
    self.ignore = self.ignore.map(ignoreMap)
  }
 }
 // ignore patterns are always in dot:true mode.
 function ignoreMap (pattern) {
  var gmatcher = null
  if (pattern.slice(-3) === '/**') {
    var gpattern = pattern.replace(/(\/\*\*)+$/, '')
    gmatcher = new Minimatch(gpattern, { dot: true })
  }
  return {
    matcher: new Minimatch(pattern, { dot: true }),
    gmatcher: gmatcher
  }
 }
 function setopts (self, pattern, options) {
  if (!options)
    options = {}
  // base-matching: just use globstar for that.
  if (options.matchBase && -1 === pattern.indexOf("/")) {
    if (options.noglobstar) {
      throw new Error("base matching requires globstar")
    }
    pattern = "**/" + pattern
  }
  self.silent = !!options.silent
  self.pattern = pattern
  self.strict = options.strict !== false
  self.realpath = !!options.realpath
  self.realpathCache = options.realpathCache || Object.create(null)
  self.follow = !!options.follow
  self.dot = !!options.dot
  self.mark = !!options.mark
  self.nodir = !!options.nodir
  if (self.nodir)
    self.mark = true
  self.sync = !!options.sync
  self.nounique = !!options.nounique
  self.nonull = !!options.nonull
  self.nosort = !!options.nosort
  self.nocase = !!options.nocase
  self.stat = !!options.stat
  self.noprocess = !!options.noprocess
  self.absolute = !!options.absolute
  self.fs = options.fs || fs
  self.maxLength = options.maxLength || Infinity
  self.cache = options.cache || Object.create(null)
  self.statCache = options.statCache || Object.create(null)
  self.symlinks = options.symlinks || Object.create(null)
  setupIgnores(self, options)
  self.changedCwd = false
  var cwd = process.cwd()
  if (!ownProp(options, "cwd"))
    self.cwd = cwd
  else {
    self.cwd = path.resolve(options.cwd)
    self.changedCwd = self.cwd !== cwd
  }
  self.root = options.root || path.resolve(self.cwd, "/")
  self.root = path.resolve(self.root)
  if (process.platform === "win32")
    self.root = self.root.replace(/\\/g, "/")
  // TODO: is an absolute `cwd` supposed to be resolved against `root`?
  // e.g. { cwd: '/test', root: __dirname } === path.join(__dirname, '/test')
  self.cwdAbs = isAbsolute(self.cwd) ? self.cwd : makeAbs(self, self.cwd)
  if (process.platform === "win32")
    self.cwdAbs = self.cwdAbs.replace(/\\/g, "/")
  self.nomount = !!options.nomount
  // disable comments and negation in Minimatch.
  // Note that they are not supported in Glob itself anyway.
  options.nonegate = true
  options.nocomment = true
  self.minimatch = new Minimatch(pattern, options)
  self.options = self.minimatch.options
 }
 function finish (self) {
  var nou = self.nounique
  var all = nou ? [] : Object.create(null)
  for (var i = 0, l = self.matches.length; i < l; i ++) {
    var matches = self.matches[i]
    if (!matches || Object.keys(matches).length === 0) {
      if (self.nonull) {
        // do like the shell, and spit out the literal glob
        var literal = self.minimatch.globSet[i]
        if (nou)
          all.push(literal)
        else
          all[literal] = true
      }
    } else {
      // had matches
      var m = Object.keys(matches)
      if (nou)
        all.push.apply(all, m)
      else
        m.forEach(function (m) {
          all[m] = true
        })
    }
  }
  if (!nou)
    all = Object.keys(all)
  if (!self.nosort)
    all = all.sort(alphasort)
  // at *some* point we statted all of these
  if (self.mark) {
    for (var i = 0; i < all.length; i++) {
      all[i] = self._mark(all[i])
    }
    if (self.nodir) {
      all = all.filter(function (e) {
        var notDir = !(/\/$/.test(e))
        var c = self.cache[e] || self.cache[makeAbs(self, e)]
        if (notDir && c)
          notDir = c !== 'DIR' && !Array.isArray(c)
        return notDir
      })
    }
  }
  if (self.ignore.length)
    all = all.filter(function(m) {
      return !isIgnored(self, m)
    })
  self.found = all
 }
 function mark (self, p) {
  var abs = makeAbs(self, p)
  var c = self.cache[abs]
  var m = p
  if (c) {
    var isDir = c === 'DIR' || Array.isArray(c)
    var slash = p.slice(-1) === '/'
    if (isDir && !slash)
      m += '/'
    else if (!isDir && slash)
      m = m.slice(0, -1)
    if (m !== p) {
      var mabs = makeAbs(self, m)
      self.statCache[mabs] = self.statCache[abs]
      self.cache[mabs] = self.cache[abs]
    }
  }
  return m
 }
 // lotta situps...
 function makeAbs (self, f) {
  var abs = f
  if (f.charAt(0) === '/') {
    abs = path.join(self.root, f)
  } else if (isAbsolute(f) || f === '') {
    abs = f
  } else if (self.changedCwd) {
    abs = path.resolve(self.cwd, f)
  } else {
    abs = path.resolve(f)
  }
  if (process.platform === 'win32')
    abs = abs.replace(/\\/g, '/')
  return abs
 }
 // Return true, if pattern ends with globstar '**', for the accompanying parent directory.
 // Ex:- If node_modules/** is the pattern, add 'node_modules' to ignore list along with it's contents
 function isIgnored (self, path) {
  if (!self.ignore.length)
    return false
  return self.ignore.some(function(item) {
    return item.matcher.match(path) || !!(item.gmatcher && item.gmatcher.match(path))
  })
 }
 function childrenIgnored (self, path) {
  if (!self.ignore.length)
    return false
  return self.ignore.some(function(item) {
    return !!(item.gmatcher && item.gmatcher.match(path))
  })
 }
--- a/node_modules/github-linguist/node_modules/glob/glob.js
+++ b/node_modules/github-linguist/node_modules/glob/glob.js
@@ -0,0 +1,787 @@
 // Approach:
 //
 // 1. Get the minimatch set
 // 2. For each pattern in the set, PROCESS(pattern, false)
 // 3. Store matches per-set, then uniq them
 //
 // PROCESS(pattern, inGlobStar)
 // Get the first [n] items from pattern that are all strings
 // Join these together.  This is PREFIX.
 //   If there is no more remaining, then stat(PREFIX) and
 //   add to matches if it succeeds.  END.
 //
 // If inGlobStar and PREFIX is symlink and points to dir
 //   set ENTRIES = []
 // else readdir(PREFIX) as ENTRIES
 //   If fail, END
 //
 // with ENTRIES
 //   If pattern[n] is GLOBSTAR
 //     // handle the case where the globstar match is empty
 //     // by pruning it out, and testing the resulting pattern
 //     PROCESS(pattern[0..n] + pattern[n+1 .. $], false)
 //     // handle other cases.
 //     for ENTRY in ENTRIES (not dotfiles)
 //       // attach globstar + tail onto the entry
 //       // Mark that this entry is a globstar match
 //       PROCESS(pattern[0..n] + ENTRY + pattern[n .. $], true)
 //
 //   else // not globstar
 //     for ENTRY in ENTRIES (not dotfiles, unless pattern[n] is dot)
 //       Test ENTRY against pattern[n]
 //       If fails, continue
 //       If passes, PROCESS(pattern[0..n] + item + pattern[n+1 .. $])
 //
 // Caveat:
 //   Cache all stats and readdirs results to minimize syscall.  Since all
 //   we ever care about is existence and directory-ness, we can just keep
 //   `true` for files, and [children,...] for directories, or `false` for
 //   things that don't exist.
 module.exports = glob
 var rp = require('fs.realpath')
 var minimatch = require('minimatch')
 var Minimatch = minimatch.Minimatch
 var inherits = require('inherits')
 var EE = require('events').EventEmitter
 var path = require('path')
 var assert = require('assert')
 var isAbsolute = require('path-is-absolute')
 var globSync = require('./sync.js')
 var common = require('./common.js')
 var setopts = common.setopts
 var ownProp = common.ownProp
 var inflight = require('inflight')
 var util = require('util')
 var childrenIgnored = common.childrenIgnored
 var isIgnored = common.isIgnored
 var once = require('once')
 function glob (pattern, options, cb) {
  if (typeof options === 'function') cb = options, options = {}
  if (!options) options = {}
  if (options.sync) {
    if (cb)
      throw new TypeError('callback provided to sync glob')
    return globSync(pattern, options)
  }
  return new Glob(pattern, options, cb)
 }
 glob.sync = globSync
 var GlobSync = glob.GlobSync = globSync.GlobSync
 // old api surface
 glob.glob = glob
 function extend (origin, add) {
  if (add === null || typeof add !== 'object') {
    return origin
  }
  var keys = Object.keys(add)
  var i = keys.length
  while (i--) {
    origin[keys[i]] = add[keys[i]]
  }
  return origin
 }
 glob.hasMagic = function (pattern, options_) {
  var options = extend({}, options_)
  options.noprocess = true
  var g = new Glob(pattern, options)
  var set = g.minimatch.set
  if (!pattern)
    return false
  if (set.length > 1)
    return true
  for (var j = 0; j < set[0].length; j++) {
    if (typeof set[0][j] !== 'string')
      return true
  }
  return false
 }
 glob.Glob = Glob
 inherits(Glob, EE)
 function Glob (pattern, options, cb) {
  if (typeof options === 'function') {
    cb = options
    options = null
  }
  if (options && options.sync) {
    if (cb)
      throw new TypeError('callback provided to sync glob')
    return new GlobSync(pattern, options)
  }
  if (!(this instanceof Glob))
    return new Glob(pattern, options, cb)
  setopts(this, pattern, options)
  this._didRealPath = false
  // process each pattern in the minimatch set
  var n = this.minimatch.set.length
  // The matches are stored as {<filename>: true,...} so that
  // duplicates are automagically pruned.
  // Later, we do an Object.keys() on these.
  // Keep them as a list so we can fill in when nonull is set.
  this.matches = new Array(n)
  if (typeof cb === 'function') {
    cb = once(cb)
    this.on('error', cb)
    this.on('end', function (matches) {
      cb(null, matches)
    })
  }
  var self = this
  this._processing = 0
  this._emitQueue = []
  this._processQueue = []
  this.paused = false
  if (this.noprocess)
    return this
  if (n === 0)
    return done()
  var sync = true
  for (var i = 0; i < n; i ++) {
    this._process(this.minimatch.set[i], i, false, done)
  }
  sync = false
  function done () {
    --self._processing
    if (self._processing <= 0) {
      if (sync) {
        process.nextTick(function () {
          self._finish()
        })
      } else {
        self._finish()
      }
    }
  }
 }
 Glob.prototype._finish = function () {
  assert(this instanceof Glob)
  if (this.aborted)
    return
  if (this.realpath && !this._didRealpath)
    return this._realpath()
  common.finish(this)
  this.emit('end', this.found)
 }
 Glob.prototype._realpath = function () {
  if (this._didRealpath)
    return
  this._didRealpath = true
  var n = this.matches.length
  if (n === 0)
    return this._finish()
  var self = this
  for (var i = 0; i < this.matches.length; i++)
    this._realpathSet(i, next)
  function next () {
    if (--n === 0)
      self._finish()
  }
 }
 Glob.prototype._realpathSet = function (index, cb) {
  var matchset = this.matches[index]
  if (!matchset)
    return cb()
  var found = Object.keys(matchset)
  var self = this
  var n = found.length
  if (n === 0)
    return cb()
  var set = this.matches[index] = Object.create(null)
  found.forEach(function (p, i) {
    // If there's a problem with the stat, then it means that
    // one or more of the links in the realpath couldn't be
    // resolved.  just return the abs value in that case.
