Refactor existing telemetry diagnostics to use makeTelemetryDiagnostic

Refactored bundle-download-telemetry and zstd-availability diagnostics in init-action.ts to use the new makeTelemetryDiagnostic helper function. Also added guard for empty languages array in logGitVersionTelemetry. Co-authored-by: henrymercer <14129055+henrymercer@users.noreply.github.com>
Address feedback: cache git version, improve error handling, add telemetry
2025-12-17 12:59:20 +08:00 · 2025-12-16 17:24:57 +00:00 · 2025-12-16 17:19:46 +00:00 · 2025-12-16 16:27:41 +00:00 · 2025-12-16 16:22:23 +00:00 · 2025-12-16 16:09:09 +00:00
25 changed files with 1608 additions and 1097 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,7 +2,7 @@

 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.

-## 4.31.9 - 16 Dec 2025
+## [UNRELEASED]

 No user facing changes.

--- a/lib/analyze-action-post.js
+++ b/lib/analyze-action-post.js
@@ -26413,8 +26413,8 @@ var require_gte = __commonJS({
  "node_modules/semver/functions/gte.js"(exports2, module2) {
    "use strict";
    var compare2 = require_compare();
-    var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0;
-    module2.exports = gte5;
+    var gte6 = (a, b, loose) => compare2(a, b, loose) >= 0;
+    module2.exports = gte6;
  }
 });

@@ -26435,7 +26435,7 @@ var require_cmp = __commonJS({
    var eq = require_eq();
    var neq = require_neq();
    var gt = require_gt();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lt = require_lt();
    var lte = require_lte();
    var cmp = (a, op, b, loose) => {
@@ -26465,7 +26465,7 @@ var require_cmp = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -27224,7 +27224,7 @@ var require_outside = __commonJS({
    var gt = require_gt();
    var lt = require_lt();
    var lte = require_lte();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var outside = (version, range, hilo, options) => {
      version = new SemVer(version, options);
      range = new Range2(range, options);
@@ -27239,7 +27239,7 @@ var require_outside = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -27554,7 +27554,7 @@ var require_semver2 = __commonJS({
    var lt = require_lt();
    var eq = require_eq();
    var neq = require_neq();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lte = require_lte();
    var cmp = require_cmp();
    var coerce3 = require_coerce();
@@ -27592,7 +27592,7 @@ var require_semver2 = __commonJS({
      lt,
      eq,
      neq,
-      gte: gte5,
+      gte: gte6,
      lte,
      cmp,
      coerce: coerce3,
@@ -30964,7 +30964,7 @@ var require_brace_expansion = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -31009,7 +31009,7 @@ var require_brace_expansion = __commonJS({
        var reverse = y < x;
        if (reverse) {
          incr *= -1;
-          test = gte5;
+          test = gte6;
        }
        var pad = n.some(isPadded);
        N = [];
@@ -33162,8 +33162,8 @@ var require_semver3 = __commonJS({
    function neq(a, b, loose) {
      return compare2(a, b, loose) !== 0;
    }
-    exports2.gte = gte5;
-    function gte5(a, b, loose) {
+    exports2.gte = gte6;
+    function gte6(a, b, loose) {
      return compare2(a, b, loose) >= 0;
    }
    exports2.lte = lte;
@@ -33194,7 +33194,7 @@ var require_semver3 = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -33739,7 +33739,7 @@ var require_semver3 = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -33940,7 +33940,7 @@ var require_cacheUtils = __commonJS({
    var crypto = __importStar4(require("crypto"));
    var fs7 = __importStar4(require("fs"));
    var path6 = __importStar4(require("path"));
-    var semver8 = __importStar4(require_semver3());
+    var semver9 = __importStar4(require_semver3());
    var util = __importStar4(require("util"));
    var constants_1 = require_constants7();
    var versionSalt = "1.0";
@@ -34037,7 +34037,7 @@ var require_cacheUtils = __commonJS({
    function getCompressionMethod() {
      return __awaiter4(this, void 0, void 0, function* () {
        const versionOutput = yield getVersion("zstd", ["--quiet"]);
-        const version = semver8.clean(versionOutput);
+        const version = semver9.clean(versionOutput);
        core14.debug(`zstd version: ${version}`);
        if (versionOutput === "") {
          return constants_1.CompressionMethod.Gzip;
@@ -77574,7 +77574,7 @@ var require_manifest = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2._readLinuxVersionFile = exports2._getOsVersion = exports2._findMatch = void 0;
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var core_1 = require_core();
    var os = require("os");
    var cp = require("child_process");
@@ -77588,7 +77588,7 @@ var require_manifest = __commonJS({
        for (const candidate of candidates) {
          const version = candidate.version;
          (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`);
-          if (semver8.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
+          if (semver9.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
            file = candidate.files.find((item) => {
              (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
              let chk = item.arch === archFilter && item.platform === platFilter;
@@ -77597,7 +77597,7 @@ var require_manifest = __commonJS({
                if (osVersion === item.platform_version) {
                  chk = true;
                } else {
-                  chk = semver8.satisfies(osVersion, item.platform_version);
+                  chk = semver9.satisfies(osVersion, item.platform_version);
                }
              }
              return chk;
@@ -78528,7 +78528,7 @@ var require_tool_cache = __commonJS({
    var os = __importStar4(require("os"));
    var path6 = __importStar4(require("path"));
    var httpm = __importStar4(require_lib5());
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var stream = __importStar4(require("stream"));
    var util = __importStar4(require("util"));
    var assert_1 = require("assert");
@@ -78802,7 +78802,7 @@ var require_tool_cache = __commonJS({
    }
    function cacheDir(sourceDir, tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch = arch || os.arch();
        core14.debug(`Caching tool ${tool} ${version} ${arch}`);
        core14.debug(`source dir: ${sourceDir}`);
@@ -78821,7 +78821,7 @@ var require_tool_cache = __commonJS({
    exports2.cacheDir = cacheDir;
    function cacheFile(sourceFile, targetFile, tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch = arch || os.arch();
        core14.debug(`Caching tool ${tool} ${version} ${arch}`);
        core14.debug(`source file: ${sourceFile}`);
@@ -78852,7 +78852,7 @@ var require_tool_cache = __commonJS({
      }
      let toolPath = "";
      if (versionSpec) {
-        versionSpec = semver8.clean(versionSpec) || "";
+        versionSpec = semver9.clean(versionSpec) || "";
        const cachePath = path6.join(_getCacheDirectory(), toolName, versionSpec, arch);
        core14.debug(`checking cache: ${cachePath}`);
        if (fs7.existsSync(cachePath) && fs7.existsSync(`${cachePath}.complete`)) {
@@ -78936,7 +78936,7 @@ var require_tool_cache = __commonJS({
    }
    function _createToolPath(tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        const folderPath = path6.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch || "");
+        const folderPath = path6.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch || "");
        core14.debug(`destination ${folderPath}`);
        const markerPath = `${folderPath}.complete`;
        yield io6.rmRF(folderPath);
@@ -78946,15 +78946,15 @@ var require_tool_cache = __commonJS({
      });
    }
    function _completeToolPath(tool, version, arch) {
-      const folderPath = path6.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch || "");
+      const folderPath = path6.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch || "");
      const markerPath = `${folderPath}.complete`;
      fs7.writeFileSync(markerPath, "");
      core14.debug("finished caching tool");
    }
    function isExplicitVersion(versionSpec) {
-      const c = semver8.clean(versionSpec) || "";
+      const c = semver9.clean(versionSpec) || "";
      core14.debug(`isExplicit: ${c}`);
-      const valid3 = semver8.valid(c) != null;
+      const valid3 = semver9.valid(c) != null;
      core14.debug(`explicit? ${valid3}`);
      return valid3;
    }
@@ -78963,14 +78963,14 @@ var require_tool_cache = __commonJS({
      let version = "";
      core14.debug(`evaluating ${versions.length} versions`);
      versions = versions.sort((a, b) => {
-        if (semver8.gt(a, b)) {
+        if (semver9.gt(a, b)) {
          return 1;
        }
        return -1;
      });
      for (let i = versions.length - 1; i >= 0; i--) {
        const potential = versions[i];
-        const satisfied = semver8.satisfies(potential, versionSpec);
+        const satisfied = semver9.satisfies(potential, versionSpec);
        if (satisfied) {
          version = potential;
          break;
@@ -84133,7 +84133,7 @@ var require_brace_expansion2 = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -84183,7 +84183,7 @@ var require_brace_expansion2 = __commonJS({
          var reverse = y < x;
          if (reverse) {
            incr *= -1;
-            test = gte5;
+            test = gte6;
          }
          var pad = n.some(isPadded);
          N = [];
@@ -97488,7 +97488,7 @@ var require_commonjs14 = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand_(str2, isTop) {
@@ -97537,7 +97537,7 @@ var require_commonjs14 = __commonJS({
          const reverse = y < x;
          if (reverse) {
            incr *= -1;
-            test = gte5;
+            test = gte6;
          }
          const pad = n.some(isPadded);
          N = [];
@@ -119751,7 +119751,7 @@ var PACK_IDENTIFIER_PATTERN = (function() {
 })();

 // src/feature-flags.ts
-var semver4 = __toESM(require_semver2());
+var semver5 = __toESM(require_semver2());

 // src/overlay-database-utils.ts
 var fs2 = __toESM(require("fs"));
@@ -119759,13 +119759,38 @@ var path2 = __toESM(require("path"));
 var actionsCache = __toESM(require_cache3());

 // src/git-utils.ts
-var core7 = __toESM(require_core());
+var core8 = __toESM(require_core());
 var toolrunner2 = __toESM(require_toolrunner());
 var io3 = __toESM(require_io2());
+var semver3 = __toESM(require_semver2());
+
+// src/logging.ts
+var core7 = __toESM(require_core());
+function getActionsLogger() {
+  return {
+    debug: core7.debug,
+    info: core7.info,
+    warning: core7.warning,
+    error: core7.error,
+    isDebug: core7.isDebug,
+    startGroup: core7.startGroup,
+    endGroup: core7.endGroup
+  };
+}
+function withGroup(groupName, f) {
+  core7.startGroup(groupName);
+  try {
+    return f();
+  } finally {
+    core7.endGroup();
+  }
+}
+
+// src/git-utils.ts
 var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
  let stdout = "";
  let stderr = "";
-  core7.debug(`Running git command: git ${args.join(" ")}`);
+  core8.debug(`Running git command: git ${args.join(" ")}`);
  try {
    await new toolrunner2.ToolRunner(await io3.which("git", true), args, {
      silent: true,
@@ -119785,7 +119810,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
    if (stderr.includes("not a git repository")) {
      reason = "The checkout path provided to the action does not appear to be a git repository.";
    }
-    core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
+    core8.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
    throw error3;
  }
 };
@@ -119896,7 +119921,7 @@ async function getRef() {
  ) !== head;
  if (hasChangedRef) {
    const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head");
-    core7.debug(
+    core8.debug(
      `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.`
    );
    return newRef;
@@ -119921,28 +119946,6 @@ async function isAnalyzingDefaultBranch() {
  return currentRef === defaultBranch;
 }

-// src/logging.ts
-var core8 = __toESM(require_core());
-function getActionsLogger() {
-  return {
-    debug: core8.debug,
-    info: core8.info,
-    warning: core8.warning,
-    error: core8.error,
-    isDebug: core8.isDebug,
-    startGroup: core8.startGroup,
-    endGroup: core8.endGroup
-  };
-}
-function withGroup(groupName, f) {
-  core8.startGroup(groupName);
-  try {
-    return f();
-  } finally {
-    core8.endGroup();
-  }
-}
-
 // src/overlay-database-utils.ts
 var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
@@ -120005,13 +120008,13 @@ function computeChangedFiles(baseFileOids, overlayFileOids) {
 }

 // src/tools-features.ts
-var semver3 = __toESM(require_semver2());
+var semver4 = __toESM(require_semver2());
 function isSupportedToolsFeature(versionInfo, feature) {
  return !!versionInfo.features && versionInfo.features[feature];
 }
 var SafeArtifactUploadVersion = "2.20.3";
 function isSafeArtifactUpload(codeQlVersion) {
-  return !codeQlVersion ? true : semver3.gte(codeQlVersion, SafeArtifactUploadVersion);
+  return !codeQlVersion ? true : semver4.gte(codeQlVersion, SafeArtifactUploadVersion);
 }

 // src/feature-flags.ts
@@ -120070,6 +120073,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -120286,20 +120294,20 @@ function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) {
 // src/setup-codeql.ts
 var toolcache3 = __toESM(require_tool_cache());
 var import_fast_deep_equal = __toESM(require_fast_deep_equal());
-var semver7 = __toESM(require_semver2());
+var semver8 = __toESM(require_semver2());

 // src/tar.ts
 var import_toolrunner = __toESM(require_toolrunner());
 var io4 = __toESM(require_io2());
 var toolcache = __toESM(require_tool_cache());
-var semver5 = __toESM(require_semver2());
+var semver6 = __toESM(require_semver2());

 // src/tools-download.ts
 var core9 = __toESM(require_core());
 var import_http_client = __toESM(require_lib6());
 var toolcache2 = __toESM(require_tool_cache());
 var import_follow_redirects = __toESM(require_follow_redirects());
-var semver6 = __toESM(require_semver2());
+var semver7 = __toESM(require_semver2());
 var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;

 // src/tracer-config.ts
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -26413,8 +26413,8 @@ var require_gte = __commonJS({
  "node_modules/semver/functions/gte.js"(exports2, module2) {
    "use strict";
    var compare3 = require_compare();
-    var gte5 = (a, b, loose) => compare3(a, b, loose) >= 0;
-    module2.exports = gte5;
+    var gte6 = (a, b, loose) => compare3(a, b, loose) >= 0;
+    module2.exports = gte6;
  }
 });

@@ -26435,7 +26435,7 @@ var require_cmp = __commonJS({
    var eq = require_eq();
    var neq = require_neq();
    var gt = require_gt();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lt = require_lt();
    var lte = require_lte();
    var cmp = (a, op, b, loose) => {
@@ -26465,7 +26465,7 @@ var require_cmp = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -27224,7 +27224,7 @@ var require_outside = __commonJS({
    var gt = require_gt();
    var lt = require_lt();
    var lte = require_lte();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var outside = (version, range, hilo, options) => {
      version = new SemVer(version, options);
      range = new Range2(range, options);
@@ -27239,7 +27239,7 @@ var require_outside = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -27554,7 +27554,7 @@ var require_semver2 = __commonJS({
    var lt = require_lt();
    var eq = require_eq();
    var neq = require_neq();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lte = require_lte();
    var cmp = require_cmp();
    var coerce3 = require_coerce();
@@ -27592,7 +27592,7 @@ var require_semver2 = __commonJS({
      lt,
      eq,
      neq,
-      gte: gte5,
+      gte: gte6,
      lte,
      cmp,
      coerce: coerce3,
@@ -30964,7 +30964,7 @@ var require_brace_expansion = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -31009,7 +31009,7 @@ var require_brace_expansion = __commonJS({
        var reverse = y < x;
        if (reverse) {
          incr *= -1;
-          test = gte5;
+          test = gte6;
        }
        var pad = n.some(isPadded);
        N = [];
@@ -33162,8 +33162,8 @@ var require_semver3 = __commonJS({
    function neq(a, b, loose) {
      return compare3(a, b, loose) !== 0;
    }
-    exports2.gte = gte5;
-    function gte5(a, b, loose) {
+    exports2.gte = gte6;
+    function gte6(a, b, loose) {
      return compare3(a, b, loose) >= 0;
    }
    exports2.lte = lte;
@@ -33194,7 +33194,7 @@ var require_semver3 = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -33739,7 +33739,7 @@ var require_semver3 = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -33940,7 +33940,7 @@ var require_cacheUtils = __commonJS({
    var crypto2 = __importStar4(require("crypto"));
    var fs17 = __importStar4(require("fs"));
    var path16 = __importStar4(require("path"));
-    var semver8 = __importStar4(require_semver3());
+    var semver9 = __importStar4(require_semver3());
    var util = __importStar4(require("util"));
    var constants_1 = require_constants7();
    var versionSalt = "1.0";
@@ -34037,7 +34037,7 @@ var require_cacheUtils = __commonJS({
    function getCompressionMethod() {
      return __awaiter4(this, void 0, void 0, function* () {
        const versionOutput = yield getVersion("zstd", ["--quiet"]);
-        const version = semver8.clean(versionOutput);
+        const version = semver9.clean(versionOutput);
        core15.debug(`zstd version: ${version}`);
        if (versionOutput === "") {
          return constants_1.CompressionMethod.Gzip;
@@ -77574,7 +77574,7 @@ var require_manifest = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2._readLinuxVersionFile = exports2._getOsVersion = exports2._findMatch = void 0;
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var core_1 = require_core();
    var os5 = require("os");
    var cp = require("child_process");
@@ -77588,7 +77588,7 @@ var require_manifest = __commonJS({
        for (const candidate of candidates) {
          const version = candidate.version;
          (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`);
-          if (semver8.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
+          if (semver9.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
            file = candidate.files.find((item) => {
              (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
              let chk = item.arch === archFilter && item.platform === platFilter;
@@ -77597,7 +77597,7 @@ var require_manifest = __commonJS({
                if (osVersion === item.platform_version) {
                  chk = true;
                } else {
-                  chk = semver8.satisfies(osVersion, item.platform_version);
+                  chk = semver9.satisfies(osVersion, item.platform_version);
                }
              }
              return chk;
@@ -78528,7 +78528,7 @@ var require_tool_cache = __commonJS({
    var os5 = __importStar4(require("os"));
    var path16 = __importStar4(require("path"));
    var httpm = __importStar4(require_lib5());
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var stream2 = __importStar4(require("stream"));
    var util = __importStar4(require("util"));
    var assert_1 = require("assert");
@@ -78802,7 +78802,7 @@ var require_tool_cache = __commonJS({
    }
    function cacheDir(sourceDir, tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch2 = arch2 || os5.arch();
        core15.debug(`Caching tool ${tool} ${version} ${arch2}`);
        core15.debug(`source dir: ${sourceDir}`);
@@ -78821,7 +78821,7 @@ var require_tool_cache = __commonJS({
    exports2.cacheDir = cacheDir;
    function cacheFile(sourceFile, targetFile, tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch2 = arch2 || os5.arch();
        core15.debug(`Caching tool ${tool} ${version} ${arch2}`);
        core15.debug(`source file: ${sourceFile}`);
@@ -78852,7 +78852,7 @@ var require_tool_cache = __commonJS({
      }
      let toolPath = "";
      if (versionSpec) {
-        versionSpec = semver8.clean(versionSpec) || "";
+        versionSpec = semver9.clean(versionSpec) || "";
        const cachePath = path16.join(_getCacheDirectory(), toolName, versionSpec, arch2);
        core15.debug(`checking cache: ${cachePath}`);
        if (fs17.existsSync(cachePath) && fs17.existsSync(`${cachePath}.complete`)) {
@@ -78936,7 +78936,7 @@ var require_tool_cache = __commonJS({
    }
    function _createToolPath(tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        const folderPath = path16.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch2 || "");
+        const folderPath = path16.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
        core15.debug(`destination ${folderPath}`);
        const markerPath = `${folderPath}.complete`;
        yield io7.rmRF(folderPath);
@@ -78946,15 +78946,15 @@ var require_tool_cache = __commonJS({
      });
    }
    function _completeToolPath(tool, version, arch2) {
-      const folderPath = path16.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch2 || "");
+      const folderPath = path16.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
      const markerPath = `${folderPath}.complete`;
      fs17.writeFileSync(markerPath, "");
      core15.debug("finished caching tool");
    }
    function isExplicitVersion(versionSpec) {
-      const c = semver8.clean(versionSpec) || "";
+      const c = semver9.clean(versionSpec) || "";
      core15.debug(`isExplicit: ${c}`);
-      const valid3 = semver8.valid(c) != null;
+      const valid3 = semver9.valid(c) != null;
      core15.debug(`explicit? ${valid3}`);
      return valid3;
    }
@@ -78963,14 +78963,14 @@ var require_tool_cache = __commonJS({
      let version = "";
      core15.debug(`evaluating ${versions.length} versions`);
      versions = versions.sort((a, b) => {
-        if (semver8.gt(a, b)) {
+        if (semver9.gt(a, b)) {
          return 1;
        }
        return -1;
      });
      for (let i = versions.length - 1; i >= 0; i--) {
        const potential = versions[i];
-        const satisfied = semver8.satisfies(potential, versionSpec);
+        const satisfied = semver9.satisfies(potential, versionSpec);
        if (satisfied) {
          version = potential;
          break;
@@ -87925,7 +87925,7 @@ function wrapApiConfigurationError(e) {

 // src/codeql.ts
 var fs11 = __toESM(require("fs"));
-var path10 = __toESM(require("path"));
+var path11 = __toESM(require("path"));
 var core10 = __toESM(require_core());
 var toolrunner3 = __toESM(require_toolrunner());

@@ -88171,7 +88171,7 @@ function wrapCliConfigurationError(cliError) {

 // src/config-utils.ts
 var fs6 = __toESM(require("fs"));
-var path6 = __toESM(require("path"));
+var path7 = __toESM(require("path"));

 // src/caching-utils.ts
 var crypto = __toESM(require("crypto"));
@@ -88203,12 +88203,12 @@ var PACK_IDENTIFIER_PATTERN = (function() {

 // src/diff-informed-analysis-utils.ts
 var fs5 = __toESM(require("fs"));
-var path5 = __toESM(require("path"));
+var path6 = __toESM(require("path"));

 // src/feature-flags.ts
 var fs4 = __toESM(require("fs"));
-var path4 = __toESM(require("path"));
-var semver4 = __toESM(require_semver2());
+var path5 = __toESM(require("path"));
+var semver5 = __toESM(require_semver2());

 // src/defaults.json
 var bundleVersion = "codeql-bundle-v2.23.8";
@@ -88216,17 +88216,100 @@ var cliVersion = "2.23.8";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
-var path3 = __toESM(require("path"));
+var path4 = __toESM(require("path"));
 var actionsCache = __toESM(require_cache3());

