Merge pull request #1997 from github/mergeback/v2.22.7-to-main-66b90a5d

Mergeback v2.22.7 refs/heads/releases/v2 into main

.github/actions/setup-swift/action.yml

@@ -24,9 +24,11 @@ runs:
             VERSION="5.7.0"
           elif [ $VERSION = "5.8" ]; then
             VERSION="5.8.0"
-          # setup-swift does not yet support v5.8.1 Remove this when it does.
-          elif [ $VERSION = "5.8.1" ]; then
-            VERSION="5.8.0"
+          elif [ $VERSION = "5.9" ]; then
+            VERSION="5.9.0"
+          # setup-swift does not yet support v5.9.1 Remove this when it does.
+          elif [ $VERSION = "5.9.1" ]; then
+            VERSION="5.9.0"
           fi 
         fi
         echo "version=$VERSION" | tee -a $GITHUB_OUTPUT

.github/workflows/__all-platform-bundle.yml

@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__analyze-ref-input.yml

@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__autobuild-action.yml

@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__config-export.yml

@@ -44,6 +44,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__cpp-deptrace-disabled.yml

@@ -0,0 +1,94 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: 'PR Check - C/C++: disabling autoinstalling dependencies (Linux)'
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
+on:
+  push:
+    branches:
+    - main
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  cpp-deptrace-disabled:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: latest
+        - os: ubuntu-latest
+          version: default
+        - os: ubuntu-latest
+          version: nightly-latest
+    name: 'C/C++: disabling autoinstalling dependencies (Linux)'
+    permissions:
+      contents: read
+      security-events: write
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
+    - name: Check out repository
+      uses: actions/checkout@v4
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/actions/prepare-test
+      with:
+        version: ${{ matrix.version }}
+        use-all-platform-bundle: 'false'
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+    - name: Test setup
+      shell: bash
+      run: |
+        cp -a ../action/tests/cpp-autobuild autobuild-dir
+    - uses: ./../action/init
+      with:
+        languages: cpp
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+    - uses: ./../action/autobuild
+      with:
+        working-directory: autobuild-dir
+      env:
+        CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false
+    - shell: bash
+      run: |
+        if ls /usr/bin/errno; then
+          echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled."
+          exit 1
+        fi
+    env:
+      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__cpp-deptrace-enabled-on-macos.yml

@@ -0,0 +1,92 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: 'PR Check - C/C++: autoinstalling dependencies is skipped (macOS)'
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
+on:
+  push:
+    branches:
+    - main
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  cpp-deptrace-enabled-on-macos:
+    strategy:
+      matrix:
+        include:
+        - os: macos-latest
+          version: nightly-latest
+    name: 'C/C++: autoinstalling dependencies is skipped (macOS)'
+    permissions:
+      contents: read
+      security-events: write
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
+    - name: Check out repository
+      uses: actions/checkout@v4
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/actions/prepare-test
+      with:
+        version: ${{ matrix.version }}
+        use-all-platform-bundle: 'false'
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+    - name: Test setup
+      shell: bash
+      run: |
+        cp -a ../action/tests/cpp-autobuild autobuild-dir
+    - uses: ./../action/init
+      with:
+        languages: cpp
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+    - uses: ./../action/autobuild
+      with:
+        working-directory: autobuild-dir
+      env:
+        CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true
+    - shell: bash
+      run: |
+        if ! ls /usr/bin/errno; then
+          echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS"
+        else
+          echo "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES should not have had any effect on macOS"
+          exit 1
+        fi
+    env:
+      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__cpp-deptrace-enabled.yml

@@ -0,0 +1,94 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: 'PR Check - C/C++: autoinstalling dependencies (Linux)'
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
+on:
+  push:
+    branches:
+    - main
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  cpp-deptrace-enabled:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: latest
+        - os: ubuntu-latest
+          version: default
+        - os: ubuntu-latest
+          version: nightly-latest
+    name: 'C/C++: autoinstalling dependencies (Linux)'
+    permissions:
+      contents: read
+      security-events: write
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
+    - name: Check out repository
+      uses: actions/checkout@v4
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/actions/prepare-test
+      with:
+        version: ${{ matrix.version }}
+        use-all-platform-bundle: 'false'
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+    - name: Test setup
+      shell: bash
+      run: |
+        cp -a ../action/tests/cpp-autobuild autobuild-dir
+    - uses: ./../action/init
+      with:
+        languages: cpp
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+    - uses: ./../action/autobuild
+      with:
+        working-directory: autobuild-dir
+      env:
+        CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true
+    - shell: bash
+      run: |
+        if ! ls /usr/bin/errno; then
+          echo "Did not autoinstall errno"
+          exit 1
+        fi
+    env:
+      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__diagnostics-export.yml

@@ -50,6 +50,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__export-file-baseline-information.yml

@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test
@@ -59,8 +75,6 @@ jobs:
       with:
         languages: javascript
         tools: ${{ steps.prepare-test.outputs.tools-url }}
-      env:
-        CODEQL_FILE_BASELINE_INFORMATION: true
     - uses: ./../action/.github/actions/setup-swift
       with:
         codeql-path: ${{ steps.init.outputs.codeql-path }}
@@ -70,8 +84,6 @@ jobs:
     - uses: ./../action/analyze
       with:
         output: ${{ runner.temp }}/results
-      env:
-        CODEQL_FILE_BASELINE_INFORMATION: true
     - name: Upload SARIF
       uses: actions/upload-artifact@v3
       with:
@@ -82,13 +94,13 @@ jobs:
       shell: bash
       run: |
         cd "$RUNNER_TEMP/results"
-        expected_baseline_languages="cpp cs go java js py rb"
+        expected_baseline_languages="c csharp go java kotlin javascript python ruby"
         if [[ $RUNNER_OS != "Windows" ]]; then
           expected_baseline_languages+=" swift"
         fi
 
         for lang in ${expected_baseline_languages}; do
-          rule_name="${lang}/baseline/expected-extracted-files"
+          rule_name="cli/expected-extracted-files/${lang}"
           found_notification=$(jq --arg rule_name "${rule_name}" '[.runs[0].tool.driver.notifications |
             select(. != null) | flatten | .[].id] | any(. == $rule_name)' javascript.sarif)
           if [[ "${found_notification}" != "true" ]]; then
@@ -99,4 +111,5 @@ jobs:
           fi
         done
     env:
+      CODEQL_ACTION_SUBLANGUAGE_FILE_COVERAGE: true
       CODEQL_ACTION_TEST_MODE: true

.github/workflows/__extractor-ram-threads.yml

@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__go-custom-queries.yml

@@ -80,6 +80,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml

@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__go-indirect-tracing-workaround.yml

@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__go-tracing-autobuilder.yml

@@ -64,6 +64,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -64,6 +64,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -64,6 +64,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__init-with-registries.yml

@@ -51,6 +51,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__javascript-source-root.yml

@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__language-aliases.yml

@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__multi-language-autodetect.yml

@@ -64,6 +64,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__packaging-codescanning-config-inputs-js.yml

@@ -50,6 +50,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__packaging-config-inputs-js.yml

@@ -50,6 +50,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__packaging-config-js.yml

@@ -50,6 +50,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__packaging-inputs-js.yml

@@ -50,6 +50,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__remote-config.yml

@@ -80,6 +80,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__resolve-environment-action.yml

@@ -56,6 +56,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__rubocop-multi-language.yml

@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__ruby.yml

@@ -44,6 +44,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__scaling-reserved-ram.yml

@@ -64,6 +64,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__split-workflow.yml

@@ -44,6 +44,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__submit-sarif-failure.yml

@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__swift-custom-build.yml

@@ -44,6 +44,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__test-autobuild-working-dir.yml

@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__test-local-codeql.yml

@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__test-proxy.yml

@@ -34,6 +34,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__unset-environment.yml

@@ -48,6 +48,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__upload-ref-sha-input.yml

@@ -38,6 +38,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test

.github/workflows/__with-checkout-path.yml

@@ -80,6 +80,22 @@ jobs:
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: >-
+        matrix.os == 'macos-latest' && (
+
+        matrix.version == 'stable-20220908' ||
+
+        matrix.version == 'stable-20221211' ||
+
+        matrix.version == 'stable-20230418' ||
+
+        matrix.version == 'stable-v2.13.5' ||
+
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
     - name: Check out repository
       uses: actions/checkout@v4
     - name: Prepare test
@@ -96,27 +112,34 @@ jobs:
         )
       shell: bash
       run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
+    - name: Delete original checkout
+      shell: bash
+      run: |
+        # delete the original checkout so we don't accidentally use it.
+        # Actions does not support deleting the current working directory, so we
+        # delete the contents of the directory instead.
+        rm -rf ./* .github .git
+  # Check out the actions repo again, but at a different location.
+  # choose an arbitrary SHA so that we can later test that the commit_oid is not from main
     - uses: actions/checkout@v4
       with:
         ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
         path: x/y/z/some-path
+
     - uses: ./../action/init
       with:
         tools: ${{ steps.prepare-test.outputs.tools-url }}
       # it's enough to test one compiled language and one interpreted language
         languages: csharp,javascript
-        source-path: x/y/z/some-path/tests/multi-language-repo
+        source-root: x/y/z/some-path/tests/multi-language-repo
         debug: true
-    - name: Build code (non-windows)
+
+    - name: Build code
       shell: bash
-      if: ${{ runner.os != 'Windows' }}
+      working-directory: x/y/z/some-path/tests/multi-language-repo
       run: |
-        $CODEQL_RUNNER x/y/z/some-path/tests/multi-language-repo/build.sh
-    - name: Build code (windows)
-      shell: bash
-      if: ${{ runner.os == 'Windows' }}
-      run: |
-        x/y/z/some-path/tests/multi-language-repo/build.sh
+        ./build.sh
+
     - uses: ./../action/analyze
       with:
         checkout_path: x/y/z/some-path/tests/multi-language-repo

.github/workflows/codeql.yml

@@ -11,6 +11,7 @@ on:
   schedule:
     # Weekly on Sunday.
     - cron: '30 1 * * 0'
+  workflow_dispatch:
 
 env:
   CODEQL_ACTION_TESTING_ENVIRONMENT: codeql-action-pr-checks

.github/workflows/debug-artifacts-failure.yml

@@ -42,6 +42,17 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: ^1.13.1
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v4
+        if: |
+          matrix.os == 'macos-latest' && (
+          matrix.version == 'stable-20220908' ||
+          matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
       - uses: ./../action/init
         with:
           tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -52,7 +63,7 @@ jobs:
         shell: bash
         run: ./build.sh
       - uses: ./../action/analyze
-        id: analysis  
+        id: analysis
         with:
           expect-error: true
           ram: 1

.github/workflows/debug-artifacts.yml

@@ -49,6 +49,17 @@ jobs:
       - uses: actions/setup-go@v4
         with:
           go-version: ^1.13.1
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v4
+        if: |
+          matrix.os == 'macos-latest' && (
+          matrix.version == 'stable-20220908' ||
+          matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
       - uses: ./../action/init
         id: init
         with:
@@ -63,7 +74,7 @@ jobs:
         shell: bash
         run: ./build.sh
       - uses: ./../action/analyze
-        id: analysis  
+        id: analysis
   download-and-check-artifacts:
     name: Download and check debug artifacts
     needs: upload-artifacts

.github/workflows/post-release-mergeback.yml

@@ -36,7 +36,7 @@ jobs:
         run: echo "${GITHUB_CONTEXT}"
 
       - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
+      - uses: actions/setup-node@v4
 
       - name: Update git config
         run: |

.github/workflows/pr-checks.yml

@@ -69,6 +69,18 @@ jobs:
     timeout-minutes: 45
 
     steps:
+      - name: Setup Python on MacOS
+        uses: actions/setup-python@v4
+        if: |
+          matrix.os == 'macos-latest' && (
+          matrix.version == 'stable-20220908' ||
+          matrix.version == 'stable-20221211' ||
+          matrix.version == 'stable-20230418' ||
+          matrix.version == 'stable-v2.13.5' ||
+          matrix.version == 'stable-v2.14.6')
+        with:
+          python-version: '3.11'
+
       - uses: actions/checkout@v4
       - name: npm test
         run: |

.github/workflows/python-deps.yml

@@ -36,6 +36,18 @@ jobs:
       PYTHON_VERSION: ${{ matrix.python_version }}
 
     steps:
+    - name: Setup Python on MacOS
+      uses: actions/setup-python@v4
+      if: |
+        matrix.os == 'macos-latest' && (
+        matrix.version == 'stable-20220908' ||
+        matrix.version == 'stable-20221211' ||
+        matrix.version == 'stable-20230418' ||
+        matrix.version == 'stable-v2.13.5' ||
+        matrix.version == 'stable-v2.14.6')
+      with:
+        python-version: '3.11'
+
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
     - uses: actions/checkout@v4
 

.github/workflows/python312-windows.yml

@@ -38,4 +38,5 @@ jobs:
     - name: Analyze
       uses: ./../action/analyze
       with:
+        upload: false
         upload-database: false

.github/workflows/rebuild.yml

@@ -0,0 +1,60 @@
+name: Rebuild Action
+
+on:
+  pull_request:
+    types: [labeled]
+
+jobs:
+  rebuild:
+    name: Rebuild Action
+    runs-on: ubuntu-latest
+    if: github.event.label.name == 'Rebuild'
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Remove label
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          gh pr edit --repo github/codeql-action "$PR_NUMBER" \
+            --remove-label "Rebuild"
+
+      - name: Compile TypeScript
+        run: |
+          npm install
+          npm run lint -- --fix
+          npm run build
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3.11
+
+      - name: Generate workflows
+        run: |
+          cd pr-checks
+          python -m pip install --upgrade pip
+          pip install ruamel.yaml==0.17.31
+          python3 sync.py
+
+      - name: Check for changes and push
+        env:
+          BRANCH: ${{ github.event.pull_request.head.ref }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+        run: |
+          if [ ! -z "$(git status --porcelain)" ]; then
+            git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+            git config --global user.name "github-actions[bot]"
+            git commit -am "Rebuild"
+            git push origin "HEAD:$BRANCH"
+            echo "Pushed a commit to rebuild the Action." \
+              "Please mark the PR as ready for review to trigger PR checks." |
+              gh pr comment --body-file - --repo github/codeql-action "$PR_NUMBER"
+            gh pr ready --undo --repo github/codeql-action "$PR_NUMBER"
+          fi

.pre-commit-config.yaml

@@ -0,0 +1,20 @@
+repos:
+  - repo: local
+    hooks:
+      - id: compile-ts
+        name: Compile typescript
+        files: \.[tj]s$
+        language: system
+        entry: npm run build
+        pass_filenames: false
+      - id: lint-ts
+        name: Lint typescript code
+        files: \.ts$
+        language: system
+        entry: npm run lint -- --fix
+      - id: pr-checks-sync
+        name: Synchronize PR check workflows
+        files: ^.github/workflows/__.*\.yml$|^pr-checks
+        language: system
+        entry: python3 pr-checks/sync.py
+        pass_filenames: false