    p = self._makeAbs(p)
    rp.realpath(p, self.realpathCache, function (er, real) {
      if (!er)
        set[real] = true
      else if (er.syscall === 'stat')
        set[p] = true
      else
        self.emit('error', er) // srsly wtf right here
      if (--n === 0) {
        self.matches[index] = set
        cb()
      }
    })
  })
 }
 Glob.prototype._mark = function (p) {
  return common.mark(this, p)
 }
 Glob.prototype._makeAbs = function (f) {
  return common.makeAbs(this, f)
 }
 Glob.prototype.abort = function () {
  this.aborted = true
  this.emit('abort')
 }
 Glob.prototype.pause = function () {
  if (!this.paused) {
    this.paused = true
    this.emit('pause')
  }
 }
 Glob.prototype.resume = function () {
  if (this.paused) {
    this.emit('resume')
    this.paused = false
    if (this._emitQueue.length) {
      var eq = this._emitQueue.slice(0)
      this._emitQueue.length = 0
      for (var i = 0; i < eq.length; i ++) {
        var e = eq[i]
        this._emitMatch(e[0], e[1])
      }
    }
    if (this._processQueue.length) {
      var pq = this._processQueue.slice(0)
      this._processQueue.length = 0
      for (var i = 0; i < pq.length; i ++) {
        var p = pq[i]
        this._processing--
        this._process(p[0], p[1], p[2], p[3])
      }
    }
  }
 }
 Glob.prototype._process = function (pattern, index, inGlobStar, cb) {
  assert(this instanceof Glob)
  assert(typeof cb === 'function')
  if (this.aborted)
    return
  this._processing++
  if (this.paused) {
    this._processQueue.push([pattern, index, inGlobStar, cb])
    return
  }
  //console.error('PROCESS %d', this._processing, pattern)
  // Get the first [n] parts of pattern that are all strings.
  var n = 0
  while (typeof pattern[n] === 'string') {
    n ++
  }
  // now n is the index of the first one that is *not* a string.
  // see if there's anything else
  var prefix
  switch (n) {
    // if not, then this is rather simple
    case pattern.length:
      this._processSimple(pattern.join('/'), index, cb)
      return
    case 0:
      // pattern *starts* with some non-trivial item.
      // going to readdir(cwd), but not include the prefix in matches.
      prefix = null
      break
    default:
      // pattern has some string bits in the front.
      // whatever it starts with, whether that's 'absolute' like /foo/bar,
      // or 'relative' like '../baz'
      prefix = pattern.slice(0, n).join('/')
      break
  }
  var remain = pattern.slice(n)
  // get the list of entries.
  var read
  if (prefix === null)
    read = '.'
  else if (isAbsolute(prefix) || isAbsolute(pattern.join('/'))) {
    if (!prefix || !isAbsolute(prefix))
      prefix = '/' + prefix
    read = prefix
  } else
    read = prefix
  var abs = this._makeAbs(read)
  //if ignored, skip _processing
  if (childrenIgnored(this, read))
    return cb()
  var isGlobStar = remain[0] === minimatch.GLOBSTAR
  if (isGlobStar)
    this._processGlobStar(prefix, read, abs, remain, index, inGlobStar, cb)
  else
    this._processReaddir(prefix, read, abs, remain, index, inGlobStar, cb)
 }
 Glob.prototype._processReaddir = function (prefix, read, abs, remain, index, inGlobStar, cb) {
  var self = this
  this._readdir(abs, inGlobStar, function (er, entries) {
    return self._processReaddir2(prefix, read, abs, remain, index, inGlobStar, entries, cb)
  })
 }
 Glob.prototype._processReaddir2 = function (prefix, read, abs, remain, index, inGlobStar, entries, cb) {
  // if the abs isn't a dir, then nothing can match!
  if (!entries)
    return cb()
  // It will only match dot entries if it starts with a dot, or if
  // dot is set.  Stuff like @(.foo|.bar) isn't allowed.
  var pn = remain[0]
  var negate = !!this.minimatch.negate
  var rawGlob = pn._glob
  var dotOk = this.dot || rawGlob.charAt(0) === '.'
  var matchedEntries = []
  for (var i = 0; i < entries.length; i++) {
    var e = entries[i]
    if (e.charAt(0) !== '.' || dotOk) {
      var m
      if (negate && !prefix) {
        m = !e.match(pn)
      } else {
        m = e.match(pn)
      }
      if (m)
        matchedEntries.push(e)
    }
  }
  //console.error('prd2', prefix, entries, remain[0]._glob, matchedEntries)
  var len = matchedEntries.length
  // If there are no matched entries, then nothing matches.
  if (len === 0)
    return cb()
  // if this is the last remaining pattern bit, then no need for
  // an additional stat *unless* the user has specified mark or
  // stat explicitly.  We know they exist, since readdir returned
  // them.
  if (remain.length === 1 && !this.mark && !this.stat) {
    if (!this.matches[index])
      this.matches[index] = Object.create(null)
    for (var i = 0; i < len; i ++) {
      var e = matchedEntries[i]
      if (prefix) {
        if (prefix !== '/')
          e = prefix + '/' + e
        else
          e = prefix + e
      }
      if (e.charAt(0) === '/' && !this.nomount) {
        e = path.join(this.root, e)
      }
      this._emitMatch(index, e)
    }
    // This was the last one, and no stats were needed
    return cb()
  }
  // now test all matched entries as stand-ins for that part
  // of the pattern.
  remain.shift()
  for (var i = 0; i < len; i ++) {
    var e = matchedEntries[i]
    var newPattern
    if (prefix) {
      if (prefix !== '/')
        e = prefix + '/' + e
      else
        e = prefix + e
    }
    this._process([e].concat(remain), index, inGlobStar, cb)
  }
  cb()
 }
 Glob.prototype._emitMatch = function (index, e) {
  if (this.aborted)
    return
  if (isIgnored(this, e))
    return
  if (this.paused) {
    this._emitQueue.push([index, e])
    return
  }
  var abs = isAbsolute(e) ? e : this._makeAbs(e)
  if (this.mark)
    e = this._mark(e)
  if (this.absolute)
    e = abs
  if (this.matches[index][e])
    return
  if (this.nodir) {
    var c = this.cache[abs]
    if (c === 'DIR' || Array.isArray(c))
      return
  }
  this.matches[index][e] = true
  var st = this.statCache[abs]
  if (st)
    this.emit('stat', e, st)
  this.emit('match', e)
 }
 Glob.prototype._readdirInGlobStar = function (abs, cb) {
  if (this.aborted)
    return
  // follow all symlinked directories forever
  // just proceed as if this is a non-globstar situation
  if (this.follow)
    return this._readdir(abs, false, cb)
  var lstatkey = 'lstat\0' + abs
  var self = this
  var lstatcb = inflight(lstatkey, lstatcb_)
  if (lstatcb)
    self.fs.lstat(abs, lstatcb)
  function lstatcb_ (er, lstat) {
    if (er && er.code === 'ENOENT')
      return cb()
    var isSym = lstat && lstat.isSymbolicLink()
    self.symlinks[abs] = isSym
    // If it's not a symlink or a dir, then it's definitely a regular file.
    // don't bother doing a readdir in that case.
    if (!isSym && lstat && !lstat.isDirectory()) {
      self.cache[abs] = 'FILE'
      cb()
    } else
      self._readdir(abs, false, cb)
  }
 }
 Glob.prototype._readdir = function (abs, inGlobStar, cb) {
  if (this.aborted)
    return
  cb = inflight('readdir\0'+abs+'\0'+inGlobStar, cb)
  if (!cb)
    return
  //console.error('RD %j %j', +inGlobStar, abs)
  if (inGlobStar && !ownProp(this.symlinks, abs))
    return this._readdirInGlobStar(abs, cb)
  if (ownProp(this.cache, abs)) {
    var c = this.cache[abs]
    if (!c || c === 'FILE')
      return cb()
    if (Array.isArray(c))
      return cb(null, c)
  }
  var self = this
  self.fs.readdir(abs, readdirCb(this, abs, cb))
 }
 function readdirCb (self, abs, cb) {
  return function (er, entries) {
    if (er)
      self._readdirError(abs, er, cb)
    else
      self._readdirEntries(abs, entries, cb)
  }
 }
 Glob.prototype._readdirEntries = function (abs, entries, cb) {
  if (this.aborted)
    return
  // if we haven't asked to stat everything, then just
  // assume that everything in there exists, so we can avoid
  // having to stat it a second time.
  if (!this.mark && !this.stat) {
    for (var i = 0; i < entries.length; i ++) {
      var e = entries[i]
      if (abs === '/')
        e = abs + e
      else
        e = abs + '/' + e
      this.cache[e] = true
    }
  }
  this.cache[abs] = entries
  return cb(null, entries)
 }
 Glob.prototype._readdirError = function (f, er, cb) {
  if (this.aborted)
    return
  // handle errors, and cache the information
  switch (er.code) {
    case 'ENOTSUP': // https://github.com/isaacs/node-glob/issues/205
    case 'ENOTDIR': // totally normal. means it *does* exist.
      var abs = this._makeAbs(f)
      this.cache[abs] = 'FILE'
      if (abs === this.cwdAbs) {
        var error = new Error(er.code + ' invalid cwd ' + this.cwd)
        error.path = this.cwd
        error.code = er.code
        this.emit('error', error)
        this.abort()
      }
      break
    case 'ENOENT': // not terribly unusual
    case 'ELOOP':
    case 'ENAMETOOLONG':
    case 'UNKNOWN':
      this.cache[this._makeAbs(f)] = false
      break
    default: // some unusual error.  Treat as failure.
      this.cache[this._makeAbs(f)] = false
      if (this.strict) {
        this.emit('error', er)
        // If the error is handled, then we abort
        // if not, we threw out of here
        this.abort()
      }
      if (!this.silent)
        console.error('glob error', er)
      break
  }
  return cb()
 }
 Glob.prototype._processGlobStar = function (prefix, read, abs, remain, index, inGlobStar, cb) {
  var self = this
  this._readdir(abs, inGlobStar, function (er, entries) {
    self._processGlobStar2(prefix, read, abs, remain, index, inGlobStar, entries, cb)
  })
 }
 Glob.prototype._processGlobStar2 = function (prefix, read, abs, remain, index, inGlobStar, entries, cb) {
  //console.error('pgs2', prefix, remain[0], entries)
  // no entries means not a dir, so it can never have matches
  // foo.txt/** doesn't match foo.txt
  if (!entries)
    return cb()
  // test without the globstar, and with every child both below
  // and replacing the globstar.
  var remainWithoutGlobStar = remain.slice(1)
  var gspref = prefix ? [ prefix ] : []
  var noGlobStar = gspref.concat(remainWithoutGlobStar)
  // the noGlobStar pattern exits the inGlobStar state
  this._process(noGlobStar, index, false, cb)
  var isSym = this.symlinks[abs]
  var len = entries.length
  // If it's a symlink, and we're in a globstar, then stop
  if (isSym && inGlobStar)
    return cb()
  for (var i = 0; i < len; i++) {
    var e = entries[i]
    if (e.charAt(0) === '.' && !this.dot)
      continue
    // these two cases enter the inGlobStar state
    var instead = gspref.concat(entries[i], remainWithoutGlobStar)
    this._process(instead, index, true, cb)
    var below = gspref.concat(entries[i], remain)
    this._process(below, index, true, cb)
  }
  cb()
 }
 Glob.prototype._processSimple = function (prefix, index, cb) {
  // XXX review this.  Shouldn't it be doing the mounting etc
  // before doing stat?  kinda weird?
  var self = this
  this._stat(prefix, function (er, exists) {
    self._processSimple2(prefix, index, er, exists, cb)
  })
 }
 Glob.prototype._processSimple2 = function (prefix, index, er, exists, cb) {
  //console.error('ps2', prefix, exists)
  if (!this.matches[index])
    this.matches[index] = Object.create(null)
  // If it doesn't exist, then just mark the lack of results
  if (!exists)
    return cb()
  if (prefix && isAbsolute(prefix) && !this.nomount) {
    var trail = /[\/\\]$/.test(prefix)
    if (prefix.charAt(0) === '/') {
      prefix = path.join(this.root, prefix)
    } else {
      prefix = path.resolve(this.root, prefix)
      if (trail)
        prefix += '/'
    }
  }
  if (process.platform === 'win32')
    prefix = prefix.replace(/\\/g, '/')
  // Mark this as a match
  this._emitMatch(index, prefix)
  cb()
 }
 // Returns either 'DIR', 'FILE', or false
 Glob.prototype._stat = function (f, cb) {
  var abs = this._makeAbs(f)
  var needDir = f.slice(-1) === '/'
  if (f.length > this.maxLength)
    return cb()
  if (!this.stat && ownProp(this.cache, abs)) {
    var c = this.cache[abs]
    if (Array.isArray(c))
      c = 'DIR'
    // It exists, but maybe not how we need it
    if (!needDir || c === 'DIR')
      return cb(null, c)
    if (needDir && c === 'FILE')
      return cb()
    // otherwise we have to stat, because maybe c=true
    // if we know it exists, but not what it is.