 // src/git-utils.ts
-var core7 = __toESM(require_core());
+var core8 = __toESM(require_core());
 var toolrunner2 = __toESM(require_toolrunner());
 var io3 = __toESM(require_io2());
+var semver3 = __toESM(require_semver2());
+
+// src/diagnostics.ts
+var import_fs = require("fs");
+var import_path = __toESM(require("path"));
+
+// src/logging.ts
+var core7 = __toESM(require_core());
+function getActionsLogger() {
+  return {
+    debug: core7.debug,
+    info: core7.info,
+    warning: core7.warning,
+    error: core7.error,
+    isDebug: core7.isDebug,
+    startGroup: core7.startGroup,
+    endGroup: core7.endGroup
+  };
+}
+async function withGroupAsync(groupName, f) {
+  core7.startGroup(groupName);
+  try {
+    return await f();
+  } finally {
+    core7.endGroup();
+  }
+}
+function formatDuration(durationMs) {
+  if (durationMs < 1e3) {
+    return `${durationMs}ms`;
+  }
+  if (durationMs < 60 * 1e3) {
+    return `${(durationMs / 1e3).toFixed(1)}s`;
+  }
+  const minutes = Math.floor(durationMs / (60 * 1e3));
+  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
+  return `${minutes}m${seconds}s`;
+}
+
+// src/diagnostics.ts
+var unwrittenDiagnostics = [];
+function makeDiagnostic(id, name, data = void 0) {
+  return {
+    ...data,
+    timestamp: data?.timestamp ?? (/* @__PURE__ */ new Date()).toISOString(),
+    source: { ...data?.source, id, name }
+  };
+}
+function addDiagnostic(config, language, diagnostic) {
+  const logger = getActionsLogger();
+  const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation;
+  if ((0, import_fs.existsSync)(databasePath)) {
+    writeDiagnostic(config, language, diagnostic);
+  } else {
+    logger.debug(
+      `Writing a diagnostic for ${language}, but the database at ${databasePath} does not exist yet.`
+    );
+    unwrittenDiagnostics.push({ diagnostic, language });
+  }
+}
+function writeDiagnostic(config, language, diagnostic) {
+  const logger = getActionsLogger();
+  const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation;
+  const diagnosticsPath = import_path.default.resolve(
+    databasePath,
+    "diagnostic",
+    "codeql-action"
+  );
+  try {
+    (0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true });
+    const jsonPath = import_path.default.resolve(
+      diagnosticsPath,
+      // Remove colons from the timestamp as these are not allowed in Windows filenames.
+      `codeql-action-${diagnostic.timestamp.replaceAll(":", "")}.json`
+    );
+    (0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic));
+  } catch (err) {
+    logger.warning(`Unable to write diagnostic message to database: ${err}`);
+    logger.debug(JSON.stringify(diagnostic));
+  }
+}
+
+// src/git-utils.ts
 var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
  let stdout = "";
  let stderr = "";
-  core7.debug(`Running git command: git ${args.join(" ")}`);
+  core8.debug(`Running git command: git ${args.join(" ")}`);
  try {
    await new toolrunner2.ToolRunner(await io3.which("git", true), args, {
      silent: true,
@@ -88246,7 +88329,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
    if (stderr.includes("not a git repository")) {
      reason = "The checkout path provided to the action does not appear to be a git repository.";
    }
-    core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
+    core8.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
    throw error3;
  }
 };
@@ -88391,7 +88474,7 @@ async function getRef() {
  ) !== head;
  if (hasChangedRef) {
    const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head");
-    core7.debug(
+    core8.debug(
      `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.`
    );
    return newRef;
@@ -88416,39 +88499,6 @@ async function isAnalyzingDefaultBranch() {
  return currentRef === defaultBranch;
 }

-// src/logging.ts
-var core8 = __toESM(require_core());
-function getActionsLogger() {
-  return {
-    debug: core8.debug,
-    info: core8.info,
-    warning: core8.warning,
-    error: core8.error,
-    isDebug: core8.isDebug,
-    startGroup: core8.startGroup,
-    endGroup: core8.endGroup
-  };
-}
-async function withGroupAsync(groupName, f) {
-  core8.startGroup(groupName);
-  try {
-    return await f();
-  } finally {
-    core8.endGroup();
-  }
-}
-function formatDuration(durationMs) {
-  if (durationMs < 1e3) {
-    return `${durationMs}ms`;
-  }
-  if (durationMs < 60 * 1e3) {
-    return `${(durationMs / 1e3).toFixed(1)}s`;
-  }
-  const minutes = Math.floor(durationMs / (60 * 1e3));
-  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
-  return `${minutes}m${seconds}s`;
-}
-
 // src/overlay-database-utils.ts
 var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
@@ -88475,7 +88525,7 @@ async function readBaseDatabaseOidsFile(config, logger) {
  }
 }
 function getBaseDatabaseOidsFilePath(config) {
-  return path3.join(config.dbLocation, "base-database-oids.json");
+  return path4.join(config.dbLocation, "base-database-oids.json");
 }
 async function writeOverlayChangesFile(config, sourceRoot, logger) {
  const baseFileOids = await readBaseDatabaseOidsFile(config, logger);
@@ -88485,7 +88535,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) {
    `Found ${changedFiles.length} changed file(s) under ${sourceRoot}.`
  );
  const changedFilesJson = JSON.stringify({ changes: changedFiles });
-  const overlayChangesFile = path3.join(
+  const overlayChangesFile = path4.join(
    getTemporaryDirectory(),
    "overlay-changes.json"
  );
@@ -88646,7 +88696,7 @@ async function getCacheRestoreKeyPrefix(config, codeQlVersion) {
 }

 // src/tools-features.ts
-var semver3 = __toESM(require_semver2());
+var semver4 = __toESM(require_semver2());
 function isSupportedToolsFeature(versionInfo, feature) {
  return !!versionInfo.features && versionInfo.features[feature];
 }
@@ -88710,6 +88760,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -88855,7 +88910,7 @@ var Features = class {
    this.gitHubFeatureFlags = new GitHubFeatureFlags(
      gitHubVersion,
      repositoryNwo,
-      path4.join(tempDir, FEATURE_FLAGS_FILE_NAME),
+      path5.join(tempDir, FEATURE_FLAGS_FILE_NAME),
      logger
    );
  }
@@ -88954,7 +89009,7 @@ var GitHubFeatureFlags = class {
      DEFAULT_VERSION_FEATURE_FLAG_PREFIX.length,
      f.length - DEFAULT_VERSION_FEATURE_FLAG_SUFFIX.length
    ).replace(/_/g, ".");
-    if (!semver4.valid(version)) {
+    if (!semver5.valid(version)) {
      this.logger.warning(
        `Ignoring feature flag ${f} as it does not specify a valid CodeQL version.`
      );
@@ -89135,7 +89190,7 @@ async function getDiffInformedAnalysisBranches(codeql, features, logger) {
  return branches;
 }
 function getDiffRangesJsonFilePath() {
-  return path5.join(getTemporaryDirectory(), "pr-diff-range.json");
+  return path6.join(getTemporaryDirectory(), "pr-diff-range.json");
 }
 function writeDiffRangesJsonFile(logger, ranges) {
  const jsonContents = JSON.stringify(ranges, null, 2);
@@ -89215,7 +89270,7 @@ Error Response: ${JSON.stringify(error3.response, null, 2)}`
  }
 }
 function getDiffRanges(fileDiff, logger) {
-  const filename = path5.join(getRequiredInput("checkout_path"), fileDiff.filename).replaceAll(path5.sep, "/");
+  const filename = path6.join(getRequiredInput("checkout_path"), fileDiff.filename).replaceAll(path6.sep, "/");
  if (fileDiff.patch === void 0) {
    if (fileDiff.changes === 0) {
      return [];
@@ -89422,7 +89477,7 @@ var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = {
  swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */
 };
 function getPathToParsedConfigFile(tempDir) {
-  return path6.join(tempDir, "config");
+  return path7.join(tempDir, "config");
 }
 async function getConfig(tempDir, logger) {
  const configFile = getPathToParsedConfigFile(tempDir);
@@ -89478,10 +89533,10 @@ function getPrimaryAnalysisConfig(config) {

 // src/setup-codeql.ts
 var fs9 = __toESM(require("fs"));
-var path8 = __toESM(require("path"));
+var path9 = __toESM(require("path"));
 var toolcache3 = __toESM(require_tool_cache());
 var import_fast_deep_equal = __toESM(require_fast_deep_equal());
-var semver7 = __toESM(require_semver2());
+var semver8 = __toESM(require_semver2());

 // node_modules/uuid/dist-node/stringify.js
 var byteToHex = [];
@@ -89544,7 +89599,7 @@ var stream = __toESM(require("stream"));
 var import_toolrunner = __toESM(require_toolrunner());
 var io4 = __toESM(require_io2());
 var toolcache = __toESM(require_tool_cache());
-var semver5 = __toESM(require_semver2());
+var semver6 = __toESM(require_semver2());
 var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3";
 var MIN_REQUIRED_GNU_TAR_VERSION = "1.31";
 async function getTarVersion() {
@@ -89586,9 +89641,9 @@ async function isZstdAvailable(logger) {
      case "gnu":
        return {
          available: foundZstdBinary && // GNU tar only uses major and minor version numbers
-          semver5.gte(
-            semver5.coerce(version),
-            semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
+          semver6.gte(
+            semver6.coerce(version),
+            semver6.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
          ),
          foundZstdBinary,
          version: tarVersion
@@ -89597,7 +89652,7 @@ async function isZstdAvailable(logger) {
        return {
          available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain
          // a patch version number.
-          semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
+          semver6.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
          foundZstdBinary,
          version: tarVersion
        };
@@ -89698,13 +89753,13 @@ function inferCompressionMethod(tarPath) {
 // src/tools-download.ts
 var fs8 = __toESM(require("fs"));
 var os2 = __toESM(require("os"));
-var path7 = __toESM(require("path"));
+var path8 = __toESM(require("path"));
 var import_perf_hooks = require("perf_hooks");
 var core9 = __toESM(require_core());
 var import_http_client = __toESM(require_lib6());
 var toolcache2 = __toESM(require_tool_cache());
 var import_follow_redirects = __toESM(require_follow_redirects());
-var semver6 = __toESM(require_semver2());
+var semver7 = __toESM(require_semver2());
 var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;
 var TOOLCACHE_TOOL_NAME = "CodeQL";
 function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) {
@@ -89831,10 +89886,10 @@ async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorizatio
  await extractTarZst(response, dest, tarVersion, logger);
 }
 function getToolcacheDirectory(version) {
-  return path7.join(
+  return path8.join(
    getRequiredEnvParam("RUNNER_TOOL_CACHE"),
    TOOLCACHE_TOOL_NAME,
-    semver6.clean(version) || version,
+    semver7.clean(version) || version,
    os2.arch() || ""
  );
 }
@@ -89959,13 +90014,13 @@ function tryGetTagNameFromUrl(url2, logger) {
  return match[1];
 }
 function convertToSemVer(version, logger) {
-  if (!semver7.valid(version)) {
+  if (!semver8.valid(version)) {
    logger.debug(
      `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`
    );
    version = `0.0.0-${version}`;
  }
-  const s = semver7.clean(version);
+  const s = semver8.clean(version);
  if (!s) {
    throw new Error(`Bundle version ${version} is not in SemVer format.`);
  }
@@ -89975,7 +90030,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) {
  const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({
    folder: toolcache3.find("CodeQL", version),
    version
-  })).filter(({ folder }) => fs9.existsSync(path8.join(folder, "pinned-version")));
+  })).filter(({ folder }) => fs9.existsSync(path9.join(folder, "pinned-version")));
  if (candidates.length === 1) {
    const candidate = candidates[0];
    logger.debug(
@@ -90073,7 +90128,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
    url2 = toolsInput;
    if (tagName) {
      const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger);
-      if (bundleVersion3 && semver7.valid(bundleVersion3)) {
+      if (bundleVersion3 && semver8.valid(bundleVersion3)) {
        cliVersion2 = convertToSemVer(bundleVersion3, logger);
      }
    }
@@ -90344,11 +90399,11 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau
 async function useZstdBundle(cliVersion2, tarSupportsZstd) {
  return (
    // In testing, gzip performs better than zstd on Windows.
-    process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
+    process.platform !== "win32" && tarSupportsZstd && semver8.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
  );
 }
 function getTempExtractionDir(tempDir) {
-  return path8.join(tempDir, v4_default());
+  return path9.join(tempDir, v4_default());
 }
 async function getNightlyToolsUrl(logger) {
  const zstdAvailability = await isZstdAvailable(logger);
@@ -90376,7 +90431,7 @@ async function getNightlyToolsUrl(logger) {
  }
 }
 function getLatestToolcacheVersion(logger) {
-  const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver7.compare(b, a));
+  const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver8.compare(b, a));
  logger.debug(
    `Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify(
      allVersions
@@ -90397,7 +90452,7 @@ function isReservedToolsValue(tools) {

 // src/tracer-config.ts
 var fs10 = __toESM(require("fs"));
-var path9 = __toESM(require("path"));
+var path10 = __toESM(require("path"));
 async function shouldEnableIndirectTracing(codeql, config) {
  if (config.buildMode === "none" /* None */) {
    return false;
@@ -90412,7 +90467,7 @@ async function endTracingForCluster(codeql, config, logger) {
  logger.info(
    "Unsetting build tracing environment variables. Subsequent steps of this job will not be traced."
  );
-  const envVariablesFile = path9.resolve(
+  const envVariablesFile = path10.resolve(
    config.dbLocation,
    "temp/tracingEnvironment/end-tracing.json"
  );
@@ -90469,7 +90524,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
        toolsDownloadStatusReport
      )}`
    );
-    let codeqlCmd = path10.join(codeqlFolder, "codeql", "codeql");
+    let codeqlCmd = path11.join(codeqlFolder, "codeql", "codeql");
    if (process.platform === "win32") {
      codeqlCmd += ".exe";
    } else if (process.platform !== "linux" && process.platform !== "darwin") {
@@ -90531,7 +90586,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
    },
    async isTracedLanguage(language) {
      const extractorPath = await this.resolveExtractor(language);
-      const tracingConfigPath = path10.join(
+      const tracingConfigPath = path11.join(
        extractorPath,
        "tools",
        "tracing-config.lua"
@@ -90607,7 +90662,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
    },
    async runAutobuild(config, language) {
      applyAutobuildAzurePipelinesTimeoutFix();
-      const autobuildCmd = path10.join(
+      const autobuildCmd = path11.join(
        await this.resolveExtractor(language),
        "tools",
        process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh"
@@ -91030,7 +91085,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) {
  ];
 }
 function getGeneratedCodeScanningConfigPath(config) {
-  return path10.resolve(config.tempDir, "user-config.yaml");
+  return path11.resolve(config.tempDir, "user-config.yaml");
 }
 function getExtractionVerbosityArguments(enableDebugLogging) {
  return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : [];
@@ -91098,31 +91153,31 @@ async function runAutobuild(config, language, logger) {

 // src/dependency-caching.ts
 var os3 = __toESM(require("os"));
-var import_path = require("path");
+var import_path2 = require("path");
 var actionsCache3 = __toESM(require_cache3());
 var glob = __toESM(require_glob2());
 var CODEQL_DEPENDENCY_CACHE_PREFIX = "codeql-dependencies";
 var CODEQL_DEPENDENCY_CACHE_VERSION = 1;
 function getJavaTempDependencyDir() {
-  return (0, import_path.join)(getTemporaryDirectory(), "codeql_java", "repository");
+  return (0, import_path2.join)(getTemporaryDirectory(), "codeql_java", "repository");
 }
 async function getJavaDependencyDirs() {
  return [
    // Maven
-    (0, import_path.join)(os3.homedir(), ".m2", "repository"),
+    (0, import_path2.join)(os3.homedir(), ".m2", "repository"),
    // Gradle
-    (0, import_path.join)(os3.homedir(), ".gradle", "caches"),
+    (0, import_path2.join)(os3.homedir(), ".gradle", "caches"),
    // CodeQL Java build-mode: none
    getJavaTempDependencyDir()
  ];
 }
 function getCsharpTempDependencyDir() {
-  return (0, import_path.join)(getTemporaryDirectory(), "codeql_csharp", "repository");
+  return (0, import_path2.join)(getTemporaryDirectory(), "codeql_csharp", "repository");
 }
 async function getCsharpDependencyDirs(codeql, features) {
  const dirs = [
    // Nuget
-    (0, import_path.join)(os3.homedir(), ".nuget", "packages")
+    (0, import_path2.join)(os3.homedir(), ".nuget", "packages")
  ];
  if (await features.getValue("csharp_cache_bmn" /* CsharpCacheBuildModeNone */, codeql)) {
    dirs.push(getCsharpTempDependencyDir());
@@ -91177,7 +91232,7 @@ var defaultCacheConfigs = {
    getHashPatterns: getCsharpHashPatterns
  },
  go: {
-    getDependencyPaths: async () => [(0, import_path.join)(os3.homedir(), "go", "pkg", "mod")],
+    getDependencyPaths: async () => [(0, import_path2.join)(os3.homedir(), "go", "pkg", "mod")],
    getHashPatterns: async () => internal.makePatternCheck(["**/go.sum"])
  }
 };
@@ -91273,7 +91328,15 @@ async function getFeaturePrefix(codeql, features, language) {
      enabledFeatures.push(feature);
    }
  };
-  if (language === "csharp" /* csharp */) {
+  if (language === "java" /* java */) {
+    const minimizeJavaJars = await features.getValue(
+      "java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */,
+      codeql
+    );
+    if (minimizeJavaJars) {
+      return "minify-";
+    }
+  } else if (language === "csharp" /* csharp */) {
    await addFeatureIfEnabled("csharp_new_cache_key" /* CsharpNewCacheKey */);
    await addFeatureIfEnabled("csharp_cache_bmn" /* CsharpCacheBuildModeNone */);
  }
@@ -91290,57 +91353,16 @@ async function cachePrefix2(codeql, features, language) {
    prefix = `${prefix}-${customPrefix}`;
  }
  const featurePrefix = await getFeaturePrefix(codeql, features, language);
-  return `${prefix}-${featurePrefix}${CODEQL_DEPENDENCY_CACHE_VERSION}-${runnerOs}-${language}-`;
+  if (featurePrefix === "minify-") {
+    return `${featurePrefix}${prefix}-${CODEQL_DEPENDENCY_CACHE_VERSION}-${runnerOs}-${language}-`;
+  } else {
+    return `${prefix}-${featurePrefix}${CODEQL_DEPENDENCY_CACHE_VERSION}-${runnerOs}-${language}-`;
+  }
 }
 var internal = {
  makePatternCheck
 };

-// src/diagnostics.ts
-var import_fs = require("fs");
-var import_path2 = __toESM(require("path"));
-var unwrittenDiagnostics = [];
-function makeDiagnostic(id, name, data = void 0) {
-  return {
-    ...data,
-    timestamp: data?.timestamp ?? (/* @__PURE__ */ new Date()).toISOString(),
-    source: { ...data?.source, id, name }
-  };
-}
-function addDiagnostic(config, language, diagnostic) {
-  const logger = getActionsLogger();
-  const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation;
-  if ((0, import_fs.existsSync)(databasePath)) {
-    writeDiagnostic(config, language, diagnostic);
-  } else {
-    logger.debug(
-      `Writing a diagnostic for ${language}, but the database at ${databasePath} does not exist yet.`
-    );
-    unwrittenDiagnostics.push({ diagnostic, language });
-  }
-}
-function writeDiagnostic(config, language, diagnostic) {
-  const logger = getActionsLogger();
-  const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation;
-  const diagnosticsPath = import_path2.default.resolve(
-    databasePath,
-    "diagnostic",
-    "codeql-action"
-  );
-  try {
-    (0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true });
-    const jsonPath = import_path2.default.resolve(
-      diagnosticsPath,
-      // Remove colons from the timestamp as these are not allowed in Windows filenames.
-      `codeql-action-${diagnostic.timestamp.replaceAll(":", "")}.json`
-    );
-    (0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic));
-  } catch (err) {
-    logger.warning(`Unable to write diagnostic message to database: ${err}`);
-    logger.debug(JSON.stringify(diagnostic));
-  }
-}
-
 // src/analyze.ts
 var CodeQLAnalysisError = class extends Error {
  constructor(queriesStatusReport, message, error3) {
@@ -91722,28 +91744,27 @@ var fs13 = __toESM(require("fs"));
 async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetails, features, logger) {
  if (getRequiredInput("upload-database") !== "true") {
    logger.debug("Database upload disabled in workflow. Skipping upload.");
-    return [];
+    return;
  }
  if (!config.analysisKinds.includes("code-scanning" /* CodeScanning */)) {
    logger.debug(
      `Not uploading database because 'analysis-kinds: ${"code-scanning" /* CodeScanning */}' is not enabled.`
    );
-    return [];
+    return;
  }
  if (isInTestMode()) {
    logger.debug("In test mode. Skipping database upload.");
-    return [];
+    return;
  }
  if (config.gitHubVersion.type !== "GitHub.com" /* DOTCOM */ && config.gitHubVersion.type !== "GitHub Enterprise Cloud with data residency" /* GHEC_DR */) {
    logger.debug("Not running against github.com or GHEC-DR. Skipping upload.");
-    return [];
+    return;
  }
  if (!await isAnalyzingDefaultBranch()) {
    logger.debug("Not analyzing default branch. Skipping upload.");
-    return [];
+    return;
  }
-  const shouldUploadOverlayBase = config.overlayDatabaseMode === "overlay-base" /* OverlayBase */ && await features.getValue("upload_overlay_db_to_api" /* UploadOverlayDbToApi */);
-  const cleanupLevel = shouldUploadOverlayBase ? "overlay" /* Overlay */ : "clear" /* Clear */;
+  const cleanupLevel = config.overlayDatabaseMode === "overlay-base" /* OverlayBase */ && await features.getValue("upload_overlay_db_to_api" /* UploadOverlayDbToApi */) ? "overlay" /* Overlay */ : "clear" /* Clear */;
  await withGroupAsync("Cleaning up databases", async () => {
    await codeql.databaseCleanupCluster(config, cleanupLevel);
  });
@@ -91754,7 +91775,6 @@ async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetai
  if (uploadsBaseUrl.endsWith("/")) {
    uploadsBaseUrl = uploadsBaseUrl.slice(0, -1);
  }
-  const reports = [];
  for (const language of config.languages) {
    try {
      const bundledDb = await bundleDb(config, language, codeql, language);
@@ -91764,7 +91784,6 @@ async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetai
        getRequiredInput("checkout_path")
      );
      try {
-        const startTime = performance.now();
        await client.request(
          `POST /repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid`,
          {
@@ -91782,28 +91801,14 @@ async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetai
            }
          }
        );
-        const endTime = performance.now();
-        reports.push({
-          language,
-          zipped_upload_size_bytes: bundledDbSize,
-          is_overlay_base: shouldUploadOverlayBase,
-          upload_duration_ms: endTime - startTime
-        });
        logger.debug(`Successfully uploaded database for ${language}`);
      } finally {
        bundledDbReadStream.close();
      }
    } catch (e) {
-      logger.warning(
-        `Failed to upload database for ${language}: ${getErrorMessage(e)}`
-      );
-      reports.push({
-        language,
-        error: getErrorMessage(e)
-      });
+      logger.warning(`Failed to upload database for ${language}: ${e}`);
    }
  }
-  return reports;
 }

 // src/status-report.ts
@@ -93817,7 +93822,7 @@ async function postProcessAndUploadSarif(logger, features, uploadKind, checkoutP
 }