.vscode/settings.json

@@ -12,5 +12,8 @@
   "git.ignoreLimitWarning": true,
   // Use the vendored TypeScript version to have a consistent development experience across
   // machines.
-  "typescript.tsdk": "node_modules/typescript/lib"
+  "typescript.tsdk": "node_modules/typescript/lib",
+  "[typescript]": {
+    "editor.defaultFormatter": "esbenp.prettier-vscode"
+  },
 }

CHANGELOG.md

@@ -2,6 +2,37 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
+## [UNRELEASED]
+
+No user facing changes.
+
+## 2.22.7 - 16 Nov 2023
+
+- Add a deprecation warning for customers using CodeQL version 2.11.5 and earlier. These versions of CodeQL were discontinued on 8 November 2023 alongside GitHub Enterprise Server 3.7, and will be unsupported by CodeQL Action v2.23.0 and later. [#1993](https://github.com/github/codeql-action/pull/1993)
+  - If you are using one of these versions, please update to CodeQL CLI version 2.11.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
+  - Alternatively, if you want to continue using a version of the CodeQL CLI between 2.10.5 and 2.11.5, you can replace `github/codeql-action/*@v2` by `github/codeql-action/*@v2.22.7` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
+
+## 2.22.6 - 14 Nov 2023
+
+- Customers running Python analysis on macOS using version 2.14.6 or earlier of the CodeQL CLI should upgrade to CodeQL CLI version 2.15.0 or later. If you do not wish to upgrade the CodeQL CLI, ensure that you are using Python version 3.11 or earlier, as CodeQL version 2.14.6 and earlier do not support Python 3.12. You can achieve this by adding a [`setup-python`](https://github.com/actions/setup-python) step to your code scanning workflow before the step that invokes `github/codeql-action/init`.
+- Update default CodeQL bundle version to 2.15.2. [#1978](https://github.com/github/codeql-action/pull/1978)
+
+## 2.22.5 - 27 Oct 2023
+
+No user facing changes.
+
+## 2.22.4 - 20 Oct 2023
+
+- Update default CodeQL bundle version to 2.15.1. [#1953](https://github.com/github/codeql-action/pull/1953)
+- Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
+  - All code scanning workflows should continue to succeed regardless of the warning.
+  - The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.
+  - For more information, and to communicate with the maintaining team, please use [this issue](https://github.com/github/codeql-action/issues/1959).
+
+## 2.22.3 - 13 Oct 2023
+
+- Provide an authentication token when downloading the CodeQL Bundle from the API of a GitHub Enterprise Server instance. [#1945](https://github.com/github/codeql-action/pull/1945)
+
 ## 2.22.2 - 12 Oct 2023
 
 - Update default CodeQL bundle version to 2.15.0. [#1938](https://github.com/github/codeql-action/pull/1938)

README.md

@@ -4,6 +4,15 @@ This action runs GitHub's industry-leading semantic code analysis engine, [CodeQ
 
 For a list of recent changes, see the CodeQL Action's [changelog](CHANGELOG.md).
 
+## :loudspeaker: Node 16 deprecation, upcoming CodeQL Action v3 :loudspeaker:
+Announcement for users of this Action and code scanning workflows on GitHub.com:
+
+- You will begin to see these warnings about Node.js 16 deprecation in your Actions logs on code scanning runs starting October 23, 2023.
+- All code scanning workflows should continue to succeed regardless of the warning.
+- The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.
+
+For more information, and to communicate with the maintaining team, please use [this issue](https://github.com/github/codeql-action/issues/1959). 
+
 ## License
 
 This project is released under the [MIT License](LICENSE).

lib/analyze-action.js

@@ -161,16 +161,18 @@ async function run() {
         const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
         const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
         const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"], logger);
-        // Check that `which go` still points at the wrapper script we installed in the `init` Action,
-        // if the corresponding environment variable is set. This is to ensure that there isn't a step
-        // in the workflow after the `init` step which installs a different version of Go and takes
-        // precedence in the PATH, thus potentially circumventing our workaround that allows tracing to work.
-        const goWrapperPath = process.env[environment_1.EnvVar.GO_BINARY_LOCATION];
+        // Check that `which go` still points at the same path it did when the `init` Action ran to ensure that no steps
+        // in-between performed any setup. We encourage users to perform all setup tasks before initializing CodeQL so that
+        // the setup tasks do not interfere with our analysis.
+        // Furthermore, if we installed a wrapper script in the `init` Action, we need to ensure that there isn't a step
+        // in the workflow after the `init` step which installs a different version of Go and takes precedence in the PATH,
+        // thus potentially circumventing our workaround that allows tracing to work.
+        const goInitPath = process.env[environment_1.EnvVar.GO_BINARY_LOCATION];
         if (process.env[environment_1.EnvVar.DID_AUTOBUILD_GOLANG] !== "true" &&
-            goWrapperPath !== undefined) {
+            goInitPath !== undefined) {
             const goBinaryPath = await (0, safe_which_1.safeWhich)("go");
-            if (goWrapperPath !== goBinaryPath) {
-                core.warning(`Expected \`which go\` to return ${goWrapperPath}, but got ${goBinaryPath}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`);
+            if (goInitPath !== goBinaryPath) {
+                core.warning(`Expected \`which go\` to return ${goInitPath}, but got ${goBinaryPath}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`);
                 (0, diagnostics_1.addDiagnostic)(config, languages_1.Language.go, (0, diagnostics_1.makeDiagnostic)("go/workflow/go-installed-after-codeql-init", "Go was installed after the `codeql-action/init` Action was run", {
                     markdownMessage: "To avoid interfering with the CodeQL analysis, perform all installation steps before calling the `github/codeql-action/init` Action.",
                     visibility: {

lib/analyze.js

@@ -232,7 +232,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
                 }
                 statusReport["event_reports"].push(perQueryAlertCountEventReport);
             }
-            if (!(await features.getValue(feature_flags_1.Feature.AnalysisSummaryV2Enabled, codeql))) {
+            if (!(await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_ANALYSIS_SUMMARY_V2))) {
                 await runPrintLinesOfCode(language);
             }
         }

lib/codeql.js

@@ -23,12 +23,13 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CommandInvocationError = void 0;
+exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = exports.CODEQL_VERSION_BETTER_NO_CODE_ERROR_MESSAGE = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_EXPORT_FAILED_SARIF = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const yaml = __importStar(require("js-yaml"));
+const semver = __importStar(require("semver"));
 const actions_util_1 = require("./actions-util");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
@@ -76,20 +77,25 @@ const CODEQL_MINIMUM_VERSION = "2.10.5";
 /**
  * This version will shortly become the oldest version of CodeQL that the Action will run with.
  */
-const CODEQL_NEXT_MINIMUM_VERSION = "2.10.5";
+const CODEQL_NEXT_MINIMUM_VERSION = "2.11.6";
 /**
  * This is the version of GHES that was most recently deprecated.
  */
-const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.6";
+const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.7";
 /**
  * This is the deprecation date for the version of GHES that was most recently deprecated.
  */
-const GHES_MOST_RECENT_DEPRECATION_DATE = "2023-09-12";
+const GHES_MOST_RECENT_DEPRECATION_DATE = "2023-11-08";
 /*
  * Versions of CodeQL that version-flag certain functionality in the Action.
  * For convenience, please keep these in descending order. Once a version
  * flag is older than the oldest supported version above, it may be removed.
  */
+/**
+ * Versions 2.11.3+ of the CodeQL CLI support exporting a failed SARIF file via
+ * `codeql database export-diagnostics` or `codeql diagnostics export`.
+ */
+exports.CODEQL_VERSION_EXPORT_FAILED_SARIF = "2.11.3";
 const CODEQL_VERSION_FILE_BASELINE_INFORMATION = "2.11.3";
 /**
  * Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
@@ -126,6 +132,14 @@ exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = "2.14.2";
  * Versions 2.14.4+ of the CodeQL CLI support language aliasing.
  */
 exports.CODEQL_VERSION_LANGUAGE_ALIASING = "2.14.4";
+/**
+ * Versions 2.15.0+ of the CodeQL CLI support new analysis summaries.
+ */
+exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = "2.15.0";
+/**
+ * Versions 2.15.0+ of the CodeQL CLI support sub-language file coverage information.
+ */
+exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = "2.15.0";
 /**
  * Set up CodeQL CLI access.
  *
@@ -296,10 +310,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG)) {
                 extraArgs.push("--calculate-language-specific-baseline");
             }
-            if (await features.getValue(feature_flags_1.Feature.SublanguageFileCoverageEnabled, this)) {
+            if (await isSublanguageFileCoverageEnabled(config, this)) {
                 extraArgs.push("--sublanguage-file-coverage");
             }
-            else if (await util.codeQlVersionAbove(this, feature_flags_1.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)) {
+            else if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)) {
                 extraArgs.push("--no-sublanguage-file-coverage");
             }
             await runTool(cmd, [
@@ -470,10 +484,10 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (querySuitePath) {
                 codeqlArgs.push(querySuitePath);
             }
-            if (await features.getValue(feature_flags_1.Feature.EvaluatorIntraLayerParallelismEnabled, this)) {
+            if (await features.getValue(feature_flags_1.Feature.EvaluatorFineGrainedParallelismEnabled, this)) {
                 codeqlArgs.push("--intra-layer-parallelism");
             }
-            else if (await util.codeQlVersionAbove(this, feature_flags_1.CODEQL_VERSION_INTRA_LAYER_PARALLELISM)) {
+            else if (await util.codeQlVersionAbove(this, feature_flags_1.CODEQL_VERSION_FINE_GRAINED_PARALLELISM)) {
                 codeqlArgs.push("--no-intra-layer-parallelism");
             }
             await runTool(cmd, codeqlArgs);
@@ -506,16 +520,27 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (await util.codeQlVersionAbove(this, CODEQL_VERSION_FILE_BASELINE_INFORMATION)) {
                 codeqlArgs.push("--sarif-add-baseline-file-info");
             }
+            if (await isSublanguageFileCoverageEnabled(config, this)) {
+                codeqlArgs.push("--sublanguage-file-coverage");
+            }
+            else if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)) {
+                codeqlArgs.push("--no-sublanguage-file-coverage");
+            }
             if (shouldExportDiagnostics) {
                 codeqlArgs.push("--sarif-include-diagnostics");
             }
             else if (await util.codeQlVersionAbove(this, "2.12.4")) {
                 codeqlArgs.push("--no-sarif-include-diagnostics");
             }
-            if (await features.getValue(feature_flags_1.Feature.AnalysisSummaryV2Enabled, this)) {
+            if (
+            // Analysis summary v2 links to the status page, so check the GHES version we're running on
+            // supports the status page.
+            (config.gitHubVersion.type !== util.GitHubVariant.GHES ||
+                semver.gte(config.gitHubVersion.version, "3.9.0")) &&
+                (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2))) {
                 codeqlArgs.push("--new-analysis-summary");
             }
-            else if (await util.codeQlVersionAbove(this, feature_flags_1.CODEQL_VERSION_ANALYSIS_SUMMARY_V2)) {
+            else if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2)) {
                 codeqlArgs.push("--no-new-analysis-summary");
             }
             codeqlArgs.push(databasePath);
@@ -976,4 +1001,11 @@ async function getLanguageAliasingArguments(codeql) {
     }
     return [];
 }
+async function isSublanguageFileCoverageEnabled(config, codeql) {
+    return (
+    // Sub-language file coverage is first supported in GHES 3.12.
+    (config.gitHubVersion.type !== util.GitHubVariant.GHES ||
+        semver.gte(config.gitHubVersion.version, "3.12.0")) &&
+        (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)));
+}
 //# sourceMappingURL=codeql.js.map

lib/codeql.test.js

@@ -624,30 +624,46 @@ const injectedConfigMacro = ava_1.default.macro({
 });
 const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
     {
-        featureEnabled: true,
         codeqlVersion: "2.15.0",
+        githubVersion: {
+            type: util.GitHubVariant.DOTCOM,
+        },
         flagPassed: true,
         negativeFlagPassed: false,
     },
     {
-        featureEnabled: false,
         codeqlVersion: "2.15.0",
+        githubVersion: {
+            type: util.GitHubVariant.GHES,
+            version: "3.9.0",
+        },
+        flagPassed: true,
+        negativeFlagPassed: false,
+    },
+    {
+        codeqlVersion: "2.15.0",
+        githubVersion: {
+            type: util.GitHubVariant.GHES,
+            version: "3.8.6",
+        },
         flagPassed: false,
         negativeFlagPassed: true,
     },
     {
-        featureEnabled: false,
         codeqlVersion: "2.14.6",
+        githubVersion: {
+            type: util.GitHubVariant.DOTCOM,
+        },
         flagPassed: false,
         negativeFlagPassed: false,
     },
 ];
-for (const { featureEnabled, codeqlVersion, flagPassed, negativeFlagPassed, } of NEW_ANALYSIS_SUMMARY_TEST_CASES) {
+for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of NEW_ANALYSIS_SUMMARY_TEST_CASES) {
     (0, ava_1.default)(`database interpret-results passes ${flagPassed
         ? "--new-analysis-summary"
         : negativeFlagPassed
             ? "--no-new-analysis-summary"
-            : "nothing"} for CodeQL CLI v${codeqlVersion} when the new analysis summary feature is ${featureEnabled ? "enabled" : "disabled"}`, async (t) => {
+            : "nothing"} for CodeQL CLI v${codeqlVersion} and ${util.GitHubVariant[githubVersion.type]} ${githubVersion.version ? ` ${githubVersion.version}` : ""}`, async (t) => {
         const runnerConstructorStub = stubToolRunnerConstructor();
         const codeqlObject = await codeql.getCodeQLForTesting();
         sinon
@@ -655,7 +671,7 @@ for (const { featureEnabled, codeqlVersion, flagPassed, negativeFlagPassed, } of
             .resolves((0, testing_utils_1.makeVersionInfo)(codeqlVersion));
         // safeWhich throws because of the test CodeQL object.
         sinon.stub(safeWhich, "safeWhich").resolves("");
-        await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)(featureEnabled ? [feature_flags_1.Feature.AnalysisSummaryV2Enabled] : []), (0, logging_1.getRunnerLogger)(true));
+        await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", Object.assign({}, stubConfig, { gitHubVersion: githubVersion }), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
         t.is(runnerConstructorStub.firstCall.args[1].includes("--new-analysis-summary"), flagPassed, `--new-analysis-summary should${flagPassed ? "" : "n't"} be passed`);
         t.is(runnerConstructorStub.firstCall.args[1].includes("--no-new-analysis-summary"), negativeFlagPassed, `--no-new-analysis-summary should${negativeFlagPassed ? "" : "n't"} be passed`);
     });