  }
  var exists
  var stat = this.statCache[abs]
  if (stat !== undefined) {
    if (stat === false)
      return cb(null, stat)
    else {
      var type = stat.isDirectory() ? 'DIR' : 'FILE'
      if (needDir && type === 'FILE')
        return cb()
      else
        return cb(null, type, stat)
    }
  }
  var self = this
  var statcb = inflight('stat\0' + abs, lstatcb_)
  if (statcb)
    self.fs.lstat(abs, statcb)
  function lstatcb_ (er, lstat) {
    if (lstat && lstat.isSymbolicLink()) {
      // If it's a symlink, then treat it as the target, unless
      // the target does not exist, then treat it as a file.
      return self.fs.stat(abs, function (er, stat) {
        if (er)
          self._stat2(f, abs, null, lstat, cb)
        else
          self._stat2(f, abs, er, stat, cb)
      })
    } else {
      self._stat2(f, abs, er, lstat, cb)
    }
  }
 }
 Glob.prototype._stat2 = function (f, abs, er, stat, cb) {
  if (er && (er.code === 'ENOENT' || er.code === 'ENOTDIR')) {
    this.statCache[abs] = false
    return cb()
  }
  var needDir = f.slice(-1) === '/'
  this.statCache[abs] = stat
  if (abs.slice(-1) === '/' && stat && !stat.isDirectory())
    return cb(null, false, stat)
  var c = true
  if (stat)
    c = stat.isDirectory() ? 'DIR' : 'FILE'
  this.cache[abs] = this.cache[abs] || c
  if (needDir && c === 'FILE')
    return cb()
  return cb(null, c, stat)
 }
--- a/node_modules/github-linguist/node_modules/glob/package.json
+++ b/node_modules/github-linguist/node_modules/glob/package.json
@@ -0,0 +1,52 @@
 {
  "author": "Isaac Z. Schlueter <i@izs.me> (http://blog.izs.me/)",
  "name": "glob",
  "description": "a little globber",
  "version": "7.2.0",
  "repository": {
    "type": "git",
    "url": "git://github.com/isaacs/node-glob.git"
  },
  "main": "glob.js",
  "files": [
    "glob.js",
    "sync.js",
    "common.js"
  ],
  "engines": {
    "node": "*"
  },
  "dependencies": {
    "fs.realpath": "^1.0.0",
    "inflight": "^1.0.4",
    "inherits": "2",
    "minimatch": "^3.0.4",
    "once": "^1.3.0",
    "path-is-absolute": "^1.0.0"
  },
  "devDependencies": {
    "memfs": "^3.2.0",
    "mkdirp": "0",
    "rimraf": "^2.2.8",
    "tap": "^15.0.6",
    "tick": "0.0.6"
  },
  "tap": {
    "before": "test/00-setup.js",
    "after": "test/zz-cleanup.js",
    "jobs": 1
  },
  "scripts": {
    "prepublish": "npm run benchclean",
    "profclean": "rm -f v8.log profile.txt",
    "test": "tap",
    "test-regen": "npm run profclean && TEST_REGEN=1 node test/00-setup.js",
    "bench": "bash benchmark.sh",
    "prof": "bash prof.sh && cat profile.txt",
    "benchclean": "node benchclean.js"
  },
  "license": "ISC",
  "funding": {
    "url": "https://github.com/sponsors/isaacs"
  }
 }
--- a/node_modules/github-linguist/node_modules/glob/sync.js
+++ b/node_modules/github-linguist/node_modules/glob/sync.js
@@ -0,0 +1,483 @@
 module.exports = globSync
 globSync.GlobSync = GlobSync
 var rp = require('fs.realpath')
 var minimatch = require('minimatch')
 var Minimatch = minimatch.Minimatch
 var Glob = require('./glob.js').Glob
 var util = require('util')
 var path = require('path')
 var assert = require('assert')
 var isAbsolute = require('path-is-absolute')
 var common = require('./common.js')
 var setopts = common.setopts
 var ownProp = common.ownProp
 var childrenIgnored = common.childrenIgnored
 var isIgnored = common.isIgnored
 function globSync (pattern, options) {
  if (typeof options === 'function' || arguments.length === 3)
    throw new TypeError('callback provided to sync glob\n'+
                        'See: https://github.com/isaacs/node-glob/issues/167')
  return new GlobSync(pattern, options).found
 }
 function GlobSync (pattern, options) {
  if (!pattern)
    throw new Error('must provide pattern')
  if (typeof options === 'function' || arguments.length === 3)
    throw new TypeError('callback provided to sync glob\n'+
                        'See: https://github.com/isaacs/node-glob/issues/167')
  if (!(this instanceof GlobSync))
    return new GlobSync(pattern, options)
  setopts(this, pattern, options)
  if (this.noprocess)
    return this
  var n = this.minimatch.set.length
  this.matches = new Array(n)
  for (var i = 0; i < n; i ++) {
    this._process(this.minimatch.set[i], i, false)
  }
  this._finish()
 }
 GlobSync.prototype._finish = function () {
  assert(this instanceof GlobSync)
  if (this.realpath) {
    var self = this
    this.matches.forEach(function (matchset, index) {
      var set = self.matches[index] = Object.create(null)
      for (var p in matchset) {
        try {
          p = self._makeAbs(p)
          var real = rp.realpathSync(p, self.realpathCache)
          set[real] = true
        } catch (er) {
          if (er.syscall === 'stat')
            set[self._makeAbs(p)] = true
          else
            throw er
        }
      }
    })
  }
  common.finish(this)
 }
 GlobSync.prototype._process = function (pattern, index, inGlobStar) {
  assert(this instanceof GlobSync)
  // Get the first [n] parts of pattern that are all strings.
  var n = 0
  while (typeof pattern[n] === 'string') {
    n ++
  }
  // now n is the index of the first one that is *not* a string.
  // See if there's anything else
  var prefix
  switch (n) {
    // if not, then this is rather simple
    case pattern.length:
      this._processSimple(pattern.join('/'), index)
      return
    case 0:
      // pattern *starts* with some non-trivial item.
      // going to readdir(cwd), but not include the prefix in matches.
      prefix = null
      break
    default:
      // pattern has some string bits in the front.
      // whatever it starts with, whether that's 'absolute' like /foo/bar,
      // or 'relative' like '../baz'
      prefix = pattern.slice(0, n).join('/')
      break
  }
  var remain = pattern.slice(n)
  // get the list of entries.
  var read
  if (prefix === null)
    read = '.'
  else if (isAbsolute(prefix) || isAbsolute(pattern.join('/'))) {
    if (!prefix || !isAbsolute(prefix))
      prefix = '/' + prefix
    read = prefix
  } else
    read = prefix
  var abs = this._makeAbs(read)
  //if ignored, skip processing
  if (childrenIgnored(this, read))
    return
  var isGlobStar = remain[0] === minimatch.GLOBSTAR
  if (isGlobStar)
    this._processGlobStar(prefix, read, abs, remain, index, inGlobStar)
  else
    this._processReaddir(prefix, read, abs, remain, index, inGlobStar)
 }
 GlobSync.prototype._processReaddir = function (prefix, read, abs, remain, index, inGlobStar) {
  var entries = this._readdir(abs, inGlobStar)
  // if the abs isn't a dir, then nothing can match!
  if (!entries)
    return
  // It will only match dot entries if it starts with a dot, or if
  // dot is set.  Stuff like @(.foo|.bar) isn't allowed.
  var pn = remain[0]
  var negate = !!this.minimatch.negate
  var rawGlob = pn._glob
  var dotOk = this.dot || rawGlob.charAt(0) === '.'
  var matchedEntries = []
  for (var i = 0; i < entries.length; i++) {
    var e = entries[i]
    if (e.charAt(0) !== '.' || dotOk) {
      var m
      if (negate && !prefix) {
        m = !e.match(pn)
      } else {
        m = e.match(pn)
      }
      if (m)
        matchedEntries.push(e)
    }
  }
  var len = matchedEntries.length
  // If there are no matched entries, then nothing matches.
  if (len === 0)
    return
  // if this is the last remaining pattern bit, then no need for
  // an additional stat *unless* the user has specified mark or
  // stat explicitly.  We know they exist, since readdir returned
  // them.
  if (remain.length === 1 && !this.mark && !this.stat) {
    if (!this.matches[index])
      this.matches[index] = Object.create(null)
    for (var i = 0; i < len; i ++) {
      var e = matchedEntries[i]
      if (prefix) {
        if (prefix.slice(-1) !== '/')
          e = prefix + '/' + e
        else
          e = prefix + e
      }
      if (e.charAt(0) === '/' && !this.nomount) {
        e = path.join(this.root, e)
      }
      this._emitMatch(index, e)
    }
    // This was the last one, and no stats were needed
    return
  }
  // now test all matched entries as stand-ins for that part
  // of the pattern.
  remain.shift()
  for (var i = 0; i < len; i ++) {
    var e = matchedEntries[i]
    var newPattern
    if (prefix)
      newPattern = [prefix, e]
    else
      newPattern = [e]
    this._process(newPattern.concat(remain), index, inGlobStar)
  }
 }
 GlobSync.prototype._emitMatch = function (index, e) {
  if (isIgnored(this, e))
    return
  var abs = this._makeAbs(e)
  if (this.mark)
    e = this._mark(e)
  if (this.absolute) {
    e = abs
  }
  if (this.matches[index][e])
    return
  if (this.nodir) {
    var c = this.cache[abs]
    if (c === 'DIR' || Array.isArray(c))
      return
  }
  this.matches[index][e] = true
  if (this.stat)
    this._stat(e)
 }
 GlobSync.prototype._readdirInGlobStar = function (abs) {
  // follow all symlinked directories forever
  // just proceed as if this is a non-globstar situation
  if (this.follow)
    return this._readdir(abs, false)
  var entries
  var lstat
  var stat
  try {
    lstat = this.fs.lstatSync(abs)
  } catch (er) {
    if (er.code === 'ENOENT') {
      // lstat failed, doesn't exist
      return null
    }
  }
  var isSym = lstat && lstat.isSymbolicLink()
  this.symlinks[abs] = isSym
  // If it's not a symlink or a dir, then it's definitely a regular file.