 // src/analyze-action.ts
-async function sendStatusReport2(startedAt, config, stats, error3, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanup, dependencyCacheResults, databaseUploadResults, logger) {
+async function sendStatusReport2(startedAt, config, stats, error3, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanup, dependencyCacheResults, logger) {
  const status = getActionsStatus(error3, stats?.analyze_failure_language);
  const statusReportBase = await createStatusReportBase(
    "finish" /* Analyze */,
@@ -93835,8 +93840,7 @@ async function sendStatusReport2(startedAt, config, stats, error3, trapCacheUplo
      ...stats || {},
      ...dbCreationTimings || {},
      ...trapCacheCleanup || {},
-      dependency_caching_upload_results: dependencyCacheResults,
-      database_upload_results: databaseUploadResults
+      dependency_caching_upload_results: dependencyCacheResults
    };
    if (config && didUploadTrapCaches) {
      const trapCacheUploadStatusReport = {
@@ -93918,7 +93922,6 @@ async function run() {
  let dbCreationTimings = void 0;
  let didUploadTrapCaches = false;
  let dependencyCacheResults;
-  let databaseUploadResults = [];
  initializeEnvironment(getActionVersion());
  persistInputs();
  const logger = getActionsLogger();
@@ -94048,7 +94051,7 @@ async function run() {
      logger.info("Not uploading results");
    }
    await cleanupAndUploadOverlayBaseDatabaseToCache(codeql, config, logger);
-    databaseUploadResults = await cleanupAndUploadDatabases(
+    await cleanupAndUploadDatabases(
      repositoryNwo,
      codeql,
      config,
@@ -94102,7 +94105,6 @@ async function run() {
      didUploadTrapCaches,
      trapCacheCleanupTelemetry,
      dependencyCacheResults,
-      databaseUploadResults,
      logger
    );
    return;
@@ -94121,7 +94123,6 @@ async function run() {
      didUploadTrapCaches,
      trapCacheCleanupTelemetry,
      dependencyCacheResults,
-      databaseUploadResults,
      logger
    );
  } else if (runStats !== void 0) {
@@ -94135,7 +94136,6 @@ async function run() {
      didUploadTrapCaches,
      trapCacheCleanupTelemetry,
      dependencyCacheResults,
-      databaseUploadResults,
      logger
    );
  } else {
@@ -94149,7 +94149,6 @@ async function run() {
      didUploadTrapCaches,
      trapCacheCleanupTelemetry,
      dependencyCacheResults,
-      databaseUploadResults,
      logger
    );
  }
--- a/lib/autobuild-action.js
+++ b/lib/autobuild-action.js
@@ -26413,8 +26413,8 @@ var require_gte = __commonJS({
  "node_modules/semver/functions/gte.js"(exports2, module2) {
    "use strict";
    var compare2 = require_compare();
-    var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0;
-    module2.exports = gte5;
+    var gte6 = (a, b, loose) => compare2(a, b, loose) >= 0;
+    module2.exports = gte6;
  }
 });

@@ -26435,7 +26435,7 @@ var require_cmp = __commonJS({
    var eq = require_eq();
    var neq = require_neq();
    var gt = require_gt();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lt = require_lt();
    var lte = require_lte();
    var cmp = (a, op, b, loose) => {
@@ -26465,7 +26465,7 @@ var require_cmp = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -27224,7 +27224,7 @@ var require_outside = __commonJS({
    var gt = require_gt();
    var lt = require_lt();
    var lte = require_lte();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var outside = (version, range, hilo, options) => {
      version = new SemVer(version, options);
      range = new Range2(range, options);
@@ -27239,7 +27239,7 @@ var require_outside = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -27554,7 +27554,7 @@ var require_semver2 = __commonJS({
    var lt = require_lt();
    var eq = require_eq();
    var neq = require_neq();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lte = require_lte();
    var cmp = require_cmp();
    var coerce3 = require_coerce();
@@ -27592,7 +27592,7 @@ var require_semver2 = __commonJS({
      lt,
      eq,
      neq,
-      gte: gte5,
+      gte: gte6,
      lte,
      cmp,
      coerce: coerce3,
@@ -30964,7 +30964,7 @@ var require_brace_expansion = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -31009,7 +31009,7 @@ var require_brace_expansion = __commonJS({
        var reverse = y < x;
        if (reverse) {
          incr *= -1;
-          test = gte5;
+          test = gte6;
        }
        var pad = n.some(isPadded);
        N = [];
@@ -33162,8 +33162,8 @@ var require_semver3 = __commonJS({
    function neq(a, b, loose) {
      return compare2(a, b, loose) !== 0;
    }
-    exports2.gte = gte5;
-    function gte5(a, b, loose) {
+    exports2.gte = gte6;
+    function gte6(a, b, loose) {
      return compare2(a, b, loose) >= 0;
    }
    exports2.lte = lte;
@@ -33194,7 +33194,7 @@ var require_semver3 = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -33739,7 +33739,7 @@ var require_semver3 = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -33940,7 +33940,7 @@ var require_cacheUtils = __commonJS({
    var crypto = __importStar4(require("crypto"));
    var fs7 = __importStar4(require("fs"));
    var path7 = __importStar4(require("path"));
-    var semver8 = __importStar4(require_semver3());
+    var semver9 = __importStar4(require_semver3());
    var util = __importStar4(require("util"));
    var constants_1 = require_constants7();
    var versionSalt = "1.0";
@@ -34037,7 +34037,7 @@ var require_cacheUtils = __commonJS({
    function getCompressionMethod() {
      return __awaiter4(this, void 0, void 0, function* () {
        const versionOutput = yield getVersion("zstd", ["--quiet"]);
-        const version = semver8.clean(versionOutput);
+        const version = semver9.clean(versionOutput);
        core14.debug(`zstd version: ${version}`);
        if (versionOutput === "") {
          return constants_1.CompressionMethod.Gzip;
@@ -77574,7 +77574,7 @@ var require_manifest = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2._readLinuxVersionFile = exports2._getOsVersion = exports2._findMatch = void 0;
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var core_1 = require_core();
    var os2 = require("os");
    var cp = require("child_process");
@@ -77588,7 +77588,7 @@ var require_manifest = __commonJS({
        for (const candidate of candidates) {
          const version = candidate.version;
          (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`);
-          if (semver8.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
+          if (semver9.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
            file = candidate.files.find((item) => {
              (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
              let chk = item.arch === archFilter && item.platform === platFilter;
@@ -77597,7 +77597,7 @@ var require_manifest = __commonJS({
                if (osVersion === item.platform_version) {
                  chk = true;
                } else {
-                  chk = semver8.satisfies(osVersion, item.platform_version);
+                  chk = semver9.satisfies(osVersion, item.platform_version);
                }
              }
              return chk;
@@ -78528,7 +78528,7 @@ var require_tool_cache = __commonJS({
    var os2 = __importStar4(require("os"));
    var path7 = __importStar4(require("path"));
    var httpm = __importStar4(require_lib5());
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var stream = __importStar4(require("stream"));
    var util = __importStar4(require("util"));
    var assert_1 = require("assert");
@@ -78802,7 +78802,7 @@ var require_tool_cache = __commonJS({
    }
    function cacheDir(sourceDir, tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch = arch || os2.arch();
        core14.debug(`Caching tool ${tool} ${version} ${arch}`);
        core14.debug(`source dir: ${sourceDir}`);
@@ -78821,7 +78821,7 @@ var require_tool_cache = __commonJS({
    exports2.cacheDir = cacheDir;
    function cacheFile(sourceFile, targetFile, tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch = arch || os2.arch();
        core14.debug(`Caching tool ${tool} ${version} ${arch}`);
        core14.debug(`source file: ${sourceFile}`);
@@ -78852,7 +78852,7 @@ var require_tool_cache = __commonJS({
      }
      let toolPath = "";
      if (versionSpec) {
-        versionSpec = semver8.clean(versionSpec) || "";
+        versionSpec = semver9.clean(versionSpec) || "";
        const cachePath = path7.join(_getCacheDirectory(), toolName, versionSpec, arch);
        core14.debug(`checking cache: ${cachePath}`);
        if (fs7.existsSync(cachePath) && fs7.existsSync(`${cachePath}.complete`)) {
@@ -78936,7 +78936,7 @@ var require_tool_cache = __commonJS({
    }
    function _createToolPath(tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        const folderPath = path7.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch || "");
+        const folderPath = path7.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch || "");
        core14.debug(`destination ${folderPath}`);
        const markerPath = `${folderPath}.complete`;
        yield io5.rmRF(folderPath);
@@ -78946,15 +78946,15 @@ var require_tool_cache = __commonJS({
      });
    }
    function _completeToolPath(tool, version, arch) {
-      const folderPath = path7.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch || "");
+      const folderPath = path7.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch || "");
      const markerPath = `${folderPath}.complete`;
      fs7.writeFileSync(markerPath, "");
      core14.debug("finished caching tool");
    }
    function isExplicitVersion(versionSpec) {
-      const c = semver8.clean(versionSpec) || "";
+      const c = semver9.clean(versionSpec) || "";
      core14.debug(`isExplicit: ${c}`);
-      const valid3 = semver8.valid(c) != null;
+      const valid3 = semver9.valid(c) != null;
      core14.debug(`explicit? ${valid3}`);
      return valid3;
    }
@@ -78963,14 +78963,14 @@ var require_tool_cache = __commonJS({
      let version = "";
      core14.debug(`evaluating ${versions.length} versions`);
      versions = versions.sort((a, b) => {
-        if (semver8.gt(a, b)) {
+        if (semver9.gt(a, b)) {
          return 1;
        }
        return -1;
      });
      for (let i = versions.length - 1; i >= 0; i--) {
        const potential = versions[i];
-        const satisfied = semver8.satisfies(potential, versionSpec);
+        const satisfied = semver9.satisfies(potential, versionSpec);
        if (satisfied) {
          version = potential;
          break;
@@ -83698,7 +83698,7 @@ var PACK_IDENTIFIER_PATTERN = (function() {
 // src/feature-flags.ts
 var fs3 = __toESM(require("fs"));
 var path3 = __toESM(require("path"));
-var semver4 = __toESM(require_semver2());
+var semver5 = __toESM(require_semver2());

 // src/defaults.json
 var bundleVersion = "codeql-bundle-v2.23.8";
@@ -83710,13 +83710,30 @@ var path2 = __toESM(require("path"));
 var actionsCache = __toESM(require_cache3());

 // src/git-utils.ts
-var core7 = __toESM(require_core());
+var core8 = __toESM(require_core());
 var toolrunner2 = __toESM(require_toolrunner());
 var io3 = __toESM(require_io2());
+var semver3 = __toESM(require_semver2());
+
+// src/logging.ts
+var core7 = __toESM(require_core());
+function getActionsLogger() {
+  return {
+    debug: core7.debug,
+    info: core7.info,
+    warning: core7.warning,
+    error: core7.error,
+    isDebug: core7.isDebug,
+    startGroup: core7.startGroup,
+    endGroup: core7.endGroup
+  };
+}
+
+// src/git-utils.ts
 var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
  let stdout = "";
  let stderr = "";
-  core7.debug(`Running git command: git ${args.join(" ")}`);
+  core8.debug(`Running git command: git ${args.join(" ")}`);
  try {
    await new toolrunner2.ToolRunner(await io3.which("git", true), args, {
      silent: true,
@@ -83736,7 +83753,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
    if (stderr.includes("not a git repository")) {
      reason = "The checkout path provided to the action does not appear to be a git repository.";
    }
-    core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
+    core8.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
    throw error3;
  }
 };
@@ -83847,7 +83864,7 @@ async function getRef() {
  ) !== head;
  if (hasChangedRef) {
    const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head");
-    core7.debug(
+    core8.debug(
      `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.`
    );
    return newRef;
@@ -83872,20 +83889,6 @@ async function isAnalyzingDefaultBranch() {
  return currentRef === defaultBranch;
 }

-// src/logging.ts
-var core8 = __toESM(require_core());
-function getActionsLogger() {
-  return {
-    debug: core8.debug,
-    info: core8.info,
-    warning: core8.warning,
-    error: core8.error,
-    isDebug: core8.isDebug,
-    startGroup: core8.startGroup,
-    endGroup: core8.endGroup
-  };
-}
-
 // src/overlay-database-utils.ts
 var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
@@ -83948,7 +83951,7 @@ function computeChangedFiles(baseFileOids, overlayFileOids) {
 }

 // src/tools-features.ts
-var semver3 = __toESM(require_semver2());
+var semver4 = __toESM(require_semver2());
 function isSupportedToolsFeature(versionInfo, feature) {
  return !!versionInfo.features && versionInfo.features[feature];
 }
@@ -84011,6 +84014,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -84255,7 +84263,7 @@ var GitHubFeatureFlags = class {
      DEFAULT_VERSION_FEATURE_FLAG_PREFIX.length,
      f.length - DEFAULT_VERSION_FEATURE_FLAG_SUFFIX.length
    ).replace(/_/g, ".");
-    if (!semver4.valid(version)) {
+    if (!semver5.valid(version)) {
      this.logger.warning(
        `Ignoring feature flag ${f} as it does not specify a valid CodeQL version.`
      );
@@ -84495,20 +84503,20 @@ function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) {
 // src/setup-codeql.ts
 var toolcache3 = __toESM(require_tool_cache());
 var import_fast_deep_equal = __toESM(require_fast_deep_equal());
-var semver7 = __toESM(require_semver2());
+var semver8 = __toESM(require_semver2());

 // src/tar.ts
 var import_toolrunner = __toESM(require_toolrunner());
 var io4 = __toESM(require_io2());
 var toolcache = __toESM(require_tool_cache());
-var semver5 = __toESM(require_semver2());
+var semver6 = __toESM(require_semver2());

 // src/tools-download.ts
 var core9 = __toESM(require_core());
 var import_http_client = __toESM(require_lib6());
 var toolcache2 = __toESM(require_tool_cache());
 var import_follow_redirects = __toESM(require_follow_redirects());
-var semver6 = __toESM(require_semver2());
+var semver7 = __toESM(require_semver2());
 var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;

 // src/tracer-config.ts
--- a/lib/init-action-post.js
+++ b/lib/init-action-post.js
@@ -26413,8 +26413,8 @@ var require_gte = __commonJS({
  "node_modules/semver/functions/gte.js"(exports2, module2) {
    "use strict";
    var compare3 = require_compare();
-    var gte5 = (a, b, loose) => compare3(a, b, loose) >= 0;
-    module2.exports = gte5;
+    var gte6 = (a, b, loose) => compare3(a, b, loose) >= 0;
+    module2.exports = gte6;
  }
 });

@@ -26435,7 +26435,7 @@ var require_cmp = __commonJS({
    var eq = require_eq();
    var neq = require_neq();
    var gt = require_gt();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lt = require_lt();
    var lte = require_lte();
    var cmp = (a, op, b, loose) => {
@@ -26465,7 +26465,7 @@ var require_cmp = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -27224,7 +27224,7 @@ var require_outside = __commonJS({
    var gt = require_gt();
    var lt = require_lt();
    var lte = require_lte();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var outside = (version, range, hilo, options) => {
      version = new SemVer(version, options);
      range = new Range2(range, options);
@@ -27239,7 +27239,7 @@ var require_outside = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -27554,7 +27554,7 @@ var require_semver2 = __commonJS({
    var lt = require_lt();
    var eq = require_eq();
    var neq = require_neq();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lte = require_lte();
    var cmp = require_cmp();
    var coerce3 = require_coerce();
@@ -27592,7 +27592,7 @@ var require_semver2 = __commonJS({
      lt,
      eq,
      neq,
-      gte: gte5,
+      gte: gte6,
      lte,
      cmp,
      coerce: coerce3,
@@ -30964,7 +30964,7 @@ var require_brace_expansion = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -31009,7 +31009,7 @@ var require_brace_expansion = __commonJS({
        var reverse = y < x;
        if (reverse) {
          incr *= -1;
-          test = gte5;
+          test = gte6;
        }
        var pad = n.some(isPadded);
        N = [];
@@ -33162,8 +33162,8 @@ var require_semver3 = __commonJS({
    function neq(a, b, loose) {
      return compare3(a, b, loose) !== 0;
    }
-    exports2.gte = gte5;
-    function gte5(a, b, loose) {
+    exports2.gte = gte6;
+    function gte6(a, b, loose) {
      return compare3(a, b, loose) >= 0;
    }
    exports2.lte = lte;
@@ -33194,7 +33194,7 @@ var require_semver3 = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -33739,7 +33739,7 @@ var require_semver3 = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -33940,7 +33940,7 @@ var require_cacheUtils = __commonJS({
    var crypto = __importStar4(require("crypto"));
    var fs17 = __importStar4(require("fs"));
    var path15 = __importStar4(require("path"));
-    var semver8 = __importStar4(require_semver3());
+    var semver9 = __importStar4(require_semver3());
    var util = __importStar4(require("util"));
    var constants_1 = require_constants7();
    var versionSalt = "1.0";
@@ -34037,7 +34037,7 @@ var require_cacheUtils = __commonJS({
    function getCompressionMethod() {
      return __awaiter4(this, void 0, void 0, function* () {
        const versionOutput = yield getVersion("zstd", ["--quiet"]);
-        const version = semver8.clean(versionOutput);
+        const version = semver9.clean(versionOutput);
        core18.debug(`zstd version: ${version}`);
        if (versionOutput === "") {
          return constants_1.CompressionMethod.Gzip;
@@ -77574,7 +77574,7 @@ var require_manifest = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2._readLinuxVersionFile = exports2._getOsVersion = exports2._findMatch = void 0;
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var core_1 = require_core();
    var os3 = require("os");
    var cp = require("child_process");
@@ -77588,7 +77588,7 @@ var require_manifest = __commonJS({
        for (const candidate of candidates) {
          const version = candidate.version;
          (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`);
-          if (semver8.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
+          if (semver9.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
            file = candidate.files.find((item) => {
              (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
              let chk = item.arch === archFilter && item.platform === platFilter;
@@ -77597,7 +77597,7 @@ var require_manifest = __commonJS({
                if (osVersion === item.platform_version) {
                  chk = true;
                } else {
-                  chk = semver8.satisfies(osVersion, item.platform_version);
+                  chk = semver9.satisfies(osVersion, item.platform_version);
                }
              }
              return chk;
@@ -78528,7 +78528,7 @@ var require_tool_cache = __commonJS({
    var os3 = __importStar4(require("os"));
    var path15 = __importStar4(require("path"));
    var httpm = __importStar4(require_lib5());
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var stream2 = __importStar4(require("stream"));
    var util = __importStar4(require("util"));
    var assert_1 = require("assert");
@@ -78802,7 +78802,7 @@ var require_tool_cache = __commonJS({
    }
    function cacheDir(sourceDir, tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch2 = arch2 || os3.arch();
        core18.debug(`Caching tool ${tool} ${version} ${arch2}`);
        core18.debug(`source dir: ${sourceDir}`);
@@ -78821,7 +78821,7 @@ var require_tool_cache = __commonJS({
    exports2.cacheDir = cacheDir;
    function cacheFile(sourceFile, targetFile, tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch2 = arch2 || os3.arch();
        core18.debug(`Caching tool ${tool} ${version} ${arch2}`);
        core18.debug(`source file: ${sourceFile}`);
@@ -78852,7 +78852,7 @@ var require_tool_cache = __commonJS({
      }
      let toolPath = "";
      if (versionSpec) {
-        versionSpec = semver8.clean(versionSpec) || "";
+        versionSpec = semver9.clean(versionSpec) || "";
        const cachePath = path15.join(_getCacheDirectory(), toolName, versionSpec, arch2);
        core18.debug(`checking cache: ${cachePath}`);
        if (fs17.existsSync(cachePath) && fs17.existsSync(`${cachePath}.complete`)) {
@@ -78936,7 +78936,7 @@ var require_tool_cache = __commonJS({
    }
    function _createToolPath(tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        const folderPath = path15.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch2 || "");
+        const folderPath = path15.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
        core18.debug(`destination ${folderPath}`);
        const markerPath = `${folderPath}.complete`;
        yield io7.rmRF(folderPath);
@@ -78946,15 +78946,15 @@ var require_tool_cache = __commonJS({
      });
    }
    function _completeToolPath(tool, version, arch2) {
-      const folderPath = path15.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch2 || "");
+      const folderPath = path15.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
      const markerPath = `${folderPath}.complete`;
      fs17.writeFileSync(markerPath, "");
      core18.debug("finished caching tool");
    }
    function isExplicitVersion(versionSpec) {
-      const c = semver8.clean(versionSpec) || "";
+      const c = semver9.clean(versionSpec) || "";
      core18.debug(`isExplicit: ${c}`);
-      const valid3 = semver8.valid(c) != null;
+      const valid3 = semver9.valid(c) != null;
      core18.debug(`explicit? ${valid3}`);
      return valid3;
    }
@@ -78963,14 +78963,14 @@ var require_tool_cache = __commonJS({
      let version = "";
      core18.debug(`evaluating ${versions.length} versions`);
      versions = versions.sort((a, b) => {
-        if (semver8.gt(a, b)) {
+        if (semver9.gt(a, b)) {
          return 1;
        }
        return -1;
      });
      for (let i = versions.length - 1; i >= 0; i--) {
        const potential = versions[i];
-        const satisfied = semver8.satisfies(potential, versionSpec);
+        const satisfied = semver9.satisfies(potential, versionSpec);
        if (satisfied) {
          version = potential;
          break;
@@ -84133,7 +84133,7 @@ var require_brace_expansion2 = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -84183,7 +84183,7 @@ var require_brace_expansion2 = __commonJS({
          var reverse = y < x;
          if (reverse) {
            incr *= -1;
-            test = gte5;
+            test = gte6;
          }
          var pad = n.some(isPadded);
          N = [];
@@ -97488,7 +97488,7 @@ var require_commonjs14 = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand_(str2, isTop) {
@@ -97537,7 +97537,7 @@ var require_commonjs14 = __commonJS({
          const reverse = y < x;
          if (reverse) {
            incr *= -1;
-            test = gte5;
+            test = gte6;
          }
          const pad = n.some(isPadded);
          N = [];
@@ -123080,7 +123080,7 @@ var path5 = __toESM(require("path"));
 // src/feature-flags.ts
 var fs4 = __toESM(require("fs"));
 var path4 = __toESM(require("path"));
-var semver4 = __toESM(require_semver2());
+var semver5 = __toESM(require_semver2());

 // src/defaults.json
 var bundleVersion = "codeql-bundle-v2.23.8";
@@ -123092,13 +123092,49 @@ var path3 = __toESM(require("path"));
 var actionsCache = __toESM(require_cache3());

 // src/git-utils.ts
-var core7 = __toESM(require_core());
+var core8 = __toESM(require_core());
 var toolrunner2 = __toESM(require_toolrunner());
 var io3 = __toESM(require_io2());
+var semver3 = __toESM(require_semver2());
+
+// src/logging.ts
+var core7 = __toESM(require_core());
+function getActionsLogger() {
+  return {
+    debug: core7.debug,
+    info: core7.info,
+    warning: core7.warning,
+    error: core7.error,
+    isDebug: core7.isDebug,
+    startGroup: core7.startGroup,
+    endGroup: core7.endGroup
+  };
+}
+function withGroup(groupName, f) {
+  core7.startGroup(groupName);
+  try {
+    return f();
+  } finally {
+    core7.endGroup();
+  }
+}
+function formatDuration(durationMs) {
+  if (durationMs < 1e3) {
+    return `${durationMs}ms`;
+  }
+  if (durationMs < 60 * 1e3) {
+    return `${(durationMs / 1e3).toFixed(1)}s`;
+  }
+  const minutes = Math.floor(durationMs / (60 * 1e3));
+  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
+  return `${minutes}m${seconds}s`;
+}
+
+// src/git-utils.ts
 var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
  let stdout = "";
  let stderr = "";
-  core7.debug(`Running git command: git ${args.join(" ")}`);
+  core8.debug(`Running git command: git ${args.join(" ")}`);
  try {
    await new toolrunner2.ToolRunner(await io3.which("git", true), args, {
      silent: true,
@@ -123118,7 +123154,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
    if (stderr.includes("not a git repository")) {
      reason = "The checkout path provided to the action does not appear to be a git repository.";
    }
-    core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
+    core8.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
    throw error3;
  }
 };
@@ -123263,7 +123299,7 @@ async function getRef() {
  ) !== head;
  if (hasChangedRef) {
    const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head");
-    core7.debug(
+    core8.debug(
      `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.`
    );
    return newRef;
@@ -123288,39 +123324,6 @@ async function isAnalyzingDefaultBranch() {
  return currentRef === defaultBranch;
 }

