Add CodeQL workflow file

.github/check-sarif/action.yml

@@ -1,20 +0,0 @@
-name: Check SARIF
-description: Checks a SARIF file to see if certain queries were run and others were not run.
-inputs:
-  sarif-file:
-    required: true
-    description: The SARIF file to check
-
-  queries-run:
-    required: true
-    description: |
-      Comma separated list of query ids that should be included in this SARIF file.
-
-  queries-not-run:
-    required: true
-    description: |
-      Comma separated list of query ids that should NOT be included in this SARIF file.
-
-runs:
-  using: node12
-  main: index.js

.github/check-sarif/index.js

@@ -1,43 +0,0 @@
-'use strict'
-
-const core = require('@actions/core')
-const fs = require('fs')
-
-const sarif = JSON.parse(fs.readFileSync(core.getInput('sarif-file'), 'utf8'))
-const rules = sarif.runs[0].tool.extensions.flatMap(ext => ext.rules || [])
-const ruleIds = rules.map(rule => rule.id)
-
-// Check that all the expected queries ran
-const expectedQueriesRun = getQueryIdsInput('queries-run')
-const queriesThatShouldHaveRunButDidNot = expectedQueriesRun.filter(queryId => !ruleIds.includes(queryId))
-
-if (queriesThatShouldHaveRunButDidNot.length > 0) {
-  core.setFailed(`The following queries were expected to run but did not: ${queriesThatShouldHaveRunButDidNot.join(', ')}`)
-}
-
-// Check that all the unexpected queries did not run
-const expectedQueriesNotRun = getQueryIdsInput('queries-not-run')
-
-const queriesThatShouldNotHaveRunButDid = expectedQueriesNotRun.filter(queryId => ruleIds.includes(queryId))
-
-if (queriesThatShouldNotHaveRunButDid.length > 0) {
-  core.setFailed(`The following queries were NOT expected to have run but did: ${queriesThatShouldNotHaveRunButDid.join(', ')}`)
-}
-
-
-core.startGroup('All queries run')
-rules.forEach(rule => {
-  core.info(`${rule.id}: ${(rule.properties && rule.properties.name) || rule.name}`)
-})
-core.endGroup()
-
-core.startGroup('Full SARIF')
-core.info(JSON.stringify(sarif, null, 2))
-core.endGroup()
-
-function getQueryIdsInput(name) {
-  return core.getInput(name)
-    .split(',')
-    .map(q => q.trim())
-    .filter(q => q.length > 0)
-}

.github/query-filter-test/action.yml

@@ -1,52 +0,0 @@
-name: Query Filter Test
-description: Runs a test of query filters using the check sarif action
-inputs:
-  sarif-file:
-    required: true
-    description: The SARIF file to check
-
-  queries-run:
-    required: true
-    description: |
-      Comma separated list of query ids that should be included in this SARIF file.
-
-  queries-not-run:
-    required: true
-    description: |
-      Comma separated list of query ids that should NOT be included in this SARIF file.
-
-  config-file:
-    required: true
-    description: |
-      The location of the codeql configuration file to use.
-
-  tools:
-    required: true
-    description: |
-      The url of codeql to use.
-
-runs:
-  using: composite
-  steps:
-    - uses: ./../action/init
-      with:
-        languages: javascript
-        config-file: ${{ inputs.config-file }}
-        tools: ${{ inputs.tools }}
-        db-location: ${{ runner.temp }}/query-filter-test
-    - uses: ./../action/analyze
-      with:
-        output: ${{ runner.temp }}/results
-        upload-database: false
-        upload: false
-      env:
-        TEST_MODE: "true"
-    - name: Check SARIF
-      uses: ./../action/.github/check-sarif
-      with:
-        sarif-file:  ${{ inputs.sarif-file }}
-        queries-run: ${{ inputs.queries-run}}
-        queries-not-run: ${{ inputs.queries-not-run}}
-    - name: Cleanup after test
-      shell: bash
-      run: rm -rf "$RUNNER_TEMP/results" "$RUNNER_TEMP//query-filter-test"

.github/workflows/check-for-conflicts.yml

@@ -4,7 +4,7 @@ name: Check for conflicts
 
 on:
   pull_request:
-    branches: [main, releases/v1, releases/v2]
+    branches: [main, v1, v2]
     # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
     # by other workflows.
     types: [opened, synchronize, reopened, ready_for_review]