  // don't bother doing a readdir in that case.
  if (!isSym && lstat && !lstat.isDirectory())
    this.cache[abs] = 'FILE'
  else
    entries = this._readdir(abs, false)
  return entries
 }
 GlobSync.prototype._readdir = function (abs, inGlobStar) {
  var entries
  if (inGlobStar && !ownProp(this.symlinks, abs))
    return this._readdirInGlobStar(abs)
  if (ownProp(this.cache, abs)) {
    var c = this.cache[abs]
    if (!c || c === 'FILE')
      return null
    if (Array.isArray(c))
      return c
  }
  try {
    return this._readdirEntries(abs, this.fs.readdirSync(abs))
  } catch (er) {
    this._readdirError(abs, er)
    return null
  }
 }
 GlobSync.prototype._readdirEntries = function (abs, entries) {
  // if we haven't asked to stat everything, then just
  // assume that everything in there exists, so we can avoid
  // having to stat it a second time.
  if (!this.mark && !this.stat) {
    for (var i = 0; i < entries.length; i ++) {
      var e = entries[i]
      if (abs === '/')
        e = abs + e
      else
        e = abs + '/' + e
      this.cache[e] = true
    }
  }
  this.cache[abs] = entries
  // mark and cache dir-ness
  return entries
 }
 GlobSync.prototype._readdirError = function (f, er) {
  // handle errors, and cache the information
  switch (er.code) {
    case 'ENOTSUP': // https://github.com/isaacs/node-glob/issues/205
    case 'ENOTDIR': // totally normal. means it *does* exist.
      var abs = this._makeAbs(f)
      this.cache[abs] = 'FILE'
      if (abs === this.cwdAbs) {
        var error = new Error(er.code + ' invalid cwd ' + this.cwd)
        error.path = this.cwd
        error.code = er.code
        throw error
      }
      break
    case 'ENOENT': // not terribly unusual
    case 'ELOOP':
    case 'ENAMETOOLONG':
    case 'UNKNOWN':
      this.cache[this._makeAbs(f)] = false
      break
    default: // some unusual error.  Treat as failure.
      this.cache[this._makeAbs(f)] = false
      if (this.strict)
        throw er
      if (!this.silent)
        console.error('glob error', er)
      break
  }
 }
 GlobSync.prototype._processGlobStar = function (prefix, read, abs, remain, index, inGlobStar) {
  var entries = this._readdir(abs, inGlobStar)
  // no entries means not a dir, so it can never have matches
  // foo.txt/** doesn't match foo.txt
  if (!entries)
    return
  // test without the globstar, and with every child both below
  // and replacing the globstar.
  var remainWithoutGlobStar = remain.slice(1)
  var gspref = prefix ? [ prefix ] : []
  var noGlobStar = gspref.concat(remainWithoutGlobStar)
  // the noGlobStar pattern exits the inGlobStar state
  this._process(noGlobStar, index, false)
  var len = entries.length
  var isSym = this.symlinks[abs]
  // If it's a symlink, and we're in a globstar, then stop
  if (isSym && inGlobStar)
    return
  for (var i = 0; i < len; i++) {
    var e = entries[i]
    if (e.charAt(0) === '.' && !this.dot)
      continue
    // these two cases enter the inGlobStar state
    var instead = gspref.concat(entries[i], remainWithoutGlobStar)
    this._process(instead, index, true)
    var below = gspref.concat(entries[i], remain)
    this._process(below, index, true)
  }
 }
 GlobSync.prototype._processSimple = function (prefix, index) {
  // XXX review this.  Shouldn't it be doing the mounting etc
  // before doing stat?  kinda weird?
  var exists = this._stat(prefix)
  if (!this.matches[index])
    this.matches[index] = Object.create(null)
  // If it doesn't exist, then just mark the lack of results
  if (!exists)
    return
  if (prefix && isAbsolute(prefix) && !this.nomount) {
    var trail = /[\/\\]$/.test(prefix)
    if (prefix.charAt(0) === '/') {
      prefix = path.join(this.root, prefix)
    } else {
      prefix = path.resolve(this.root, prefix)
      if (trail)
        prefix += '/'
    }
  }
  if (process.platform === 'win32')
    prefix = prefix.replace(/\\/g, '/')
  // Mark this as a match
  this._emitMatch(index, prefix)
 }
 // Returns either 'DIR', 'FILE', or false
 GlobSync.prototype._stat = function (f) {
  var abs = this._makeAbs(f)
  var needDir = f.slice(-1) === '/'
  if (f.length > this.maxLength)
    return false
  if (!this.stat && ownProp(this.cache, abs)) {
    var c = this.cache[abs]
    if (Array.isArray(c))
      c = 'DIR'
    // It exists, but maybe not how we need it
    if (!needDir || c === 'DIR')
      return c
    if (needDir && c === 'FILE')
      return false
    // otherwise we have to stat, because maybe c=true
    // if we know it exists, but not what it is.
  }
  var exists
  var stat = this.statCache[abs]
  if (!stat) {
    var lstat
    try {
      lstat = this.fs.lstatSync(abs)
    } catch (er) {
      if (er && (er.code === 'ENOENT' || er.code === 'ENOTDIR')) {
        this.statCache[abs] = false
        return false
      }
    }
    if (lstat && lstat.isSymbolicLink()) {
      try {
        stat = this.fs.statSync(abs)
      } catch (er) {
        stat = lstat
      }
    } else {
      stat = lstat
    }
  }
  this.statCache[abs] = stat
  var c = true
  if (stat)
    c = stat.isDirectory() ? 'DIR' : 'FILE'
  this.cache[abs] = this.cache[abs] || c
  if (needDir && c === 'FILE')
    return false
  return c
 }
 GlobSync.prototype._mark = function (p) {
  return common.mark(this, p)
 }
 GlobSync.prototype._makeAbs = function (f) {
  return common.makeAbs(this, f)
 }
--- a/node_modules/glob/LICENSE
+++ b/node_modules/glob/LICENSE
@@ -1,6 +1,6 @@
 The ISC License
-Copyright (c) Isaac Z. Schlueter and Contributors
+Copyright (c) 2009-2022 Isaac Z. Schlueter and Contributors
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
@@ -13,9 +13,3 @@ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
 IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 ## Glob Logo
 Glob's logo created by Tanya Brassie <http://tanyabrassie.com/>, licensed
 under a Creative Commons Attribution-ShareAlike 4.0 International License
 https://creativecommons.org/licenses/by-sa/4.0/
--- a/node_modules/glob/README.md
+++ b/node_modules/glob/README.md
@@ -276,6 +276,9 @@ the filesystem.
 * `absolute` Set to true to always receive absolute paths for matched
  files.  Unlike `realpath`, this also affects the values returned in
  the `match` event.
 * `fs` File-system object with Node's `fs` API. By default, the built-in
  `fs` module will be used. Set to a volume provided by a library like
  `memfs` to avoid using the "real" file-system.
 ## Comparisons to other fnmatch/glob implementations
--- a/node_modules/glob/changelog.md
+++ b/node_modules/glob/changelog.md
@@ -1,67 +0,0 @@
 ## 7.0
 - Raise error if `options.cwd` is specified, and not a directory
 ## 6.0
 - Remove comment and negation pattern support
 - Ignore patterns are always in `dot:true` mode
 ## 5.0
 - Deprecate comment and negation patterns
 - Fix regression in `mark` and `nodir` options from making all cache
  keys absolute path.
 - Abort if `fs.readdir` returns an error that's unexpected
 - Don't emit `match` events for ignored items
 - Treat ENOTSUP like ENOTDIR in readdir
 ## 4.5
 - Add `options.follow` to always follow directory symlinks in globstar
 - Add `options.realpath` to call `fs.realpath` on all results
 - Always cache based on absolute path
 ## 4.4
 - Add `options.ignore`
 - Fix handling of broken symlinks
 ## 4.3
 - Bump minimatch to 2.x
 - Pass all tests on Windows
 ## 4.2
 - Add `glob.hasMagic` function
 - Add `options.nodir` flag
 ## 4.1
 - Refactor sync and async implementations for performance
 - Throw if callback provided to sync glob function
 - Treat symbolic links in globstar results the same as Bash 4.3
 ## 4.0
 - Use `^` for dependency versions (bumped major because this breaks
  older npm versions)
 - Ensure callbacks are only ever called once
 - switch to ISC license
 ## 3.x
 - Rewrite in JavaScript
 - Add support for setting root, cwd, and windows support
 - Cache many fs calls
 - Add globstar support
 - emit match events
 ## 2.x
 - Use `glob.h` and `fnmatch.h` from NetBSD
 ## 1.x
 - `glob.h` static binding.
--- a/node_modules/glob/common.js
+++ b/node_modules/glob/common.js
@@ -10,6 +10,7 @@ function ownProp (obj, field) {
  return Object.prototype.hasOwnProperty.call(obj, field)
 }
 var fs = require("fs")
 var path = require("path")
 var minimatch = require("minimatch")
 var isAbsolute = require("path-is-absolute")
@@ -75,6 +76,7 @@ function setopts (self, pattern, options) {
  self.stat = !!options.stat
  self.noprocess = !!options.noprocess
  self.absolute = !!options.absolute
  self.fs = options.fs || fs
  self.maxLength = options.maxLength || Infinity
  self.cache = options.cache || Object.create(null)
@@ -108,6 +110,8 @@ function setopts (self, pattern, options) {
  // Note that they are not supported in Glob itself anyway.
  options.nonegate = true
  options.nocomment = true
  // always treat \ in patterns as escapes, not path separators
  options.allowWindowsEscape = true
  self.minimatch = new Minimatch(pattern, options)
  self.options = self.minimatch.options
--- a/node_modules/glob/glob.js
+++ b/node_modules/glob/glob.js
@@ -40,7 +40,6 @@
 module.exports = glob
 var fs = require('fs')
 var rp = require('fs.realpath')
 var minimatch = require('minimatch')
 var Minimatch = minimatch.Minimatch
@@ -343,7 +342,10 @@ Glob.prototype._process = function (pattern, index, inGlobStar, cb) {
  var read
  if (prefix === null)
    read = '.'
-  else if (isAbsolute(prefix) || isAbsolute(pattern.join('/'))) {
+  else if (isAbsolute(prefix) ||
      isAbsolute(pattern.map(function (p) {
        return typeof p === 'string' ? p : '[*]'
      }).join('/'))) {
    if (!prefix || !isAbsolute(prefix))
      prefix = '/' + prefix
    read = prefix
@@ -501,7 +503,7 @@ Glob.prototype._readdirInGlobStar = function (abs, cb) {
  var lstatcb = inflight(lstatkey, lstatcb_)
  if (lstatcb)
-    fs.lstat(abs, lstatcb)
+    self.fs.lstat(abs, lstatcb)
  function lstatcb_ (er, lstat) {
    if (er && er.code === 'ENOENT')
@@ -542,7 +544,7 @@ Glob.prototype._readdir = function (abs, inGlobStar, cb) {
  }
  var self = this
-  fs.readdir(abs, readdirCb(this, abs, cb))
+  self.fs.readdir(abs, readdirCb(this, abs, cb))
 }
 function readdirCb (self, abs, cb) {
@@ -746,13 +748,13 @@ Glob.prototype._stat = function (f, cb) {
  var self = this
  var statcb = inflight('stat\0' + abs, lstatcb_)
  if (statcb)
-    fs.lstat(abs, statcb)
+    self.fs.lstat(abs, statcb)
  function lstatcb_ (er, lstat) {
    if (lstat && lstat.isSymbolicLink()) {
      // If it's a symlink, then treat it as the target, unless
      // the target does not exist, then treat it as a file.