lib/database-upload.js

@@ -56,12 +56,14 @@ async function uploadDatabases(repositoryNwo, config, apiDetails, logger) {
             const bundledDb = await (0, util_1.bundleDb)(config, language, codeql, language);
             const bundledDbSize = fs.statSync(bundledDb).size;
             const bundledDbReadStream = fs.createReadStream(bundledDb);
+            const commitOid = await actionsUtil.getCommitOid(actionsUtil.getRequiredInput("checkout_path"));
             try {
-                await client.request(`POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name`, {
+                await client.request(`POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid`, {
                     owner: repositoryNwo.owner,
                     repo: repositoryNwo.repo,
                     language,
                     name: `${language}-database`,
+                    commit_oid: commitOid,
                     data: bundledDbReadStream,
                     headers: {
                         authorization: `token ${apiDetails.auth}`,

lib/database-upload.js.map

@@ -1 +1 @@
-{"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkC;AAE3B,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE;QAC9D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;KACR;IAED,iDAAiD;IACjD,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;QAC3D,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACjE,OAAO;KACR;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE;QACnD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;KACR;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,GAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI;YACF,8BAA8B;YAC9B,2EAA2E;YAC3E,8EAA8E;YAC9E,wEAAwE;YACxE,MAAM,SAAS,GAAG,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YACrE,MAAM,aAAa,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;YAClD,MAAM,mBAAmB,GAAG,EAAE,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAC3D,IAAI;gBACF,MAAM,MAAM,CAAC,OAAO,CAClB,wGAAwG,EACxG;oBACE,KAAK,EAAE,aAAa,CAAC,KAAK;oBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;oBACxB,QAAQ;oBACR,IAAI,EAAE,GAAG,QAAQ,WAAW;oBAC5B,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE;wBACP,aAAa,EAAE,SAAS,UAAU,CAAC,IAAI,EAAE;wBACzC,cAAc,EAAE,iBAAiB;wBACjC,gBAAgB,EAAE,aAAa;qBAChC;iBACF,CACF,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;aAChE;oBAAS;gBACR,mBAAmB,CAAC,KAAK,EAAE,CAAC;aAC7B;SACF;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;SACnE;KACF;AACH,CAAC;AA7DD,0CA6DC"}
+{"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkC;AAE3B,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE;QAC9D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;KACR;IAED,iDAAiD;IACjD,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;QAC3D,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACjE,OAAO;KACR;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE;QACnD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;KACR;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,GAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI;YACF,8BAA8B;YAC9B,2EAA2E;YAC3E,8EAA8E;YAC9E,wEAAwE;YACxE,MAAM,SAAS,GAAG,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YACrE,MAAM,aAAa,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;YAClD,MAAM,mBAAmB,GAAG,EAAE,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,YAAY,CAC9C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAC9C,CAAC;YACF,IAAI;gBACF,MAAM,MAAM,CAAC,OAAO,CAClB,+HAA+H,EAC/H;oBACE,KAAK,EAAE,aAAa,CAAC,KAAK;oBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;oBACxB,QAAQ;oBACR,IAAI,EAAE,GAAG,QAAQ,WAAW;oBAC5B,UAAU,EAAE,SAAS;oBACrB,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE;wBACP,aAAa,EAAE,SAAS,UAAU,CAAC,IAAI,EAAE;wBACzC,cAAc,EAAE,iBAAiB;wBACjC,gBAAgB,EAAE,aAAa;qBAChC;iBACF,CACF,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;aAChE;oBAAS;gBACR,mBAAmB,CAAC,KAAK,EAAE,CAAC;aAC7B;SACF;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;SACnE;KACF;AACH,CAAC;AAjED,0CAiEC"}

lib/database-upload.test.js

@@ -72,7 +72,7 @@ async function mockHttpRequests(databaseUploadStatusCode) {
     // Passing an auth token is required, so we just use a dummy value
     const client = github.getOctokit("123");
     const requestSpy = sinon.stub(client, "request");
-    const url = "POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name";
+    const url = "POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid";
     const databaseUploadSpy = requestSpy.withArgs(url);
     if (databaseUploadStatusCode < 300) {
         databaseUploadSpy.resolves(undefined);

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.15.0",
-    "cliVersion": "2.15.0",
-    "priorBundleVersion": "codeql-bundle-v2.14.6",
-    "priorCliVersion": "2.14.6"
+    "bundleVersion": "codeql-bundle-v2.15.2",
+    "cliVersion": "2.15.2",
+    "priorBundleVersion": "codeql-bundle-v2.15.1",
+    "priorCliVersion": "2.15.1"
 }

lib/environment.js

@@ -52,9 +52,8 @@ var EnvVar;
      */
     EnvVar["WORKFLOW_STARTED_AT"] = "CODEQL_WORKFLOW_STARTED_AT";
     /**
-     * The path where we initially discovered the Go binary in the system path
-     * before replacing it with a wrapper script. We check this later to ensure
-     * that it hasn't been tampered with by a late e.g. `setup-go` step.
+     * The path where we initially discovered the Go binary in the system path.
+     * We check this later to ensure that it hasn't been tampered with by a late e.g. `setup-go` step.
      */
     EnvVar["GO_BINARY_LOCATION"] = "CODEQL_ACTION_GO_BINARY";
 })(EnvVar || (exports.EnvVar = EnvVar = {}));

lib/environment.js.map

@@ -1 +1 @@
-{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":";;;AAAA,IAAY,MAuEX;AAvED,WAAY,MAAM;IAChB,2DAA2D;IAC3D,+FAAqF,CAAA;IAErF,gEAAgE;IAChE,qEAA2D,CAAA;IAE3D;;;OAGG;IACH,yFAA+E,CAAA;IAE/E;;;OAGG;IACH,yEAA+D,CAAA;IAE/D,gFAAgF;IAChF,6DAAmD,CAAA;IAEnD;;;OAGG;IACH,uEAA6D,CAAA;IAE7D,gEAAgE;IAChE,mEAAyD,CAAA;IAEzD,kFAAkF;IAClF,mFAAyE,CAAA;IAEzE,6CAA6C;IAC7C,uCAA6B,CAAA;IAE7B,mEAAyD,CAAA;IAEzD;;;OAGG;IACH,2FAAiF,CAAA;IAEjF,mFAAmF;IACnF,6FAAmF,CAAA;IAEnF,qFAAqF;IACrF,+CAAqC,CAAA;IAErC,mEAAyD,CAAA;IAEzD,kEAAkE;IAClE,2CAAiC,CAAA;IAEjC;;;;;;OAMG;IACH,4DAAkD,CAAA;IAElD;;;;OAIG;IACH,wDAA8C,CAAA;AAChD,CAAC,EAvEW,MAAM,sBAAN,MAAM,QAuEjB"}
+{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":";;;AAAA,IAAY,MAsEX;AAtED,WAAY,MAAM;IAChB,2DAA2D;IAC3D,+FAAqF,CAAA;IAErF,gEAAgE;IAChE,qEAA2D,CAAA;IAE3D;;;OAGG;IACH,yFAA+E,CAAA;IAE/E;;;OAGG;IACH,yEAA+D,CAAA;IAE/D,gFAAgF;IAChF,6DAAmD,CAAA;IAEnD;;;OAGG;IACH,uEAA6D,CAAA;IAE7D,gEAAgE;IAChE,mEAAyD,CAAA;IAEzD,kFAAkF;IAClF,mFAAyE,CAAA;IAEzE,6CAA6C;IAC7C,uCAA6B,CAAA;IAE7B,mEAAyD,CAAA;IAEzD;;;OAGG;IACH,2FAAiF,CAAA;IAEjF,mFAAmF;IACnF,6FAAmF,CAAA;IAEnF,qFAAqF;IACrF,+CAAqC,CAAA;IAErC,mEAAyD,CAAA;IAEzD,kEAAkE;IAClE,2CAAiC,CAAA;IAEjC;;;;;;OAMG;IACH,4DAAkD,CAAA;IAElD;;;OAGG;IACH,wDAA8C,CAAA;AAChD,CAAC,EAtEW,MAAM,sBAAN,MAAM,QAsEjB"}

lib/feature-flags.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.Features = exports.FEATURE_FLAGS_FILE_NAME = exports.featureConfig = exports.Feature = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_INTRA_LAYER_PARALLELISM = exports.CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED = void 0;
+exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.Features = exports.FEATURE_FLAGS_FILE_NAME = exports.featureConfig = exports.Feature = exports.CODEQL_VERSION_FINE_GRAINED_PARALLELISM = exports.CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const semver = __importStar(require("semver"));
@@ -37,18 +37,10 @@ const DEFAULT_VERSION_FEATURE_FLAG_SUFFIX = "_enabled";
  */
 exports.CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED = "2.13.4";
 /**
- * Versions 2.14.0+ of the CodeQL CLI support intra-layer parallelism (aka fine-grained parallelism) options, but we
- * limit to 2.14.6 onwards, since that's the version that has mitigations against OOM failures.
+ * Evaluator fine-grained parallelism (aka intra-layer parallelism) is only safe to enable in 2.15.1 onwards.
+ * (Some earlier versions recognize the command-line flag, but they contain a bug which makes it unsafe to use).
  */
-exports.CODEQL_VERSION_INTRA_LAYER_PARALLELISM = "2.14.6";
-/**
- * Versions 2.15.0+ of the CodeQL CLI support new analysis summaries.
- */
-exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = "2.15.0";
-/**
- * Versions 2.15.0+ of the CodeQL CLI support sub-language file coverage information.
- */
-exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = "2.15.0";
+exports.CODEQL_VERSION_FINE_GRAINED_PARALLELISM = "2.15.1";
 /**
  * Feature enablement as returned by the GitHub API endpoint.
  *
@@ -56,24 +48,16 @@ exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = "2.15.0";
  */
 var Feature;
 (function (Feature) {
-    Feature["AnalysisSummaryV2Enabled"] = "analysis_summary_v2_enabled";
     Feature["CliConfigFileEnabled"] = "cli_config_file_enabled";
     Feature["CodeqlJavaLombokEnabled"] = "codeql_java_lombok_enabled";
     Feature["CppDependencyInstallation"] = "cpp_dependency_installation_enabled";
     Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
     Feature["DisablePythonDependencyInstallationEnabled"] = "disable_python_dependency_installation_enabled";
-    Feature["EvaluatorIntraLayerParallelismEnabled"] = "evaluator_intra_layer_parallelism_enabled";
+    Feature["EvaluatorFineGrainedParallelismEnabled"] = "evaluator_fine_grained_parallelism_enabled";
     Feature["ExportDiagnosticsEnabled"] = "export_diagnostics_enabled";
     Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
-    Feature["SublanguageFileCoverageEnabled"] = "sublanguage_file_coverage_enabled";
-    Feature["UploadFailedSarifEnabled"] = "upload_failed_sarif_enabled";
 })(Feature || (exports.Feature = Feature = {}));
 exports.featureConfig = {
-    [Feature.AnalysisSummaryV2Enabled]: {
-        envVar: "CODEQL_ACTION_ANALYSIS_SUMMARY_V2",
-        minimumVersion: exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2,
-        defaultValue: false,
-    },
     [Feature.CodeqlJavaLombokEnabled]: {
         envVar: "CODEQL_JAVA_LOMBOK",
         minimumVersion: "2.14.0",
@@ -94,9 +78,9 @@ exports.featureConfig = {
         minimumVersion: "2.11.6",
         defaultValue: true,
     },
-    [Feature.EvaluatorIntraLayerParallelismEnabled]: {
-        envVar: "CODEQL_EVALUATOR_INTRA_LAYER_PARALLELISM",
-        minimumVersion: exports.CODEQL_VERSION_INTRA_LAYER_PARALLELISM,
+    [Feature.EvaluatorFineGrainedParallelismEnabled]: {
+        envVar: "CODEQL_EVALUATOR_FINE_GRAINED_PARALLELISM",
+        minimumVersion: exports.CODEQL_VERSION_FINE_GRAINED_PARALLELISM,
         defaultValue: false,
     },
     [Feature.ExportDiagnosticsEnabled]: {
@@ -109,16 +93,6 @@ exports.featureConfig = {
         minimumVersion: undefined,
         defaultValue: false,
     },
-    [Feature.SublanguageFileCoverageEnabled]: {
-        envVar: "CODEQL_ACTION_SUBLANGUAGE_FILE_COVERAGE",
-        minimumVersion: exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE,
-        defaultValue: false,
-    },
-    [Feature.UploadFailedSarifEnabled]: {
-        envVar: "CODEQL_ACTION_UPLOAD_FAILED_SARIF",
-        minimumVersion: "2.11.3",
-        defaultValue: true,
-    },
     [Feature.DisablePythonDependencyInstallationEnabled]: {
         envVar: "CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION",
         // Although the python extractor only started supporting not extracting installed