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,72 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+"on":
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '14 13 * * 5'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ javascript, python ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Learn more about CodeQL language support at https://git.io/codeql-language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+        queries: security-and-quality
+        config-file: ./.github/codeql/codeql-config.yml
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/expected-queries-runs.yml

@@ -1,49 +0,0 @@
-name: Expected queries runs
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-on:
-  push:
-    branches:
-    - main
-    - releases/v1
-    - releases/v2
-  pull_request:
-    types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
-  workflow_dispatch: {}
-
-jobs:
-  expected-queries:
-    name: Expected Queries Tests
-    timeout-minutes: 45
-    runs-on: ubuntu-latest
-    steps:
-    - name: Check out repository
-      uses: actions/checkout@v3
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/prepare-test
-      with:
-        version: latest
-    - uses: ./../action/init
-      with:
-        languages: javascript
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/analyze
-      with:
-        output: ${{ runner.temp }}/results
-        upload-database: false
-        upload: false
-      env:
-        TEST_MODE: true
-
-    - name: Check Sarif
-      uses: ./../action/.github/check-sarif
-      with:
-        sarif-file: ${{ runner.temp }}/results/javascript.sarif
-        queries-run: js/incomplete-hostname-regexp,js/path-injection
-        queries-not-run: foo,bar

.github/workflows/script/update-required-checks.sh

@@ -21,7 +21,7 @@ fi
 echo "Getting checks for $GITHUB_SHA"
 
 # Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
-CHECKS="$(gh api repos/github/codeql-action/commits/${GITHUB_SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") or contains("update") | not)] | unique | sort')"
+CHECKS="$(gh api repos/github/codeql-action/commits/${GITHUB_SHA}/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "LGTM.com" or contains("Update") | not)] | sort')"
 
 echo "$CHECKS" | jq
 

CHANGELOG.md

@@ -1,13 +1,9 @@
 # CodeQL Action Changelog
 
-## 2.1.14 - 22 Jun 2022
+## [UNRELEASED]
 
 No user facing changes.
 
-## 2.1.13 - 21 Jun 2022
-
-- Update default CodeQL bundle version to 2.9.4. [#1100](https://github.com/github/codeql-action/pull/1100)
-
 ## 2.1.12 - 01 Jun 2022
 
 - Update default CodeQL bundle version to 2.9.3. [#1084](https://github.com/github/codeql-action/pull/1084)

lib/analyze.js

@@ -18,15 +18,11 @@ var __importStar = (this && this.__importStar) || function (mod) {
     __setModuleDefault(result, mod);
     return result;
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.runCleanup = exports.runFinalize = exports.runQueries = exports.CodeQLAnalysisError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
-const del_1 = __importDefault(require("del"));
 const yaml = __importStar(require("js-yaml"));
 const analysisPaths = __importStar(require("./analysis-paths"));
 const codeql_1 = require("./codeql");
@@ -248,8 +244,13 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger) {
         // Delete the tracer config env var to avoid tracing ourselves
         delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
     }
+    // After switching to Node16, this entire block can be replaced with `await fs.promises.rm(outputDir, { recursive: true, force: true });`.
     try {
-        await (0, del_1.default)(outputDir, { force: true });
+        await fs.promises.rmdir(outputDir, {
+            recursive: true,
+            maxRetries: 5,
+            retryDelay: 2000,
+        });
     }
     catch (error) {
         if ((error === null || error === void 0 ? void 0 : error.code) !== "ENOENT") {

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.6", "minimumVersion": "3.2" }
+{ "maximumVersion": "3.5", "minimumVersion": "3.1" }

lib/codeql.js

@@ -77,7 +77,7 @@ const CODEQL_VERSION_SARIF_GROUP = "2.5.3";
 exports.CODEQL_VERSION_COUNTS_LINES = "2.6.2";
 const CODEQL_VERSION_CUSTOM_QUERY_HELP = "2.7.1";
 exports.CODEQL_VERSION_ML_POWERED_QUERIES = "2.7.5";
-const CODEQL_VERSION_LUA_TRACER_CONFIG = "2.10.0";
+const CODEQL_VERSION_LUA_TRACER_CONFIG = "2.9.3";
 /**
  * This variable controls using the new style of tracing from the CodeQL
  * CLI. In particular, with versions above this we will use both indirect