-// src/logging.ts
-var core8 = __toESM(require_core());
-function getActionsLogger() {
-  return {
-    debug: core8.debug,
-    info: core8.info,
-    warning: core8.warning,
-    error: core8.error,
-    isDebug: core8.isDebug,
-    startGroup: core8.startGroup,
-    endGroup: core8.endGroup
-  };
-}
-function withGroup(groupName, f) {
-  core8.startGroup(groupName);
-  try {
-    return f();
-  } finally {
-    core8.endGroup();
-  }
-}
-function formatDuration(durationMs) {
-  if (durationMs < 1e3) {
-    return `${durationMs}ms`;
-  }
-  if (durationMs < 60 * 1e3) {
-    return `${(durationMs / 1e3).toFixed(1)}s`;
-  }
-  const minutes = Math.floor(durationMs / (60 * 1e3));
-  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
-  return `${minutes}m${seconds}s`;
-}
-
 // src/overlay-database-utils.ts
 var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
@@ -123383,13 +123386,13 @@ function computeChangedFiles(baseFileOids, overlayFileOids) {
 }

 // src/tools-features.ts
-var semver3 = __toESM(require_semver2());
+var semver4 = __toESM(require_semver2());
 function isSupportedToolsFeature(versionInfo, feature) {
  return !!versionInfo.features && versionInfo.features[feature];
 }
 var SafeArtifactUploadVersion = "2.20.3";
 function isSafeArtifactUpload(codeQlVersion) {
-  return !codeQlVersion ? true : semver3.gte(codeQlVersion, SafeArtifactUploadVersion);
+  return !codeQlVersion ? true : semver4.gte(codeQlVersion, SafeArtifactUploadVersion);
 }

 // src/feature-flags.ts
@@ -123451,6 +123454,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -123695,7 +123703,7 @@ var GitHubFeatureFlags = class {
      DEFAULT_VERSION_FEATURE_FLAG_PREFIX.length,
      f.length - DEFAULT_VERSION_FEATURE_FLAG_SUFFIX.length
    ).replace(/_/g, ".");
-    if (!semver4.valid(version)) {
+    if (!semver5.valid(version)) {
      this.logger.warning(
        `Ignoring feature flag ${f} as it does not specify a valid CodeQL version.`
      );
@@ -123958,7 +123966,7 @@ var fs9 = __toESM(require("fs"));
 var path8 = __toESM(require("path"));
 var toolcache3 = __toESM(require_tool_cache());
 var import_fast_deep_equal = __toESM(require_fast_deep_equal());
-var semver7 = __toESM(require_semver2());
+var semver8 = __toESM(require_semver2());

 // node_modules/uuid/dist-node/stringify.js
 var byteToHex = [];
@@ -124021,7 +124029,7 @@ var stream = __toESM(require("stream"));
 var import_toolrunner = __toESM(require_toolrunner());
 var io4 = __toESM(require_io2());
 var toolcache = __toESM(require_tool_cache());
-var semver5 = __toESM(require_semver2());
+var semver6 = __toESM(require_semver2());
 var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3";
 var MIN_REQUIRED_GNU_TAR_VERSION = "1.31";
 async function getTarVersion() {
@@ -124063,9 +124071,9 @@ async function isZstdAvailable(logger) {
      case "gnu":
        return {
          available: foundZstdBinary && // GNU tar only uses major and minor version numbers
-          semver5.gte(
-            semver5.coerce(version),
-            semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
+          semver6.gte(
+            semver6.coerce(version),
+            semver6.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
          ),
          foundZstdBinary,
          version: tarVersion
@@ -124074,7 +124082,7 @@ async function isZstdAvailable(logger) {
        return {
          available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain
          // a patch version number.
-          semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
+          semver6.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
          foundZstdBinary,
          version: tarVersion
        };
@@ -124181,7 +124189,7 @@ var core9 = __toESM(require_core());
 var import_http_client = __toESM(require_lib6());
 var toolcache2 = __toESM(require_tool_cache());
 var import_follow_redirects = __toESM(require_follow_redirects());
-var semver6 = __toESM(require_semver2());
+var semver7 = __toESM(require_semver2());
 var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;
 var TOOLCACHE_TOOL_NAME = "CodeQL";
 function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) {
@@ -124311,7 +124319,7 @@ function getToolcacheDirectory(version) {
  return path7.join(
    getRequiredEnvParam("RUNNER_TOOL_CACHE"),
    TOOLCACHE_TOOL_NAME,
-    semver6.clean(version) || version,
+    semver7.clean(version) || version,
    os.arch() || ""
  );
 }
@@ -124436,13 +124444,13 @@ function tryGetTagNameFromUrl(url2, logger) {
  return match[1];
 }
 function convertToSemVer(version, logger) {
-  if (!semver7.valid(version)) {
+  if (!semver8.valid(version)) {
    logger.debug(
      `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`
    );
    version = `0.0.0-${version}`;
  }
-  const s = semver7.clean(version);
+  const s = semver8.clean(version);
  if (!s) {
    throw new Error(`Bundle version ${version} is not in SemVer format.`);
  }
@@ -124550,7 +124558,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
    url2 = toolsInput;
    if (tagName) {
      const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger);
-      if (bundleVersion3 && semver7.valid(bundleVersion3)) {
+      if (bundleVersion3 && semver8.valid(bundleVersion3)) {
        cliVersion2 = convertToSemVer(bundleVersion3, logger);
      }
    }
@@ -124821,7 +124829,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau
 async function useZstdBundle(cliVersion2, tarSupportsZstd) {
  return (
    // In testing, gzip performs better than zstd on Windows.
-    process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
+    process.platform !== "win32" && tarSupportsZstd && semver8.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
  );
 }
 function getTempExtractionDir(tempDir) {
@@ -124853,7 +124861,7 @@ async function getNightlyToolsUrl(logger) {
  }
 }
 function getLatestToolcacheVersion(logger) {
-  const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver7.compare(b, a));
+  const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver8.compare(b, a));
  logger.debug(
    `Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify(
      allVersions
--- a/lib/init-action.js
+++ b/lib/init-action.js
@@ -20995,8 +20995,8 @@ var require_gte = __commonJS({
  "node_modules/semver/functions/gte.js"(exports2, module2) {
    "use strict";
    var compare2 = require_compare();
-    var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0;
-    module2.exports = gte5;
+    var gte6 = (a, b, loose) => compare2(a, b, loose) >= 0;
+    module2.exports = gte6;
  }
 });

@@ -21017,7 +21017,7 @@ var require_cmp = __commonJS({
    var eq = require_eq();
    var neq = require_neq();
    var gt = require_gt();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lt2 = require_lt();
    var lte = require_lte();
    var cmp = (a, op, b, loose) => {
@@ -21047,7 +21047,7 @@ var require_cmp = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt2(a, b, loose);
        case "<=":
@@ -21806,7 +21806,7 @@ var require_outside = __commonJS({
    var gt = require_gt();
    var lt2 = require_lt();
    var lte = require_lte();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var outside = (version, range, hilo, options) => {
      version = new SemVer(version, options);
      range = new Range2(range, options);
@@ -21821,7 +21821,7 @@ var require_outside = __commonJS({
          break;
        case "<":
          gtfn = lt2;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -22136,7 +22136,7 @@ var require_semver2 = __commonJS({
    var lt2 = require_lt();
    var eq = require_eq();
    var neq = require_neq();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lte = require_lte();
    var cmp = require_cmp();
    var coerce3 = require_coerce();
@@ -22174,7 +22174,7 @@ var require_semver2 = __commonJS({
      lt: lt2,
      eq,
      neq,
-      gte: gte5,
+      gte: gte6,
      lte,
      cmp,
      coerce: coerce3,
@@ -31115,7 +31115,7 @@ var require_brace_expansion = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -31160,7 +31160,7 @@ var require_brace_expansion = __commonJS({
        var reverse = y < x;
        if (reverse) {
          incr *= -1;
-          test = gte5;
+          test = gte6;
        }
        var pad = n.some(isPadded);
        N = [];
@@ -33313,8 +33313,8 @@ var require_semver3 = __commonJS({
    function neq(a, b, loose) {
      return compare2(a, b, loose) !== 0;
    }
-    exports2.gte = gte5;
-    function gte5(a, b, loose) {
+    exports2.gte = gte6;
+    function gte6(a, b, loose) {
      return compare2(a, b, loose) >= 0;
    }
    exports2.lte = lte;
@@ -33345,7 +33345,7 @@ var require_semver3 = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt2(a, b, loose);
        case "<=":
@@ -33890,7 +33890,7 @@ var require_semver3 = __commonJS({
          break;
        case "<":
          gtfn = lt2;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -34091,7 +34091,7 @@ var require_cacheUtils = __commonJS({
    var crypto2 = __importStar4(require("crypto"));
    var fs15 = __importStar4(require("fs"));
    var path16 = __importStar4(require("path"));
-    var semver9 = __importStar4(require_semver3());
+    var semver10 = __importStar4(require_semver3());
    var util = __importStar4(require("util"));
    var constants_1 = require_constants7();
    var versionSalt = "1.0";
@@ -34188,7 +34188,7 @@ var require_cacheUtils = __commonJS({
    function getCompressionMethod() {
      return __awaiter4(this, void 0, void 0, function* () {
        const versionOutput = yield getVersion("zstd", ["--quiet"]);
-        const version = semver9.clean(versionOutput);
+        const version = semver10.clean(versionOutput);
        core14.debug(`zstd version: ${version}`);
        if (versionOutput === "") {
          return constants_1.CompressionMethod.Gzip;
@@ -78822,7 +78822,7 @@ var require_manifest = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2._readLinuxVersionFile = exports2._getOsVersion = exports2._findMatch = void 0;
-    var semver9 = __importStar4(require_semver2());
+    var semver10 = __importStar4(require_semver2());
    var core_1 = require_core();
    var os5 = require("os");
    var cp = require("child_process");
@@ -78836,7 +78836,7 @@ var require_manifest = __commonJS({
        for (const candidate of candidates) {
          const version = candidate.version;
          (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`);
-          if (semver9.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
+          if (semver10.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
            file = candidate.files.find((item) => {
              (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
              let chk = item.arch === archFilter && item.platform === platFilter;
@@ -78845,7 +78845,7 @@ var require_manifest = __commonJS({
                if (osVersion === item.platform_version) {
                  chk = true;
                } else {
-                  chk = semver9.satisfies(osVersion, item.platform_version);
+                  chk = semver10.satisfies(osVersion, item.platform_version);
                }
              }
              return chk;
@@ -79776,7 +79776,7 @@ var require_tool_cache = __commonJS({
    var os5 = __importStar4(require("os"));
    var path16 = __importStar4(require("path"));
    var httpm = __importStar4(require_lib5());
-    var semver9 = __importStar4(require_semver2());
+    var semver10 = __importStar4(require_semver2());
    var stream2 = __importStar4(require("stream"));
    var util = __importStar4(require("util"));
    var assert_1 = require("assert");
@@ -80050,7 +80050,7 @@ var require_tool_cache = __commonJS({
    }
    function cacheDir(sourceDir, tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver9.clean(version) || version;
+        version = semver10.clean(version) || version;
        arch2 = arch2 || os5.arch();
        core14.debug(`Caching tool ${tool} ${version} ${arch2}`);
        core14.debug(`source dir: ${sourceDir}`);
@@ -80069,7 +80069,7 @@ var require_tool_cache = __commonJS({
    exports2.cacheDir = cacheDir;
    function cacheFile(sourceFile, targetFile, tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver9.clean(version) || version;
+        version = semver10.clean(version) || version;
        arch2 = arch2 || os5.arch();
        core14.debug(`Caching tool ${tool} ${version} ${arch2}`);
        core14.debug(`source file: ${sourceFile}`);
@@ -80100,7 +80100,7 @@ var require_tool_cache = __commonJS({
      }
      let toolPath = "";
      if (versionSpec) {
-        versionSpec = semver9.clean(versionSpec) || "";
+        versionSpec = semver10.clean(versionSpec) || "";
        const cachePath = path16.join(_getCacheDirectory(), toolName, versionSpec, arch2);
        core14.debug(`checking cache: ${cachePath}`);
        if (fs15.existsSync(cachePath) && fs15.existsSync(`${cachePath}.complete`)) {
@@ -80184,7 +80184,7 @@ var require_tool_cache = __commonJS({
    }
    function _createToolPath(tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        const folderPath = path16.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
+        const folderPath = path16.join(_getCacheDirectory(), tool, semver10.clean(version) || version, arch2 || "");
        core14.debug(`destination ${folderPath}`);
        const markerPath = `${folderPath}.complete`;
        yield io7.rmRF(folderPath);
@@ -80194,15 +80194,15 @@ var require_tool_cache = __commonJS({
      });
    }
    function _completeToolPath(tool, version, arch2) {
-      const folderPath = path16.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
+      const folderPath = path16.join(_getCacheDirectory(), tool, semver10.clean(version) || version, arch2 || "");
      const markerPath = `${folderPath}.complete`;
      fs15.writeFileSync(markerPath, "");
      core14.debug("finished caching tool");
    }
    function isExplicitVersion(versionSpec) {
-      const c = semver9.clean(versionSpec) || "";
+      const c = semver10.clean(versionSpec) || "";
      core14.debug(`isExplicit: ${c}`);
-      const valid3 = semver9.valid(c) != null;
+      const valid3 = semver10.valid(c) != null;
      core14.debug(`explicit? ${valid3}`);
      return valid3;
    }
@@ -80211,14 +80211,14 @@ var require_tool_cache = __commonJS({
      let version = "";
      core14.debug(`evaluating ${versions.length} versions`);
      versions = versions.sort((a, b) => {
-        if (semver9.gt(a, b)) {
+        if (semver10.gt(a, b)) {
          return 1;
        }
        return -1;
      });
      for (let i = versions.length - 1; i >= 0; i--) {
        const potential = versions[i];
-        const satisfied = semver9.satisfies(potential, versionSpec);
+        const satisfied = semver10.satisfies(potential, versionSpec);
        if (satisfied) {
          version = potential;
          break;
@@ -81567,16 +81567,11 @@ var require_follow_redirects = __commonJS({
 });

 // src/init-action.ts
-var init_action_exports = {};
-__export(init_action_exports, {
-  CODEQL_VERSION_JAR_MINIMIZATION: () => CODEQL_VERSION_JAR_MINIMIZATION
-});
-module.exports = __toCommonJS(init_action_exports);
 var fs14 = __toESM(require("fs"));
 var path15 = __toESM(require("path"));
 var core13 = __toESM(require_core());
 var io6 = __toESM(require_io2());
-var semver8 = __toESM(require_semver2());
+var semver9 = __toESM(require_semver2());

 // node_modules/uuid/dist-node/stringify.js
 var byteToHex = [];
@@ -85288,7 +85283,7 @@ function getDependencyCachingEnabled() {

 // src/config-utils.ts
 var fs6 = __toESM(require("fs"));
-var path7 = __toESM(require("path"));
+var path8 = __toESM(require("path"));
 var import_perf_hooks = require("perf_hooks");

 // src/config/db-config.ts
@@ -85636,8 +85631,8 @@ function parseUserConfig(logger, pathInput, contents, validateConfig) {

 // src/feature-flags.ts
 var fs4 = __toESM(require("fs"));
-var path5 = __toESM(require("path"));
-var semver4 = __toESM(require_semver2());
+var path6 = __toESM(require("path"));
+var semver5 = __toESM(require_semver2());

 // src/defaults.json
 var bundleVersion = "codeql-bundle-v2.23.8";
@@ -85645,17 +85640,182 @@ var cliVersion = "2.23.8";

 // src/overlay-database-utils.ts
 var fs3 = __toESM(require("fs"));
-var path4 = __toESM(require("path"));
+var path5 = __toESM(require("path"));
 var actionsCache = __toESM(require_cache3());

 // src/git-utils.ts
-var core7 = __toESM(require_core());
+var core8 = __toESM(require_core());
 var toolrunner2 = __toESM(require_toolrunner());
 var io3 = __toESM(require_io2());
+var semver3 = __toESM(require_semver2());
+
+// src/diagnostics.ts
+var import_fs = require("fs");
+var import_path = __toESM(require("path"));
+
+// src/logging.ts
+var core7 = __toESM(require_core());
+function getActionsLogger() {
+  return {
+    debug: core7.debug,
+    info: core7.info,
+    warning: core7.warning,
+    error: core7.error,
+    isDebug: core7.isDebug,
+    startGroup: core7.startGroup,
+    endGroup: core7.endGroup
+  };
+}
+async function withGroupAsync(groupName, f) {
+  core7.startGroup(groupName);
+  try {
+    return await f();
+  } finally {
+    core7.endGroup();
+  }
+}
+function formatDuration(durationMs) {
+  if (durationMs < 1e3) {
+    return `${durationMs}ms`;
+  }
+  if (durationMs < 60 * 1e3) {
+    return `${(durationMs / 1e3).toFixed(1)}s`;
+  }
+  const minutes = Math.floor(durationMs / (60 * 1e3));
+  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
+  return `${minutes}m${seconds}s`;
+}
+
+// src/diagnostics.ts
+var unwrittenDiagnostics = [];
+function makeDiagnostic(id, name, data = void 0) {
+  return {
+    ...data,
+    timestamp: data?.timestamp ?? (/* @__PURE__ */ new Date()).toISOString(),
+    source: { ...data?.source, id, name }
+  };
+}
+function addDiagnostic(config, language, diagnostic) {
+  const logger = getActionsLogger();
+  const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation;
+  if ((0, import_fs.existsSync)(databasePath)) {
+    writeDiagnostic(config, language, diagnostic);
+  } else {
+    logger.debug(
+      `Writing a diagnostic for ${language}, but the database at ${databasePath} does not exist yet.`
+    );
+    unwrittenDiagnostics.push({ diagnostic, language });
+  }
+}
+function writeDiagnostic(config, language, diagnostic) {
+  const logger = getActionsLogger();
+  const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation;
+  const diagnosticsPath = import_path.default.resolve(
+    databasePath,
+    "diagnostic",
+    "codeql-action"
+  );
+  try {
+    (0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true });
+    const jsonPath = import_path.default.resolve(
+      diagnosticsPath,
+      // Remove colons from the timestamp as these are not allowed in Windows filenames.
+      `codeql-action-${diagnostic.timestamp.replaceAll(":", "")}.json`
+    );
+    (0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic));
+  } catch (err) {
+    logger.warning(`Unable to write diagnostic message to database: ${err}`);
+    logger.debug(JSON.stringify(diagnostic));
+  }
+}
+function logUnwrittenDiagnostics() {
+  const logger = getActionsLogger();
+  const num = unwrittenDiagnostics.length;
+  if (num > 0) {
+    logger.warning(
+      `${num} diagnostic(s) could not be written to the database and will not appear on the Tool Status Page.`
+    );
+    for (const unwritten of unwrittenDiagnostics) {
+      logger.debug(JSON.stringify(unwritten.diagnostic));
+    }
+  }
+}
+function flushDiagnostics(config) {
+  const logger = getActionsLogger();
+  logger.debug(
+    `Writing ${unwrittenDiagnostics.length} diagnostic(s) to database.`
+  );
+  for (const unwritten of unwrittenDiagnostics) {
+    writeDiagnostic(config, unwritten.language, unwritten.diagnostic);
+  }
+  unwrittenDiagnostics = [];
+}
+function makeTelemetryDiagnostic(id, name, attributes) {
+  return makeDiagnostic(id, name, {
+    attributes,
+    visibility: {
+      cliSummaryTable: false,
+      statusPage: false,
+      telemetry: true
+    }
+  });
+}
+
+// src/git-utils.ts
+var GIT_MINIMUM_VERSION_FOR_OVERLAY = "2.38.0";
+var cachedGitVersion;
+async function getGitVersionOrThrow() {
+  const stdout = await runGitCommand(
+    void 0,
+    ["--version"],
+    "Failed to get git version."
+  );
+  const match = stdout.match(/git version (\d+\.\d+\.\d+)/);
+  if (match?.[1]) {
+    return match[1];
+  }
+  throw new Error(`Could not parse Git version from output: ${stdout.trim()}`);
+}
+async function getGitVersion(logger) {
+  if (cachedGitVersion !== void 0) {
+    return cachedGitVersion;
+  }
+  try {
+    cachedGitVersion = await getGitVersionOrThrow();
+    return cachedGitVersion;
+  } catch (e) {
+    logger.debug(`Could not determine Git version: ${getErrorMessage(e)}`);
+    return void 0;
+  }
+}
+async function logGitVersionTelemetry(config, logger) {
+  const version = await getGitVersion(logger);
+  if (version !== void 0 && config.languages.length > 0) {
+    addDiagnostic(
+      config,
+      // Arbitrarily choose the first language. We could also choose all languages, but that
+      // increases the risk of misinterpreting the data.
+      config.languages[0],
+      makeTelemetryDiagnostic(
+        "codeql-action/git-version-telemetry",
+        "Git version telemetry",
+        { gitVersion: version }
+      )
+    );
+  }
+}
+async function gitVersionAtLeast(requiredVersion, logger) {
+  const version = await getGitVersion(logger);
+  if (version === void 0) {
+    return false;
+  }
+  logger.debug(`Installed Git version is ${version}.`);
+  return semver3.gte(version, requiredVersion);
+}
 var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
  let stdout = "";
  let stderr = "";
-  core7.debug(`Running git command: git ${args.join(" ")}`);
+  core8.debug(`Running git command: git ${args.join(" ")}`);
  try {
    await new toolrunner2.ToolRunner(await io3.which("git", true), args, {
      silent: true,
@@ -85675,7 +85835,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
    if (stderr.includes("not a git repository")) {
      reason = "The checkout path provided to the action does not appear to be a git repository.";
    }
-    core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
+    core8.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
    throw error3;
  }
 };
@@ -85798,7 +85958,7 @@ async function getRef() {
  ) !== head;
  if (hasChangedRef) {
    const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head");
-    core7.debug(
+    core8.debug(
      `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.`
    );
    return newRef;
@@ -85823,39 +85983,6 @@ async function isAnalyzingDefaultBranch() {
  return currentRef === defaultBranch;
 }