lib/init-action-post-helper.js

@@ -24,12 +24,13 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.run = exports.tryUploadSarifIfRunFailed = void 0;
-const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
+const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
+const repository_1 = require("./repository");
 const uploadLib = __importStar(require("./upload-lib"));
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
@@ -49,8 +50,8 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
         return { upload_failed_run_skipped_because: "CodeQL command not found" };
     }
     const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
-    if (!(await features.getValue(feature_flags_1.Feature.UploadFailedSarifEnabled, codeql))) {
-        return { upload_failed_run_skipped_because: "Feature disabled" };
+    if (!(await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_EXPORT_FAILED_SARIF))) {
+        return { upload_failed_run_skipped_because: "Unsupported by CodeQL CLI" };
     }
     const workflow = await (0, workflow_1.getWorkflow)(logger);
     const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
@@ -73,10 +74,12 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
         // We call 'database export-diagnostics' to find any per-database diagnostics.
         await codeql.databaseExportDiagnostics(databasePath, sarifFile, category, config.tempDir, logger);
     }
-    core.info(`Uploading failed SARIF file ${sarifFile}`);
+    logger.info(`Uploading failed SARIF file ${sarifFile}`);
     const uploadResult = await uploadLib.uploadFromActions(sarifFile, checkoutPath, category, logger, { considerInvalidRequestUserError: false });
     await uploadLib.waitForProcessing(repositoryNwo, uploadResult.sarifID, logger, { isUnsuccessfulExecution: true });
-    return uploadResult?.statusReport ?? {};
+    return uploadResult
+        ? { ...uploadResult.statusReport, sarifID: uploadResult.sarifID }
+        : {};
 }
 async function tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger) {
     if (process.env[environment_1.EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
@@ -114,9 +117,12 @@ async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, p
         throw new Error("Expected to upload a failed SARIF file for this CodeQL code scanning run, " +
             `but the result was instead ${error}.`);
     }
+    if (process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true") {
+        await removeUploadedSarif(uploadFailedSarifResult, logger);
+    }
     // Upload appropriate Actions artifacts for debugging
     if (config.debugMode) {
-        core.info("Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...");
+        logger.info("Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...");
         await uploadDatabaseBundleDebugArtifact(config, logger);
         await uploadLogsDebugArtifact(config);
         await printDebugLogs(config);
@@ -124,4 +130,55 @@ async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, p
     return uploadFailedSarifResult;
 }
 exports.run = run;
+async function removeUploadedSarif(uploadFailedSarifResult, logger) {
+    const sarifID = uploadFailedSarifResult.sarifID;
+    if (sarifID) {
+        logger.startGroup("Deleting failed SARIF upload");
+        logger.info(`In test mode, therefore deleting the failed analysis to avoid impacting tool status for the Action repository. SARIF ID to delete: ${sarifID}.`);
+        const client = (0, api_client_1.getApiClient)();
+        try {
+            const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
+            // Wait to make sure the analysis is ready for download before requesting it.
+            await (0, util_1.delay)(5000);
+            // Get the analysis associated with the uploaded sarif
+            const analysisInfo = await client.request("GET /repos/:owner/:repo/code-scanning/analyses?sarif_id=:sarif_id", {
+                owner: repositoryNwo.owner,
+                repo: repositoryNwo.repo,
+                sarif_id: sarifID,
+            });
+            // Delete the analysis.
+            if (analysisInfo.data.length === 1) {
+                const analysis = analysisInfo.data[0];
+                logger.info(`Analysis ID to delete: ${analysis.id}.`);
+                try {
+                    await client.request("DELETE /repos/:owner/:repo/code-scanning/analyses/:analysis_id?confirm_delete", {
+                        owner: repositoryNwo.owner,
+                        repo: repositoryNwo.repo,
+                        analysis_id: analysis.id,
+                    });
+                    logger.info(`Analysis deleted.`);
+                }
+                catch (e) {
+                    const origMessage = (0, util_1.getErrorMessage)(e);
+                    const newMessage = origMessage.includes("No analysis found for analysis ID")
+                        ? `Analysis ${analysis.id} does not exist. It was likely already deleted.`
+                        : origMessage;
+                    throw new Error(newMessage);
+                }
+            }
+            else {
+                throw new Error(`Expected to find exactly one analysis with sarif_id ${sarifID}. Found ${analysisInfo.data.length}.`);
+            }
+        }
+        catch (e) {
+            throw new Error(`Failed to delete uploaded SARIF analysis. Reason: ${(0, util_1.getErrorMessage)(e)}`);
+        }
+        finally {
+            logger.endGroup();
+        }
+    }
+    else {
+        logger.warning("Could not delete the uploaded SARIF analysis because a SARIF ID wasn't provided by the API when uploading the SARIF file.");
+    }
+}
 //# sourceMappingURL=init-action-post-helper.js.map

lib/init-action-post-helper.test.js

@@ -324,6 +324,7 @@ async function testFailedSarifUpload(t, actionsWorkflow, { category, databaseExi
         .returns(JSON.stringify(matrix));
     const codeqlObject = await codeql.getCodeQLForTesting();
     sinon.stub(codeql, "getCodeQL").resolves(codeqlObject);
+    sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.0"));
     const databaseExportDiagnosticsStub = sinon.stub(codeqlObject, "databaseExportDiagnostics");
     const diagnosticsExportStub = sinon.stub(codeqlObject, "diagnosticsExport");
     sinon.stub(workflow, "getWorkflow").resolves(actionsWorkflow);
@@ -333,13 +334,14 @@ async function testFailedSarifUpload(t, actionsWorkflow, { category, databaseExi
         statusReport: { raw_upload_size_bytes: 20, zipped_upload_size_bytes: 10 },
     });
     const waitForProcessing = sinon.stub(uploadLib, "waitForProcessing");
-    const features = [feature_flags_1.Feature.UploadFailedSarifEnabled];
+    const features = [];
     if (exportDiagnosticsEnabled) {
         features.push(feature_flags_1.Feature.ExportDiagnosticsEnabled);
     }
     const result = await initActionPostHelper.tryUploadSarifIfRunFailed(config, (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)(features), (0, logging_1.getRunnerLogger)(true));
     if (expectUpload) {
         t.deepEqual(result, {
+            sarifID: "42",
             raw_upload_size_bytes: 20,
             zipped_upload_size_bytes: 10,
         });

lib/init-action.js

@@ -132,7 +132,11 @@ async function run() {
         toolsDownloadDurationMs = initCodeQLResult.toolsDownloadDurationMs;
         toolsVersion = initCodeQLResult.toolsVersion;
         toolsSource = initCodeQLResult.toolsSource;
-        await (0, workflow_1.validateWorkflow)(codeql, logger);
+        core.startGroup("Validating workflow");
+        if ((await (0, workflow_1.validateWorkflow)(codeql, logger)) === undefined) {
+            logger.info("Detected no issues with the code scanning workflow.");
+        }
+        core.endGroup();
         config = await (0, init_1.initConfig)((0, actions_util_1.getOptionalInput)("languages"), (0, actions_util_1.getOptionalInput)("queries"), (0, actions_util_1.getOptionalInput)("packs"), registriesInput, (0, actions_util_1.getOptionalInput)("config-file"), (0, actions_util_1.getOptionalInput)("db-location"), (0, actions_util_1.getOptionalInput)("config"), getTrapCachingEnabled(), 
         // Debug mode is enabled if:
         // - The `init` Action is passed `debug: true`.
@@ -171,33 +175,43 @@ async function run() {
             core.exportVariable("GOFLAGS", goFlags);
             core.warning("Passing the GOFLAGS env parameter to the init action is deprecated. Please move this to the analyze action.");
         }
-        // Go 1.21 and above ships with statically linked binaries on Linux. CodeQL cannot currently trace custom builds
-        // where the entry point is a statically linked binary. Until that is fixed, we work around the problem by
-        // replacing the `go` binary with a shell script that invokes the actual `go` binary. Since the shell is typically
-        // dynamically linked, this provides a suitable entry point for the CodeQL tracer.
         if (config.languages.includes(languages_1.Language.go) &&
-            process.platform === "linux" &&
-            !(0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.IndirectTracingSupportsStaticBinaries)) {
+            process.platform === "linux") {
             try {
                 const goBinaryPath = await (0, safe_which_1.safeWhich)("go");
                 const fileOutput = await (0, actions_util_1.getFileType)(goBinaryPath);
-                if (fileOutput.includes("statically linked")) {
-                    logger.debug(`Applying static binary workaround for Go`);
-                    // Create a directory that we can add to the system PATH.
-                    const tempBinPath = path.resolve((0, actions_util_1.getTemporaryDirectory)(), "codeql-action-go-tracing", "bin");
-                    fs.mkdirSync(tempBinPath, { recursive: true });
-                    core.addPath(tempBinPath);
-                    // Write the wrapper script to the directory we just added to the PATH.
-                    const goWrapperPath = path.resolve(tempBinPath, "go");
-                    fs.writeFileSync(goWrapperPath, `#!/bin/bash\n\nexec ${goBinaryPath} "$@"`);
-                    fs.chmodSync(goWrapperPath, "755");
-                    // Store the original location of our wrapper script somewhere where we can
-                    // later retrieve it from and cross-check that it hasn't been changed.
-                    core.exportVariable(environment_1.EnvVar.GO_BINARY_LOCATION, goWrapperPath);
+                // Go 1.21 and above ships with statically linked binaries on Linux. CodeQL cannot currently trace custom builds
+                // where the entry point is a statically linked binary. Until that is fixed, we work around the problem by
+                // replacing the `go` binary with a shell script that invokes the actual `go` binary. Since the shell is
+                // typically dynamically linked, this provides a suitable entry point for the CodeQL tracer.
+                if (fileOutput.includes("statically linked") &&
+                    !(0, tools_features_1.isSupportedToolsFeature)(versionInfo, tools_features_1.ToolsFeature.IndirectTracingSupportsStaticBinaries)) {
+                    try {
+                        logger.debug(`Applying static binary workaround for Go`);
+                        // Create a directory that we can add to the system PATH.
+                        const tempBinPath = path.resolve((0, actions_util_1.getTemporaryDirectory)(), "codeql-action-go-tracing", "bin");
+                        fs.mkdirSync(tempBinPath, { recursive: true });
+                        core.addPath(tempBinPath);
+                        // Write the wrapper script to the directory we just added to the PATH.
+                        const goWrapperPath = path.resolve(tempBinPath, "go");
+                        fs.writeFileSync(goWrapperPath, `#!/bin/bash\n\nexec ${goBinaryPath} "$@"`);
+                        fs.chmodSync(goWrapperPath, "755");
+                        // Store the original location of our wrapper script somewhere where we can
+                        // later retrieve it from and cross-check that it hasn't been changed.
+                        core.exportVariable(environment_1.EnvVar.GO_BINARY_LOCATION, goWrapperPath);
+                    }
+                    catch (e) {
+                        logger.warning(`Analyzing Go on Linux, but failed to install wrapper script. Tracing custom builds may fail: ${e}`);
+                    }
+                }
+                else {
+                    // Store the location of the original Go binary, so we can check that no setup tasks were performed after the
+                    // `init` Action ran.
+                    core.exportVariable(environment_1.EnvVar.GO_BINARY_LOCATION, goBinaryPath);
                 }
             }
             catch (e) {
-                logger.warning(`Analyzing Go on Linux, but failed to install wrapper script. Tracing custom builds may fail: ${e}`);
+                logger.warning(`Failed to determine the location of the Go binary: ${e}`);
             }
         }
         // Limit RAM and threads for extractors. When running extractors, the CodeQL CLI obeys the

lib/setup-codeql.js

@@ -411,7 +411,8 @@ async function downloadCodeQL(codeqlURL, maybeBundleVersion, maybeCliVersion, ap
     if (searchParams.has("token")) {
         logger.debug("CodeQL tools URL contains an authorization token.");
     }
-    else if (codeqlURL.startsWith(`${apiDetails.url}/`)) {
+    else if (codeqlURL.startsWith(`${apiDetails.url}/`) ||
+        (apiDetails.apiURL && codeqlURL.startsWith(`${apiDetails.apiURL}/`))) {
         logger.debug("Providing an authorization token to download CodeQL tools.");
         authorization = `token ${apiDetails.auth}`;
     }

lib/util.js

@@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.checkDiskUsage = exports.prettyPrintPack = exports.wrapError = exports.fixInvalidNotificationsInFile = exports.fixInvalidNotifications = exports.parseMatrixInput = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.isInTestMode = exports.supportExpectDiscardedCache = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.initializeEnvironment = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.getMemoryFlagValueForPlatform = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
+exports.checkDiskUsage = exports.prettyPrintPack = exports.getErrorMessage = exports.wrapError = exports.fixInvalidNotificationsInFile = exports.fixInvalidNotifications = exports.parseMatrixInput = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.isInTestMode = exports.supportExpectDiscardedCache = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.initializeEnvironment = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.getMemoryFlagValueForPlatform = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
@@ -465,7 +465,8 @@ exports.bundleDb = bundleDb;
  * @param opts options
  * @param opts.allowProcessExit if true, the timer will not prevent the process from exiting
  */
-async function delay(milliseconds, { allowProcessExit }) {
+async function delay(milliseconds, opts) {
+    const { allowProcessExit } = opts || {};
     return new Promise((resolve) => {
         const timer = setTimeout(resolve, milliseconds);
         if (allowProcessExit) {
@@ -719,6 +720,10 @@ function wrapError(error) {
     return error instanceof Error ? error : new Error(String(error));
 }
 exports.wrapError = wrapError;
+function getErrorMessage(error) {
+    return error instanceof Error ? error.toString() : String(error);
+}
+exports.getErrorMessage = getErrorMessage;
 function prettyPrintPack(pack) {
     return `${pack.name}${pack.version ? `@${pack.version}` : ""}${pack.path ? `:${pack.path}` : ""}`;
 }