lib/config-utils.test.js

@@ -925,10 +925,4 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.9.0", true, undefined, "security-and-quality", "~0.2.0");
 // Test that we don't inject an ML-powered query pack if the user has already specified one.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.9.0", true, "codeql/javascript-experimental-atm-queries@0.0.1", "security-and-quality", "0.0.1");
-// Test that ML-powered queries are run on all platforms running `security-extended` on CodeQL
-// CLI 2.9.3+.
-(0, ava_1.default)(mlPoweredQueriesMacro, "2.9.3", true, undefined, "security-extended", "~0.3.0");
-// Test that ML-powered queries are run on all platforms running `security-and-quality` on CodeQL
-// CLI 2.9.3+.
-(0, ava_1.default)(mlPoweredQueriesMacro, "2.9.3", true, undefined, "security-and-quality", "~0.3.0");
 //# sourceMappingURL=config-utils.test.js.map

lib/defaults.json

@@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20220615"
+    "bundleVersion": "codeql-bundle-20220527"
 }

lib/util.js

@@ -552,17 +552,10 @@ exports.ML_POWERED_JS_QUERIES_PACK_NAME = "codeql/javascript-experimental-atm-qu
  * queries beta.
  */
 async function getMlPoweredJsQueriesPack(codeQL) {
-    let version;
-    if (await codeQlVersionAbove(codeQL, "2.9.3")) {
-        version = `~0.3.0`;
+    if (await codeQlVersionAbove(codeQL, "2.8.4")) {
+        return `${exports.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.2.0`;
     }
-    else if (await codeQlVersionAbove(codeQL, "2.8.4")) {
-        version = `~0.2.0`;
-    }
-    else {
-        version = `~0.1.0`;
-    }
-    return `${exports.ML_POWERED_JS_QUERIES_PACK_NAME}@${version}`;
+    return `${exports.ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`;
 }
 exports.getMlPoweredJsQueriesPack = getMlPoweredJsQueriesPack;
 /**

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.1.14",
+  "version": "2.1.13",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
@@ -469,12 +469,6 @@
       "integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==",
       "dev": true
     },
-    "node_modules/@types/js-yaml": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.5.tgz",
-      "integrity": "sha512-FhpRzf927MNQdRZP0J5DLIdTXhjLYzeUTmLAu69mnVksLH9CJY3IuSeEgbKUki7GQZm0WqDkGzyxju2EZGD2wA==",
-      "dev": true
-    },
     "node_modules/@types/json-schema": {
       "version": "7.0.8",
       "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.8.tgz",

node_modules/@types/js-yaml/LICENSE

@@ -1,21 +0,0 @@
-    MIT License
-
-    Copyright (c) Microsoft Corporation.
-
-    Permission is hereby granted, free of charge, to any person obtaining a copy
-    of this software and associated documentation files (the "Software"), to deal
-    in the Software without restriction, including without limitation the rights
-    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-    copies of the Software, and to permit persons to whom the Software is
-    furnished to do so, subject to the following conditions:
-
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
-
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-    SOFTWARE

node_modules/@types/js-yaml/README.md

@@ -1,16 +0,0 @@
-# Installation
-> `npm install --save @types/js-yaml`
-
-# Summary
-This package contains type definitions for js-yaml (https://github.com/nodeca/js-yaml).
-
-# Details
-Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml.
-
-### Additional Details
- * Last updated: Fri, 19 Nov 2021 18:01:12 GMT
- * Dependencies: none
- * Global values: `jsyaml`
-
-# Credits
-These definitions were written by [Bart van der Schoor](https://github.com/Bartvds), [Sebastian Clausen](https://github.com/sclausen), [ExE Boss](https://github.com/ExE-Boss), [Armaan Tobaccowalla](https://github.com/ArmaanT), and [Linus Unnebäck](https://github.com/LinusU).

node_modules/@types/js-yaml/index.d.mts

@@ -1,2 +0,0 @@
-export * from "./index.js";
-export { default } from "./index.js";