-// src/logging.ts
-var core8 = __toESM(require_core());
-function getActionsLogger() {
-  return {
-    debug: core8.debug,
-    info: core8.info,
-    warning: core8.warning,
-    error: core8.error,
-    isDebug: core8.isDebug,
-    startGroup: core8.startGroup,
-    endGroup: core8.endGroup
-  };
-}
-async function withGroupAsync(groupName, f) {
-  core8.startGroup(groupName);
-  try {
-    return await f();
-  } finally {
-    core8.endGroup();
-  }
-}
-function formatDuration(durationMs) {
-  if (durationMs < 1e3) {
-    return `${durationMs}ms`;
-  }
-  if (durationMs < 60 * 1e3) {
-    return `${(durationMs / 1e3).toFixed(1)}s`;
-  }
-  const minutes = Math.floor(durationMs / (60 * 1e3));
-  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
-  return `${minutes}m${seconds}s`;
-}
-
 // src/overlay-database-utils.ts
 var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
@@ -85882,7 +86009,7 @@ async function readBaseDatabaseOidsFile(config, logger) {
  }
 }
 function getBaseDatabaseOidsFilePath(config) {
-  return path4.join(config.dbLocation, "base-database-oids.json");
+  return path5.join(config.dbLocation, "base-database-oids.json");
 }
 async function writeOverlayChangesFile(config, sourceRoot, logger) {
  const baseFileOids = await readBaseDatabaseOidsFile(config, logger);
@@ -85892,7 +86019,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) {
    `Found ${changedFiles.length} changed file(s) under ${sourceRoot}.`
  );
  const changedFilesJson = JSON.stringify({ changes: changedFiles });
-  const overlayChangesFile = path4.join(
+  const overlayChangesFile = path5.join(
    getTemporaryDirectory(),
    "overlay-changes.json"
  );
@@ -86065,7 +86192,7 @@ async function getCacheRestoreKeyPrefix(config, codeQlVersion) {
 }

 // src/tools-features.ts
-var semver3 = __toESM(require_semver2());
+var semver4 = __toESM(require_semver2());
 function isSupportedToolsFeature(versionInfo, feature) {
  return !!versionInfo.features && versionInfo.features[feature];
 }
@@ -86129,6 +86256,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -86274,7 +86406,7 @@ var Features = class {
    this.gitHubFeatureFlags = new GitHubFeatureFlags(
      gitHubVersion,
      repositoryNwo,
-      path5.join(tempDir, FEATURE_FLAGS_FILE_NAME),
+      path6.join(tempDir, FEATURE_FLAGS_FILE_NAME),
      logger
    );
  }
@@ -86373,7 +86505,7 @@ var GitHubFeatureFlags = class {
      DEFAULT_VERSION_FEATURE_FLAG_PREFIX.length,
      f.length - DEFAULT_VERSION_FEATURE_FLAG_SUFFIX.length
    ).replace(/_/g, ".");
-    if (!semver4.valid(version)) {
+    if (!semver5.valid(version)) {
      this.logger.warning(
        `Ignoring feature flag ${f} as it does not specify a valid CodeQL version.`
      );
@@ -86574,7 +86706,7 @@ var KnownLanguage = /* @__PURE__ */ ((KnownLanguage2) => {

 // src/trap-caching.ts
 var fs5 = __toESM(require("fs"));
-var path6 = __toESM(require("path"));
+var path7 = __toESM(require("path"));
 var actionsCache2 = __toESM(require_cache3());
 var CACHE_VERSION2 = 1;
 var CODEQL_TRAP_CACHE_PREFIX = "codeql-trap";
@@ -86590,12 +86722,12 @@ async function downloadTrapCaches(codeql, languages, logger) {
    `Found ${languagesSupportingCaching.length} languages that support TRAP caching`
  );
  if (languagesSupportingCaching.length === 0) return result;
-  const cachesDir = path6.join(
+  const cachesDir = path7.join(
    getTemporaryDirectory(),
    "trapCaches"
  );
  for (const language of languagesSupportingCaching) {
-    const cacheDir = path6.join(cachesDir, language);
+    const cacheDir = path7.join(cachesDir, language);
    fs5.mkdirSync(cacheDir, { recursive: true });
    result[language] = cacheDir;
  }
@@ -86608,7 +86740,7 @@ async function downloadTrapCaches(codeql, languages, logger) {
  let baseSha = "unknown";
  const eventPath = process.env.GITHUB_EVENT_PATH;
  if (getWorkflowEventName() === "pull_request" && eventPath !== void 0) {
-    const event = JSON.parse(fs5.readFileSync(path6.resolve(eventPath), "utf-8"));
+    const event = JSON.parse(fs5.readFileSync(path7.resolve(eventPath), "utf-8"));
    baseSha = event.pull_request?.base?.sha || baseSha;
  }
  for (const language of languages) {
@@ -86712,7 +86844,7 @@ async function getSupportedLanguageMap(codeql, logger) {
 }
 var baseWorkflowsPath = ".github/workflows";
 function hasActionsWorkflows(sourceRoot) {
-  const workflowsPath = path7.resolve(sourceRoot, baseWorkflowsPath);
+  const workflowsPath = path8.resolve(sourceRoot, baseWorkflowsPath);
  const stats = fs6.lstatSync(workflowsPath, { throwIfNoEntry: false });
  return stats !== void 0 && stats.isDirectory() && fs6.readdirSync(workflowsPath).length > 0;
 }
@@ -86879,8 +87011,8 @@ async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logg
 async function loadUserConfig(logger, configFile, workspacePath, apiDetails, tempDir, validateConfig) {
  if (isLocal(configFile)) {
    if (configFile !== userConfigFromActionPath(tempDir)) {
-      configFile = path7.resolve(workspacePath, configFile);
-      if (!(configFile + path7.sep).startsWith(workspacePath + path7.sep)) {
+      configFile = path8.resolve(workspacePath, configFile);
+      if (!(configFile + path8.sep).startsWith(workspacePath + path8.sep)) {
        throw new ConfigurationError(
          getConfigFileOutsideWorkspaceErrorMessage(configFile)
        );
@@ -87028,16 +87160,22 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b
    );
    return nonOverlayAnalysis;
  }
+  if (!await gitVersionAtLeast(GIT_MINIMUM_VERSION_FOR_OVERLAY, logger)) {
+    logger.warning(
+      `Cannot build an ${overlayDatabaseMode} database because the installed Git version is older than ${GIT_MINIMUM_VERSION_FOR_OVERLAY}. Falling back to creating a normal full database instead.`
+    );
+    return nonOverlayAnalysis;
+  }
  return {
    overlayDatabaseMode,
    useOverlayDatabaseCaching
  };
 }
 function dbLocationOrDefault(dbLocation, tempDir) {
-  return dbLocation || path7.resolve(tempDir, "codeql_databases");
+  return dbLocation || path8.resolve(tempDir, "codeql_databases");
 }
 function userConfigFromActionPath(tempDir) {
-  return path7.resolve(tempDir, "user-config-from-action.yml");
+  return path8.resolve(tempDir, "user-config-from-action.yml");
 }
 function hasQueryCustomisation(userConfig) {
  return isDefined(userConfig["disable-default-queries"]) || isDefined(userConfig.queries) || isDefined(userConfig["query-filters"]);
@@ -87177,12 +87315,12 @@ async function getRemoteConfig(logger, configFile, apiDetails, validateConfig) {
  );
 }
 function getPathToParsedConfigFile(tempDir) {
-  return path7.join(tempDir, "config");
+  return path8.join(tempDir, "config");
 }
 async function saveConfig(config, logger) {
  const configString = JSON.stringify(config);
  const configFile = getPathToParsedConfigFile(config.tempDir);
-  fs6.mkdirSync(path7.dirname(configFile), { recursive: true });
+  fs6.mkdirSync(path8.dirname(configFile), { recursive: true });
  fs6.writeFileSync(configFile, configString, "utf8");
  logger.debug("Saved config:");
  logger.debug(configString);
@@ -87193,7 +87331,7 @@ async function generateRegistries(registriesInput, tempDir, logger) {
  let qlconfigFile;
  if (registries) {
    const qlconfig = createRegistriesBlock(registries);
-    qlconfigFile = path7.join(tempDir, "qlconfig.yml");
+    qlconfigFile = path8.join(tempDir, "qlconfig.yml");
    const qlconfigContents = dump(qlconfig);
    fs6.writeFileSync(qlconfigFile, qlconfigContents, "utf8");
    logger.debug("Generated qlconfig.yml:");
@@ -87294,31 +87432,31 @@ function isCodeQualityEnabled(config) {

 // src/dependency-caching.ts
 var os2 = __toESM(require("os"));
-var import_path = require("path");
+var import_path2 = require("path");
 var actionsCache3 = __toESM(require_cache3());
 var glob = __toESM(require_glob2());
 var CODEQL_DEPENDENCY_CACHE_PREFIX = "codeql-dependencies";
 var CODEQL_DEPENDENCY_CACHE_VERSION = 1;
 function getJavaTempDependencyDir() {
-  return (0, import_path.join)(getTemporaryDirectory(), "codeql_java", "repository");
+  return (0, import_path2.join)(getTemporaryDirectory(), "codeql_java", "repository");
 }
 async function getJavaDependencyDirs() {
  return [
    // Maven
-    (0, import_path.join)(os2.homedir(), ".m2", "repository"),
+    (0, import_path2.join)(os2.homedir(), ".m2", "repository"),
    // Gradle
-    (0, import_path.join)(os2.homedir(), ".gradle", "caches"),
+    (0, import_path2.join)(os2.homedir(), ".gradle", "caches"),
    // CodeQL Java build-mode: none
    getJavaTempDependencyDir()
  ];
 }
 function getCsharpTempDependencyDir() {
-  return (0, import_path.join)(getTemporaryDirectory(), "codeql_csharp", "repository");
+  return (0, import_path2.join)(getTemporaryDirectory(), "codeql_csharp", "repository");
 }
 async function getCsharpDependencyDirs(codeql, features) {
  const dirs = [
    // Nuget
-    (0, import_path.join)(os2.homedir(), ".nuget", "packages")
+    (0, import_path2.join)(os2.homedir(), ".nuget", "packages")
  ];
  if (await features.getValue("csharp_cache_bmn" /* CsharpCacheBuildModeNone */, codeql)) {
    dirs.push(getCsharpTempDependencyDir());
@@ -87373,7 +87511,7 @@ var defaultCacheConfigs = {
    getHashPatterns: getCsharpHashPatterns
  },
  go: {
-    getDependencyPaths: async () => [(0, import_path.join)(os2.homedir(), "go", "pkg", "mod")],
+    getDependencyPaths: async () => [(0, import_path2.join)(os2.homedir(), "go", "pkg", "mod")],
    getHashPatterns: async () => internal.makePatternCheck(["**/go.sum"])
  }
 };
@@ -87458,7 +87596,15 @@ async function getFeaturePrefix(codeql, features, language) {
      enabledFeatures.push(feature);
    }
  };
-  if (language === "csharp" /* csharp */) {
+  if (language === "java" /* java */) {
+    const minimizeJavaJars = await features.getValue(
+      "java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */,
+      codeql
+    );
+    if (minimizeJavaJars) {
+      return "minify-";
+    }
+  } else if (language === "csharp" /* csharp */) {
    await addFeatureIfEnabled("csharp_new_cache_key" /* CsharpNewCacheKey */);
    await addFeatureIfEnabled("csharp_cache_bmn" /* CsharpCacheBuildModeNone */);
  }
@@ -87475,79 +87621,16 @@ async function cachePrefix2(codeql, features, language) {
    prefix = `${prefix}-${customPrefix}`;
  }
  const featurePrefix = await getFeaturePrefix(codeql, features, language);
-  return `${prefix}-${featurePrefix}${CODEQL_DEPENDENCY_CACHE_VERSION}-${runnerOs}-${language}-`;
+  if (featurePrefix === "minify-") {
+    return `${featurePrefix}${prefix}-${CODEQL_DEPENDENCY_CACHE_VERSION}-${runnerOs}-${language}-`;
+  } else {
+    return `${prefix}-${featurePrefix}${CODEQL_DEPENDENCY_CACHE_VERSION}-${runnerOs}-${language}-`;
+  }
 }
 var internal = {
  makePatternCheck
 };

-// src/diagnostics.ts
-var import_fs = require("fs");
-var import_path2 = __toESM(require("path"));
-var unwrittenDiagnostics = [];
-function makeDiagnostic(id, name, data = void 0) {
-  return {
-    ...data,
-    timestamp: data?.timestamp ?? (/* @__PURE__ */ new Date()).toISOString(),
-    source: { ...data?.source, id, name }
-  };
-}
-function addDiagnostic(config, language, diagnostic) {
-  const logger = getActionsLogger();
-  const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation;
-  if ((0, import_fs.existsSync)(databasePath)) {
-    writeDiagnostic(config, language, diagnostic);
-  } else {
-    logger.debug(
-      `Writing a diagnostic for ${language}, but the database at ${databasePath} does not exist yet.`
-    );
-    unwrittenDiagnostics.push({ diagnostic, language });
-  }
-}
-function writeDiagnostic(config, language, diagnostic) {
-  const logger = getActionsLogger();
-  const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation;
-  const diagnosticsPath = import_path2.default.resolve(
-    databasePath,
-    "diagnostic",
-    "codeql-action"
-  );
-  try {
-    (0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true });
-    const jsonPath = import_path2.default.resolve(
-      diagnosticsPath,
-      // Remove colons from the timestamp as these are not allowed in Windows filenames.
-      `codeql-action-${diagnostic.timestamp.replaceAll(":", "")}.json`
-    );
-    (0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic));
-  } catch (err) {
-    logger.warning(`Unable to write diagnostic message to database: ${err}`);
-    logger.debug(JSON.stringify(diagnostic));
-  }
-}
-function logUnwrittenDiagnostics() {
-  const logger = getActionsLogger();
-  const num = unwrittenDiagnostics.length;
-  if (num > 0) {
-    logger.warning(
-      `${num} diagnostic(s) could not be written to the database and will not appear on the Tool Status Page.`
-    );
-    for (const unwritten of unwrittenDiagnostics) {
-      logger.debug(JSON.stringify(unwritten.diagnostic));
-    }
-  }
-}
-function flushDiagnostics(config) {
-  const logger = getActionsLogger();
-  logger.debug(
-    `Writing ${unwrittenDiagnostics.length} diagnostic(s) to database.`
-  );
-  for (const unwritten of unwrittenDiagnostics) {
-    writeDiagnostic(config, unwritten.language, unwritten.diagnostic);
-  }
-  unwrittenDiagnostics = [];
-}
-
 // src/init.ts
 var fs12 = __toESM(require("fs"));
 var path13 = __toESM(require("path"));
@@ -87805,7 +87888,7 @@ var fs9 = __toESM(require("fs"));
 var path10 = __toESM(require("path"));
 var toolcache3 = __toESM(require_tool_cache());
 var import_fast_deep_equal = __toESM(require_fast_deep_equal());
-var semver7 = __toESM(require_semver2());
+var semver8 = __toESM(require_semver2());

 // src/tar.ts
 var import_child_process = require("child_process");
@@ -87814,7 +87897,7 @@ var stream = __toESM(require("stream"));
 var import_toolrunner = __toESM(require_toolrunner());
 var io4 = __toESM(require_io2());
 var toolcache = __toESM(require_tool_cache());
-var semver5 = __toESM(require_semver2());
+var semver6 = __toESM(require_semver2());
 var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3";
 var MIN_REQUIRED_GNU_TAR_VERSION = "1.31";
 async function getTarVersion() {
@@ -87856,9 +87939,9 @@ async function isZstdAvailable(logger) {
      case "gnu":
        return {
          available: foundZstdBinary && // GNU tar only uses major and minor version numbers
-          semver5.gte(
-            semver5.coerce(version),
-            semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
+          semver6.gte(
+            semver6.coerce(version),
+            semver6.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
          ),
          foundZstdBinary,
          version: tarVersion
@@ -87867,7 +87950,7 @@ async function isZstdAvailable(logger) {
        return {
          available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain
          // a patch version number.
-          semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
+          semver6.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
          foundZstdBinary,
          version: tarVersion
        };
@@ -87974,7 +88057,7 @@ var core9 = __toESM(require_core());
 var import_http_client = __toESM(require_lib6());
 var toolcache2 = __toESM(require_tool_cache());
 var import_follow_redirects = __toESM(require_follow_redirects());
-var semver6 = __toESM(require_semver2());
+var semver7 = __toESM(require_semver2());
 var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;
 var TOOLCACHE_TOOL_NAME = "CodeQL";
 function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) {
@@ -88104,7 +88187,7 @@ function getToolcacheDirectory(version) {
  return path9.join(
    getRequiredEnvParam("RUNNER_TOOL_CACHE"),
    TOOLCACHE_TOOL_NAME,
-    semver6.clean(version) || version,
+    semver7.clean(version) || version,
    os3.arch() || ""
  );
 }
@@ -88229,13 +88312,13 @@ function tryGetTagNameFromUrl(url, logger) {
  return match[1];
 }
 function convertToSemVer(version, logger) {
-  if (!semver7.valid(version)) {
+  if (!semver8.valid(version)) {
    logger.debug(
      `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`
    );
    version = `0.0.0-${version}`;
  }
-  const s = semver7.clean(version);
+  const s = semver8.clean(version);
  if (!s) {
    throw new Error(`Bundle version ${version} is not in SemVer format.`);
  }
@@ -88343,7 +88426,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
    url = toolsInput;
    if (tagName) {
      const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger);
-      if (bundleVersion3 && semver7.valid(bundleVersion3)) {
+      if (bundleVersion3 && semver8.valid(bundleVersion3)) {
        cliVersion2 = convertToSemVer(bundleVersion3, logger);
      }
    }
@@ -88614,7 +88697,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau
 async function useZstdBundle(cliVersion2, tarSupportsZstd) {
  return (
    // In testing, gzip performs better than zstd on Windows.
-    process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
+    process.platform !== "win32" && tarSupportsZstd && semver8.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
  );
 }
 function getTempExtractionDir(tempDir) {
@@ -88646,7 +88729,7 @@ async function getNightlyToolsUrl(logger) {
  }
 }
 function getLatestToolcacheVersion(logger) {
-  const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver7.compare(b, a));
+  const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver8.compare(b, a));
  logger.debug(
    `Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify(
      allVersions
@@ -89879,7 +89962,6 @@ var internal2 = {
 };

 // src/init-action.ts
-var CODEQL_VERSION_JAR_MINIMIZATION = "2.23.0";
 async function sendStartingStatusReport(startedAt, config, logger) {
  const statusReportBase = await createStatusReportBase(
    "init" /* Init */,
@@ -90024,12 +90106,12 @@ async function run() {
      const experimental = "2.19.3";
      const publicPreview = "2.22.1";
      const actualVer = (await codeql.getVersion()).version;
-      if (semver8.lt(actualVer, experimental)) {
+      if (semver9.lt(actualVer, experimental)) {
        throw new ConfigurationError(
          `Rust analysis is supported by CodeQL CLI version ${experimental} or higher, but found version ${actualVer}`
        );
      }
-      if (semver8.lt(actualVer, publicPreview)) {
+      if (semver9.lt(actualVer, publicPreview)) {
        core13.exportVariable("CODEQL_ENABLE_EXPERIMENTAL_FEATURES" /* EXPERIMENTAL_FEATURES */, "true");
        logger.info("Experimental Rust analysis enabled");
      }
@@ -90112,20 +90194,14 @@ async function run() {
        // Arbitrarily choose the first language. We could also choose all languages, but that
        // increases the risk of misinterpreting the data.
        config.languages[0],
-        makeDiagnostic(
+        makeTelemetryDiagnostic(
          "codeql-action/bundle-download-telemetry",
          "CodeQL bundle download telemetry",
-          {
-            attributes: toolsDownloadStatusReport,
-            visibility: {
-              cliSummaryTable: false,
-              statusPage: false,
-              telemetry: true
-            }
-          }
+          toolsDownloadStatusReport
        )
      );
    }
+    await logGitVersionTelemetry(config, logger);
    const goFlags = process.env["GOFLAGS"];
    if (goFlags) {
      core13.exportVariable("GOFLAGS", goFlags);
@@ -90270,7 +90346,7 @@ exec ${goBinaryPath} "$@"`
      logger.debug(
        `${"CODEQL_EXTRACTOR_JAVA_OPTION_MINIMIZE_DEPENDENCY_JARS" /* JAVA_EXTRACTOR_MINIMIZE_DEPENDENCY_JARS */} is already set to '${process.env["CODEQL_EXTRACTOR_JAVA_OPTION_MINIMIZE_DEPENDENCY_JARS" /* JAVA_EXTRACTOR_MINIMIZE_DEPENDENCY_JARS */]}', so the Action will not override it.`
      );
-    } else if (await codeQlVersionAtLeast(codeql, CODEQL_VERSION_JAR_MINIMIZATION) && config.dependencyCachingEnabled && config.buildMode === "none" /* None */ && config.languages.includes("java" /* java */)) {
+    } else if (await features.getValue("java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */, codeql) && config.dependencyCachingEnabled && config.buildMode === "none" /* None */ && config.languages.includes("java" /* java */)) {
      core13.exportVariable(
        "CODEQL_EXTRACTOR_JAVA_OPTION_MINIMIZE_DEPENDENCY_JARS" /* JAVA_EXTRACTOR_MINIMIZE_DEPENDENCY_JARS */,
        "true"
@@ -90368,17 +90444,10 @@ async function recordZstdAvailability(config, zstdAvailability) {
    // Arbitrarily choose the first language. We could also choose all languages, but that
    // increases the risk of misinterpreting the data.
    config.languages[0],
-    makeDiagnostic(
+    makeTelemetryDiagnostic(
      "codeql-action/zstd-availability",
      "Zstandard availability",
-      {
-        attributes: zstdAvailability,
-        visibility: {
-          cliSummaryTable: false,
-          statusPage: false,
-          telemetry: true
-        }
-      }
+      zstdAvailability
    )
  );
 }
@@ -90391,10 +90460,6 @@ async function runWrapper() {
  await checkForTimeout();
 }
 void runWrapper();
-// Annotate the CommonJS export names for ESM import in node:
-0 && (module.exports = {
-  CODEQL_VERSION_JAR_MINIMIZATION
-});
 /*! Bundled license information:

 undici/lib/fetch/body.js:
--- a/lib/resolve-environment-action.js
+++ b/lib/resolve-environment-action.js
@@ -26413,8 +26413,8 @@ var require_gte = __commonJS({
  "node_modules/semver/functions/gte.js"(exports2, module2) {
    "use strict";
    var compare2 = require_compare();
-    var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0;
-    module2.exports = gte5;
+    var gte6 = (a, b, loose) => compare2(a, b, loose) >= 0;
+    module2.exports = gte6;
  }
 });