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.22.2",
+  "version": "2.22.8",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
@@ -448,9 +448,9 @@
       }
     },
     "node_modules/@eslint/js": {
-      "version": "8.51.0",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.51.0.tgz",
-      "integrity": "sha512-HxjQ8Qn+4SI3/AFv6sOrDB+g6PpUTDwSJiQqOrnneEk8L71161srI9gjzzZvYVbzHiVg/BvcH95+cK/zfIt4pg==",
+      "version": "8.52.0",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-8.52.0.tgz",
+      "integrity": "sha512-mjZVbpaeMZludF2fsWLD0Z9gCref1Tk4i9+wddjRvpUNqqcndPkBD09N/Mapey0b3jaXbLm2kICwFv2E64QinA==",
       "dev": true,
       "engines": {
         "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
@@ -463,12 +463,12 @@
       "dev": true
     },
     "node_modules/@humanwhocodes/config-array": {
-      "version": "0.11.11",
-      "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.11.tgz",
-      "integrity": "sha512-N2brEuAadi0CcdeMXUkhbZB84eskAc8MEX1By6qEchoVywSgXPIjou4rYsl0V3Hj0ZnuGycGCjdNgockbzeWNA==",
+      "version": "0.11.13",
+      "resolved": "https://registry.npmjs.org/@humanwhocodes/config-array/-/config-array-0.11.13.tgz",
+      "integrity": "sha512-JSBDMiDKSzQVngfRjOdFXgFfklaXI4K9nLF49Auh21lmBWRLIK3+xTErTWD4KU54pb6coM6ESE7Awz/FNU3zgQ==",
       "dev": true,
       "dependencies": {
-        "@humanwhocodes/object-schema": "^1.2.1",
+        "@humanwhocodes/object-schema": "^2.0.1",
         "debug": "^4.1.1",
         "minimatch": "^3.0.5"
       },
@@ -490,9 +490,9 @@
       }
     },
     "node_modules/@humanwhocodes/object-schema": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-1.2.1.tgz",
-      "integrity": "sha512-ZnQMnLV4e7hDlUvw8H+U8ASL02SS2Gn6+9Ac3wGGLIe7+je2AeAOxPY+izIPJDfFDb7eDjev0Us8MO1iFRN8hA==",
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/@humanwhocodes/object-schema/-/object-schema-2.0.1.tgz",
+      "integrity": "sha512-dvuCeX5fC9dXgJn9t+X5atfmgQAzUOWqS1254Gh0m6i8wKd10ebXkfNKiRK+1GWi/yTvvLDHpoxLr0xxxeslWw==",
       "dev": true
     },
     "node_modules/@nodelib/fs.scandir": {
@@ -762,17 +762,17 @@
       }
     },
     "node_modules/@octokit/types": {
-      "version": "12.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.0.0.tgz",
-      "integrity": "sha512-EzD434aHTFifGudYAygnFlS1Tl6KhbTynEWELQXIbTY8Msvb5nEqTZIm7sbPEt4mQYLZwu3zPKVdeIrw0g7ovg==",
+      "version": "12.1.1",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-12.1.1.tgz",
+      "integrity": "sha512-qnJTldJ1NyGT5MTsCg/Zi+y2IFHZ1Jo5+njNCjJ9FcainV7LjuHgmB697kA0g4MjZeDAJsM3B45iqCVsCLVFZg==",
       "dependencies": {
-        "@octokit/openapi-types": "^19.0.0"
+        "@octokit/openapi-types": "^19.0.2"
       }
     },
     "node_modules/@octokit/types/node_modules/@octokit/openapi-types": {
-      "version": "19.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-19.0.0.tgz",
-      "integrity": "sha512-PclQ6JGMTE9iUStpzMkwLCISFn/wDeRjkZFIKALpvJQNBGwDoYYi2fFvuHwssoQ1rXI5mfh6jgTgWuddeUzfWw=="
+      "version": "19.0.2",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-19.0.2.tgz",
+      "integrity": "sha512-8li32fUDUeml/ACRp/njCWTsk5t17cfTM1jp9n08pBrqs5cDFJubtjsSnuz56r5Tad6jdEPJld7LxNp9dNcyjQ=="
     },
     "node_modules/@opentelemetry/api": {
       "version": "1.4.1",
@@ -813,6 +813,24 @@
       "resolved": "https://registry.npmjs.org/@schemastore/package/-/package-0.0.10.tgz",
       "integrity": "sha512-D3LxMCnkgsb4LO5sDKf6E+yahM2SqpEHmkqMPDSJis5Cy/j2MgWo/g/iq0lECK0mrPWfx3hqKm2ZJlqxwbRJQA=="
     },
+    "node_modules/@sinonjs/commons": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.0.tgz",
+      "integrity": "sha512-jXBtWAF4vmdNmZgD5FoKsVLv3rPgDnLgPbU84LIJ3otV44vJlDRokVng5v8NFJdCf/da9legHcKaRuZs4L7faA==",
+      "dev": true,
+      "dependencies": {
+        "type-detect": "4.0.8"
+      }
+    },
+    "node_modules/@sinonjs/fake-timers": {
+      "version": "11.2.2",
+      "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz",
+      "integrity": "sha512-G2piCSxQ7oWOxwGSAyFHfPIsyeJGXYtc6mFbnFA+kRXkiEnTl8c/8jul2S329iFBnDI9HGoeWWAZvuvOkZccgw==",
+      "dev": true,
+      "dependencies": {
+        "@sinonjs/commons": "^3.0.0"
+      }
+    },
     "node_modules/@sinonjs/samsam": {
       "version": "8.0.0",
       "resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz",
@@ -840,9 +858,9 @@
       "dev": true
     },
     "node_modules/@types/adm-zip": {
-      "version": "0.5.2",
-      "resolved": "https://registry.npmjs.org/@types/adm-zip/-/adm-zip-0.5.2.tgz",
-      "integrity": "sha512-33OTTnnW3onOE6HJuoqsi7T7Ojupz7zO/Vs5ddRNVCYQnu4lg05RqH/pr9eidHGvGyYfdO4uPO9cvegAMixBCQ==",
+      "version": "0.5.3",
+      "resolved": "https://registry.npmjs.org/@types/adm-zip/-/adm-zip-0.5.3.tgz",
+      "integrity": "sha512-LfeDIiFdvphelYY2aMWTyQBr5cTb1EL9Qcu19jFizdt2sL/jL+fy1fE8IgAKBFI5XfbGukaRDDM5PiJTrovAhA==",
       "dev": true,
       "dependencies": {
         "@types/node": "*"
@@ -860,15 +878,15 @@
       "dev": true
     },
     "node_modules/@types/js-yaml": {
-      "version": "4.0.6",
-      "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.6.tgz",
-      "integrity": "sha512-ACTuifTSIIbyksx2HTon3aFtCKWcID7/h3XEmRpDYdMCXxPbl+m9GteOJeaAkiAta/NJaSFuA7ahZ0NkwajDSw==",
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/@types/js-yaml/-/js-yaml-4.0.8.tgz",
+      "integrity": "sha512-m6jnPk1VhlYRiLFm3f8X9Uep761f+CK8mHyS65LutH2OhmBF0BeMEjHgg05usH8PLZMWWc/BUR9RPmkvpWnyRA==",
       "dev": true
     },
     "node_modules/@types/json-schema": {
-      "version": "7.0.13",
-      "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.13.tgz",
-      "integrity": "sha512-RbSSoHliUbnXj3ny0CNFOoxrIDV6SUGyStHsvDqosw6CkdPV8TtWGlfecuK4ToyMEAql6pzNxgCFKanovUzlgQ==",
+      "version": "7.0.14",
+      "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.14.tgz",
+      "integrity": "sha512-U3PUjAudAdJBeC2pgN8uTIKgxrb4nlDF3SF0++EldXQvQBGkpFZMSnwQiIoDU77tv45VgNkl/L4ouD+rEomujw==",
       "dev": true
     },
     "node_modules/@types/json5": {
@@ -905,15 +923,15 @@
       }
     },
     "node_modules/@types/semver": {
-      "version": "7.5.3",
-      "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.3.tgz",
-      "integrity": "sha512-OxepLK9EuNEIPxWNME+C6WwbRAOOI2o2BaQEGzz5Lu2e4Z5eDnEo+/aVEDMIXywoJitJ7xWd641wrGLZdtwRyw==",
+      "version": "7.5.4",
+      "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.5.4.tgz",
+      "integrity": "sha512-MMzuxN3GdFwskAnb6fz0orFvhfqi752yjaXylr0Rp4oDg5H0Zn1IuyRhDVvYOwAXoJirx2xuS16I3WjxnAIHiQ==",
       "dev": true
     },
     "node_modules/@types/sinon": {
-      "version": "10.0.17",
-      "resolved": "https://registry.npmjs.org/@types/sinon/-/sinon-10.0.17.tgz",
-      "integrity": "sha512-+6ILpcixQ0Ma3dHMTLv4rSycbDXkDljgKL+E0nI2RUxxhYTFyPSjt6RVMxh7jUshvyVcBvicb0Ktj+lAJcjgeA==",
+      "version": "10.0.20",
+      "resolved": "https://registry.npmjs.org/@types/sinon/-/sinon-10.0.20.tgz",
+      "integrity": "sha512-2APKKruFNCAZgx3daAyACGzWuJ028VVCUDk6o2rw/Z4PXT0ogwdV4KUegW0MwVs0Zu59auPXbbuBJHF12Sx1Eg==",
       "dev": true,
       "dependencies": {
         "@types/sinonjs__fake-timers": "*"
@@ -934,21 +952,21 @@
       }
     },
     "node_modules/@types/uuid": {
-      "version": "9.0.5",
-      "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.5.tgz",
-      "integrity": "sha512-xfHdwa1FMJ082prjSJpoEI57GZITiQz10r3vEJCHa2khEFQjKy91aWKz6+zybzssCvXUwE1LQWgWVwZ4nYUvHQ=="
+      "version": "9.0.6",
+      "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.6.tgz",
+      "integrity": "sha512-BT2Krtx4xaO6iwzwMFUYvWBWkV2pr37zD68Vmp1CDV196MzczBRxuEpD6Pr395HAgebC/co7hOphs53r8V7jew=="
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "6.7.5",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.7.5.tgz",
-      "integrity": "sha512-JhtAwTRhOUcP96D0Y6KYnwig/MRQbOoLGXTON2+LlyB/N35SP9j1boai2zzwXb7ypKELXMx3DVk9UTaEq1vHEw==",
+      "version": "6.9.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-6.9.1.tgz",
+      "integrity": "sha512-w0tiiRc9I4S5XSXXrMHOWgHgxbrBn1Ro+PmiYhSg2ZVdxrAJtQgzU5o2m1BfP6UOn7Vxcc6152vFjQfmZR4xEg==",
       "dev": true,
       "dependencies": {
         "@eslint-community/regexpp": "^4.5.1",
-        "@typescript-eslint/scope-manager": "6.7.5",
-        "@typescript-eslint/type-utils": "6.7.5",
-        "@typescript-eslint/utils": "6.7.5",
-        "@typescript-eslint/visitor-keys": "6.7.5",
+        "@typescript-eslint/scope-manager": "6.9.1",
+        "@typescript-eslint/type-utils": "6.9.1",
+        "@typescript-eslint/utils": "6.9.1",
+        "@typescript-eslint/visitor-keys": "6.9.1",
         "debug": "^4.3.4",
         "graphemer": "^1.4.0",
         "ignore": "^5.2.4",
@@ -974,15 +992,15 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "6.7.5",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.7.5.tgz",
-      "integrity": "sha512-bIZVSGx2UME/lmhLcjdVc7ePBwn7CLqKarUBL4me1C5feOd663liTGjMBGVcGr+BhnSLeP4SgwdvNnnkbIdkCw==",
+      "version": "6.9.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-6.9.1.tgz",
+      "integrity": "sha512-C7AK2wn43GSaCUZ9do6Ksgi2g3mwFkMO3Cis96kzmgudoVaKyt62yNzJOktP0HDLb/iO2O0n2lBOzJgr6Q/cyg==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/scope-manager": "6.7.5",
-        "@typescript-eslint/types": "6.7.5",
-        "@typescript-eslint/typescript-estree": "6.7.5",
-        "@typescript-eslint/visitor-keys": "6.7.5",
+        "@typescript-eslint/scope-manager": "6.9.1",
+        "@typescript-eslint/types": "6.9.1",
+        "@typescript-eslint/typescript-estree": "6.9.1",
+        "@typescript-eslint/visitor-keys": "6.9.1",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -1002,13 +1020,13 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "6.7.5",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.7.5.tgz",
-      "integrity": "sha512-GAlk3eQIwWOJeb9F7MKQ6Jbah/vx1zETSDw8likab/eFcqkjSD7BI75SDAeC5N2L0MmConMoPvTsmkrg71+B1A==",
+      "version": "6.9.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-6.9.1.tgz",
+      "integrity": "sha512-38IxvKB6NAne3g/+MyXMs2Cda/Sz+CEpmm+KLGEM8hx/CvnSRuw51i8ukfwB/B/sESdeTGet1NH1Wj7I0YXswg==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.7.5",
-        "@typescript-eslint/visitor-keys": "6.7.5"
+        "@typescript-eslint/types": "6.9.1",
+        "@typescript-eslint/visitor-keys": "6.9.1"
       },
       "engines": {
         "node": "^16.0.0 || >=18.0.0"
@@ -1019,13 +1037,13 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "6.7.5",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.7.5.tgz",
-      "integrity": "sha512-Gs0qos5wqxnQrvpYv+pf3XfcRXW6jiAn9zE/K+DlmYf6FcpxeNYN0AIETaPR7rHO4K2UY+D0CIbDP9Ut0U4m1g==",
+      "version": "6.9.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-6.9.1.tgz",
+      "integrity": "sha512-eh2oHaUKCK58qIeYp19F5V5TbpM52680sB4zNSz29VBQPTWIlE/hCj5P5B1AChxECe/fmZlspAWFuRniep1Skg==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/typescript-estree": "6.7.5",
-        "@typescript-eslint/utils": "6.7.5",
+        "@typescript-eslint/typescript-estree": "6.9.1",
+        "@typescript-eslint/utils": "6.9.1",
         "debug": "^4.3.4",
         "ts-api-utils": "^1.0.1"
       },
@@ -1046,9 +1064,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "6.7.5",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.7.5.tgz",
-      "integrity": "sha512-WboQBlOXtdj1tDFPyIthpKrUb+kZf2VroLZhxKa/VlwLlLyqv/PwUNgL30BlTVZV1Wu4Asu2mMYPqarSO4L5ZQ==",
+      "version": "6.9.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-6.9.1.tgz",
+      "integrity": "sha512-BUGslGOb14zUHOUmDB2FfT6SI1CcZEJYfF3qFwBeUrU6srJfzANonwRYHDpLBuzbq3HaoF2XL2hcr01c8f8OaQ==",
       "dev": true,
       "engines": {
         "node": "^16.0.0 || >=18.0.0"
@@ -1059,13 +1077,13 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "6.7.5",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.7.5.tgz",
-      "integrity": "sha512-NhJiJ4KdtwBIxrKl0BqG1Ur+uw7FiOnOThcYx9DpOGJ/Abc9z2xNzLeirCG02Ig3vkvrc2qFLmYSSsaITbKjlg==",
+      "version": "6.9.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-6.9.1.tgz",
+      "integrity": "sha512-U+mUylTHfcqeO7mLWVQ5W/tMLXqVpRv61wm9ZtfE5egz7gtnmqVIw9ryh0mgIlkKk9rZLY3UHygsBSdB9/ftyw==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.7.5",
-        "@typescript-eslint/visitor-keys": "6.7.5",
+        "@typescript-eslint/types": "6.9.1",
+        "@typescript-eslint/visitor-keys": "6.9.1",
         "debug": "^4.3.4",
         "globby": "^11.1.0",
         "is-glob": "^4.0.3",
@@ -1086,17 +1104,17 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "6.7.5",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.7.5.tgz",
-      "integrity": "sha512-pfRRrH20thJbzPPlPc4j0UNGvH1PjPlhlCMq4Yx7EGjV7lvEeGX0U6MJYe8+SyFutWgSHsdbJ3BXzZccYggezA==",
+      "version": "6.9.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-6.9.1.tgz",
+      "integrity": "sha512-L1T0A5nFdQrMVunpZgzqPL6y2wVreSyHhKGZryS6jrEN7bD9NplVAyMryUhXsQ4TWLnZmxc2ekar/lSGIlprCA==",
       "dev": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.4.0",
         "@types/json-schema": "^7.0.12",
         "@types/semver": "^7.5.0",
-        "@typescript-eslint/scope-manager": "6.7.5",
-        "@typescript-eslint/types": "6.7.5",
-        "@typescript-eslint/typescript-estree": "6.7.5",
+        "@typescript-eslint/scope-manager": "6.9.1",
+        "@typescript-eslint/types": "6.9.1",
+        "@typescript-eslint/typescript-estree": "6.9.1",
         "semver": "^7.5.4"
       },
       "engines": {
@@ -1111,12 +1129,12 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "6.7.5",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.7.5.tgz",
-      "integrity": "sha512-3MaWdDZtLlsexZzDSdQWsFQ9l9nL8B80Z4fImSpyllFC/KLqWQRdEcB+gGGO+N3Q2uL40EsG66wZLsohPxNXvg==",
+      "version": "6.9.1",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-6.9.1.tgz",
+      "integrity": "sha512-MUaPUe/QRLEffARsmNfmpghuQkW436DvESW+h+M52w0coICHRfD6Np9/K6PdACwnrq1HmuLl+cSPZaJmeVPkSw==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/types": "6.7.5",
+        "@typescript-eslint/types": "6.9.1",
         "eslint-visitor-keys": "^3.4.1"
       },
       "engines": {
@@ -1127,6 +1145,12 @@
         "url": "https://opencollective.com/typescript-eslint"
       }
     },
+    "node_modules/@ungap/structured-clone": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/@ungap/structured-clone/-/structured-clone-1.2.0.tgz",
+      "integrity": "sha512-zuVdFrMJiuCDQUMCzQaD6KL28MjnqqN8XnAqiEq9PNm/hCPTSGfrXCOfwj1ow4LFb/tNymJPwsNbVePc1xFqrQ==",
+      "dev": true
+    },
     "node_modules/abort-controller": {
       "version": "3.0.0",
       "resolved": "https://registry.npmjs.org/abort-controller/-/abort-controller-3.0.0.tgz",
@@ -1278,15 +1302,15 @@
       }
     },
     "node_modules/array-includes": {
-      "version": "3.1.6",
-      "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.6.tgz",
-      "integrity": "sha512-sgTbLvL6cNnw24FnbaDyjmvddQ2ML8arZsgaJhoABMoplz/4QRhtrYS+alr1BUM1Bwp6dhx8vVCBSLG+StwOFw==",
+      "version": "3.1.7",
+      "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.1.7.tgz",
+      "integrity": "sha512-dlcsNBIiWhPkHdOEEKnehA+RNUWDc4UqFtnIXU4uuYDPtA4LDkr7qip2p0VvFAEXNDr0yWZ9PJyIRiGjRLQzwQ==",