node_modules/@types/js-yaml/index.d.ts

@@ -1,154 +0,0 @@
-// Type definitions for js-yaml 4.0
-// Project: https://github.com/nodeca/js-yaml
-// Definitions by: Bart van der Schoor <https://github.com/Bartvds>
-//                 Sebastian Clausen <https://github.com/sclausen>
-//                 ExE Boss <https://github.com/ExE-Boss>
-//                 Armaan Tobaccowalla <https://github.com/ArmaanT>
-//                 Linus Unnebäck <https://github.com/LinusU>
-// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
-// TypeScript Version: 2.2
-
-export as namespace jsyaml;
-
-export function load(str: string, opts?: LoadOptions): unknown;
-
-export class Type {
-    constructor(tag: string, opts?: TypeConstructorOptions);
-    kind: 'sequence' | 'scalar' | 'mapping' | null;
-    resolve(data: any): boolean;
-    construct(data: any, type?: string): any;
-    instanceOf: object | null;
-    predicate: ((data: object) => boolean) | null;
-    represent: ((data: object) => any) | { [x: string]: (data: object) => any } | null;
-    representName: ((data: object) => any) | null;
-    defaultStyle: string | null;
-    multi: boolean;
-    styleAliases: { [x: string]: any };
-}
-
-export class Schema {
-    constructor(definition: SchemaDefinition | Type[] | Type);
-    extend(types: SchemaDefinition | Type[] | Type): Schema;
-}
-
-export function loadAll(str: string, iterator?: null, opts?: LoadOptions): unknown[];
-export function loadAll(str: string, iterator: (doc: unknown) => void, opts?: LoadOptions): void;
-
-export function dump(obj: any, opts?: DumpOptions): string;
-
-export interface LoadOptions {
-    /** string to be used as a file path in error/warning messages. */
-    filename?: string | undefined;
-    /** function to call on warning messages. */
-    onWarning?(this: null, e: YAMLException): void;
-    /** specifies a schema to use. */
-    schema?: Schema | undefined;
-    /** compatibility with JSON.parse behaviour. */
-    json?: boolean | undefined;
-    /** listener for parse events */
-    listener?(this: State, eventType: EventType, state: State): void;
-}
-
-export type EventType = 'open' | 'close';
-
-export interface State {
-    input: string;
-    filename: string | null;
-    schema: Schema;
-    onWarning: (this: null, e: YAMLException) => void;
-    json: boolean;
-    length: number;
-    position: number;
-    line: number;
-    lineStart: number;
-    lineIndent: number;
-    version: null | number;
-    checkLineBreaks: boolean;
-    kind: string;
-    result: any;
-    implicitTypes: Type[];
-}
-
-export interface DumpOptions {
-    /** indentation width to use (in spaces). */
-    indent?: number | undefined;
-    /** when true, will not add an indentation level to array elements */
-    noArrayIndent?: boolean | undefined;
-    /** do not throw on invalid types (like function in the safe schema) and skip pairs and single values with such types. */
-    skipInvalid?: boolean | undefined;
-    /** specifies level of nesting, when to switch from block to flow style for collections. -1 means block style everwhere */
-    flowLevel?: number | undefined;
-    /** Each tag may have own set of styles.    - "tag" => "style" map. */
-    styles?: { [x: string]: any } | undefined;
-    /** specifies a schema to use. */
-    schema?: Schema | undefined;
-    /** if true, sort keys when dumping YAML. If a function, use the function to sort the keys. (default: false) */
-    sortKeys?: boolean | ((a: any, b: any) => number) | undefined;
-    /** set max line width. (default: 80) */
-    lineWidth?: number | undefined;
-    /** if true, don't convert duplicate objects into references (default: false) */
-    noRefs?: boolean | undefined;
-    /** if true don't try to be compatible with older yaml versions. Currently: don't quote "yes", "no" and so on, as required for YAML 1.1 (default: false) */
-    noCompatMode?: boolean | undefined;
-    /**
-     * if true flow sequences will be condensed, omitting the space between `key: value` or `a, b`. Eg. `'[a,b]'` or `{a:{b:c}}`.
-     * Can be useful when using yaml for pretty URL query params as spaces are %-encoded. (default: false).
-     */
-    condenseFlow?: boolean | undefined;
-    /** strings will be quoted using this quoting style. If you specify single quotes, double quotes will still be used for non-printable characters. (default: `'`) */
-    quotingType?: "'" | '"' | undefined;
-    /** if true, all non-key strings will be quoted even if they normally don't need to. (default: false) */
-    forceQuotes?: boolean | undefined;
-    /** callback `function (key, value)` called recursively on each key/value in source object (see `replacer` docs for `JSON.stringify`). */
-    replacer?: ((key: string, value: any) => any) | undefined;
-}
-
-export interface TypeConstructorOptions {
-    kind?: 'sequence' | 'scalar' | 'mapping' | undefined;
-    resolve?: ((data: any) => boolean) | undefined;
-    construct?: ((data: any, type?: string) => any) | undefined;
-    instanceOf?: object | undefined;
-    predicate?: ((data: object) => boolean) | undefined;
-    represent?: ((data: object) => any) | { [x: string]: (data: object) => any } | undefined;
-    representName?: ((data: object) => any) | undefined;
-    defaultStyle?: string | undefined;
-    multi?: boolean | undefined;
-    styleAliases?: { [x: string]: any } | undefined;
-}
-
-export interface SchemaDefinition {
-    implicit?: Type[] | undefined;
-    explicit?: Type[] | undefined;
-}
-
-/** only strings, arrays and plain objects: http://www.yaml.org/spec/1.2/spec.html#id2802346 */
-export let FAILSAFE_SCHEMA: Schema;
-/** only strings, arrays and plain objects: http://www.yaml.org/spec/1.2/spec.html#id2802346 */
-export let JSON_SCHEMA: Schema;
-/** same as JSON_SCHEMA: http://www.yaml.org/spec/1.2/spec.html#id2804923 */
-export let CORE_SCHEMA: Schema;
-/** all supported YAML types */
-export let DEFAULT_SCHEMA: Schema;
-
-export interface Mark {
-    buffer: string;
-    column: number;
-    line: number;
-    name: string;
-    position: number;
-    snippet: string;
-}
-
-export class YAMLException extends Error {
-    constructor(reason?: string, mark?: Mark);
-
-    toString(compact?: boolean): string;
-
-    name: string;
-
-    reason: string;
-
-    message: string;
-
-    mark: Mark;
-}