@@ -26435,7 +26435,7 @@ var require_cmp = __commonJS({
    var eq = require_eq();
    var neq = require_neq();
    var gt = require_gt();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lt = require_lt();
    var lte = require_lte();
    var cmp = (a, op, b, loose) => {
@@ -26465,7 +26465,7 @@ var require_cmp = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -27224,7 +27224,7 @@ var require_outside = __commonJS({
    var gt = require_gt();
    var lt = require_lt();
    var lte = require_lte();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var outside = (version, range, hilo, options) => {
      version = new SemVer(version, options);
      range = new Range2(range, options);
@@ -27239,7 +27239,7 @@ var require_outside = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -27554,7 +27554,7 @@ var require_semver2 = __commonJS({
    var lt = require_lt();
    var eq = require_eq();
    var neq = require_neq();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lte = require_lte();
    var cmp = require_cmp();
    var coerce3 = require_coerce();
@@ -27592,7 +27592,7 @@ var require_semver2 = __commonJS({
      lt,
      eq,
      neq,
-      gte: gte5,
+      gte: gte6,
      lte,
      cmp,
      coerce: coerce3,
@@ -30964,7 +30964,7 @@ var require_brace_expansion = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -31009,7 +31009,7 @@ var require_brace_expansion = __commonJS({
        var reverse = y < x;
        if (reverse) {
          incr *= -1;
-          test = gte5;
+          test = gte6;
        }
        var pad = n.some(isPadded);
        N = [];
@@ -33162,8 +33162,8 @@ var require_semver3 = __commonJS({
    function neq(a, b, loose) {
      return compare2(a, b, loose) !== 0;
    }
-    exports2.gte = gte5;
-    function gte5(a, b, loose) {
+    exports2.gte = gte6;
+    function gte6(a, b, loose) {
      return compare2(a, b, loose) >= 0;
    }
    exports2.lte = lte;
@@ -33194,7 +33194,7 @@ var require_semver3 = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -33739,7 +33739,7 @@ var require_semver3 = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -33940,7 +33940,7 @@ var require_cacheUtils = __commonJS({
    var crypto = __importStar4(require("crypto"));
    var fs5 = __importStar4(require("fs"));
    var path5 = __importStar4(require("path"));
-    var semver8 = __importStar4(require_semver3());
+    var semver9 = __importStar4(require_semver3());
    var util = __importStar4(require("util"));
    var constants_1 = require_constants7();
    var versionSalt = "1.0";
@@ -34037,7 +34037,7 @@ var require_cacheUtils = __commonJS({
    function getCompressionMethod() {
      return __awaiter4(this, void 0, void 0, function* () {
        const versionOutput = yield getVersion("zstd", ["--quiet"]);
-        const version = semver8.clean(versionOutput);
+        const version = semver9.clean(versionOutput);
        core13.debug(`zstd version: ${version}`);
        if (versionOutput === "") {
          return constants_1.CompressionMethod.Gzip;
@@ -77574,7 +77574,7 @@ var require_manifest = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2._readLinuxVersionFile = exports2._getOsVersion = exports2._findMatch = void 0;
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var core_1 = require_core();
    var os2 = require("os");
    var cp = require("child_process");
@@ -77588,7 +77588,7 @@ var require_manifest = __commonJS({
        for (const candidate of candidates) {
          const version = candidate.version;
          (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`);
-          if (semver8.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
+          if (semver9.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
            file = candidate.files.find((item) => {
              (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
              let chk = item.arch === archFilter && item.platform === platFilter;
@@ -77597,7 +77597,7 @@ var require_manifest = __commonJS({
                if (osVersion === item.platform_version) {
                  chk = true;
                } else {
-                  chk = semver8.satisfies(osVersion, item.platform_version);
+                  chk = semver9.satisfies(osVersion, item.platform_version);
                }
              }
              return chk;
@@ -78528,7 +78528,7 @@ var require_tool_cache = __commonJS({
    var os2 = __importStar4(require("os"));
    var path5 = __importStar4(require("path"));
    var httpm = __importStar4(require_lib5());
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var stream = __importStar4(require("stream"));
    var util = __importStar4(require("util"));
    var assert_1 = require("assert");
@@ -78802,7 +78802,7 @@ var require_tool_cache = __commonJS({
    }
    function cacheDir(sourceDir, tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch = arch || os2.arch();
        core13.debug(`Caching tool ${tool} ${version} ${arch}`);
        core13.debug(`source dir: ${sourceDir}`);
@@ -78821,7 +78821,7 @@ var require_tool_cache = __commonJS({
    exports2.cacheDir = cacheDir;
    function cacheFile(sourceFile, targetFile, tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch = arch || os2.arch();
        core13.debug(`Caching tool ${tool} ${version} ${arch}`);
        core13.debug(`source file: ${sourceFile}`);
@@ -78852,7 +78852,7 @@ var require_tool_cache = __commonJS({
      }
      let toolPath = "";
      if (versionSpec) {
-        versionSpec = semver8.clean(versionSpec) || "";
+        versionSpec = semver9.clean(versionSpec) || "";
        const cachePath = path5.join(_getCacheDirectory(), toolName, versionSpec, arch);
        core13.debug(`checking cache: ${cachePath}`);
        if (fs5.existsSync(cachePath) && fs5.existsSync(`${cachePath}.complete`)) {
@@ -78936,7 +78936,7 @@ var require_tool_cache = __commonJS({
    }
    function _createToolPath(tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        const folderPath = path5.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch || "");
+        const folderPath = path5.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch || "");
        core13.debug(`destination ${folderPath}`);
        const markerPath = `${folderPath}.complete`;
        yield io5.rmRF(folderPath);
@@ -78946,15 +78946,15 @@ var require_tool_cache = __commonJS({
      });
    }
    function _completeToolPath(tool, version, arch) {
-      const folderPath = path5.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch || "");
+      const folderPath = path5.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch || "");
      const markerPath = `${folderPath}.complete`;
      fs5.writeFileSync(markerPath, "");
      core13.debug("finished caching tool");
    }
    function isExplicitVersion(versionSpec) {
-      const c = semver8.clean(versionSpec) || "";
+      const c = semver9.clean(versionSpec) || "";
      core13.debug(`isExplicit: ${c}`);
-      const valid3 = semver8.valid(c) != null;
+      const valid3 = semver9.valid(c) != null;
      core13.debug(`explicit? ${valid3}`);
      return valid3;
    }
@@ -78963,14 +78963,14 @@ var require_tool_cache = __commonJS({
      let version = "";
      core13.debug(`evaluating ${versions.length} versions`);
      versions = versions.sort((a, b) => {
-        if (semver8.gt(a, b)) {
+        if (semver9.gt(a, b)) {
          return 1;
        }
        return -1;
      });
      for (let i = versions.length - 1; i >= 0; i--) {
        const potential = versions[i];
-        const satisfied = semver8.satisfies(potential, versionSpec);
+        const satisfied = semver9.satisfies(potential, versionSpec);
        if (satisfied) {
          version = potential;
          break;
@@ -83695,7 +83695,7 @@ var PACK_IDENTIFIER_PATTERN = (function() {
 })();

 // src/feature-flags.ts
-var semver4 = __toESM(require_semver2());
+var semver5 = __toESM(require_semver2());

 // src/overlay-database-utils.ts
 var fs2 = __toESM(require("fs"));
@@ -83703,13 +83703,30 @@ var path2 = __toESM(require("path"));
 var actionsCache = __toESM(require_cache3());

 // src/git-utils.ts
-var core7 = __toESM(require_core());
+var core8 = __toESM(require_core());
 var toolrunner2 = __toESM(require_toolrunner());
 var io3 = __toESM(require_io2());
+var semver3 = __toESM(require_semver2());
+
+// src/logging.ts
+var core7 = __toESM(require_core());
+function getActionsLogger() {
+  return {
+    debug: core7.debug,
+    info: core7.info,
+    warning: core7.warning,
+    error: core7.error,
+    isDebug: core7.isDebug,
+    startGroup: core7.startGroup,
+    endGroup: core7.endGroup
+  };
+}
+
+// src/git-utils.ts
 var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
  let stdout = "";
  let stderr = "";
-  core7.debug(`Running git command: git ${args.join(" ")}`);
+  core8.debug(`Running git command: git ${args.join(" ")}`);
  try {
    await new toolrunner2.ToolRunner(await io3.which("git", true), args, {
      silent: true,
@@ -83729,7 +83746,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
    if (stderr.includes("not a git repository")) {
      reason = "The checkout path provided to the action does not appear to be a git repository.";
    }
-    core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
+    core8.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
    throw error3;
  }
 };
@@ -83840,7 +83857,7 @@ async function getRef() {
  ) !== head;
  if (hasChangedRef) {
    const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head");
-    core7.debug(
+    core8.debug(
      `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.`
    );
    return newRef;
@@ -83865,20 +83882,6 @@ async function isAnalyzingDefaultBranch() {
  return currentRef === defaultBranch;
 }

-// src/logging.ts
-var core8 = __toESM(require_core());
-function getActionsLogger() {
-  return {
-    debug: core8.debug,
-    info: core8.info,
-    warning: core8.warning,
-    error: core8.error,
-    isDebug: core8.isDebug,
-    startGroup: core8.startGroup,
-    endGroup: core8.endGroup
-  };
-}
-
 // src/overlay-database-utils.ts
 var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
@@ -83941,7 +83944,7 @@ function computeChangedFiles(baseFileOids, overlayFileOids) {
 }

 // src/tools-features.ts
-var semver3 = __toESM(require_semver2());
+var semver4 = __toESM(require_semver2());
 function isSupportedToolsFeature(versionInfo, feature) {
  return !!versionInfo.features && versionInfo.features[feature];
 }
@@ -84002,6 +84005,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -84224,20 +84232,20 @@ var toolrunner3 = __toESM(require_toolrunner());
 // src/setup-codeql.ts
 var toolcache3 = __toESM(require_tool_cache());
 var import_fast_deep_equal = __toESM(require_fast_deep_equal());
-var semver7 = __toESM(require_semver2());
+var semver8 = __toESM(require_semver2());

 // src/tar.ts
 var import_toolrunner = __toESM(require_toolrunner());
 var io4 = __toESM(require_io2());
 var toolcache = __toESM(require_tool_cache());
-var semver5 = __toESM(require_semver2());
+var semver6 = __toESM(require_semver2());

 // src/tools-download.ts
 var core9 = __toESM(require_core());
 var import_http_client = __toESM(require_lib6());
 var toolcache2 = __toESM(require_tool_cache());
 var import_follow_redirects = __toESM(require_follow_redirects());
-var semver6 = __toESM(require_semver2());
+var semver7 = __toESM(require_semver2());
 var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;

 // src/tracer-config.ts
--- a/lib/setup-codeql-action.js
+++ b/lib/setup-codeql-action.js
@@ -26413,8 +26413,8 @@ var require_gte = __commonJS({
  "node_modules/semver/functions/gte.js"(exports2, module2) {
    "use strict";
    var compare2 = require_compare();
-    var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0;
-    module2.exports = gte5;
+    var gte6 = (a, b, loose) => compare2(a, b, loose) >= 0;
+    module2.exports = gte6;
  }
 });

@@ -26435,7 +26435,7 @@ var require_cmp = __commonJS({
    var eq = require_eq();
    var neq = require_neq();
    var gt = require_gt();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lt = require_lt();
    var lte = require_lte();
    var cmp = (a, op, b, loose) => {
@@ -26465,7 +26465,7 @@ var require_cmp = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -27224,7 +27224,7 @@ var require_outside = __commonJS({
    var gt = require_gt();
    var lt = require_lt();
    var lte = require_lte();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var outside = (version, range, hilo, options) => {
      version = new SemVer(version, options);
      range = new Range2(range, options);
@@ -27239,7 +27239,7 @@ var require_outside = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -27554,7 +27554,7 @@ var require_semver2 = __commonJS({
    var lt = require_lt();
    var eq = require_eq();
    var neq = require_neq();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lte = require_lte();
    var cmp = require_cmp();
    var coerce3 = require_coerce();
@@ -27592,7 +27592,7 @@ var require_semver2 = __commonJS({
      lt,
      eq,
      neq,
-      gte: gte5,
+      gte: gte6,
      lte,
      cmp,
      coerce: coerce3,
@@ -29667,7 +29667,7 @@ var require_brace_expansion = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -29712,7 +29712,7 @@ var require_brace_expansion = __commonJS({
        var reverse = y < x;
        if (reverse) {
          incr *= -1;
-          test = gte5;
+          test = gte6;
        }
        var pad = n.some(isPadded);
        N = [];
@@ -31865,8 +31865,8 @@ var require_semver3 = __commonJS({
    function neq(a, b, loose) {
      return compare2(a, b, loose) !== 0;
    }
-    exports2.gte = gte5;
-    function gte5(a, b, loose) {
+    exports2.gte = gte6;
+    function gte6(a, b, loose) {
      return compare2(a, b, loose) >= 0;
    }
    exports2.lte = lte;
@@ -31897,7 +31897,7 @@ var require_semver3 = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -32442,7 +32442,7 @@ var require_semver3 = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -32643,7 +32643,7 @@ var require_cacheUtils = __commonJS({
    var crypto = __importStar4(require("crypto"));
    var fs9 = __importStar4(require("fs"));
    var path8 = __importStar4(require("path"));
-    var semver8 = __importStar4(require_semver3());
+    var semver9 = __importStar4(require_semver3());
    var util = __importStar4(require("util"));
    var constants_1 = require_constants7();
    var versionSalt = "1.0";
@@ -32740,7 +32740,7 @@ var require_cacheUtils = __commonJS({
    function getCompressionMethod() {
      return __awaiter4(this, void 0, void 0, function* () {
        const versionOutput = yield getVersion("zstd", ["--quiet"]);
-        const version = semver8.clean(versionOutput);
+        const version = semver9.clean(versionOutput);
        core13.debug(`zstd version: ${version}`);
        if (versionOutput === "") {
          return constants_1.CompressionMethod.Gzip;
@@ -77574,7 +77574,7 @@ var require_manifest = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2._readLinuxVersionFile = exports2._getOsVersion = exports2._findMatch = void 0;
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var core_1 = require_core();
    var os3 = require("os");
    var cp = require("child_process");
@@ -77588,7 +77588,7 @@ var require_manifest = __commonJS({
        for (const candidate of candidates) {
          const version = candidate.version;
          (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`);
-          if (semver8.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
+          if (semver9.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
            file = candidate.files.find((item) => {
              (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
              let chk = item.arch === archFilter && item.platform === platFilter;
@@ -77597,7 +77597,7 @@ var require_manifest = __commonJS({
                if (osVersion === item.platform_version) {
                  chk = true;
                } else {
-                  chk = semver8.satisfies(osVersion, item.platform_version);
+                  chk = semver9.satisfies(osVersion, item.platform_version);
                }
              }
              return chk;
@@ -78528,7 +78528,7 @@ var require_tool_cache = __commonJS({
    var os3 = __importStar4(require("os"));
    var path8 = __importStar4(require("path"));
    var httpm = __importStar4(require_lib5());
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var stream2 = __importStar4(require("stream"));
    var util = __importStar4(require("util"));
    var assert_1 = require("assert");
@@ -78802,7 +78802,7 @@ var require_tool_cache = __commonJS({
    }
    function cacheDir(sourceDir, tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch2 = arch2 || os3.arch();
        core13.debug(`Caching tool ${tool} ${version} ${arch2}`);
        core13.debug(`source dir: ${sourceDir}`);
@@ -78821,7 +78821,7 @@ var require_tool_cache = __commonJS({
    exports2.cacheDir = cacheDir;
    function cacheFile(sourceFile, targetFile, tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch2 = arch2 || os3.arch();
        core13.debug(`Caching tool ${tool} ${version} ${arch2}`);
        core13.debug(`source file: ${sourceFile}`);
@@ -78852,7 +78852,7 @@ var require_tool_cache = __commonJS({
      }
      let toolPath = "";
      if (versionSpec) {
-        versionSpec = semver8.clean(versionSpec) || "";
+        versionSpec = semver9.clean(versionSpec) || "";
        const cachePath = path8.join(_getCacheDirectory(), toolName, versionSpec, arch2);
        core13.debug(`checking cache: ${cachePath}`);
        if (fs9.existsSync(cachePath) && fs9.existsSync(`${cachePath}.complete`)) {
@@ -78936,7 +78936,7 @@ var require_tool_cache = __commonJS({
    }
    function _createToolPath(tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        const folderPath = path8.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch2 || "");
+        const folderPath = path8.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
        core13.debug(`destination ${folderPath}`);
        const markerPath = `${folderPath}.complete`;
        yield io6.rmRF(folderPath);
@@ -78946,15 +78946,15 @@ var require_tool_cache = __commonJS({
      });
    }
    function _completeToolPath(tool, version, arch2) {
-      const folderPath = path8.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch2 || "");
+      const folderPath = path8.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
      const markerPath = `${folderPath}.complete`;
      fs9.writeFileSync(markerPath, "");
      core13.debug("finished caching tool");
    }
    function isExplicitVersion(versionSpec) {
-      const c = semver8.clean(versionSpec) || "";
+      const c = semver9.clean(versionSpec) || "";
      core13.debug(`isExplicit: ${c}`);
-      const valid3 = semver8.valid(c) != null;
+      const valid3 = semver9.valid(c) != null;
      core13.debug(`explicit? ${valid3}`);
      return valid3;
    }
@@ -78963,14 +78963,14 @@ var require_tool_cache = __commonJS({
      let version = "";
      core13.debug(`evaluating ${versions.length} versions`);
      versions = versions.sort((a, b) => {
-        if (semver8.gt(a, b)) {
+        if (semver9.gt(a, b)) {
          return 1;
        }
        return -1;
      });
      for (let i = versions.length - 1; i >= 0; i--) {
        const potential = versions[i];
-        const satisfied = semver8.satisfies(potential, versionSpec);
+        const satisfied = semver9.satisfies(potential, versionSpec);
        if (satisfied) {
          version = potential;
          break;
@@ -83586,7 +83586,7 @@ function wrapApiConfigurationError(e) {
 // src/feature-flags.ts
 var fs4 = __toESM(require("fs"));
 var path4 = __toESM(require("path"));
-var semver3 = __toESM(require_semver2());
+var semver4 = __toESM(require_semver2());

 // src/defaults.json
 var bundleVersion = "codeql-bundle-v2.23.8";
@@ -83601,13 +83601,41 @@ var actionsCache = __toESM(require_cache3());
 var core6 = __toESM(require_core());

 // src/git-utils.ts
-var core7 = __toESM(require_core());
+var core8 = __toESM(require_core());
 var toolrunner2 = __toESM(require_toolrunner());
 var io3 = __toESM(require_io2());
+var semver2 = __toESM(require_semver2());
+
+// src/logging.ts
+var core7 = __toESM(require_core());
+function getActionsLogger() {
+  return {
+    debug: core7.debug,
+    info: core7.info,
+    warning: core7.warning,
+    error: core7.error,
+    isDebug: core7.isDebug,
+    startGroup: core7.startGroup,
+    endGroup: core7.endGroup
+  };
+}
+function formatDuration(durationMs) {
+  if (durationMs < 1e3) {
+    return `${durationMs}ms`;
+  }
+  if (durationMs < 60 * 1e3) {
+    return `${(durationMs / 1e3).toFixed(1)}s`;
+  }
+  const minutes = Math.floor(durationMs / (60 * 1e3));
+  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
+  return `${minutes}m${seconds}s`;
+}
+
+// src/git-utils.ts
 var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
  let stdout = "";
  let stderr = "";
-  core7.debug(`Running git command: git ${args.join(" ")}`);
+  core8.debug(`Running git command: git ${args.join(" ")}`);
  try {
    await new toolrunner2.ToolRunner(await io3.which("git", true), args, {
      silent: true,
@@ -83627,7 +83655,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
    if (stderr.includes("not a git repository")) {
      reason = "The checkout path provided to the action does not appear to be a git repository.";
    }
-    core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
+    core8.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
    throw error3;
  }
 };
@@ -83738,7 +83766,7 @@ async function getRef() {
  ) !== head;
  if (hasChangedRef) {
    const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head");
-    core7.debug(
+    core8.debug(
      `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.`
    );
    return newRef;
@@ -83763,31 +83791,6 @@ async function isAnalyzingDefaultBranch() {
  return currentRef === defaultBranch;
 }

-// src/logging.ts
-var core8 = __toESM(require_core());
-function getActionsLogger() {
-  return {
-    debug: core8.debug,
-    info: core8.info,
-    warning: core8.warning,
-    error: core8.error,
-    isDebug: core8.isDebug,
-    startGroup: core8.startGroup,
-    endGroup: core8.endGroup
-  };
-}
-function formatDuration(durationMs) {
-  if (durationMs < 1e3) {
-    return `${durationMs}ms`;
-  }
-  if (durationMs < 60 * 1e3) {
-    return `${(durationMs / 1e3).toFixed(1)}s`;
-  }
-  const minutes = Math.floor(durationMs / (60 * 1e3));
-  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
-  return `${minutes}m${seconds}s`;
-}
-
 // src/overlay-database-utils.ts
 var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
@@ -83850,7 +83853,7 @@ function computeChangedFiles(baseFileOids, overlayFileOids) {
 }

 // src/tools-features.ts
-var semver2 = __toESM(require_semver2());
+var semver3 = __toESM(require_semver2());
 function isSupportedToolsFeature(versionInfo, feature) {
  return !!versionInfo.features && versionInfo.features[feature];
 }
@@ -83914,6 +83917,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -84158,7 +84166,7 @@ var GitHubFeatureFlags = class {
      DEFAULT_VERSION_FEATURE_FLAG_PREFIX.length,
      f.length - DEFAULT_VERSION_FEATURE_FLAG_SUFFIX.length
    ).replace(/_/g, ".");
-    if (!semver3.valid(version)) {
+    if (!semver4.valid(version)) {
      this.logger.warning(
        `Ignoring feature flag ${f} as it does not specify a valid CodeQL version.`
      );
@@ -84581,7 +84589,7 @@ var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));

 // src/config/db-config.ts
 var jsonschema = __toESM(require_lib4());
-var semver4 = __toESM(require_semver2());
+var semver5 = __toESM(require_semver2());
 var PACK_IDENTIFIER_PATTERN = (function() {
  const alphaNumeric = "[a-z0-9]";
  const alphaNumericDash = "[a-z0-9-]";
@@ -84644,7 +84652,7 @@ var fs7 = __toESM(require("fs"));
 var path6 = __toESM(require("path"));
 var toolcache3 = __toESM(require_tool_cache());
 var import_fast_deep_equal = __toESM(require_fast_deep_equal());
-var semver7 = __toESM(require_semver2());
+var semver8 = __toESM(require_semver2());