-      return fs.stat(abs, function (er, stat) {
+      return self.fs.stat(abs, function (er, stat) {
        if (er)
          self._stat2(f, abs, null, lstat, cb)
        else
--- a/node_modules/glob/node_modules/brace-expansion/.github/FUNDING.yml
+++ b/node_modules/glob/node_modules/brace-expansion/.github/FUNDING.yml
@@ -0,0 +1,2 @@
 tidelift: "npm/brace-expansion"
 patreon: juliangruber
--- a/node_modules/glob/node_modules/brace-expansion/LICENSE
+++ b/node_modules/glob/node_modules/brace-expansion/LICENSE
@@ -0,0 +1,21 @@
 MIT License
 Copyright (c) 2013 Julian Gruber <julian@juliangruber.com>
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/node_modules/glob/node_modules/brace-expansion/README.md
+++ b/node_modules/glob/node_modules/brace-expansion/README.md
@@ -0,0 +1,135 @@
 # brace-expansion
 [Brace expansion](https://www.gnu.org/software/bash/manual/html_node/Brace-Expansion.html), 
 as known from sh/bash, in JavaScript.
 [![build status](https://secure.travis-ci.org/juliangruber/brace-expansion.svg)](http://travis-ci.org/juliangruber/brace-expansion)
 [![downloads](https://img.shields.io/npm/dm/brace-expansion.svg)](https://www.npmjs.org/package/brace-expansion)
 [![Greenkeeper badge](https://badges.greenkeeper.io/juliangruber/brace-expansion.svg)](https://greenkeeper.io/)
 [![testling badge](https://ci.testling.com/juliangruber/brace-expansion.png)](https://ci.testling.com/juliangruber/brace-expansion)
 ## Example
 ```js
 var expand = require('brace-expansion');
 expand('file-{a,b,c}.jpg')
 // => ['file-a.jpg', 'file-b.jpg', 'file-c.jpg']
 expand('-v{,,}')
 // => ['-v', '-v', '-v']
 expand('file{0..2}.jpg')
 // => ['file0.jpg', 'file1.jpg', 'file2.jpg']
 expand('file-{a..c}.jpg')
 // => ['file-a.jpg', 'file-b.jpg', 'file-c.jpg']
 expand('file{2..0}.jpg')
 // => ['file2.jpg', 'file1.jpg', 'file0.jpg']
 expand('file{0..4..2}.jpg')
 // => ['file0.jpg', 'file2.jpg', 'file4.jpg']
 expand('file-{a..e..2}.jpg')
 // => ['file-a.jpg', 'file-c.jpg', 'file-e.jpg']
 expand('file{00..10..5}.jpg')
 // => ['file00.jpg', 'file05.jpg', 'file10.jpg']
 expand('{{A..C},{a..c}}')
 // => ['A', 'B', 'C', 'a', 'b', 'c']
 expand('ppp{,config,oe{,conf}}')
 // => ['ppp', 'pppconfig', 'pppoe', 'pppoeconf']
 ```
 ## API
 ```js
 var expand = require('brace-expansion');
 ```
 ### var expanded = expand(str)
 Return an array of all possible and valid expansions of `str`. If none are
 found, `[str]` is returned.
 Valid expansions are:
 ```js
 /^(.*,)+(.+)?$/
 // {a,b,...}
 ```
 A comma separated list of options, like `{a,b}` or `{a,{b,c}}` or `{,a,}`.
 ```js
 /^-?\d+\.\.-?\d+(\.\.-?\d+)?$/
 // {x..y[..incr]}
 ```
 A numeric sequence from `x` to `y` inclusive, with optional increment.
 If `x` or `y` start with a leading `0`, all the numbers will be padded
 to have equal length. Negative numbers and backwards iteration work too.
 ```js
 /^-?\d+\.\.-?\d+(\.\.-?\d+)?$/
 // {x..y[..incr]}
 ```
 An alphabetic sequence from `x` to `y` inclusive, with optional increment.
 `x` and `y` must be exactly one character, and if given, `incr` must be a
 number.
 For compatibility reasons, the string `${` is not eligible for brace expansion.
 ## Installation
 With [npm](https://npmjs.org) do:
 ```bash
 npm install brace-expansion
 ```
 ## Contributors
 - [Julian Gruber](https://github.com/juliangruber)
 - [Isaac Z. Schlueter](https://github.com/isaacs)
 ## Sponsors
 This module is proudly supported by my [Sponsors](https://github.com/juliangruber/sponsors)!
 Do you want to support modules like this to improve their quality, stability and weigh in on new features? Then please consider donating to my [Patreon](https://www.patreon.com/juliangruber). Not sure how much of my modules you're using? Try [feross/thanks](https://github.com/feross/thanks)!
 ## Security contact information
 To report a security vulnerability, please use the
 [Tidelift security contact](https://tidelift.com/security).
 Tidelift will coordinate the fix and disclosure.
 ## License
 (MIT)
 Copyright (c) 2013 Julian Gruber &lt;julian@juliangruber.com&gt;
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in
 the Software without restriction, including without limitation the rights to
 use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
 of the Software, and to permit persons to whom the Software is furnished to do
 so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/node_modules/glob/node_modules/brace-expansion/index.js
+++ b/node_modules/glob/node_modules/brace-expansion/index.js
@@ -0,0 +1,203 @@
 var balanced = require('balanced-match');
 module.exports = expandTop;
 var escSlash = '\0SLASH'+Math.random()+'\0';
 var escOpen = '\0OPEN'+Math.random()+'\0';
 var escClose = '\0CLOSE'+Math.random()+'\0';
 var escComma = '\0COMMA'+Math.random()+'\0';
 var escPeriod = '\0PERIOD'+Math.random()+'\0';
 function numeric(str) {
  return parseInt(str, 10) == str
    ? parseInt(str, 10)
    : str.charCodeAt(0);
 }
 function escapeBraces(str) {
  return str.split('\\\\').join(escSlash)
            .split('\\{').join(escOpen)
            .split('\\}').join(escClose)
            .split('\\,').join(escComma)
            .split('\\.').join(escPeriod);
 }
 function unescapeBraces(str) {
  return str.split(escSlash).join('\\')
            .split(escOpen).join('{')
            .split(escClose).join('}')
            .split(escComma).join(',')
            .split(escPeriod).join('.');
 }
 // Basically just str.split(","), but handling cases
 // where we have nested braced sections, which should be
 // treated as individual members, like {a,{b,c},d}
 function parseCommaParts(str) {
  if (!str)
    return [''];
  var parts = [];
  var m = balanced('{', '}', str);
  if (!m)
    return str.split(',');
  var pre = m.pre;
  var body = m.body;
  var post = m.post;
  var p = pre.split(',');
  p[p.length-1] += '{' + body + '}';
  var postParts = parseCommaParts(post);
  if (post.length) {
    p[p.length-1] += postParts.shift();
    p.push.apply(p, postParts);
  }
  parts.push.apply(parts, p);
  return parts;
 }
 function expandTop(str) {
  if (!str)
    return [];
  // I don't know why Bash 4.3 does this, but it does.
  // Anything starting with {} will have the first two bytes preserved
  // but *only* at the top level, so {},a}b will not expand to anything,
  // but a{},b}c will be expanded to [a}c,abc].
  // One could argue that this is a bug in Bash, but since the goal of
  // this module is to match Bash's rules, we escape a leading {}
  if (str.substr(0, 2) === '{}') {
    str = '\\{\\}' + str.substr(2);
  }
  return expand(escapeBraces(str), true).map(unescapeBraces);
 }
 function embrace(str) {
  return '{' + str + '}';
 }
 function isPadded(el) {
  return /^-?0\d/.test(el);
 }
 function lte(i, y) {
  return i <= y;
 }
 function gte(i, y) {
  return i >= y;
 }
 function expand(str, isTop) {
  var expansions = [];
  var m = balanced('{', '}', str);
  if (!m) return [str];
  // no need to expand pre, since it is guaranteed to be free of brace-sets
  var pre = m.pre;
  var post = m.post.length
    ? expand(m.post, false)
    : [''];
  if (/\$$/.test(m.pre)) {    
    for (var k = 0; k < post.length; k++) {
      var expansion = pre+ '{' + m.body + '}' + post[k];
      expansions.push(expansion);
    }
  } else {
    var isNumericSequence = /^-?\d+\.\.-?\d+(?:\.\.-?\d+)?$/.test(m.body);
    var isAlphaSequence = /^[a-zA-Z]\.\.[a-zA-Z](?:\.\.-?\d+)?$/.test(m.body);
    var isSequence = isNumericSequence || isAlphaSequence;
    var isOptions = m.body.indexOf(',') >= 0;
    if (!isSequence && !isOptions) {
      // {a},b}
      if (m.post.match(/,.*\}/)) {
        str = m.pre + '{' + m.body + escClose + m.post;
        return expand(str);
      }
      return [str];
    }
    var n;
    if (isSequence) {
      n = m.body.split(/\.\./);
    } else {
      n = parseCommaParts(m.body);
      if (n.length === 1) {
        // x{{a,b}}y ==> x{a}y x{b}y
        n = expand(n[0], false).map(embrace);
        if (n.length === 1) {
          return post.map(function(p) {
            return m.pre + n[0] + p;
          });
        }
      }
    }
    // at this point, n is the parts, and we know it's not a comma set
    // with a single entry.
    var N;
    if (isSequence) {
      var x = numeric(n[0]);
      var y = numeric(n[1]);
      var width = Math.max(n[0].length, n[1].length)
      var incr = n.length == 3
        ? Math.abs(numeric(n[2]))
        : 1;
      var test = lte;
      var reverse = y < x;
      if (reverse) {
        incr *= -1;
        test = gte;
      }
      var pad = n.some(isPadded);
      N = [];
      for (var i = x; test(i, y); i += incr) {
        var c;
        if (isAlphaSequence) {
          c = String.fromCharCode(i);
          if (c === '\\')
            c = '';
        } else {
          c = String(i);
          if (pad) {
            var need = width - c.length;
            if (need > 0) {
              var z = new Array(need + 1).join('0');
              if (i < 0)
                c = '-' + z + c.slice(1);
              else
                c = z + c;
            }
          }
        }
        N.push(c);
      }
    } else {
      N = [];
      for (var j = 0; j < n.length; j++) {
        N.push.apply(N, expand(n[j], false));
      }
    }
    for (var j = 0; j < N.length; j++) {
      for (var k = 0; k < post.length; k++) {
        var expansion = pre + N[j] + post[k];
        if (!isTop || isSequence || expansion)
          expansions.push(expansion);
      }
    }
  }
  return expansions;
 }
--- a/node_modules/glob/node_modules/brace-expansion/package.json
+++ b/node_modules/glob/node_modules/brace-expansion/package.json
@@ -0,0 +1,46 @@
 {
  "name": "brace-expansion",
  "description": "Brace expansion as known from sh/bash",
  "version": "2.0.1",
  "repository": {
    "type": "git",
    "url": "git://github.com/juliangruber/brace-expansion.git"
  },
  "homepage": "https://github.com/juliangruber/brace-expansion",
  "main": "index.js",
  "scripts": {
    "test": "tape test/*.js",
    "gentest": "bash test/generate.sh",
    "bench": "matcha test/perf/bench.js"
  },
  "dependencies": {
    "balanced-match": "^1.0.0"
  },
  "devDependencies": {
    "@c4312/matcha": "^1.3.1",
    "tape": "^4.6.0"
  },
  "keywords": [],
  "author": {
    "name": "Julian Gruber",
    "email": "mail@juliangruber.com",
    "url": "http://juliangruber.com"
  },
  "license": "MIT",
  "testling": {
    "files": "test/*.js",
    "browsers": [
      "ie/8..latest",
      "firefox/20..latest",
      "firefox/nightly",
      "chrome/25..latest",
      "chrome/canary",
      "opera/12..latest",
      "opera/next",
      "safari/5.1..latest",
      "ipad/6.0..latest",
      "iphone/6.0..latest",
      "android-browser/4.2..latest"
    ]
  }
 }
--- a/node_modules/glob/node_modules/minimatch/LICENSE
+++ b/node_modules/glob/node_modules/minimatch/LICENSE
@@ -0,0 +1,15 @@
 The ISC License
 Copyright (c) 2011-2022 Isaac Z. Schlueter and Contributors
 Permission to use, copy, modify, and/or distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
 copyright notice and this permission notice appear in all copies.
 THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
 IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--- a/node_modules/glob/node_modules/minimatch/README.md
+++ b/node_modules/glob/node_modules/minimatch/README.md
@@ -0,0 +1,244 @@
 # minimatch
 A minimal matching utility.
 [![Build Status](https://travis-ci.org/isaacs/minimatch.svg?branch=master)](http://travis-ci.org/isaacs/minimatch)
 This is the matching library used internally by npm.
 It works by converting glob expressions into JavaScript `RegExp`
 objects.
 ## Usage
 ```javascript
 var minimatch = require("minimatch")
 minimatch("bar.foo", "*.foo") // true!
 minimatch("bar.foo", "*.bar") // false!
 minimatch("bar.foo", "*.+(bar|foo)", { debug: true }) // true, and noisy!
 ```
 ## Features
 Supports these glob features:
 * Brace Expansion
 * Extended glob matching
 * "Globstar" `**` matching
 See:
 * `man sh`
 * `man bash`
 * `man 3 fnmatch`
 * `man 5 gitignore`
 ## Windows
 **Please only use forward-slashes in glob expressions.**
 Though windows uses either `/` or `\` as its path separator, only `/`
 characters are used by this glob implementation.  You must use
 forward-slashes **only** in glob expressions.  Back-slashes in patterns
 will always be interpreted as escape characters, not path separators.
 Note that `\` or `/` _will_ be interpreted as path separators in paths on
 Windows, and will match against `/` in glob expressions.
 So just always use `/` in patterns.
 ## Minimatch Class
 Create a minimatch object by instantiating the `minimatch.Minimatch` class.
 ```javascript
 var Minimatch = require("minimatch").Minimatch
 var mm = new Minimatch(pattern, options)
 ```
 ### Properties
 * `pattern` The original pattern the minimatch object represents.
 * `options` The options supplied to the constructor.
 * `set` A 2-dimensional array of regexp or string expressions.
  Each row in the
  array corresponds to a brace-expanded pattern.  Each item in the row
  corresponds to a single path-part.  For example, the pattern
  `{a,b/c}/d` would expand to a set of patterns like:
        [ [ a, d ]
        , [ b, c, d ] ]
    If a portion of the pattern doesn't have any "magic" in it
    (that is, it's something like `"foo"` rather than `fo*o?`), then it
    will be left as a string rather than converted to a regular
    expression.
 * `regexp` Created by the `makeRe` method.  A single regular expression
  expressing the entire pattern.  This is useful in cases where you wish
  to use the pattern somewhat like `fnmatch(3)` with `FNM_PATH` enabled.
 * `negate` True if the pattern is negated.
 * `comment` True if the pattern is a comment.
 * `empty` True if the pattern is `""`.
 ### Methods
 * `makeRe` Generate the `regexp` member if necessary, and return it.
  Will return `false` if the pattern is invalid.
 * `match(fname)` Return true if the filename matches the pattern, or
  false otherwise.
 * `matchOne(fileArray, patternArray, partial)` Take a `/`-split
  filename, and match it against a single row in the `regExpSet`.  This
  method is mainly for internal use, but is exposed so that it can be
  used by a glob-walker that needs to avoid excessive filesystem calls.
 All other methods are internal, and will be called as necessary.
 ### minimatch(path, pattern, options)
 Main export.  Tests a path against the pattern using the options.
 ```javascript
 var isJS = minimatch(file, "*.js", { matchBase: true })
 ```
 ### minimatch.filter(pattern, options)
 Returns a function that tests its
 supplied argument, suitable for use with `Array.filter`.  Example:
 ```javascript
 var javascripts = fileList.filter(minimatch.filter("*.js", {matchBase: true}))
 ```
 ### minimatch.match(list, pattern, options)
 Match against the list of
 files, in the style of fnmatch or glob.  If nothing is matched, and
 options.nonull is set, then return a list containing the pattern itself.
 ```javascript
 var javascripts = minimatch.match(fileList, "*.js", {matchBase: true}))
 ```
 ### minimatch.makeRe(pattern, options)
 Make a regular expression object from the pattern.
 ## Options
 All options are `false` by default.
 ### debug
 Dump a ton of stuff to stderr.
 ### nobrace
 Do not expand `{a,b}` and `{1..3}` brace sets.
 ### noglobstar
 Disable `**` matching against multiple folder names.
 ### dot
 Allow patterns to match filenames starting with a period, even if
 the pattern does not explicitly have a period in that spot.
 Note that by default, `a/**/b` will **not** match `a/.d/b`, unless `dot`
 is set.
 ### noext
 Disable "extglob" style patterns like `+(a|b)`.
 ### nocase
 Perform a case-insensitive match.
 ### nonull
 When a match is not found by `minimatch.match`, return a list containing
 the pattern itself if this option is set.  When not set, an empty list
 is returned if there are no matches.
 ### matchBase
 If set, then patterns without slashes will be matched
 against the basename of the path if it contains slashes.  For example,
 `a?b` would match the path `/xyz/123/acb`, but not `/xyz/acb/123`.
 ### nocomment
 Suppress the behavior of treating `#` at the start of a pattern as a
 comment.
 ### nonegate
 Suppress the behavior of treating a leading `!` character as negation.
 ### flipNegate
 Returns from negate expressions the same as if they were not negated.
 (Ie, true on a hit, false on a miss.)
 ### partial
 Compare a partial path to a pattern.  As long as the parts of the path that
 are present are not contradicted by the pattern, it will be treated as a
 match.  This is useful in applications where you're walking through a
 folder structure, and don't yet have the full path, but want to ensure that
 you do not walk down paths that can never be a match.
 For example,
 ```js
 minimatch('/a/b', '/a/*/c/d', { partial: true })  // true, might be /a/b/c/d
 minimatch('/a/b', '/**/d', { partial: true })     // true, might be /a/b/.../d
 minimatch('/x/y/z', '/a/**/z', { partial: true }) // false, because x !== a
 ```
 ## Comparisons to other fnmatch/glob implementations
 While strict compliance with the existing standards is a worthwhile
 goal, some discrepancies exist between minimatch and other
 implementations, and are intentional.
 If the pattern starts with a `!` character, then it is negated.  Set the
 `nonegate` flag to suppress this behavior, and treat leading `!`
 characters normally.  This is perhaps relevant if you wish to start the
 pattern with a negative extglob pattern like `!(a|B)`.  Multiple `!`
 characters at the start of a pattern will negate the pattern multiple
 times.
 If a pattern starts with `#`, then it is treated as a comment, and
 will not match anything.  Use `\#` to match a literal `#` at the
 start of a line, or set the `nocomment` flag to suppress this behavior.
 The double-star character `**` is supported by default, unless the
 `noglobstar` flag is set.  This is supported in the manner of bsdglob
 and bash 4.1, where `**` only has special significance if it is the only
 thing in a path part.  That is, `a/**/b` will match `a/x/y/b`, but
 `a/**b` will not.
 If an escaped pattern has no matches, and the `nonull` flag is set,
 then minimatch.match returns the pattern as-provided, rather than
 interpreting the character escapes.  For example,
 `minimatch.match([], "\\*a\\?")` will return `"\\*a\\?"` rather than
 `"*a?"`.  This is akin to setting the `nullglob` option in bash, except
 that it does not resolve escaped pattern characters.
 If brace expansion is not disabled, then it is performed before any
 other interpretation of the glob pattern.  Thus, a pattern like
 `+(a|{b),c)}`, which would not be valid in bash or zsh, is expanded
 **first** into the set of `+(a|b)` and `+(a|c)`, and those patterns are
 checked for validity.  Since those two are valid, matching proceeds.
 Note that `fnmatch(3)` in libc is an extremely naive string comparison
 matcher, which does not do anything special for slashes.  This library is
 designed to be used in glob searching and file walkers, and so it does do
 special things with `/`.  Thus, `foo*` will not match `foo/bar` in this
 library, even though it would in `fnmatch(3)`.