node_modules/@types/js-yaml/package.json

@@ -1,53 +0,0 @@
-{
-  "name": "@types/js-yaml",
-  "version": "4.0.5",
-  "description": "TypeScript definitions for js-yaml",
-  "homepage": "https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/js-yaml",
-  "license": "MIT",
-  "contributors": [
-    {
-      "name": "Bart van der Schoor",
-      "url": "https://github.com/Bartvds",
-      "githubUsername": "Bartvds"
-    },
-    {
-      "name": "Sebastian Clausen",
-      "url": "https://github.com/sclausen",
-      "githubUsername": "sclausen"
-    },
-    {
-      "name": "ExE Boss",
-      "url": "https://github.com/ExE-Boss",
-      "githubUsername": "ExE-Boss"
-    },
-    {
-      "name": "Armaan Tobaccowalla",
-      "url": "https://github.com/ArmaanT",
-      "githubUsername": "ArmaanT"
-    },
-    {
-      "name": "Linus Unnebäck",
-      "url": "https://github.com/LinusU",
-      "githubUsername": "LinusU"
-    }
-  ],
-  "main": "",
-  "types": "index.d.ts",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/DefinitelyTyped/DefinitelyTyped.git",
-    "directory": "types/js-yaml"
-  },
-  "scripts": {},
-  "dependencies": {},
-  "typesPublisherContentHash": "6f40877154edac83ffa22d53a6aca74f151a0d094074c81ce7fb21df57ea5725",
-  "typeScriptVersion": "3.8",
-  "exports": {
-    ".": {
-      "types": {
-        "import": "./index.d.mts",
-        "default": "./index.d.ts"
-      }
-    }
-  }
-}

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "2.1.14",
+  "version": "2.1.13",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "2.1.14",
+      "version": "2.1.13",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^1.0.0",
@@ -38,7 +38,6 @@
       },
       "devDependencies": {
         "@ava/typescript": "3.0.1",
-        "@types/js-yaml": "^4.0.5",
         "@types/long": "4.0.1",
         "@types/node": "16.11.22",
         "@types/semver": "^7.3.8",
@@ -522,12 +521,6 @@
       "integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==",
       "dev": true
     },
-    "node_modules/@types/js-yaml": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.5.tgz",
-      "integrity": "sha512-FhpRzf927MNQdRZP0J5DLIdTXhjLYzeUTmLAu69mnVksLH9CJY3IuSeEgbKUki7GQZm0WqDkGzyxju2EZGD2wA==",
-      "dev": true
-    },
     "node_modules/@types/json-schema": {
       "version": "7.0.8",
       "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.8.tgz",
@@ -5892,12 +5885,6 @@
       "integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==",
       "dev": true
     },
-    "@types/js-yaml": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.5.tgz",
-      "integrity": "sha512-FhpRzf927MNQdRZP0J5DLIdTXhjLYzeUTmLAu69mnVksLH9CJY3IuSeEgbKUki7GQZm0WqDkGzyxju2EZGD2wA==",
-      "dev": true
-    },
     "@types/json-schema": {
       "version": "7.0.8",
       "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.8.tgz",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.1.14",
+  "version": "2.1.13",
   "private": true,
   "description": "CodeQL action",
   "scripts": {
@@ -53,7 +53,6 @@
   ],
   "devDependencies": {
     "@ava/typescript": "3.0.1",
-    "@types/js-yaml": "^4.0.5",
     "@types/long": "4.0.1",
     "@types/node": "16.11.22",
     "@types/semver": "^7.3.8",