 // src/tar.ts
 var import_child_process = require("child_process");
@@ -84653,7 +84661,7 @@ var stream = __toESM(require("stream"));
 var import_toolrunner = __toESM(require_toolrunner());
 var io4 = __toESM(require_io2());
 var toolcache = __toESM(require_tool_cache());
-var semver5 = __toESM(require_semver2());
+var semver6 = __toESM(require_semver2());
 var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3";
 var MIN_REQUIRED_GNU_TAR_VERSION = "1.31";
 async function getTarVersion() {
@@ -84695,9 +84703,9 @@ async function isZstdAvailable(logger) {
      case "gnu":
        return {
          available: foundZstdBinary && // GNU tar only uses major and minor version numbers
-          semver5.gte(
-            semver5.coerce(version),
-            semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
+          semver6.gte(
+            semver6.coerce(version),
+            semver6.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
          ),
          foundZstdBinary,
          version: tarVersion
@@ -84706,7 +84714,7 @@ async function isZstdAvailable(logger) {
        return {
          available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain
          // a patch version number.
-          semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
+          semver6.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
          foundZstdBinary,
          version: tarVersion
        };
@@ -84813,7 +84821,7 @@ var core9 = __toESM(require_core());
 var import_http_client = __toESM(require_lib6());
 var toolcache2 = __toESM(require_tool_cache());
 var import_follow_redirects = __toESM(require_follow_redirects());
-var semver6 = __toESM(require_semver2());
+var semver7 = __toESM(require_semver2());
 var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;
 var TOOLCACHE_TOOL_NAME = "CodeQL";
 function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) {
@@ -84943,7 +84951,7 @@ function getToolcacheDirectory(version) {
  return path5.join(
    getRequiredEnvParam("RUNNER_TOOL_CACHE"),
    TOOLCACHE_TOOL_NAME,
-    semver6.clean(version) || version,
+    semver7.clean(version) || version,
    os.arch() || ""
  );
 }
@@ -85068,13 +85076,13 @@ function tryGetTagNameFromUrl(url, logger) {
  return match[1];
 }
 function convertToSemVer(version, logger) {
-  if (!semver7.valid(version)) {
+  if (!semver8.valid(version)) {
    logger.debug(
      `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`
    );
    version = `0.0.0-${version}`;
  }
-  const s = semver7.clean(version);
+  const s = semver8.clean(version);
  if (!s) {
    throw new Error(`Bundle version ${version} is not in SemVer format.`);
  }
@@ -85182,7 +85190,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
    url = toolsInput;
    if (tagName) {
      const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger);
-      if (bundleVersion3 && semver7.valid(bundleVersion3)) {
+      if (bundleVersion3 && semver8.valid(bundleVersion3)) {
        cliVersion2 = convertToSemVer(bundleVersion3, logger);
      }
    }
@@ -85453,7 +85461,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau
 async function useZstdBundle(cliVersion2, tarSupportsZstd) {
  return (
    // In testing, gzip performs better than zstd on Windows.
-    process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
+    process.platform !== "win32" && tarSupportsZstd && semver8.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
  );
 }
 function getTempExtractionDir(tempDir) {
@@ -85485,7 +85493,7 @@ async function getNightlyToolsUrl(logger) {
  }
 }
 function getLatestToolcacheVersion(logger) {
-  const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver7.compare(b, a));
+  const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver8.compare(b, a));
  logger.debug(
    `Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify(
      allVersions
--- a/lib/start-proxy-action-post.js
+++ b/lib/start-proxy-action-post.js
@@ -26413,8 +26413,8 @@ var require_gte = __commonJS({
  "node_modules/semver/functions/gte.js"(exports2, module2) {
    "use strict";
    var compare2 = require_compare();
-    var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0;
-    module2.exports = gte5;
+    var gte6 = (a, b, loose) => compare2(a, b, loose) >= 0;
+    module2.exports = gte6;
  }
 });

@@ -26435,7 +26435,7 @@ var require_cmp = __commonJS({
    var eq = require_eq();
    var neq = require_neq();
    var gt = require_gt();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lt = require_lt();
    var lte = require_lte();
    var cmp = (a, op, b, loose) => {
@@ -26465,7 +26465,7 @@ var require_cmp = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -27224,7 +27224,7 @@ var require_outside = __commonJS({
    var gt = require_gt();
    var lt = require_lt();
    var lte = require_lte();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var outside = (version, range, hilo, options) => {
      version = new SemVer(version, options);
      range = new Range2(range, options);
@@ -27239,7 +27239,7 @@ var require_outside = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -27554,7 +27554,7 @@ var require_semver2 = __commonJS({
    var lt = require_lt();
    var eq = require_eq();
    var neq = require_neq();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lte = require_lte();
    var cmp = require_cmp();
    var coerce3 = require_coerce();
@@ -27592,7 +27592,7 @@ var require_semver2 = __commonJS({
      lt,
      eq,
      neq,
-      gte: gte5,
+      gte: gte6,
      lte,
      cmp,
      coerce: coerce3,
@@ -30964,7 +30964,7 @@ var require_brace_expansion = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -31009,7 +31009,7 @@ var require_brace_expansion = __commonJS({
        var reverse = y < x;
        if (reverse) {
          incr *= -1;
-          test = gte5;
+          test = gte6;
        }
        var pad = n.some(isPadded);
        N = [];
@@ -33162,8 +33162,8 @@ var require_semver3 = __commonJS({
    function neq(a, b, loose) {
      return compare2(a, b, loose) !== 0;
    }
-    exports2.gte = gte5;
-    function gte5(a, b, loose) {
+    exports2.gte = gte6;
+    function gte6(a, b, loose) {
      return compare2(a, b, loose) >= 0;
    }
    exports2.lte = lte;
@@ -33194,7 +33194,7 @@ var require_semver3 = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -33739,7 +33739,7 @@ var require_semver3 = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -33940,7 +33940,7 @@ var require_cacheUtils = __commonJS({
    var crypto = __importStar4(require("crypto"));
    var fs2 = __importStar4(require("fs"));
    var path2 = __importStar4(require("path"));
-    var semver8 = __importStar4(require_semver3());
+    var semver9 = __importStar4(require_semver3());
    var util = __importStar4(require("util"));
    var constants_1 = require_constants7();
    var versionSalt = "1.0";
@@ -34037,7 +34037,7 @@ var require_cacheUtils = __commonJS({
    function getCompressionMethod() {
      return __awaiter4(this, void 0, void 0, function* () {
        const versionOutput = yield getVersion("zstd", ["--quiet"]);
-        const version = semver8.clean(versionOutput);
+        const version = semver9.clean(versionOutput);
        core14.debug(`zstd version: ${version}`);
        if (versionOutput === "") {
          return constants_1.CompressionMethod.Gzip;
@@ -80908,7 +80908,7 @@ var require_brace_expansion2 = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -80958,7 +80958,7 @@ var require_brace_expansion2 = __commonJS({
          var reverse = y < x;
          if (reverse) {
            incr *= -1;
-            test = gte5;
+            test = gte6;
          }
          var pad = n.some(isPadded);
          N = [];
@@ -94263,7 +94263,7 @@ var require_commonjs14 = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand_(str2, isTop) {
@@ -94312,7 +94312,7 @@ var require_commonjs14 = __commonJS({
          const reverse = y < x;
          if (reverse) {
            incr *= -1;
-            test = gte5;
+            test = gte6;
          }
          const pad = n.some(isPadded);
          N = [];
@@ -112698,7 +112698,7 @@ var require_manifest = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2._readLinuxVersionFile = exports2._getOsVersion = exports2._findMatch = void 0;
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var core_1 = require_core();
    var os = require("os");
    var cp = require("child_process");
@@ -112712,7 +112712,7 @@ var require_manifest = __commonJS({
        for (const candidate of candidates) {
          const version = candidate.version;
          (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`);
-          if (semver8.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
+          if (semver9.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
            file = candidate.files.find((item) => {
              (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
              let chk = item.arch === archFilter && item.platform === platFilter;
@@ -112721,7 +112721,7 @@ var require_manifest = __commonJS({
                if (osVersion === item.platform_version) {
                  chk = true;
                } else {
-                  chk = semver8.satisfies(osVersion, item.platform_version);
+                  chk = semver9.satisfies(osVersion, item.platform_version);
                }
              }
              return chk;
@@ -113652,7 +113652,7 @@ var require_tool_cache = __commonJS({
    var os = __importStar4(require("os"));
    var path2 = __importStar4(require("path"));
    var httpm = __importStar4(require_lib8());
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var stream = __importStar4(require("stream"));
    var util = __importStar4(require("util"));
    var assert_1 = require("assert");
@@ -113926,7 +113926,7 @@ var require_tool_cache = __commonJS({
    }
    function cacheDir(sourceDir, tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch = arch || os.arch();
        core14.debug(`Caching tool ${tool} ${version} ${arch}`);
        core14.debug(`source dir: ${sourceDir}`);
@@ -113945,7 +113945,7 @@ var require_tool_cache = __commonJS({
    exports2.cacheDir = cacheDir;
    function cacheFile(sourceFile, targetFile, tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch = arch || os.arch();
        core14.debug(`Caching tool ${tool} ${version} ${arch}`);
        core14.debug(`source file: ${sourceFile}`);
@@ -113976,7 +113976,7 @@ var require_tool_cache = __commonJS({
      }
      let toolPath = "";
      if (versionSpec) {
-        versionSpec = semver8.clean(versionSpec) || "";
+        versionSpec = semver9.clean(versionSpec) || "";
        const cachePath = path2.join(_getCacheDirectory(), toolName, versionSpec, arch);
        core14.debug(`checking cache: ${cachePath}`);
        if (fs2.existsSync(cachePath) && fs2.existsSync(`${cachePath}.complete`)) {
@@ -114060,7 +114060,7 @@ var require_tool_cache = __commonJS({
    }
    function _createToolPath(tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        const folderPath = path2.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch || "");
+        const folderPath = path2.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch || "");
        core14.debug(`destination ${folderPath}`);
        const markerPath = `${folderPath}.complete`;
        yield io6.rmRF(folderPath);
@@ -114070,15 +114070,15 @@ var require_tool_cache = __commonJS({
      });
    }
    function _completeToolPath(tool, version, arch) {
-      const folderPath = path2.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch || "");
+      const folderPath = path2.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch || "");
      const markerPath = `${folderPath}.complete`;
      fs2.writeFileSync(markerPath, "");
      core14.debug("finished caching tool");
    }
    function isExplicitVersion(versionSpec) {
-      const c = semver8.clean(versionSpec) || "";
+      const c = semver9.clean(versionSpec) || "";
      core14.debug(`isExplicit: ${c}`);
-      const valid3 = semver8.valid(c) != null;
+      const valid3 = semver9.valid(c) != null;
      core14.debug(`explicit? ${valid3}`);
      return valid3;
    }
@@ -114087,14 +114087,14 @@ var require_tool_cache = __commonJS({
      let version = "";
      core14.debug(`evaluating ${versions.length} versions`);
      versions = versions.sort((a, b) => {
-        if (semver8.gt(a, b)) {
+        if (semver9.gt(a, b)) {
          return 1;
        }
        return -1;
      });
      for (let i = versions.length - 1; i >= 0; i--) {
        const potential = versions[i];
-        const satisfied = semver8.satisfies(potential, versionSpec);
+        const satisfied = semver9.satisfies(potential, versionSpec);
        if (satisfied) {
          version = potential;
          break;
@@ -119388,27 +119388,28 @@ var PACK_IDENTIFIER_PATTERN = (function() {
 })();

 // src/feature-flags.ts
-var semver4 = __toESM(require_semver2());
+var semver5 = __toESM(require_semver2());

 // src/overlay-database-utils.ts
 var actionsCache = __toESM(require_cache3());

 // src/git-utils.ts
-var core7 = __toESM(require_core());
+var core8 = __toESM(require_core());
 var toolrunner2 = __toESM(require_toolrunner());
 var io3 = __toESM(require_io2());
+var semver3 = __toESM(require_semver2());

 // src/logging.ts
-var core8 = __toESM(require_core());
+var core7 = __toESM(require_core());
 function getActionsLogger() {
  return {
-    debug: core8.debug,
-    info: core8.info,
-    warning: core8.warning,
-    error: core8.error,
-    isDebug: core8.isDebug,
-    startGroup: core8.startGroup,
-    endGroup: core8.endGroup
+    debug: core7.debug,
+    info: core7.info,
+    warning: core7.warning,
+    error: core7.error,
+    isDebug: core7.isDebug,
+    startGroup: core7.startGroup,
+    endGroup: core7.endGroup
  };
 }

@@ -119418,7 +119419,7 @@ var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;

 // src/tools-features.ts
-var semver3 = __toESM(require_semver2());
+var semver4 = __toESM(require_semver2());

 // src/feature-flags.ts
 var featureConfig = {
@@ -119476,6 +119477,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -119826,20 +119832,20 @@ var cliErrorsConfig = {
 // src/setup-codeql.ts
 var toolcache3 = __toESM(require_tool_cache());
 var import_fast_deep_equal = __toESM(require_fast_deep_equal());
-var semver7 = __toESM(require_semver2());
+var semver8 = __toESM(require_semver2());

 // src/tar.ts
 var import_toolrunner = __toESM(require_toolrunner());
 var io4 = __toESM(require_io2());
 var toolcache = __toESM(require_tool_cache());
-var semver5 = __toESM(require_semver2());
+var semver6 = __toESM(require_semver2());

 // src/tools-download.ts
 var core9 = __toESM(require_core());
 var import_http_client = __toESM(require_lib9());
 var toolcache2 = __toESM(require_tool_cache());
 var import_follow_redirects = __toESM(require_follow_redirects());
-var semver6 = __toESM(require_semver2());
+var semver7 = __toESM(require_semver2());
 var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;

 // src/dependency-caching.ts
--- a/lib/start-proxy-action.js
+++ b/lib/start-proxy-action.js
@@ -20958,8 +20958,8 @@ var require_gte = __commonJS({
  "node_modules/semver/functions/gte.js"(exports2, module2) {
    "use strict";
    var compare = require_compare();
-    var gte3 = (a, b, loose) => compare(a, b, loose) >= 0;
-    module2.exports = gte3;
+    var gte4 = (a, b, loose) => compare(a, b, loose) >= 0;
+    module2.exports = gte4;
  }
 });

@@ -20980,7 +20980,7 @@ var require_cmp = __commonJS({
    var eq = require_eq();
    var neq = require_neq();
    var gt = require_gt();
-    var gte3 = require_gte();
+    var gte4 = require_gte();
    var lt = require_lt();
    var lte = require_lte();
    var cmp = (a, op, b, loose) => {
@@ -21010,7 +21010,7 @@ var require_cmp = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte3(a, b, loose);
+          return gte4(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -21769,7 +21769,7 @@ var require_outside = __commonJS({
    var gt = require_gt();
    var lt = require_lt();
    var lte = require_lte();
-    var gte3 = require_gte();
+    var gte4 = require_gte();
    var outside = (version, range, hilo, options) => {
      version = new SemVer(version, options);
      range = new Range2(range, options);
@@ -21784,7 +21784,7 @@ var require_outside = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte3;
+          ltefn = gte4;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -22099,7 +22099,7 @@ var require_semver2 = __commonJS({
    var lt = require_lt();
    var eq = require_eq();
    var neq = require_neq();
-    var gte3 = require_gte();
+    var gte4 = require_gte();
    var lte = require_lte();
    var cmp = require_cmp();
    var coerce2 = require_coerce();
@@ -22137,7 +22137,7 @@ var require_semver2 = __commonJS({
      lt,
      eq,
      neq,
-      gte: gte3,
+      gte: gte4,
      lte,
      cmp,
      coerce: coerce2,
@@ -22227,7 +22227,7 @@ var require_manifest = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2._readLinuxVersionFile = exports2._getOsVersion = exports2._findMatch = void 0;
-    var semver5 = __importStar4(require_semver2());
+    var semver6 = __importStar4(require_semver2());
    var core_1 = require_core();
    var os2 = require("os");
    var cp = require("child_process");
@@ -22241,7 +22241,7 @@ var require_manifest = __commonJS({
        for (const candidate of candidates) {
          const version = candidate.version;
          (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`);
-          if (semver5.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
+          if (semver6.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
            file = candidate.files.find((item) => {
              (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
              let chk = item.arch === archFilter && item.platform === platFilter;
@@ -22250,7 +22250,7 @@ var require_manifest = __commonJS({
                if (osVersion === item.platform_version) {
                  chk = true;
                } else {
-                  chk = semver5.satisfies(osVersion, item.platform_version);
+                  chk = semver6.satisfies(osVersion, item.platform_version);
                }
              }
              return chk;
@@ -23181,7 +23181,7 @@ var require_tool_cache = __commonJS({
    var os2 = __importStar4(require("os"));
    var path2 = __importStar4(require("path"));
    var httpm = __importStar4(require_lib2());
-    var semver5 = __importStar4(require_semver2());
+    var semver6 = __importStar4(require_semver2());
    var stream = __importStar4(require("stream"));
    var util = __importStar4(require("util"));
    var assert_1 = require("assert");
@@ -23455,7 +23455,7 @@ var require_tool_cache = __commonJS({
    }
    function cacheDir2(sourceDir, tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver5.clean(version) || version;
+        version = semver6.clean(version) || version;
        arch = arch || os2.arch();
        core12.debug(`Caching tool ${tool} ${version} ${arch}`);
        core12.debug(`source dir: ${sourceDir}`);
@@ -23474,7 +23474,7 @@ var require_tool_cache = __commonJS({
    exports2.cacheDir = cacheDir2;
    function cacheFile(sourceFile, targetFile, tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver5.clean(version) || version;
+        version = semver6.clean(version) || version;
        arch = arch || os2.arch();
        core12.debug(`Caching tool ${tool} ${version} ${arch}`);
        core12.debug(`source file: ${sourceFile}`);
@@ -23505,7 +23505,7 @@ var require_tool_cache = __commonJS({
      }
      let toolPath = "";
      if (versionSpec) {
-        versionSpec = semver5.clean(versionSpec) || "";
+        versionSpec = semver6.clean(versionSpec) || "";
        const cachePath = path2.join(_getCacheDirectory(), toolName, versionSpec, arch);
        core12.debug(`checking cache: ${cachePath}`);
        if (fs.existsSync(cachePath) && fs.existsSync(`${cachePath}.complete`)) {
@@ -23589,7 +23589,7 @@ var require_tool_cache = __commonJS({
    }
    function _createToolPath(tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        const folderPath = path2.join(_getCacheDirectory(), tool, semver5.clean(version) || version, arch || "");
+        const folderPath = path2.join(_getCacheDirectory(), tool, semver6.clean(version) || version, arch || "");
        core12.debug(`destination ${folderPath}`);
        const markerPath = `${folderPath}.complete`;
        yield io4.rmRF(folderPath);
@@ -23599,15 +23599,15 @@ var require_tool_cache = __commonJS({
      });
    }
    function _completeToolPath(tool, version, arch) {
-      const folderPath = path2.join(_getCacheDirectory(), tool, semver5.clean(version) || version, arch || "");
+      const folderPath = path2.join(_getCacheDirectory(), tool, semver6.clean(version) || version, arch || "");
      const markerPath = `${folderPath}.complete`;
      fs.writeFileSync(markerPath, "");
      core12.debug("finished caching tool");
    }
    function isExplicitVersion(versionSpec) {
-      const c = semver5.clean(versionSpec) || "";
+      const c = semver6.clean(versionSpec) || "";
      core12.debug(`isExplicit: ${c}`);
-      const valid2 = semver5.valid(c) != null;
+      const valid2 = semver6.valid(c) != null;
      core12.debug(`explicit? ${valid2}`);
      return valid2;
    }
@@ -23616,14 +23616,14 @@ var require_tool_cache = __commonJS({
      let version = "";
      core12.debug(`evaluating ${versions.length} versions`);
      versions = versions.sort((a, b) => {
-        if (semver5.gt(a, b)) {
+        if (semver6.gt(a, b)) {
          return 1;
        }
        return -1;
      });
      for (let i = versions.length - 1; i >= 0; i--) {
        const potential = versions[i];
-        const satisfied = semver5.satisfies(potential, versionSpec);
+        const satisfied = semver6.satisfies(potential, versionSpec);
        if (satisfied) {
          version = potential;
          break;
@@ -50659,7 +50659,7 @@ var require_brace_expansion = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte3(i, y) {
+    function gte4(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -50704,7 +50704,7 @@ var require_brace_expansion = __commonJS({
        var reverse = y < x;
        if (reverse) {
          incr *= -1;
-          test = gte3;
+          test = gte4;
        }
        var pad = n.some(isPadded);
        N = [];
@@ -52857,8 +52857,8 @@ var require_semver3 = __commonJS({
    function neq(a, b, loose) {
      return compare(a, b, loose) !== 0;
    }
-    exports2.gte = gte3;
-    function gte3(a, b, loose) {
+    exports2.gte = gte4;
+    function gte4(a, b, loose) {
      return compare(a, b, loose) >= 0;
    }
    exports2.lte = lte;
@@ -52889,7 +52889,7 @@ var require_semver3 = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte3(a, b, loose);
+          return gte4(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -53434,7 +53434,7 @@ var require_semver3 = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte3;
+          ltefn = gte4;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -53635,7 +53635,7 @@ var require_cacheUtils = __commonJS({
    var crypto = __importStar4(require("crypto"));
    var fs = __importStar4(require("fs"));
    var path2 = __importStar4(require("path"));
-    var semver5 = __importStar4(require_semver3());
+    var semver6 = __importStar4(require_semver3());
    var util = __importStar4(require("util"));
    var constants_1 = require_constants7();
    var versionSalt = "1.0";
@@ -53732,7 +53732,7 @@ var require_cacheUtils = __commonJS({
    function getCompressionMethod() {
      return __awaiter4(this, void 0, void 0, function* () {
        const versionOutput = yield getVersion("zstd", ["--quiet"]);
-        const version = semver5.clean(versionOutput);
+        const version = semver6.clean(versionOutput);
        core12.debug(`zstd version: ${version}`);
        if (versionOutput === "") {
          return constants_1.CompressionMethod.Gzip;
@@ -99906,7 +99906,7 @@ var PACK_IDENTIFIER_PATTERN = (function() {
 })();

 // src/feature-flags.ts
-var semver4 = __toESM(require_semver2());
+var semver5 = __toESM(require_semver2());

 // src/overlay-database-utils.ts
 var actionsCache = __toESM(require_cache3());
@@ -99915,6 +99915,7 @@ var actionsCache = __toESM(require_cache3());
 var core9 = __toESM(require_core());
 var toolrunner2 = __toESM(require_toolrunner());
 var io3 = __toESM(require_io3());
+var semver3 = __toESM(require_semver2());
 var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
  let stdout = "";
  let stderr = "";
@@ -100009,7 +100010,7 @@ var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;

 // src/tools-features.ts
-var semver3 = __toESM(require_semver2());
+var semver4 = __toESM(require_semver2());

 // src/feature-flags.ts
 var featureConfig = {
@@ -100067,6 +100068,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@@ -27710,8 +27710,8 @@ var require_gte = __commonJS({
  "node_modules/semver/functions/gte.js"(exports2, module2) {
    "use strict";
    var compare3 = require_compare();
-    var gte5 = (a, b, loose) => compare3(a, b, loose) >= 0;
-    module2.exports = gte5;
+    var gte6 = (a, b, loose) => compare3(a, b, loose) >= 0;
+    module2.exports = gte6;
  }
 });