       "dev": true,
       "dependencies": {
         "call-bind": "^1.0.2",
-        "define-properties": "^1.1.4",
-        "es-abstract": "^1.20.4",
-        "get-intrinsic": "^1.1.3",
+        "define-properties": "^1.2.0",
+        "es-abstract": "^1.22.1",
+        "get-intrinsic": "^1.2.1",
         "is-string": "^1.0.7"
       },
       "engines": {
@@ -1304,16 +1328,16 @@
       }
     },
     "node_modules/array.prototype.findlastindex": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/array.prototype.findlastindex/-/array.prototype.findlastindex-1.2.2.tgz",
-      "integrity": "sha512-tb5thFFlUcp7NdNF6/MpDk/1r/4awWG1FIz3YqDf+/zJSTezBb+/5WViH41obXULHVpDzoiCLpJ/ZO9YbJMsdw==",
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/array.prototype.findlastindex/-/array.prototype.findlastindex-1.2.3.tgz",
+      "integrity": "sha512-LzLoiOMAxvy+Gd3BAq3B7VeIgPdo+Q8hthvKtXybMvRV0jrXfJM/t8mw7nNlpEcVlVUnCnM2KSX4XU5HmpodOA==",
       "dev": true,
       "dependencies": {
         "call-bind": "^1.0.2",
-        "define-properties": "^1.1.4",
-        "es-abstract": "^1.20.4",
+        "define-properties": "^1.2.0",
+        "es-abstract": "^1.22.1",
         "es-shim-unscopables": "^1.0.0",
-        "get-intrinsic": "^1.1.3"
+        "get-intrinsic": "^1.2.1"
       },
       "engines": {
         "node": ">= 0.4"
@@ -1323,14 +1347,14 @@
       }
     },
     "node_modules/array.prototype.flat": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.3.1.tgz",
-      "integrity": "sha512-roTU0KWIOmJ4DRLmwKd19Otg0/mT3qPNt0Qb3GWW8iObuZXxrjB/pzn0R3hqpRSWg4HCwqx+0vwOnWnvlOyeIA==",
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.3.2.tgz",
+      "integrity": "sha512-djYB+Zx2vLewY8RWlNCUdHjDXs2XOgm602S9E7P/UpHgfeHL00cRiIF+IN/G/aUJ7kGPb6yO/ErDI5V2s8iycA==",
       "dev": true,
       "dependencies": {
         "call-bind": "^1.0.2",
-        "define-properties": "^1.1.4",
-        "es-abstract": "^1.20.4",
+        "define-properties": "^1.2.0",
+        "es-abstract": "^1.22.1",
         "es-shim-unscopables": "^1.0.0"
       },
       "engines": {
@@ -1341,14 +1365,14 @@
       }
     },
     "node_modules/array.prototype.flatmap": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/array.prototype.flatmap/-/array.prototype.flatmap-1.3.1.tgz",
-      "integrity": "sha512-8UGn9O1FDVvMNB0UlLv4voxRMze7+FpHyF5mSMRjWHUMlpoDViniy05870VlxhfgTnLbpuwTzvD76MTtWxB/mQ==",
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/array.prototype.flatmap/-/array.prototype.flatmap-1.3.2.tgz",
+      "integrity": "sha512-Ewyx0c9PmpcsByhSW4r+9zDU7sGjFc86qf/kKtuSCRdhfbk0SNLLkaT5qvcHnRGgc5NP/ly/y+qkXkqONX54CQ==",
       "dev": true,
       "dependencies": {
         "call-bind": "^1.0.2",
-        "define-properties": "^1.1.4",
-        "es-abstract": "^1.20.4",
+        "define-properties": "^1.2.0",
+        "es-abstract": "^1.22.1",
         "es-shim-unscopables": "^1.0.0"
       },
       "engines": {
@@ -2470,18 +2494,19 @@
       }
     },
     "node_modules/eslint": {
-      "version": "8.51.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.51.0.tgz",
-      "integrity": "sha512-2WuxRZBrlwnXi+/vFSJyjMqrNjtJqiasMzehF0shoLaW7DzS3/9Yvrmq5JiT66+pNjiX4UBnLDiKHcWAr/OInA==",
+      "version": "8.52.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.52.0.tgz",
+      "integrity": "sha512-zh/JHnaixqHZsolRB/w9/02akBk9EPrOs9JwcTP2ek7yL5bVvXuRariiaAjjoJ5DvuwQ1WAE/HsMz+w17YgBCg==",
       "dev": true,
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.2.0",
         "@eslint-community/regexpp": "^4.6.1",
         "@eslint/eslintrc": "^2.1.2",
-        "@eslint/js": "8.51.0",
-        "@humanwhocodes/config-array": "^0.11.11",
+        "@eslint/js": "8.52.0",
+        "@humanwhocodes/config-array": "^0.11.13",
         "@humanwhocodes/module-importer": "^1.0.1",
         "@nodelib/fs.walk": "^1.2.8",
+        "@ungap/structured-clone": "^1.2.0",
         "ajv": "^6.12.4",
         "chalk": "^4.0.0",
         "cross-spawn": "^7.0.2",
@@ -2536,14 +2561,14 @@
       }
     },
     "node_modules/eslint-import-resolver-node": {
-      "version": "0.3.7",
-      "resolved": "https://registry.npmjs.org/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.7.tgz",
-      "integrity": "sha512-gozW2blMLJCeFpBwugLTGyvVjNoeo1knonXAcatC6bjPBZitotxdWf7Gimr25N4c0AAOo4eOUfaG82IJPDpqCA==",
+      "version": "0.3.9",
+      "resolved": "https://registry.npmjs.org/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.9.tgz",
+      "integrity": "sha512-WFj2isz22JahUv+B788TlO3N6zL3nNJGU8CcZbPZvVEkBPaJdCV4vy5wyghty5ROFbCRnm132v8BScu5/1BQ8g==",
       "dev": true,
       "dependencies": {
         "debug": "^3.2.7",
-        "is-core-module": "^2.11.0",
-        "resolve": "^1.22.1"
+        "is-core-module": "^2.13.0",
+        "resolve": "^1.22.4"
       }
     },
     "node_modules/eslint-import-resolver-node/node_modules/debug": {
@@ -2691,26 +2716,26 @@
       }
     },
     "node_modules/eslint-plugin-import": {
-      "version": "2.28.1",
-      "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.28.1.tgz",
-      "integrity": "sha512-9I9hFlITvOV55alzoKBI+K9q74kv0iKMeY6av5+umsNwayt59fz692daGyjR+oStBQgx6nwR9rXldDev3Clw+A==",
+      "version": "2.29.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.29.0.tgz",
+      "integrity": "sha512-QPOO5NO6Odv5lpoTkddtutccQjysJuFxoPS7fAHO+9m9udNHvTCPSAMW9zGAYj8lAIdr40I8yPCdUYrncXtrwg==",
       "dev": true,
       "dependencies": {
-        "array-includes": "^3.1.6",
-        "array.prototype.findlastindex": "^1.2.2",
-        "array.prototype.flat": "^1.3.1",
-        "array.prototype.flatmap": "^1.3.1",
+        "array-includes": "^3.1.7",
+        "array.prototype.findlastindex": "^1.2.3",
+        "array.prototype.flat": "^1.3.2",
+        "array.prototype.flatmap": "^1.3.2",
         "debug": "^3.2.7",
         "doctrine": "^2.1.0",
-        "eslint-import-resolver-node": "^0.3.7",
+        "eslint-import-resolver-node": "^0.3.9",
         "eslint-module-utils": "^2.8.0",
-        "has": "^1.0.3",
-        "is-core-module": "^2.13.0",
+        "hasown": "^2.0.0",
+        "is-core-module": "^2.13.1",
         "is-glob": "^4.0.3",
         "minimatch": "^3.1.2",
-        "object.fromentries": "^2.0.6",
-        "object.groupby": "^1.0.0",
-        "object.values": "^1.1.6",
+        "object.fromentries": "^2.0.7",
+        "object.groupby": "^1.0.1",
+        "object.values": "^1.1.7",
         "semver": "^6.3.1",
         "tsconfig-paths": "^3.14.2"
       },
@@ -3316,10 +3341,13 @@
       }
     },
     "node_modules/function-bind": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
-      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==",
-      "dev": true
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+      "dev": true,
+      "funding": {
+        "url": "https://github.com/sponsors/ljharb"
+      }
     },
     "node_modules/function.prototype.name": {
       "version": "1.1.5",
@@ -3584,6 +3612,18 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/hasown": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.0.tgz",
+      "integrity": "sha512-vUptKVTpIJhcczKBbgnS+RtcuYMB8+oNzPK2/Hp3hanz8JmpATdmmgLgSaadVREkDm+e2giHwY3ZRkyjSIDDFA==",
+      "dev": true,
+      "dependencies": {
+        "function-bind": "^1.1.2"
+      },
+      "engines": {
+        "node": ">= 0.4"
+      }
+    },
     "node_modules/human-signals": {
       "version": "4.3.1",
       "resolved": "https://registry.npmjs.org/human-signals/-/human-signals-4.3.1.tgz",
@@ -3773,12 +3813,12 @@
       }
     },
     "node_modules/is-core-module": {
-      "version": "2.13.0",
-      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.0.tgz",
-      "integrity": "sha512-Z7dk6Qo8pOCp3l4tsX2C5ZVas4V+UxwQodwZhLopL91TX8UyyHEXafPcyoeeWuLrwzHcr3igO78wNLwHJHsMCQ==",
+      "version": "2.13.1",
+      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz",
+      "integrity": "sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==",
       "dev": true,
       "dependencies": {
-        "has": "^1.0.3"
+        "hasown": "^2.0.0"
       },
       "funding": {
         "url": "https://github.com/sponsors/ljharb"
@@ -4456,9 +4496,9 @@
       "dev": true
     },
     "node_modules/nise": {
-      "version": "5.1.4",
-      "resolved": "https://registry.npmjs.org/nise/-/nise-5.1.4.tgz",
-      "integrity": "sha512-8+Ib8rRJ4L0o3kfmyVCL7gzrohyDe0cMFTBa2d364yIrEGMEoetznKJx899YxjybU6bL9SQkYPSBBs1gyYs8Xg==",
+      "version": "5.1.5",
+      "resolved": "https://registry.npmjs.org/nise/-/nise-5.1.5.tgz",
+      "integrity": "sha512-VJuPIfUFaXNRzETTQEEItTOP8Y171ijr+JLq42wHes3DiryR8vT+1TXQW/Rx8JNUhyYYWyIvjXTU6dOhJcs9Nw==",
       "dev": true,
       "dependencies": {
         "@sinonjs/commons": "^2.0.0",
@@ -4478,23 +4518,31 @@
       }
     },
     "node_modules/nise/node_modules/@sinonjs/fake-timers": {
-      "version": "10.0.2",
-      "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.0.2.tgz",
-      "integrity": "sha512-SwUDyjWnah1AaNl7kxsa7cfLhlTYoiyhDAIgyh+El30YvXs/o7OLXpYH88Zdhyx9JExKrmHDJ+10bwIcY80Jmw==",
+      "version": "10.3.0",
+      "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz",
+      "integrity": "sha512-V4BG07kuYSUkTCSBHG8G8TNhM+F19jXFWnQtzj+we8DrkpSBCee9Z3Ms8yiGer/dlmhe35/Xdgyo3/0rQKg7YA==",
       "dev": true,
       "dependencies": {
-        "@sinonjs/commons": "^2.0.0"
+        "@sinonjs/commons": "^3.0.0"
+      }
+    },
+    "node_modules/nise/node_modules/@sinonjs/fake-timers/node_modules/@sinonjs/commons": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.0.tgz",
+      "integrity": "sha512-jXBtWAF4vmdNmZgD5FoKsVLv3rPgDnLgPbU84LIJ3otV44vJlDRokVng5v8NFJdCf/da9legHcKaRuZs4L7faA==",
+      "dev": true,
+      "dependencies": {
+        "type-detect": "4.0.8"
       }
     },
     "node_modules/nock": {
-      "version": "13.3.3",
-      "resolved": "https://registry.npmjs.org/nock/-/nock-13.3.3.tgz",
-      "integrity": "sha512-z+KUlILy9SK/RjpeXDiDUEAq4T94ADPHE3qaRkf66mpEhzc/ytOMm3Bwdrbq6k1tMWkbdujiKim3G2tfQARuJw==",
+      "version": "13.3.7",
+      "resolved": "https://registry.npmjs.org/nock/-/nock-13.3.7.tgz",
+      "integrity": "sha512-z3voRxo6G0JxqCsjuzERh1ReFC4Vp2b7JpSgcMJB6jnJbUszf88awAeQLIID2UNMwbMh9/Zm5sFscagj0QYHEg==",
       "dev": true,
       "dependencies": {
         "debug": "^4.1.0",
         "json-stringify-safe": "^5.0.1",
-        "lodash": "^4.17.21",
         "propagate": "^2.0.0"
       },
       "engines": {
@@ -4638,14 +4686,14 @@
       }
     },
     "node_modules/object.fromentries": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/object.fromentries/-/object.fromentries-2.0.6.tgz",
-      "integrity": "sha512-VciD13dswC4j1Xt5394WR4MzmAQmlgN72phd/riNp9vtD7tp4QQWJ0R4wvclXcafgcYK8veHRed2W6XeGBvcfg==",
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/object.fromentries/-/object.fromentries-2.0.7.tgz",
+      "integrity": "sha512-UPbPHML6sL8PI/mOqPwsH4G6iyXcCGzLin8KvEPenOZN5lpCNBZZQ+V62vdjB1mQHrmqGQt5/OJzemUA+KJmEA==",
       "dev": true,
       "dependencies": {
         "call-bind": "^1.0.2",
-        "define-properties": "^1.1.4",
-        "es-abstract": "^1.20.4"
+        "define-properties": "^1.2.0",
+        "es-abstract": "^1.22.1"
       },
       "engines": {
         "node": ">= 0.4"
@@ -4655,26 +4703,26 @@
       }
     },
     "node_modules/object.groupby": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/object.groupby/-/object.groupby-1.0.0.tgz",
-      "integrity": "sha512-70MWG6NfRH9GnbZOikuhPPYzpUpof9iW2J9E4dW7FXTqPNb6rllE6u39SKwwiNh8lCwX3DDb5OgcKGiEBrTTyw==",
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/object.groupby/-/object.groupby-1.0.1.tgz",
+      "integrity": "sha512-HqaQtqLnp/8Bn4GL16cj+CUYbnpe1bh0TtEaWvybszDG4tgxCJuRpV8VGuvNaI1fAnI4lUJzDG55MXcOH4JZcQ==",
       "dev": true,
       "dependencies": {
         "call-bind": "^1.0.2",
         "define-properties": "^1.2.0",
-        "es-abstract": "^1.21.2",
+        "es-abstract": "^1.22.1",
         "get-intrinsic": "^1.2.1"
       }
     },
     "node_modules/object.values": {
-      "version": "1.1.6",
-      "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.1.6.tgz",
-      "integrity": "sha512-FVVTkD1vENCsAcwNs9k6jea2uHC/X0+JcjG8YA60FN5CMaJmG95wT9jek/xX9nornqGRrBkKtzuAu2wuHpKqvw==",
+      "version": "1.1.7",
+      "resolved": "https://registry.npmjs.org/object.values/-/object.values-1.1.7.tgz",
+      "integrity": "sha512-aU6xnDFYT3x17e/f0IiiwlGPTy2jzMySGfUB4fq6z7CV8l85CWHDk5ErhyhpfDHhrOMwGFhSQkhMGHaIotA6Ng==",
       "dev": true,
       "dependencies": {
         "call-bind": "^1.0.2",
-        "define-properties": "^1.1.4",
-        "es-abstract": "^1.20.4"
+        "define-properties": "^1.2.0",
+        "es-abstract": "^1.22.1"
       },
       "engines": {
         "node": ">= 0.4"
@@ -5107,12 +5155,12 @@
       }
     },
     "node_modules/resolve": {
-      "version": "1.22.3",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.3.tgz",
-      "integrity": "sha512-P8ur/gp/AmbEzjr729bZnLjXK5Z+4P0zhIJgBgzqRih7hL7BOukHGtSTA3ACMY467GRFz3duQsi0bDZdR7DKdw==",
+      "version": "1.22.8",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz",
+      "integrity": "sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==",
       "dev": true,
       "dependencies": {
-        "is-core-module": "^2.12.0",
+        "is-core-module": "^2.13.0",
         "path-parse": "^1.0.7",
         "supports-preserve-symlinks-flag": "^1.0.0"
       },
@@ -5445,16 +5493,16 @@
       "dev": true
     },
     "node_modules/sinon": {
-      "version": "16.1.0",
-      "resolved": "https://registry.npmjs.org/sinon/-/sinon-16.1.0.tgz",
-      "integrity": "sha512-ZSgzF0vwmoa8pq0GEynqfdnpEDyP1PkYmEChnkjW0Vyh8IDlyFEJ+fkMhCP0il6d5cJjPl2PUsnUSAuP5sttOQ==",
+      "version": "17.0.0",
+      "resolved": "https://registry.npmjs.org/sinon/-/sinon-17.0.0.tgz",
+      "integrity": "sha512-p4lJiYKBoOEVUxxVIC9H1MM2znG1/c8gud++I2BauJA5hsz7hHsst35eurNWXTusBsIq66FzOQbZ/uMdpvbPIQ==",
       "dev": true,
       "dependencies": {
         "@sinonjs/commons": "^3.0.0",
-        "@sinonjs/fake-timers": "^10.3.0",
+        "@sinonjs/fake-timers": "^11.2.2",
         "@sinonjs/samsam": "^8.0.0",
         "diff": "^5.1.0",
-        "nise": "^5.1.4",
+        "nise": "^5.1.5",
         "supports-color": "^7.2.0"
       },
       "funding": {
@@ -5462,24 +5510,6 @@
         "url": "https://opencollective.com/sinon"
       }
     },
-    "node_modules/sinon/node_modules/@sinonjs/commons": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-3.0.0.tgz",
-      "integrity": "sha512-jXBtWAF4vmdNmZgD5FoKsVLv3rPgDnLgPbU84LIJ3otV44vJlDRokVng5v8NFJdCf/da9legHcKaRuZs4L7faA==",
-      "dev": true,
-      "dependencies": {
-        "type-detect": "4.0.8"
-      }
-    },
-    "node_modules/sinon/node_modules/@sinonjs/fake-timers": {
-      "version": "10.3.0",
-      "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-10.3.0.tgz",
-      "integrity": "sha512-V4BG07kuYSUkTCSBHG8G8TNhM+F19jXFWnQtzj+we8DrkpSBCee9Z3Ms8yiGer/dlmhe35/Xdgyo3/0rQKg7YA==",
-      "dev": true,
-      "dependencies": {
-        "@sinonjs/commons": "^3.0.0"
-      }
-    },
     "node_modules/sinon/node_modules/has-flag": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",