src/actions-util.test.ts

@@ -269,7 +269,7 @@ test("getWorkflowErrors() when on.push is correct with empty objects", (t) => {
 on:
   push:
   pull_request:
-`) as actionsutil.Workflow
+`)
   );
 
   t.deepEqual(...errorCodes(errors, []));
@@ -441,7 +441,7 @@ on:
   push:
     branches: ["main"]
   pull_request:
-`) as actionsutil.Workflow
+`)
   );
 
   t.deepEqual(
@@ -559,7 +559,7 @@ test("getWorkflowErrors() when branches contain dots", (t) => {
     pull_request:
       # The branches below must be a subset of the branches above
       branches: [4.1, master]
-`) as actionsutil.Workflow
+`)
   );
 
   t.deepEqual(...errorCodes(errors, []));
@@ -575,7 +575,7 @@ on:
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [master]
-`) as actionsutil.Workflow
+`)
   );
 
   t.deepEqual(...errorCodes(errors, []));
@@ -604,7 +604,7 @@ jobs:
 
   test3:
     steps: []
-`) as actionsutil.Workflow
+`)
   );
 
   t.deepEqual(
@@ -635,7 +635,7 @@ jobs:
 
   test3:
     steps: []
-`) as actionsutil.Workflow
+`)
   );
 
   t.deepEqual(...errorCodes(errors, []));
@@ -645,7 +645,7 @@ test("getWorkflowErrors() when on is missing", (t) => {
   const errors = actionsutil.getWorkflowErrors(
     yaml.load(`
 name: "CodeQL"
-`) as actionsutil.Workflow
+`)
   );
 
   t.deepEqual(...errorCodes(errors, []));
@@ -658,7 +658,7 @@ test("getWorkflowErrors() with a different on setup", (t) => {
         yaml.load(`
 name: "CodeQL"
 on: "workflow_dispatch"
-`) as actionsutil.Workflow
+`)
       ),
       []
     )
@@ -670,7 +670,7 @@ on: "workflow_dispatch"
         yaml.load(`
 name: "CodeQL"
 on: [workflow_dispatch]
-`) as actionsutil.Workflow
+`)
       ),
       []
     )
@@ -683,7 +683,7 @@ on: [workflow_dispatch]
 name: "CodeQL"
 on:
   workflow_dispatch: {}
-`) as actionsutil.Workflow
+`)
       ),
       []
     )
@@ -699,7 +699,7 @@ name: "CodeQL"
 on:
   push:
     branches: [master]
-`) as actionsutil.Workflow
+`)
       ),
       []
     )
@@ -711,7 +711,7 @@ on:
         yaml.load(`
 name: "CodeQL"
 on: ["push"]
-`) as actionsutil.Workflow
+`)
       ),
       []
     )

src/actions-util.ts

@@ -191,7 +191,7 @@ interface WorkflowTriggers {
   pull_request?: WorkflowTrigger | null;
 }
 
-export interface Workflow {
+interface Workflow {
   jobs?: { [key: string]: WorkflowJob };
   on?: string | string[] | WorkflowTriggers;
 }
@@ -411,7 +411,7 @@ export async function getWorkflow(): Promise<Workflow> {
     relativePath
   );
 
-  return yaml.load(fs.readFileSync(absolutePath, "utf-8")) as Workflow;
+  return yaml.load(fs.readFileSync(absolutePath, "utf-8"));
 }
 