--- a/node_modules/glob/node_modules/minimatch/lib/path.js
+++ b/node_modules/glob/node_modules/minimatch/lib/path.js
@@ -0,0 +1,4 @@
 const isWindows = typeof process === 'object' &&
  process &&
  process.platform === 'win32'
 module.exports = isWindows ? { sep: '\\' } : { sep: '/' }
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Henry Mercer	1fae5bf71b	Merge pull request #1051 from github/henrymercer/run-atm-on-windows Run ML-powered queries on Windows with CodeQL CLI 2.9.0+	2022-05-11 20:03:26 +01:00
Henry Mercer	533ce91971	Merge remote-tracking branch 'origin/main' into henrymercer/run-atm-on-windows	2022-05-11 19:32:14 +01:00
Henry Mercer	ace076b980	Merge pull request #1070 from github/mergeback/v2.1.10-to-main-2f58583a Mergeback v2.1.10 refs/heads/releases/v2 into main	2022-05-11 18:36:28 +01:00
Henry Mercer	97847a4dde	Merge branch 'main' into mergeback/v2.1.10-to-main-2f58583a	2022-05-11 16:59:06 +01:00
github-actions[bot]	f8c88ab2dc	Update changelog and version after v2.1.10	2022-05-11 15:51:54 +00:00
Henry Mercer	2f58583a1b	Merge pull request #1069 from github/henrymercer/fix-integration-tests-on-v1 Fix integration tests on v1	2022-05-11 16:48:31 +01:00
Henry Mercer	4e0668d05e	Fix integration tests on v1 The GitHub API client coerces `fake-server-url` to the Dotcom API URL, which means commands like `util.getGitHubVersion` will call the Dotcom API with the `fake-token`, resulting in 401s. We therefore use the Dotcom URL instead and additionally stub `util.getGitHubVersion` as a good practice (it's no longer necessary).	2022-05-11 15:53:57 +01:00
Henry Mercer	c4fdf5fe69	Merge pull request #1067 from github/mergeback/v2.1.10-to-main-03e2e3c4 Mergeback v2.1.10 refs/heads/releases/v2 into main	2022-05-11 13:14:15 +01:00
Henry Mercer	4f87830a1f	Merge branch 'main' into mergeback/v2.1.10-to-main-03e2e3c4	2022-05-11 12:00:48 +01:00
github-actions[bot]	daf6560612	Update changelog and version after v2.1.10	2022-05-11 10:57:56 +00:00
Henry Mercer	03e2e3c45f	Merge pull request #1065 from github/henrymercer/remove-extraneous-commit Remove an extraneous commit during the release process	2022-05-11 11:39:31 +01:00
Henry Mercer	3bb6c41212	Remove an extraneous commit during the release process We only need to run `git commit` after the `git merge` call if there were conflicts.	2022-05-11 10:50:13 +01:00
Alexander Eyers-Taylor	38fc5ebb37	Merge pull request #1064 from github/mergeback/v2.1.10-to-main-75b4f1c4 Mergeback v2.1.10 refs/heads/releases/v2 into main	2022-05-10 20:12:54 +01:00
Henry Mercer	a82d691646	Merge branch 'main' into mergeback/v2.1.10-to-main-75b4f1c4	2022-05-10 19:32:12 +01:00
github-actions[bot]	ca6773e404	Update checked-in dependencies	2022-05-10 17:39:06 +00:00
Andrew Eisenberg	8dbd96566a	Merge pull request #1063 from github/aeisenberg/contrib Update contributing.md	2022-05-10 10:25:04 -07:00
github-actions[bot]	ef73e3bee8	Update changelog and version after v2.1.10	2022-05-10 17:05:35 +00:00
Alexander Eyers-Taylor	75b4f1c466	Merge pull request #1062 from github/update-v2.1.10-7cf0ed5e Merge main into releases/v2	2022-05-10 18:03:52 +01:00
Andrew Eisenberg	d468c94a69	Update contributing.md Change the text for keeping the checks up to date.	2022-05-10 09:55:27 -07:00
Rasmus Wriedt Larsen	7c55012151	Merge pull request #1039 from github/rasmuswl/pip-python2-fix python-setup: Check if `pip` is already installed for Python2	2022-05-10 14:17:06 +02:00
github-actions[bot]	f8eea91a7b	Update changelog for v2.1.10	2022-05-10 11:33:39 +00:00
Henry Mercer	878b64e0ef	Merge branch 'main' into rasmuswl/pip-python2-fix	2022-05-10 10:52:20 +01:00
Andrew Eisenberg	7cf0ed5e3f	Merge pull request #1060 from github/aeisenberg/required-checks-script Create update-required-checks script	2022-05-10 02:50:12 -07:00
Rasmus Wriedt Larsen	b651a677d2	Merge branch 'main' into rasmuswl/pip-python2-fix	2022-05-10 10:51:39 +02:00
Andrew Eisenberg	827fd55c21	Create update-required-checks script This also removes the .github/workflows/update-required-checks.yml workflow. This script needs to be run locally by someone who has admin privileges on the repo.	2022-05-09 14:59:16 -07:00
Alexander Eyers-Taylor	dd56e95b46	Merge pull request #1056 from github/alexet/update-2.9.1 Update codeql to 2.9.1	2022-05-05 16:52:48 +01:00
alexet	3c6dd303a8	Update codeql to 2.9.1	2022-05-03 15:58:57 +01:00
Chris Gavin	96bc9c36c6	Merge pull request #1055 from github/fix-status-error-being-caught Fix processing errors being caught and logged as a warning rather than failing the workflow run.	2022-05-03 13:21:10 +01:00
Chris Gavin	366e88c2c1	Fix processing errors being caught and logged as a warning rather than failing the workflow run.	2022-05-03 10:06:19 +01:00
Andrew Eisenberg	7b66e72cb7	Merge pull request #1054 from github/aeisenberg/update-checks Add permissions to workflow	2022-05-02 12:46:59 -07:00
Andrew Eisenberg	06d4e82bd2	Add permissions block to workflow	2022-05-02 12:01:19 -07:00
Andrew Eisenberg	0fb78380f8	Merge pull request #1053 from github/aeisenberg/update-checks Add workflow to regenerate required checks	2022-05-02 10:44:05 -07:00
Andrew Eisenberg	b71f20d70f	Add workflow to regenerate required checks Update contributing guide. Ensure this workflow runs once a week.	2022-05-02 10:15:40 -07:00
Andrew Eisenberg	8f845425a2	Merge pull request #1052 from github/aeisenberg/required-checks Update CONTRIBUTING.md	2022-05-02 09:25:35 -07:00
Andrew Eisenberg	c9882bef2d	Update CONTRIBUTING.md	2022-05-02 08:58:10 -07:00
Andrew Eisenberg	9a6bf18ec4	Update CONTRIBUTING.md Clarify instructions for updating required checks	2022-05-02 08:29:30 -07:00
Andrew Eisenberg	0235de0279	Merge pull request #1049 from github/aeisenberg/packs-with-paths Allow running packs with paths	2022-05-02 08:24:46 -07:00
Andrew Eisenberg	a73e506617	Fix syntax error in workflow	2022-04-29 17:33:21 -07:00
Andrew Eisenberg	b11fe85402	Merge branch 'main' into aeisenberg/packs-with-paths	2022-04-29 11:10:16 -07:00
Andrew Eisenberg	922dc2b976	Use the `--resolve-query-specs` parameter of `pack download` This will allow the command to resolve packs with paths. Also, use a more concise version of `tr`.	2022-04-29 10:54:01 -07:00
Henry Mercer	395afb1dd9	Fix unit test assertion on Windows	2022-04-29 18:18:19 +01:00
Henry Mercer	ceeddf2638	Merge pull request #1050 from github/henrymercer/dont-wait-for-processing-in-test-mode Don't wait for processing in test mode	2022-04-29 10:26:03 +01:00
Andrew Eisenberg	06b15c22b1	Allow pack specifiers to include paths Also, this cleans up our pack-related integration tests. We are now testing with the most recent CLIs.	2022-04-28 17:14:30 -07:00
Henry Mercer	ed0abc6cac	Log the expected outcome of the tests for clarity	2022-04-28 19:21:56 +01:00
Henry Mercer	193cfa588d	Update PR checks for Windows and CodeQL CLI 2.9.0+	2022-04-28 19:18:15 +01:00
Henry Mercer	d9e30cb001	Run ML-powered queries on Windows with CodeQL CLI 2.9.0+	2022-04-28 19:18:15 +01:00
Henry Mercer	ea676e3184	Don't wait for processing in test mode In test mode, we don't upload results, so there's no point waiting for processing.	2022-04-28 19:14:14 +01:00
Henry Mercer	7c2be06006	Factor out test mode determination code	2022-04-28 19:13:22 +01:00
Henry Mercer	0c3c093eba	Merge pull request #1045 from github/henrymercer/prompt-v1-to-v2-upgrades Prompt customers to upgrade from v1 to v2	2022-04-28 18:50:10 +01:00
Henry Mercer	2bf00f719d	Merge branch 'main' into henrymercer/prompt-v1-to-v2-upgrades	2022-04-28 14:17:36 +01:00
Henry Mercer	02083c307e	Add a comment to explain why we show the upgrade message on GHES 3.4	2022-04-28 14:16:32 +01:00
Henry Mercer	35ef6a2db3	Move `formatGitHubVersion` into util.test.ts	2022-04-28 14:16:32 +01:00
Henry Mercer	5227afabbe	Tweak wording of message	2022-04-28 14:16:32 +01:00
Edoardo Pirovano	6ed7f70798	Merge pull request #1047 from github/mergeback/v2.1.9-to-main-7502d6e9 Mergeback v2.1.9 refs/heads/releases/v2 into main	2022-04-28 09:39:17 +01:00
github-actions[bot]	04f504ca7f	Update checked-in dependencies	2022-04-27 20:55:44 +00:00
github-actions[bot]	016ec75b7c	Update changelog and version after v2.1.9	2022-04-27 18:21:50 +00:00
Henning Makholm	7502d6e991	Merge pull request #1046 from github/update-v2.1.9-72861144 Merge main into releases/v2	2022-04-27 20:20:29 +02:00
github-actions[bot]	cbce00d08d	Update changelog for v2.1.9	2022-04-27 16:41:08 +00:00
Henry Mercer	0256599547	Prompt customers to upgrade from v1 to v2	2022-04-27 16:11:24 +01:00
Chuan-kai Lin	72861144fd	Merge pull request #1042 from cklin/windows-status-report-error Fix status reporting error on Windows	2022-04-26 08:46:38 -07:00
Chuan-kai Lin	6dd9baf8be	Fix status reporting error on Windows	2022-04-26 08:06:57 -07:00
Henry Mercer	ff8b365e79	Merge pull request #1044 from github/adityasharad/readme/replace-git-io README: Replace git.io shortlink with full link	2022-04-26 12:30:02 +01:00
Henry Mercer	eed184a534	Merge branch 'main' into adityasharad/readme/replace-git-io	2022-04-26 10:44:55 +01:00
Henry Mercer	c76f0b5b07	Merge pull request #1032 from github/henrymercer/handle-merge-conflicts-in-releases Commit any conflicts during v1 backport to simplify release process	2022-04-26 10:43:55 +01:00
Aditya Sharad	bf4ba6945d	README: Replace git.io shortlink with full link git.io is deprecated, so use the full link to docs.github.com instead.	2022-04-26 02:14:44 -07:00
Henry Mercer	d2d14adf3e	Merge branch 'main' into henrymercer/handle-merge-conflicts-in-releases	2022-04-26 10:03:00 +01:00
Henning Makholm	95b49c3e6b	Merge pull request #1038 from github/hmakholm/pr/2.9.0 Bump default CodeQL version to 2.9.0	2022-04-26 03:03:24 +02:00
Henning Makholm	80771fd2d0	Merge branch 'main' into hmakholm/pr/2.9.0	2022-04-26 02:33:49 +02:00
Henry Mercer	2b8fdb3f2e	Merge branch 'main' into henrymercer/handle-merge-conflicts-in-releases	2022-04-25 17:02:03 +01:00
Henry Mercer	074853a9a2	Suggest resolving conflicts by adding new commits vs amending the merge commit This gives us slightly messier git history, but more importantly makes reviewing substantially easier.	2022-04-25 16:37:32 +01:00
Henry Mercer	ce63ab5d00	Merge pull request #1033 from github/henrymercer/use-tags-for-releases Specify releases of the CodeQL Action using tags instead of branches	2022-04-25 13:22:12 +01:00
Henry Mercer	e87e2d8201	Merge branch 'main' into henrymercer/use-tags-for-releases	2022-04-25 09:56:42 +01:00
Rasmus Wriedt Larsen	8a646279fc	python-setup: Check if `pip` is already installed for Python2	2022-04-22 10:32:29 +02:00
Henning Makholm	23b7196b6b	Bump default CodeQL version to 2.9.0	2022-04-21 23:12:38 +02:00
Andrew Eisenberg	e6e327771b	Merge pull request #1026 from kojiromike/patch-1	2022-04-18 09:18:46 -07:00
Rasmus Wriedt Larsen	b9577df761	python-setup: refactor Pipenv without lockfile	2022-04-18 11:14:14 -04:00
Michael A. Smith	808c29257b	Support Pipfile without Pipfile.lock As previously written, if codeql finds a `Pipfile`, but no `Pipfile.lock`, it will run `pipenv install` with args that require `Pipfile.lock` to exist. Pipfile will fail with this message: ``` Usage: python -m pipenv install [OPTIONS] [PACKAGES]... ERROR:: Pipfile.lock must exist to use --keep-outdated! package installation with pipenv failed, see error above ``` This changeset enables auto_install to work with Pipfile when there is no lock. (Bonus: `--skip-lock` is generally a bit faster.)	2022-04-18 11:14:14 -04:00
Henry Mercer	5b5ed44ab7	Add a PR check to check for conflict markers This check is primarily intended to validate that any merge conflicts in the v2 -> v1 backport PR are fixed before the PR is merged.	2022-04-14 20:05:42 +01:00
Henry Mercer	faf9d4b499	Merge branch 'main' into henrymercer/use-tags-for-releases	2022-04-14 19:40:48 +01:00
Henry Mercer	8b2f5d7158	Merge pull request #1034 from github/dependabot/npm_and_yarn/glob-8.0.1 Bump glob from 7.1.7 to 8.0.1	2022-04-14 19:39:48 +01:00