node_modules/@eslint/js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@eslint/js",
-  "version": "8.51.0",
+  "version": "8.52.0",
   "description": "ESLint JavaScript language implementation",
   "main": "./src/index.js",
   "scripts": {},

node_modules/@humanwhocodes/config-array/api.js

@@ -825,12 +825,12 @@ class ConfigArray extends Array {
 		const cache = this[ConfigArraySymbol.configCache];
 
 		// first check the cache for a filename match to avoid duplicate work
-		let finalConfig = cache.get(filePath);
-
-		if (finalConfig) {
-			return finalConfig;
+		if (cache.has(filePath)) {
+			return cache.get(filePath);
 		}
 
+		let finalConfig;
+
 		// next check to see if the file should be ignored
 
 		// check if this should be ignored due to its directory

node_modules/@humanwhocodes/config-array/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@humanwhocodes/config-array",
-  "version": "0.11.11",
+  "version": "0.11.13",
   "description": "Glob-based configuration matching.",
   "author": "Nicholas C. Zakas",
   "main": "api.js",
@@ -42,19 +42,19 @@
     "node": ">=10.10.0"
   },
   "dependencies": {
-    "@humanwhocodes/object-schema": "^1.2.1",
+    "@humanwhocodes/object-schema": "^2.0.1",
     "debug": "^4.1.1",
     "minimatch": "^3.0.5"
   },
   "devDependencies": {
     "@nitpik/javascript": "0.4.0",
     "@nitpik/node": "0.0.5",
-    "chai": "4.3.8",
-    "eslint": "8.41.0",
+    "chai": "4.3.10",
+    "eslint": "8.51.0",
     "esm": "3.2.25",
-    "lint-staged": "14.0.1",
+    "lint-staged": "15.0.2",
     "mocha": "6.2.3",
-    "nyc": "14.1.1",
+    "nyc": "15.1.0",
     "rollup": "3.28.1",
     "yorkie": "2.0.0"
   }

node_modules/@humanwhocodes/object-schema/.github/workflows/nodejs-test.yml

@@ -10,12 +10,12 @@ jobs:
     strategy:
       matrix:
         os: [windows-latest, macOS-latest, ubuntu-latest]
-        node: [8.x, 10.x, 12.x, 14.x]
+        node: [18.x, 19.x, 20.x]
 
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v4
     - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v3
       with:
         node-version: ${{ matrix.node-version }}
     - name: npm install, build, and test

node_modules/@humanwhocodes/object-schema/.github/workflows/release-please.yml

@@ -7,17 +7,17 @@ jobs:
   release-please:
     runs-on: ubuntu-latest
     steps:
-      - uses: GoogleCloudPlatform/release-please-action@v2
+      - uses: GoogleCloudPlatform/release-please-action@v3
         id: release
         with:
           release-type: node
-          package-name: test-release-please
+          package-name: object-schema
       # The logic below handles the npm publication:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         # these if statements ensure that a publication only occurs when
         # a new release is created:
         if: ${{ steps.release.outputs.release_created }}
-      - uses: actions/setup-node@v1
+      - uses: actions/setup-node@v3
         with:
           node-version: 12
           registry-url: 'https://registry.npmjs.org'

node_modules/@humanwhocodes/object-schema/CHANGELOG.md

@@ -1,5 +1,23 @@
 # Changelog
 
+## [2.0.1](https://github.com/humanwhocodes/object-schema/compare/v2.0.0...v2.0.1) (2023-10-20)
+
+
+### Bug Fixes
+
+* Custom properties should be available on thrown errors ([6ca80b0](https://github.com/humanwhocodes/object-schema/commit/6ca80b001a4ffb678b9b5544fc53322117374376))
+
+## [2.0.0](https://github.com/humanwhocodes/object-schema/compare/v1.2.1...v2.0.0) (2023-10-18)
+
+
+### ⚠ BREAKING CHANGES
+
+* Throw custom errors instead of generics.
+
+### Features
+
+* Throw custom errors instead of generics. ([c6c01d7](https://github.com/humanwhocodes/object-schema/commit/c6c01d71eb354bf7b1fb3e883c40f7bd9b61647c))
+
 ### [1.2.1](https://www.github.com/humanwhocodes/object-schema/compare/v1.2.0...v1.2.1) (2021-11-02)
 
 

node_modules/@humanwhocodes/object-schema/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@humanwhocodes/object-schema",
-  "version": "1.2.1",
+  "version": "2.0.1",
   "description": "An object schema merger/validator",
   "main": "src/index.js",
   "directories": {

node_modules/@humanwhocodes/object-schema/src/object-schema.js

@@ -62,9 +62,77 @@ function validateDefinition(name, strategy) {
     }
 }
 
+//-----------------------------------------------------------------------------
+// Errors
+//-----------------------------------------------------------------------------
+
+/**
+ * Error when an unexpected key is found.
+ */
+class UnexpectedKeyError extends Error {
+
+    /**
+     * Creates a new instance.
+     * @param {string} key The key that was unexpected. 
+     */
+    constructor(key) {
+        super(`Unexpected key "${key}" found.`);
+    }
+}
+
+/**
+ * Error when a required key is missing.
+ */
+class MissingKeyError extends Error {
+
+    /**
+     * Creates a new instance.
+     * @param {string} key The key that was missing. 
+     */
+    constructor(key) {
+        super(`Missing required key "${key}".`);
+    }
+}
+
+/**
+ * Error when a key requires other keys that are missing.
+ */
+class MissingDependentKeysError extends Error {
+
+    /**
+     * Creates a new instance.
+     * @param {string} key The key that was unexpected.
+     * @param {Array<string>} requiredKeys The keys that are required.
+     */
+    constructor(key, requiredKeys) {
+        super(`Key "${key}" requires keys "${requiredKeys.join("\", \"")}".`);
+    }
+}
+
+/**
+ * Wrapper error for errors occuring during a merge or validate operation.
+ */
+class WrapperError {
+
+    /**
+     * Creates a new instance.
+     * @param {string} key The object key causing the error. 
+     * @param {Error} source The source error. 
+     */
+    constructor(key, source) {
+        return Object.create(source, {
+            message: {
+                value: `Key "${key}": ` + source.message,
+                configurable: true,
+                writable: true,
+                enumerable: true
+            }
+        });
+    }
+}
 
 //-----------------------------------------------------------------------------
-// Class
+// Main
 //-----------------------------------------------------------------------------
 
 /**
@@ -159,11 +227,11 @@ class ObjectSchema {
 
         // double check arguments
         if (objects.length < 2) {
-            throw new Error("merge() requires at least two arguments.");
+            throw new TypeError("merge() requires at least two arguments.");
         }
 
         if (objects.some(object => (object == null || typeof object !== "object"))) {
-            throw new Error("All arguments must be objects.");
+            throw new TypeError("All arguments must be objects.");
         }
 
         return objects.reduce((result, object) => {
@@ -179,8 +247,7 @@ class ObjectSchema {
                         }
                     }
                 } catch (ex) {
-                    ex.message = `Key "${key}": ` + ex.message;
-                    throw ex;
+                    throw new WrapperError(key, ex);
                 }
             }
             return result;
@@ -200,7 +267,7 @@ class ObjectSchema {
 
             // check to see if the key is defined
             if (!this.hasKey(key)) {
-                throw new Error(`Unexpected key "${key}" found.`);
+                throw new UnexpectedKeyError(key);
             }
 
             // validate existing keys
@@ -209,7 +276,7 @@ class ObjectSchema {
             // first check to see if any other keys are required
             if (Array.isArray(strategy.requires)) {
                 if (!strategy.requires.every(otherKey => otherKey in object)) {
-                    throw new Error(`Key "${key}" requires keys "${strategy.requires.join("\", \"")}".`);
+                    throw new MissingDependentKeysError(key, strategy.requires);
                 }
             }
 
@@ -217,15 +284,14 @@ class ObjectSchema {
             try {
                 strategy.validate.call(strategy, object[key]);
             } catch (ex) {
-                ex.message = `Key "${key}": ` + ex.message;
-                throw ex;
+                throw new WrapperError(key, ex);
             }
         }
 
         // ensure required keys aren't missing
         for (const [key] of this[requiredKeys]) {
             if (!(key in object)) {
-                throw new Error(`Missing required key "${key}".`);
+                throw new MissingKeyError(key);
             }
         }
 

node_modules/@humanwhocodes/object-schema/tests/object-schema.js

@@ -110,6 +110,54 @@ describe("ObjectSchema", () => {
         
         });
 