 /**

src/analyze.ts

@@ -2,7 +2,6 @@ import * as fs from "fs";
 import * as path from "path";
 
 import * as toolrunner from "@actions/exec/lib/toolrunner";
-import del from "del";
 import * as yaml from "js-yaml";
 
 import * as analysisPaths from "./analysis-paths";
@@ -152,7 +151,7 @@ function dbIsFinalized(
   try {
     const dbInfo = yaml.load(
       fs.readFileSync(path.resolve(dbPath, "codeql-database.yml"), "utf8")
-    ) as { inProgress?: boolean };
+    );
     return !("inProgress" in dbInfo);
   } catch (e) {
     logger.warning(
@@ -436,8 +435,13 @@ export async function runFinalize(
     delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
   }
 
+  // After switching to Node16, this entire block can be replaced with `await fs.promises.rm(outputDir, { recursive: true, force: true });`.
   try {
-    await del(outputDir, { force: true });
+    await fs.promises.rmdir(outputDir, {
+      recursive: true,
+      maxRetries: 5,
+      retryDelay: 2000,
+    } as any);
   } catch (error: any) {
     if (error?.code !== "ENOENT") {
       throw error;

src/api-compatibility.json

@@ -1 +1 @@
-{"maximumVersion": "3.6", "minimumVersion": "3.2"}
+{"maximumVersion": "3.5", "minimumVersion": "3.1"}

src/codeql.ts

@@ -222,7 +222,7 @@ const CODEQL_VERSION_SARIF_GROUP = "2.5.3";
 export const CODEQL_VERSION_COUNTS_LINES = "2.6.2";
 const CODEQL_VERSION_CUSTOM_QUERY_HELP = "2.7.1";
 export const CODEQL_VERSION_ML_POWERED_QUERIES = "2.7.5";
-const CODEQL_VERSION_LUA_TRACER_CONFIG = "2.10.0";
+const CODEQL_VERSION_LUA_TRACER_CONFIG = "2.9.3";
 
 /**
  * This variable controls using the new style of tracing from the CodeQL

src/config-utils.test.ts

@@ -1865,23 +1865,3 @@ test(
   "security-and-quality",
   "0.0.1"
 );
-// Test that ML-powered queries are run on all platforms running `security-extended` on CodeQL
-// CLI 2.9.3+.
-test(
-  mlPoweredQueriesMacro,
-  "2.9.3",
-  true,
-  undefined,
-  "security-extended",
-  "~0.3.0"
-);
-// Test that ML-powered queries are run on all platforms running `security-and-quality` on CodeQL
-// CLI 2.9.3+.
-test(
-  mlPoweredQueriesMacro,
-  "2.9.3",
-  true,
-  undefined,
-  "security-and-quality",
-  "~0.3.0"
-);

src/config-utils.ts

@@ -1448,7 +1448,7 @@ function getLocalConfig(configFile: string, workspacePath: string): UserConfig {
     throw new Error(getConfigFileDoesNotExistErrorMessage(configFile));
   }
 
-  return yaml.load(fs.readFileSync(configFile, "utf8")) as UserConfig;
+  return yaml.load(fs.readFileSync(configFile, "utf8"));
 }
 
 async function getRemoteConfig(
@@ -1483,9 +1483,7 @@ async function getRemoteConfig(
     throw new Error(getConfigFileFormatInvalidMessage(configFile));
   }
 
-  return yaml.load(
-    Buffer.from(fileContents, "base64").toString("binary")
-  ) as UserConfig;
+  return yaml.load(Buffer.from(fileContents, "base64").toString("binary"));
 }
 
 /**

src/defaults.json

@@ -1,3 +1,3 @@
 {
-  "bundleVersion": "codeql-bundle-20220615"
+  "bundleVersion": "codeql-bundle-20220527"
 }

src/util.ts

@@ -664,15 +664,10 @@ export const ML_POWERED_JS_QUERIES_PACK_NAME =
 export async function getMlPoweredJsQueriesPack(
   codeQL: CodeQL
 ): Promise<string> {
-  let version;
-  if (await codeQlVersionAbove(codeQL, "2.9.3")) {
-    version = `~0.3.0`;
-  } else if (await codeQlVersionAbove(codeQL, "2.8.4")) {
-    version = `~0.2.0`;
-  } else {
-    version = `~0.1.0`;
+  if (await codeQlVersionAbove(codeQL, "2.8.4")) {
+    return `${ML_POWERED_JS_QUERIES_PACK_NAME}@~0.2.0`;
   }
-  return `${ML_POWERED_JS_QUERIES_PACK_NAME}@${version}`;
+  return `${ML_POWERED_JS_QUERIES_PACK_NAME}@~0.1.0`;
 }
 
 /**