github-actions[bot]	0ba58d8497	Update checked-in dependencies	2022-04-14 17:56:23 +00:00
dependabot[bot]	3962f1bd85	Bump glob from 7.1.7 to 8.0.1 Bumps [glob](https://github.com/isaacs/node-glob) from 7.1.7 to 8.0.1. - [Release notes](https://github.com/isaacs/node-glob/releases) - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](https://github.com/isaacs/node-glob/compare/v7.1.7...v8.0.1) --- updated-dependencies: - dependency-name: glob dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2022-04-14 17:00:42 +00:00
Henry Mercer	9daf1de73c	Update references to release branches Prepare for renaming `v1` -> `releases/v1` and `v2` -> `releases/v2`.	2022-04-14 17:48:46 +01:00
Henry Mercer	bce749b10f	Improve consistency of variable references in Bash	2022-04-14 17:48:46 +01:00
Henry Mercer	fce4a01cd7	Update the major version tag within the release process	2022-04-14 17:48:46 +01:00
Henry Mercer	bac9320f4f	Update description of "Tag release and merge back" workflow	2022-04-14 17:48:46 +01:00
Henry Mercer	b3bf557359	Merge branch 'main' into henrymercer/handle-merge-conflicts-in-releases	2022-04-14 17:41:31 +01:00
Henry Mercer	f6312f1322	Commit any conflicts during v1 backport to simplify release process The process of creating the v1 release can run into merge conflicts. We commit the unresolved conflicts so a maintainer can easily resolve them (vs erroring and requiring maintainers to reconstruct the release manually).	2022-04-14 16:08:38 +01:00
Chris Gavin	c5c5bdabb9	Merge pull request #1007 from github/wait-for-processing-2 Re-enable waiting for processing by default, using the new API semantics.	2022-04-14 09:29:10 +01:00
Chris Gavin	e7869d541b	Merge main into wait-for-processing-2.	2022-04-14 08:49:44 +01:00
Henry Mercer	7a12645d7e	Merge pull request #1030 from github/RasmusWL/pyton-setup-codeowners Add codeql-python as CODEOWNERS	2022-04-12 16:01:41 +01:00
Rasmus Wriedt Larsen	9f20addbf2	Update CODEOWNERS Co-authored-by: Henry Mercer <henrymercer@github.com>	2022-04-12 16:34:35 +02:00
Rasmus Wriedt Larsen	780f4ee1bf	Add codeql-python as CODEOWNERS	2022-04-12 11:40:51 +02:00
Chuan-kai Lin	baf90d17d2	Merge pull request #1024 from cklin/autobuild-working-dir autobuild: add working-directory input	2022-04-08 16:20:01 -07:00
Chuan-kai Lin	6f174084dd	Add autobuild workind-directory test	2022-04-08 15:18:11 -07:00
Chuan-kai Lin	b0c570ef83	autobuild: add working-directory input	2022-04-08 13:37:42 -07:00
Edoardo Pirovano	2d80fe85fc	Merge pull request #1029 from github/mergeback/v2.1.8-to-main-1ed14374 Mergeback v2.1.8 refs/heads/v2 into main	2022-04-08 10:58:37 +01:00
github-actions[bot]	0c80741707	Update checked-in dependencies	2022-04-08 09:02:30 +00:00
github-actions[bot]	792bbfea04	Update changelog and version after v2.1.8	2022-04-08 08:46:10 +00:00
Edoardo Pirovano	1ed1437484	Merge pull request #1027 from github/update-v2.1.8-739937f1 Merge main into v2	2022-04-08 09:44:43 +01:00
github-actions[bot]	3ed22c8145	Update changelog for v2.1.8	2022-04-08 08:16:27 +00:00
Andrew Eisenberg	739937f14e	Merge pull request #1025 from github/aeisenberg/get-runs-api Exclude pull requests from actions/runs request	2022-04-07 16:12:02 -07:00
Andrew Eisenberg	0ecdac49ad	Update changelog	2022-04-07 14:02:50 -07:00
Andrew Eisenberg	426a3951ee	Exclude pull requests from actions/runs request This will save time when fetcing the current run and we don't use the pull requests for anything anyway. It is ok to leave out.	2022-04-07 14:02:44 -07:00
Edoardo Pirovano	a0b596246a	Merge pull request #1014 from github/edoardo/2.8.5-bump Update default CodeQL version to 2.8.5	2022-04-07 16:12:41 +01:00
Edoardo Pirovano	5d3e1a701c	Update default CodeQL version to 2.8.5	2022-04-07 13:41:02 +01:00
Edoardo Pirovano	b9bb8dd18d	Merge pull request #1020 from github/mergeback/v2.1.7-to-main-0182a2c7 Mergeback v2.1.7 refs/heads/v2 into main	2022-04-05 10:50:50 -07:00
github-actions[bot]	11673755ab	Update checked-in dependencies	2022-04-05 17:17:35 +00:00
github-actions[bot]	d0ca51f5e9	Update changelog and version after v2.1.7	2022-04-05 16:21:20 +00:00
Edoardo Pirovano	0182a2c78c	Merge pull request #1019 from github/update-v2.1.7-9cab82f2 Merge main into v2	2022-04-05 09:19:51 -07:00
github-actions[bot]	488f78249e	Update changelog for v2.1.7	2022-04-05 14:52:53 +00:00
Edoardo Pirovano	9cab82f202	Merge pull request #1018 from github/edoardo/revert-codescanning-config Revert usage of `--codescanning-config` flag	2022-04-05 07:50:07 -07:00
Edoardo Pirovano	43d066495c	Revert usage of `--codescanning-config` flag	2022-04-05 09:41:07 +01:00
Edoardo Pirovano	f090899ed0	Merge pull request #1015 from github/edoardo/dependency-update Fix issue with dependencies	2022-04-01 10:08:50 -07:00
Edoardo Pirovano	8a00ed086d	Fix issue with dependencies	2022-04-01 17:36:08 +01:00
Henry Mercer	935969c6f7	Merge pull request #1013 from github/henrymercer/ml-powered-query-pack-v0.2.0 Run version `~0.2.0` of the ML-powered query pack on v2.8.4+ of the CLI	2022-03-31 16:25:07 +01:00
Henry Mercer	e26813cf98	Run version `~0.2.0` of the ML-powered query pack for v2.8.4+ of the CLI	2022-03-31 14:58:41 +01:00
Henry Mercer	2c03704a6c	Allow the version of the ML-powered pack to depend on the CLI version	2022-03-31 14:58:29 +01:00
Henry Mercer	dd6b592e3e	Simplify ML-powered query status report definition We now limit the cardinality of the ML-powered JS queries status report field server-side. With no need for a limit on the cardinality of the status report client-side, we can simplify how we produce it.	2022-03-31 14:55:32 +01:00
Henry Mercer	a90d8bf711	Merge pull request #1011 from github/henrymercer/ml-powered-queries-pr-check Add a PR check to validate that ML-powered queries are run correctly	2022-03-31 11:13:26 +01:00
Henry Mercer	dc0338e493	Use latest major version of actions/upload-artifact	2022-03-31 10:11:33 +01:00
Henry Mercer	57096fe795	Add a PR check to validate that ML-powered queries are run correctly	2022-03-31 10:11:30 +01:00
Henry Mercer	b0ddf36abe	Merge pull request #1012 from github/henrymercer/update-actions-major-versions Update major versions of Actions in README and workflows	2022-03-30 21:06:16 +01:00
Henry Mercer	1ea2f2d7f1	Merge branch 'main' into henrymercer/update-actions-major-versions	2022-03-30 20:00:06 +01:00
Henry Mercer	9dcc141f12	Merge pull request #1010 from github/henrymercer/stop-running-ml-powered-queries-on-windows Stop running ML-powered queries on Windows	2022-03-30 19:57:03 +01:00
Henry Mercer	ea751a9fae	Update other Actions from v2 to v3	2022-03-30 19:46:09 +01:00
Henry Mercer	a2949f47b3	Update actions/checkout from v2 to v3	2022-03-30 19:46:09 +01:00
Henry Mercer	7871f0d5e1	Update CodeQL Action from v1 to v2 in README	2022-03-30 19:46:09 +01:00
Henry Mercer	e6f3e049b4	Add descriptions to each test	2022-03-30 18:17:06 +01:00
Henry Mercer	e83a1d469e	Stop running ML-powered queries on Windows	2022-03-30 18:05:12 +01:00
Edoardo Pirovano	894faced79	Merge pull request #1008 from github/edoardo/no-fail-12.12 Avoid failure if `@types/node` is already 12.12	2022-03-30 17:52:20 +01:00
Edoardo Pirovano	a9095cefc9	Avoid failure if `@types/node` is already 12.12	2022-03-30 16:58:25 +01:00
Henry Mercer	4d339ae3ec	Merge pull request #1009 from github/henrymercer/run-pr-checks-on-v2-branch Run all PR checks on the `v2` branch	2022-03-30 16:53:09 +01:00
Henry Mercer	381ea36211	Delete unused workflows	2022-03-30 16:00:52 +01:00
Henry Mercer	e769c2dd6e	Run all PR checks on v2 branch	2022-03-30 15:59:09 +01:00
Edoardo Pirovano	bae3a3acab	Merge pull request #1005 from github/mergeback/v2.1.6-to-main-28eead24 Mergeback v2.1.6 refs/heads/v2 into main	2022-03-30 14:27:22 +01:00
github-actions[bot]	bcd5c027de	Update checked-in dependencies	2022-03-30 11:55:38 +00:00
Chris Gavin	9885f86fab	Re-enable waiting for processing by default, using the new API semantics.	2022-03-30 12:24:59 +01:00
github-actions[bot]	ee3341a9d8	Update changelog and version after v2.1.6	2022-03-30 11:13:37 +00:00
`@@ -1 +1,3 @@`
	`*/ @github/codeql-action-reviewers`	`*/ @github/codeql-action-reviewers`

		`/python-setup/ @github/codeql-python @github/codeql-action-reviewers`
		`@@ -1 +1 @@`
			{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;YAClD,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}				{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
		`@@ -1 +1 @@`
			{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,iBAAiB,CAAC;QACrD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;YAClD,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}				{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
		`@@ -1 +1 @@`
			{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAMwB;AACxB,2CAAuE;AACvE,6DAA+C;AAE/C,uCAA6C;AAC7C,iCAAqD;AAErD,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AASvC,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,EACd,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,QAAQ,GAAyB,SAAS,CAAC;IAC/C,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,CACzC,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QACF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QACD,QAAQ,GAAG,IAAA,sCAA0B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;SAC9C;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAC1B,QAAQ,EACR,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}				{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAOwB;AACxB,2CAAuE;AACvE,6DAA+C;AAE/C,uCAA6C;AAC7C,iCAAyE;AAEzE,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AASvC,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IAEjD,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,OAAO,EACd,KAAK,aAAL,KAAK,uBAAL,KAAK,CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,MAAM,IAAA,yBAAkB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,IAAI,QAAQ,GAAyB,SAAS,CAAC;IAC/C,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,CACzC,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QACF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QACD,QAAQ,GAAG,IAAA,sCAA0B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;SAC9C;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAC1B,QAAQ,EACR,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
		`@@ -1 +1 @@`
			{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAA2D;AAC3D,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAA0E;AAE1E,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAMvC,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAC3C,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;SAC9C,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,wCAA2B,GAAE,CAAC;QAE1D,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,aAAa,EACb,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YAClE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,WAAW,CAAC,gBAAgB,CAAC,KAAK,CAAC,EACnC,SAAS,EACT,OAAO,EACP,KAAK,CACN,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}				{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAA2D;AAC3D,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAMgB;AAEhB,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAMvC,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,IAAA,yBAAkB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAC3C,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;SAC9C,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,wCAA2B,GAAE,CAAC;QAE1D,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,aAAa,EACb,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE;YAClB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;SACjE;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YACzE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,WAAW,CAAC,gBAAgB,CAAC,KAAK,CAAC,EACnC,SAAS,EACT,OAAO,EACP,KAAK,CACN,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
		`@@ -0,0 +1,2 @@`
							`tidelift: "npm/brace-expansion"`
							`patreon: juliangruber`