+        it("should throw an error when merge() throws an error with a readonly message", () => {
+            let schema = new ObjectSchema({
+                foo: {
+                    merge() {
+                        throw {
+                            get message() {
+                                return "Boom!";
+                            }
+                        };
+                    },
+                    validate() {}
+                }
+            });
+
+            assert.throws(() => {
+                schema.merge({ foo: true }, { foo: true });
+            }, /Key "foo": Boom!/);
+        
+        });
+
+        it("should throw an error with custom properties when merge() throws an error with custom properties", () => {
+            let schema = new ObjectSchema({
+                foo: {
+                    merge() {
+                        throw {
+                            get message() {
+                                return "Boom!";
+                            },
+                            booya: true
+                        };
+                    },
+                    validate() {}
+                }
+            });
+
+            let errorThrown = false;
+
+            try {
+                schema.merge({ foo: true }, { foo: true });
+            } catch (ex) {
+                errorThrown = true;
+                assert.isTrue(ex.booya);
+            }
+
+            assert.isTrue(errorThrown);
+        
+        });
+
         it("should call the merge() strategy for one key when called", () => {
             
             schema = new ObjectSchema({

node_modules/@octokit/types/dist-types/VERSION.d.ts

@@ -1 +1 @@
-export declare const VERSION = "12.0.0";
+export declare const VERSION = "12.1.1";

node_modules/@octokit/types/dist-types/generated/Endpoints.d.ts

@@ -200,6 +200,10 @@ export interface Endpoints {
      * @see https://docs.github.com/rest/packages/packages#delete-package-version-for-an-organization
      */
     "DELETE /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}": Operation<"/orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}", "delete">;
+    /**
+     * @see https://docs.github.com/rest/orgs/properties#remove-a-custom-property-for-an-organization
+     */
+    "DELETE /orgs/{org}/properties/schema/{custom_property_name}": Operation<"/orgs/{org}/properties/schema/{custom_property_name}", "delete">;
     /**
      * @see https://docs.github.com/rest/orgs/members#remove-public-organization-membership-for-the-authenticated-user
      */
@@ -401,7 +405,7 @@ export interface Endpoints {
      */
     "DELETE /repos/{owner}/{repo}/git/refs/{ref}": Operation<"/repos/{owner}/{repo}/git/refs/{ref}", "delete">;
     /**
-     * @see https://docs.github.com/rest/webhooks/repos#delete-a-repository-webhook
+     * @see https://docs.github.com/rest/repos/webhooks#delete-a-repository-webhook
      */
     "DELETE /repos/{owner}/{repo}/hooks/{hook_id}": Operation<"/repos/{owner}/{repo}/hooks/{hook_id}", "delete">;
     /**
@@ -1109,6 +1113,18 @@ export interface Endpoints {
      * @see https://docs.github.com/rest/projects/projects#list-organization-projects
      */
     "GET /orgs/{org}/projects": Operation<"/orgs/{org}/projects", "get">;
+    /**
+     * @see https://docs.github.com/rest/orgs/properties#get-all-custom-properties-for-an-organization
+     */
+    "GET /orgs/{org}/properties/schema": Operation<"/orgs/{org}/properties/schema", "get">;
+    /**
+     * @see https://docs.github.com/rest/orgs/properties#get-a-custom-property-for-an-organization
+     */
+    "GET /orgs/{org}/properties/schema/{custom_property_name}": Operation<"/orgs/{org}/properties/schema/{custom_property_name}", "get">;
+    /**
+     * @see https://docs.github.com/rest/orgs/properties#list-custom-property-values-for-organization-repositories
+     */
+    "GET /orgs/{org}/properties/values": Operation<"/orgs/{org}/properties/values", "get">;
     /**
      * @see https://docs.github.com/rest/orgs/members#list-public-organization-members
      */
@@ -1125,6 +1141,14 @@ export interface Endpoints {
      * @see https://docs.github.com/rest/orgs/rules#get-all-organization-repository-rulesets
      */
     "GET /orgs/{org}/rulesets": Operation<"/orgs/{org}/rulesets", "get">;
+    /**
+     * @see https://docs.github.com/rest/orgs/rule-suites#list-organization-rule-suites
+     */
+    "GET /orgs/{org}/rulesets/rule-suites": Operation<"/orgs/{org}/rulesets/rule-suites", "get">;
+    /**
+     * @see https://docs.github.com/rest/orgs/rule-suites#get-an-organization-rule-suite
+     */
+    "GET /orgs/{org}/rulesets/rule-suites/{rule_suite_id}": Operation<"/orgs/{org}/rulesets/rule-suites/{rule_suite_id}", "get">;
     /**
      * @see https://docs.github.com/rest/orgs/rules#get-an-organization-repository-ruleset
      */
@@ -1554,6 +1578,10 @@ export interface Endpoints {
      * @see https://docs.github.com/rest/codespaces/codespaces#get-default-attributes-for-a-codespace
      */
     "GET /repos/{owner}/{repo}/codespaces/new": Operation<"/repos/{owner}/{repo}/codespaces/new", "get">;
+    /**
+     * @see https://docs.github.com/rest/codespaces/codespaces#check-if-permissions-defined-by-a-devcontainer-have-been-accepted-by-the-authenticated-user
+     */
+    "GET /repos/{owner}/{repo}/codespaces/permissions_check": Operation<"/repos/{owner}/{repo}/codespaces/permissions_check", "get">;
     /**
      * @see https://docs.github.com/rest/codespaces/repository-secrets#list-repository-secrets
      */
@@ -1751,23 +1779,23 @@ export interface Endpoints {
      */
     "GET /repos/{owner}/{repo}/git/trees/{tree_sha}": Operation<"/repos/{owner}/{repo}/git/trees/{tree_sha}", "get">;
     /**
-     * @see https://docs.github.com/rest/webhooks/repos#list-repository-webhooks
+     * @see https://docs.github.com/rest/repos/webhooks#list-repository-webhooks
      */
     "GET /repos/{owner}/{repo}/hooks": Operation<"/repos/{owner}/{repo}/hooks", "get">;
     /**
-     * @see https://docs.github.com/rest/webhooks/repos#get-a-repository-webhook
+     * @see https://docs.github.com/rest/repos/webhooks#get-a-repository-webhook
      */
     "GET /repos/{owner}/{repo}/hooks/{hook_id}": Operation<"/repos/{owner}/{repo}/hooks/{hook_id}", "get">;
     /**
-     * @see https://docs.github.com/rest/webhooks/repo-config#get-a-webhook-configuration-for-a-repository
+     * @see https://docs.github.com/rest/repos/webhooks#get-a-webhook-configuration-for-a-repository
      */
     "GET /repos/{owner}/{repo}/hooks/{hook_id}/config": Operation<"/repos/{owner}/{repo}/hooks/{hook_id}/config", "get">;
     /**
-     * @see https://docs.github.com/rest/webhooks/repo-deliveries#list-deliveries-for-a-repository-webhook
+     * @see https://docs.github.com/rest/repos/webhooks#list-deliveries-for-a-repository-webhook
      */
     "GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries": Operation<"/repos/{owner}/{repo}/hooks/{hook_id}/deliveries", "get">;
     /**
-     * @see https://docs.github.com/rest/webhooks/repo-deliveries#get-a-delivery-for-a-repository-webhook
+     * @see https://docs.github.com/rest/repos/webhooks#get-a-delivery-for-a-repository-webhook
      */
     "GET /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}": Operation<"/repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}", "get">;
     /**
@@ -1910,6 +1938,10 @@ export interface Endpoints {
      * @see https://docs.github.com/rest/projects/projects#list-repository-projects
      */
     "GET /repos/{owner}/{repo}/projects": Operation<"/repos/{owner}/{repo}/projects", "get">;
+    /**
+     * @see https://docs.github.com/rest/repos/properties#get-all-custom-property-values-for-a-repository
+     */
+    "GET /repos/{owner}/{repo}/properties/values": Operation<"/repos/{owner}/{repo}/properties/values", "get">;
     /**
      * @see https://docs.github.com/rest/pulls/pulls#list-pull-requests
      */
@@ -2006,6 +2038,14 @@ export interface Endpoints {
      * @see https://docs.github.com/rest/repos/rules#get-all-repository-rulesets
      */
     "GET /repos/{owner}/{repo}/rulesets": Operation<"/repos/{owner}/{repo}/rulesets", "get">;
+    /**
+     * @see https://docs.github.com/rest/repos/rule-suites#list-repository-rule-suites
+     */
+    "GET /repos/{owner}/{repo}/rulesets/rule-suites": Operation<"/repos/{owner}/{repo}/rulesets/rule-suites", "get">;
+    /**
+     * @see https://docs.github.com/rest/repos/rule-suites#get-a-repository-rule-suite
+     */
+    "GET /repos/{owner}/{repo}/rulesets/rule-suites/{rule_suite_id}": Operation<"/repos/{owner}/{repo}/rulesets/rule-suites/{rule_suite_id}", "get">;
     /**
      * @see https://docs.github.com/rest/repos/rules#get-a-repository-ruleset
      */
@@ -2574,6 +2614,14 @@ export interface Endpoints {
      * @see https://docs.github.com/rest/orgs/webhooks#update-a-webhook-configuration-for-an-organization
      */
     "PATCH /orgs/{org}/hooks/{hook_id}/config": Operation<"/orgs/{org}/hooks/{hook_id}/config", "patch">;
+    /**
+     * @see https://docs.github.com/rest/orgs/properties#create-or-update-custom-properties-for-an-organization
+     */
+    "PATCH /orgs/{org}/properties/schema": Operation<"/orgs/{org}/properties/schema", "patch">;
+    /**
+     * @see https://docs.github.com/rest/orgs/properties#create-or-update-custom-property-values-for-organization-repositories
+     */
+    "PATCH /orgs/{org}/properties/values": Operation<"/orgs/{org}/properties/values", "patch">;
     /**
      * @see https://docs.github.com/rest/teams/teams#update-a-team
      */
@@ -2643,11 +2691,11 @@ export interface Endpoints {
      */
     "PATCH /repos/{owner}/{repo}/git/refs/{ref}": Operation<"/repos/{owner}/{repo}/git/refs/{ref}", "patch">;
     /**
-     * @see https://docs.github.com/rest/webhooks/repos#update-a-repository-webhook
+     * @see https://docs.github.com/rest/repos/webhooks#update-a-repository-webhook
      */
     "PATCH /repos/{owner}/{repo}/hooks/{hook_id}": Operation<"/repos/{owner}/{repo}/hooks/{hook_id}", "patch">;
     /**
-     * @see https://docs.github.com/rest/webhooks/repo-config#update-a-webhook-configuration-for-a-repository
+     * @see https://docs.github.com/rest/repos/webhooks#update-a-webhook-configuration-for-a-repository
      */
     "PATCH /repos/{owner}/{repo}/hooks/{hook_id}/config": Operation<"/repos/{owner}/{repo}/hooks/{hook_id}/config", "patch">;
     /**
@@ -2946,6 +2994,10 @@ export interface Endpoints {
      * @see https://docs.github.com/rest/actions/workflow-runs#review-custom-deployment-protection-rules-for-a-workflow-run
      */
     "POST /repos/{owner}/{repo}/actions/runs/{run_id}/deployment_protection_rule": Operation<"/repos/{owner}/{repo}/actions/runs/{run_id}/deployment_protection_rule", "post">;
+    /**
+     * @see https://docs.github.com/rest/actions/workflow-runs#force-cancel-a-workflow-run
+     */
+    "POST /repos/{owner}/{repo}/actions/runs/{run_id}/force-cancel": Operation<"/repos/{owner}/{repo}/actions/runs/{run_id}/force-cancel", "post">;
     /**
      * @see https://docs.github.com/rest/actions/workflow-runs#review-pending-deployments-for-a-workflow-run
      */
@@ -3079,19 +3131,19 @@ export interface Endpoints {
      */
     "POST /repos/{owner}/{repo}/git/trees": Operation<"/repos/{owner}/{repo}/git/trees", "post">;
     /**
-     * @see https://docs.github.com/rest/webhooks/repos#create-a-repository-webhook
+     * @see https://docs.github.com/rest/repos/webhooks#create-a-repository-webhook
      */
     "POST /repos/{owner}/{repo}/hooks": Operation<"/repos/{owner}/{repo}/hooks", "post">;
     /**
-     * @see https://docs.github.com/rest/webhooks/repo-deliveries#redeliver-a-delivery-for-a-repository-webhook
+     * @see https://docs.github.com/rest/repos/webhooks#redeliver-a-delivery-for-a-repository-webhook
      */
     "POST /repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}/attempts": Operation<"/repos/{owner}/{repo}/hooks/{hook_id}/deliveries/{delivery_id}/attempts", "post">;
     /**
-     * @see https://docs.github.com/rest/webhooks/repos#ping-a-repository-webhook
+     * @see https://docs.github.com/rest/repos/webhooks#ping-a-repository-webhook
      */
     "POST /repos/{owner}/{repo}/hooks/{hook_id}/pings": Operation<"/repos/{owner}/{repo}/hooks/{hook_id}/pings", "post">;
     /**
-     * @see https://docs.github.com/rest/webhooks/repos#test-the-push-repository-webhook
+     * @see https://docs.github.com/rest/repos/webhooks#test-the-push-repository-webhook
      */
     "POST /repos/{owner}/{repo}/hooks/{hook_id}/tests": Operation<"/repos/{owner}/{repo}/hooks/{hook_id}/tests", "post">;
     /**
@@ -3430,6 +3482,10 @@ export interface Endpoints {
      * @see https://docs.github.com/rest/orgs/outside-collaborators#convert-an-organization-member-to-outside-collaborator
      */
     "PUT /orgs/{org}/outside_collaborators/{username}": Operation<"/orgs/{org}/outside_collaborators/{username}", "put">;
+    /**
+     * @see https://docs.github.com/rest/orgs/properties#create-or-update-a-custom-property-for-an-organization
+     */
+    "PUT /orgs/{org}/properties/schema/{custom_property_name}": Operation<"/orgs/{org}/properties/schema/{custom_property_name}", "put">;
     /**
      * @see https://docs.github.com/rest/orgs/members#set-public-organization-membership-for-the-authenticated-user
      */

node_modules/@octokit/types/node_modules/@octokit/openapi-types/package.json

@@ -9,12 +9,12 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "19.0.0",
+  "version": "19.0.2",
   "main": "",
   "types": "types.d.ts",
   "author": "Gregor Martynus (https://twitter.com/gr2m)",
   "license": "MIT",
   "octokit": {
-    "openapi-version": "13.0.0"
+    "openapi-version": "13.2.0"
   }
 }

node_modules/@octokit/types/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@octokit/types",
-  "version": "12.0.0",
+  "version": "12.1.1",
   "publishConfig": {
     "access": "public"
   },
   "description": "Shared TypeScript definitions for Octokit projects",
   "dependencies": {
-    "@octokit/openapi-types": "^19.0.0"
+    "@octokit/openapi-types": "^19.0.2"
   },
   "repository": "github:octokit/types.ts",
   "keywords": [
@@ -36,7 +36,7 @@
     "typescript": "^5.0.0"
   },
   "octokit": {
-    "openapi-version": "13.0.0"
+    "openapi-version": "13.2.0"
   },
   "files": [
     "dist-types/**"