@@ -27732,7 +27732,7 @@ var require_cmp = __commonJS({
    var eq = require_eq();
    var neq = require_neq();
    var gt = require_gt();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lt = require_lt();
    var lte = require_lte();
    var cmp = (a, op, b, loose) => {
@@ -27762,7 +27762,7 @@ var require_cmp = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -28521,7 +28521,7 @@ var require_outside = __commonJS({
    var gt = require_gt();
    var lt = require_lt();
    var lte = require_lte();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var outside = (version, range, hilo, options) => {
      version = new SemVer(version, options);
      range = new Range2(range, options);
@@ -28536,7 +28536,7 @@ var require_outside = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -28851,7 +28851,7 @@ var require_semver2 = __commonJS({
    var lt = require_lt();
    var eq = require_eq();
    var neq = require_neq();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lte = require_lte();
    var cmp = require_cmp();
    var coerce3 = require_coerce();
@@ -28889,7 +28889,7 @@ var require_semver2 = __commonJS({
      lt,
      eq,
      neq,
-      gte: gte5,
+      gte: gte6,
      lte,
      cmp,
      coerce: coerce3,
@@ -30964,7 +30964,7 @@ var require_brace_expansion = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -31009,7 +31009,7 @@ var require_brace_expansion = __commonJS({
        var reverse = y < x;
        if (reverse) {
          incr *= -1;
-          test = gte5;
+          test = gte6;
        }
        var pad = n.some(isPadded);
        N = [];
@@ -33162,8 +33162,8 @@ var require_semver3 = __commonJS({
    function neq(a, b, loose) {
      return compare3(a, b, loose) !== 0;
    }
-    exports2.gte = gte5;
-    function gte5(a, b, loose) {
+    exports2.gte = gte6;
+    function gte6(a, b, loose) {
      return compare3(a, b, loose) >= 0;
    }
    exports2.lte = lte;
@@ -33194,7 +33194,7 @@ var require_semver3 = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -33739,7 +33739,7 @@ var require_semver3 = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -33940,7 +33940,7 @@ var require_cacheUtils = __commonJS({
    var crypto = __importStar4(require("crypto"));
    var fs12 = __importStar4(require("fs"));
    var path11 = __importStar4(require("path"));
-    var semver8 = __importStar4(require_semver3());
+    var semver9 = __importStar4(require_semver3());
    var util = __importStar4(require("util"));
    var constants_1 = require_constants7();
    var versionSalt = "1.0";
@@ -34037,7 +34037,7 @@ var require_cacheUtils = __commonJS({
    function getCompressionMethod() {
      return __awaiter4(this, void 0, void 0, function* () {
        const versionOutput = yield getVersion("zstd", ["--quiet"]);
-        const version = semver8.clean(versionOutput);
+        const version = semver9.clean(versionOutput);
        core12.debug(`zstd version: ${version}`);
        if (versionOutput === "") {
          return constants_1.CompressionMethod.Gzip;
@@ -77574,7 +77574,7 @@ var require_manifest = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2._readLinuxVersionFile = exports2._getOsVersion = exports2._findMatch = void 0;
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var core_1 = require_core();
    var os2 = require("os");
    var cp = require("child_process");
@@ -77588,7 +77588,7 @@ var require_manifest = __commonJS({
        for (const candidate of candidates) {
          const version = candidate.version;
          (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`);
-          if (semver8.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
+          if (semver9.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
            file = candidate.files.find((item) => {
              (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
              let chk = item.arch === archFilter && item.platform === platFilter;
@@ -77597,7 +77597,7 @@ var require_manifest = __commonJS({
                if (osVersion === item.platform_version) {
                  chk = true;
                } else {
-                  chk = semver8.satisfies(osVersion, item.platform_version);
+                  chk = semver9.satisfies(osVersion, item.platform_version);
                }
              }
              return chk;
@@ -78528,7 +78528,7 @@ var require_tool_cache = __commonJS({
    var os2 = __importStar4(require("os"));
    var path11 = __importStar4(require("path"));
    var httpm = __importStar4(require_lib5());
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var stream2 = __importStar4(require("stream"));
    var util = __importStar4(require("util"));
    var assert_1 = require("assert");
@@ -78802,7 +78802,7 @@ var require_tool_cache = __commonJS({
    }
    function cacheDir(sourceDir, tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch2 = arch2 || os2.arch();
        core12.debug(`Caching tool ${tool} ${version} ${arch2}`);
        core12.debug(`source dir: ${sourceDir}`);
@@ -78821,7 +78821,7 @@ var require_tool_cache = __commonJS({
    exports2.cacheDir = cacheDir;
    function cacheFile(sourceFile, targetFile, tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch2 = arch2 || os2.arch();
        core12.debug(`Caching tool ${tool} ${version} ${arch2}`);
        core12.debug(`source file: ${sourceFile}`);
@@ -78852,7 +78852,7 @@ var require_tool_cache = __commonJS({
      }
      let toolPath = "";
      if (versionSpec) {
-        versionSpec = semver8.clean(versionSpec) || "";
+        versionSpec = semver9.clean(versionSpec) || "";
        const cachePath = path11.join(_getCacheDirectory(), toolName, versionSpec, arch2);
        core12.debug(`checking cache: ${cachePath}`);
        if (fs12.existsSync(cachePath) && fs12.existsSync(`${cachePath}.complete`)) {
@@ -78936,7 +78936,7 @@ var require_tool_cache = __commonJS({
    }
    function _createToolPath(tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        const folderPath = path11.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch2 || "");
+        const folderPath = path11.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
        core12.debug(`destination ${folderPath}`);
        const markerPath = `${folderPath}.complete`;
        yield io6.rmRF(folderPath);
@@ -78946,15 +78946,15 @@ var require_tool_cache = __commonJS({
      });
    }
    function _completeToolPath(tool, version, arch2) {
-      const folderPath = path11.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch2 || "");
+      const folderPath = path11.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
      const markerPath = `${folderPath}.complete`;
      fs12.writeFileSync(markerPath, "");
      core12.debug("finished caching tool");
    }
    function isExplicitVersion(versionSpec) {
-      const c = semver8.clean(versionSpec) || "";
+      const c = semver9.clean(versionSpec) || "";
      core12.debug(`isExplicit: ${c}`);
-      const valid3 = semver8.valid(c) != null;
+      const valid3 = semver9.valid(c) != null;
      core12.debug(`explicit? ${valid3}`);
      return valid3;
    }
@@ -78963,14 +78963,14 @@ var require_tool_cache = __commonJS({
      let version = "";
      core12.debug(`evaluating ${versions.length} versions`);
      versions = versions.sort((a, b) => {
-        if (semver8.gt(a, b)) {
+        if (semver9.gt(a, b)) {
          return 1;
        }
        return -1;
      });
      for (let i = versions.length - 1; i >= 0; i--) {
        const potential = versions[i];
-        const satisfied = semver8.satisfies(potential, versionSpec);
+        const satisfied = semver9.satisfies(potential, versionSpec);
        if (satisfied) {
          version = potential;
          break;
@@ -86721,7 +86721,7 @@ var fs4 = __toESM(require("fs"));
 var path4 = __toESM(require("path"));

 // src/feature-flags.ts
-var semver4 = __toESM(require_semver2());
+var semver5 = __toESM(require_semver2());

 // src/defaults.json
 var bundleVersion = "codeql-bundle-v2.23.8";
@@ -86733,13 +86733,30 @@ var path3 = __toESM(require("path"));
 var actionsCache = __toESM(require_cache3());

 // src/git-utils.ts
-var core7 = __toESM(require_core());
+var core8 = __toESM(require_core());
 var toolrunner2 = __toESM(require_toolrunner());
 var io3 = __toESM(require_io2());
+var semver3 = __toESM(require_semver2());
+
+// src/logging.ts
+var core7 = __toESM(require_core());
+function formatDuration(durationMs) {
+  if (durationMs < 1e3) {
+    return `${durationMs}ms`;
+  }
+  if (durationMs < 60 * 1e3) {
+    return `${(durationMs / 1e3).toFixed(1)}s`;
+  }
+  const minutes = Math.floor(durationMs / (60 * 1e3));
+  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
+  return `${minutes}m${seconds}s`;
+}
+
+// src/git-utils.ts
 var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
  let stdout = "";
  let stderr = "";
-  core7.debug(`Running git command: git ${args.join(" ")}`);
+  core8.debug(`Running git command: git ${args.join(" ")}`);
  try {
    await new toolrunner2.ToolRunner(await io3.which("git", true), args, {
      silent: true,
@@ -86759,7 +86776,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
    if (stderr.includes("not a git repository")) {
      reason = "The checkout path provided to the action does not appear to be a git repository.";
    }
-    core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
+    core8.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
    throw error3;
  }
 };
@@ -86904,7 +86921,7 @@ async function getRef() {
  ) !== head;
  if (hasChangedRef) {
    const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head");
-    core7.debug(
+    core8.debug(
      `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.`
    );
    return newRef;
@@ -86929,20 +86946,6 @@ async function isAnalyzingDefaultBranch() {
  return currentRef === defaultBranch;
 }

-// src/logging.ts
-var core8 = __toESM(require_core());
-function formatDuration(durationMs) {
-  if (durationMs < 1e3) {
-    return `${durationMs}ms`;
-  }
-  if (durationMs < 60 * 1e3) {
-    return `${(durationMs / 1e3).toFixed(1)}s`;
-  }
-  const minutes = Math.floor(durationMs / (60 * 1e3));
-  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
-  return `${minutes}m${seconds}s`;
-}
-
 // src/overlay-database-utils.ts
 var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
@@ -87005,7 +87008,7 @@ function computeChangedFiles(baseFileOids, overlayFileOids) {
 }

 // src/tools-features.ts
-var semver3 = __toESM(require_semver2());
+var semver4 = __toESM(require_semver2());
 function isSupportedToolsFeature(versionInfo, feature) {
  return !!versionInfo.features && versionInfo.features[feature];
 }
@@ -87067,6 +87070,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -87303,7 +87311,7 @@ var fs8 = __toESM(require("fs"));
 var path7 = __toESM(require("path"));
 var toolcache3 = __toESM(require_tool_cache());
 var import_fast_deep_equal = __toESM(require_fast_deep_equal());
-var semver7 = __toESM(require_semver2());
+var semver8 = __toESM(require_semver2());

 // node_modules/uuid/dist-node/stringify.js
 var byteToHex = [];
@@ -87366,7 +87374,7 @@ var stream = __toESM(require("stream"));
 var import_toolrunner = __toESM(require_toolrunner());
 var io4 = __toESM(require_io2());
 var toolcache = __toESM(require_tool_cache());
-var semver5 = __toESM(require_semver2());
+var semver6 = __toESM(require_semver2());
 var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3";
 var MIN_REQUIRED_GNU_TAR_VERSION = "1.31";
 async function getTarVersion() {
@@ -87408,9 +87416,9 @@ async function isZstdAvailable(logger) {
      case "gnu":
        return {
          available: foundZstdBinary && // GNU tar only uses major and minor version numbers
-          semver5.gte(
-            semver5.coerce(version),
-            semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
+          semver6.gte(
+            semver6.coerce(version),
+            semver6.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
          ),
          foundZstdBinary,
          version: tarVersion
@@ -87419,7 +87427,7 @@ async function isZstdAvailable(logger) {
        return {
          available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain
          // a patch version number.
-          semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
+          semver6.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
          foundZstdBinary,
          version: tarVersion
        };
@@ -87526,7 +87534,7 @@ var core9 = __toESM(require_core());
 var import_http_client = __toESM(require_lib6());
 var toolcache2 = __toESM(require_tool_cache());
 var import_follow_redirects = __toESM(require_follow_redirects());
-var semver6 = __toESM(require_semver2());
+var semver7 = __toESM(require_semver2());
 var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;
 var TOOLCACHE_TOOL_NAME = "CodeQL";
 function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) {
@@ -87656,7 +87664,7 @@ function getToolcacheDirectory(version) {
  return path6.join(
    getRequiredEnvParam("RUNNER_TOOL_CACHE"),
    TOOLCACHE_TOOL_NAME,
-    semver6.clean(version) || version,
+    semver7.clean(version) || version,
    os.arch() || ""
  );
 }
@@ -87781,13 +87789,13 @@ function tryGetTagNameFromUrl(url2, logger) {
  return match[1];
 }
 function convertToSemVer(version, logger) {
-  if (!semver7.valid(version)) {
+  if (!semver8.valid(version)) {
    logger.debug(
      `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`
    );
    version = `0.0.0-${version}`;
  }
-  const s = semver7.clean(version);
+  const s = semver8.clean(version);
  if (!s) {
    throw new Error(`Bundle version ${version} is not in SemVer format.`);
  }
@@ -87895,7 +87903,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
    url2 = toolsInput;
    if (tagName) {
      const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger);
-      if (bundleVersion3 && semver7.valid(bundleVersion3)) {
+      if (bundleVersion3 && semver8.valid(bundleVersion3)) {
        cliVersion2 = convertToSemVer(bundleVersion3, logger);
      }
    }
@@ -88166,7 +88174,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau
 async function useZstdBundle(cliVersion2, tarSupportsZstd) {
  return (
    // In testing, gzip performs better than zstd on Windows.
-    process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
+    process.platform !== "win32" && tarSupportsZstd && semver8.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
  );
 }
 function getTempExtractionDir(tempDir) {
@@ -88198,7 +88206,7 @@ async function getNightlyToolsUrl(logger) {
  }
 }
 function getLatestToolcacheVersion(logger) {
-  const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver7.compare(b, a));
+  const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver8.compare(b, a));
  logger.debug(
    `Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify(
      allVersions
--- a/lib/upload-sarif-action-post.js
+++ b/lib/upload-sarif-action-post.js
@@ -26413,8 +26413,8 @@ var require_gte = __commonJS({
  "node_modules/semver/functions/gte.js"(exports2, module2) {
    "use strict";
    var compare2 = require_compare();
-    var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0;
-    module2.exports = gte5;
+    var gte6 = (a, b, loose) => compare2(a, b, loose) >= 0;
+    module2.exports = gte6;
  }
 });

@@ -26435,7 +26435,7 @@ var require_cmp = __commonJS({
    var eq = require_eq();
    var neq = require_neq();
    var gt = require_gt();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lt = require_lt();
    var lte = require_lte();
    var cmp = (a, op, b, loose) => {
@@ -26465,7 +26465,7 @@ var require_cmp = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -27224,7 +27224,7 @@ var require_outside = __commonJS({
    var gt = require_gt();
    var lt = require_lt();
    var lte = require_lte();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var outside = (version, range, hilo, options) => {
      version = new SemVer(version, options);
      range = new Range2(range, options);
@@ -27239,7 +27239,7 @@ var require_outside = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -27554,7 +27554,7 @@ var require_semver2 = __commonJS({
    var lt = require_lt();
    var eq = require_eq();
    var neq = require_neq();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lte = require_lte();
    var cmp = require_cmp();
    var coerce3 = require_coerce();
@@ -27592,7 +27592,7 @@ var require_semver2 = __commonJS({
      lt,
      eq,
      neq,
-      gte: gte5,
+      gte: gte6,
      lte,
      cmp,
      coerce: coerce3,
@@ -72469,7 +72469,7 @@ var require_brace_expansion = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -72519,7 +72519,7 @@ var require_brace_expansion = __commonJS({
          var reverse = y < x;
          if (reverse) {
            incr *= -1;
-            test = gte5;
+            test = gte6;
          }
          var pad = n.some(isPadded);
          N = [];
@@ -85824,7 +85824,7 @@ var require_commonjs14 = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand_(str2, isTop) {
@@ -85873,7 +85873,7 @@ var require_commonjs14 = __commonJS({
          const reverse = y < x;
          if (reverse) {
            incr *= -1;
-            test = gte5;
+            test = gte6;
          }
          const pad = n.some(isPadded);
          N = [];
@@ -105436,7 +105436,7 @@ var require_brace_expansion2 = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -105481,7 +105481,7 @@ var require_brace_expansion2 = __commonJS({
        var reverse = y < x;
        if (reverse) {
          incr *= -1;
-          test = gte5;
+          test = gte6;
        }
        var pad = n.some(isPadded);
        N = [];
@@ -107634,8 +107634,8 @@ var require_semver3 = __commonJS({
    function neq(a, b, loose) {
      return compare2(a, b, loose) !== 0;
    }
-    exports2.gte = gte5;
-    function gte5(a, b, loose) {
+    exports2.gte = gte6;
+    function gte6(a, b, loose) {
      return compare2(a, b, loose) >= 0;
    }
    exports2.lte = lte;
@@ -107666,7 +107666,7 @@ var require_semver3 = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -108211,7 +108211,7 @@ var require_semver3 = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -108412,7 +108412,7 @@ var require_cacheUtils = __commonJS({
    var crypto = __importStar4(require("crypto"));
    var fs2 = __importStar4(require("fs"));
    var path2 = __importStar4(require("path"));
-    var semver8 = __importStar4(require_semver3());
+    var semver9 = __importStar4(require_semver3());
    var util = __importStar4(require("util"));
    var constants_1 = require_constants10();
    var versionSalt = "1.0";
@@ -108509,7 +108509,7 @@ var require_cacheUtils = __commonJS({
    function getCompressionMethod() {
      return __awaiter4(this, void 0, void 0, function* () {
        const versionOutput = yield getVersion("zstd", ["--quiet"]);
-        const version = semver8.clean(versionOutput);
+        const version = semver9.clean(versionOutput);
        core14.debug(`zstd version: ${version}`);
        if (versionOutput === "") {
          return constants_1.CompressionMethod.Gzip;
@@ -112698,7 +112698,7 @@ var require_manifest = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2._readLinuxVersionFile = exports2._getOsVersion = exports2._findMatch = void 0;
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var core_1 = require_core();
    var os = require("os");
    var cp = require("child_process");
@@ -112712,7 +112712,7 @@ var require_manifest = __commonJS({
        for (const candidate of candidates) {
          const version = candidate.version;
          (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`);
-          if (semver8.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
+          if (semver9.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
            file = candidate.files.find((item) => {
              (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
              let chk = item.arch === archFilter && item.platform === platFilter;
@@ -112721,7 +112721,7 @@ var require_manifest = __commonJS({
                if (osVersion === item.platform_version) {
                  chk = true;
                } else {
-                  chk = semver8.satisfies(osVersion, item.platform_version);
+                  chk = semver9.satisfies(osVersion, item.platform_version);
                }
              }
              return chk;
@@ -113652,7 +113652,7 @@ var require_tool_cache = __commonJS({
    var os = __importStar4(require("os"));
    var path2 = __importStar4(require("path"));
    var httpm = __importStar4(require_lib8());
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var stream = __importStar4(require("stream"));
    var util = __importStar4(require("util"));
    var assert_1 = require("assert");
@@ -113926,7 +113926,7 @@ var require_tool_cache = __commonJS({
    }
    function cacheDir(sourceDir, tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch = arch || os.arch();
        core14.debug(`Caching tool ${tool} ${version} ${arch}`);
        core14.debug(`source dir: ${sourceDir}`);
@@ -113945,7 +113945,7 @@ var require_tool_cache = __commonJS({
    exports2.cacheDir = cacheDir;
    function cacheFile(sourceFile, targetFile, tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch = arch || os.arch();
        core14.debug(`Caching tool ${tool} ${version} ${arch}`);
        core14.debug(`source file: ${sourceFile}`);
@@ -113976,7 +113976,7 @@ var require_tool_cache = __commonJS({
      }
      let toolPath = "";
      if (versionSpec) {
-        versionSpec = semver8.clean(versionSpec) || "";
+        versionSpec = semver9.clean(versionSpec) || "";
        const cachePath = path2.join(_getCacheDirectory(), toolName, versionSpec, arch);
        core14.debug(`checking cache: ${cachePath}`);
        if (fs2.existsSync(cachePath) && fs2.existsSync(`${cachePath}.complete`)) {
@@ -114060,7 +114060,7 @@ var require_tool_cache = __commonJS({
    }
    function _createToolPath(tool, version, arch) {
      return __awaiter4(this, void 0, void 0, function* () {
-        const folderPath = path2.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch || "");
+        const folderPath = path2.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch || "");
        core14.debug(`destination ${folderPath}`);
        const markerPath = `${folderPath}.complete`;
        yield io6.rmRF(folderPath);
@@ -114070,15 +114070,15 @@ var require_tool_cache = __commonJS({
      });
    }
    function _completeToolPath(tool, version, arch) {
-      const folderPath = path2.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch || "");
+      const folderPath = path2.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch || "");
      const markerPath = `${folderPath}.complete`;
      fs2.writeFileSync(markerPath, "");
      core14.debug("finished caching tool");
    }
    function isExplicitVersion(versionSpec) {
-      const c = semver8.clean(versionSpec) || "";
+      const c = semver9.clean(versionSpec) || "";
      core14.debug(`isExplicit: ${c}`);
-      const valid3 = semver8.valid(c) != null;
+      const valid3 = semver9.valid(c) != null;
      core14.debug(`explicit? ${valid3}`);
      return valid3;
    }
@@ -114087,14 +114087,14 @@ var require_tool_cache = __commonJS({
      let version = "";
      core14.debug(`evaluating ${versions.length} versions`);
      versions = versions.sort((a, b) => {
-        if (semver8.gt(a, b)) {
+        if (semver9.gt(a, b)) {
          return 1;
        }
        return -1;
      });
      for (let i = versions.length - 1; i >= 0; i--) {
        const potential = versions[i];
-        const satisfied = semver8.satisfies(potential, versionSpec);
+        const satisfied = semver9.satisfies(potential, versionSpec);
        if (satisfied) {
          version = potential;
          break;
@@ -119542,35 +119542,36 @@ var PACK_IDENTIFIER_PATTERN = (function() {
 })();

 // src/feature-flags.ts
-var semver4 = __toESM(require_semver2());
+var semver5 = __toESM(require_semver2());

 // src/overlay-database-utils.ts
 var actionsCache = __toESM(require_cache3());

 // src/git-utils.ts
-var core7 = __toESM(require_core());
+var core8 = __toESM(require_core());
 var toolrunner2 = __toESM(require_toolrunner());
 var io3 = __toESM(require_io2());
+var semver3 = __toESM(require_semver2());

 // src/logging.ts
-var core8 = __toESM(require_core());
+var core7 = __toESM(require_core());
 function getActionsLogger() {
  return {
-    debug: core8.debug,
-    info: core8.info,
-    warning: core8.warning,
-    error: core8.error,
-    isDebug: core8.isDebug,
-    startGroup: core8.startGroup,
-    endGroup: core8.endGroup
+    debug: core7.debug,
+    info: core7.info,
+    warning: core7.warning,
+    error: core7.error,
+    isDebug: core7.isDebug,
+    startGroup: core7.startGroup,
+    endGroup: core7.endGroup
  };
 }
 function withGroup(groupName, f) {
-  core8.startGroup(groupName);
+  core7.startGroup(groupName);
  try {
    return f();
  } finally {
-    core8.endGroup();
+    core7.endGroup();
  }
 }

@@ -119580,10 +119581,10 @@ var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;

 // src/tools-features.ts
-var semver3 = __toESM(require_semver2());
+var semver4 = __toESM(require_semver2());
 var SafeArtifactUploadVersion = "2.20.3";
 function isSafeArtifactUpload(codeQlVersion) {
-  return !codeQlVersion ? true : semver3.gte(codeQlVersion, SafeArtifactUploadVersion);
+  return !codeQlVersion ? true : semver4.gte(codeQlVersion, SafeArtifactUploadVersion);
 }

 // src/feature-flags.ts
@@ -119642,6 +119643,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -119816,20 +119822,20 @@ var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = {
 // src/setup-codeql.ts
 var toolcache3 = __toESM(require_tool_cache());
 var import_fast_deep_equal = __toESM(require_fast_deep_equal());
-var semver7 = __toESM(require_semver2());
+var semver8 = __toESM(require_semver2());

 // src/tar.ts
 var import_toolrunner = __toESM(require_toolrunner());
 var io4 = __toESM(require_io2());
 var toolcache = __toESM(require_tool_cache());
-var semver5 = __toESM(require_semver2());
+var semver6 = __toESM(require_semver2());

 // src/tools-download.ts
 var core9 = __toESM(require_core());
 var import_http_client = __toESM(require_lib9());
 var toolcache2 = __toESM(require_tool_cache());
 var import_follow_redirects = __toESM(require_follow_redirects());
-var semver6 = __toESM(require_semver2());
+var semver7 = __toESM(require_semver2());
 var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;

 // src/dependency-caching.ts
--- a/lib/upload-sarif-action.js
+++ b/lib/upload-sarif-action.js
@@ -26413,8 +26413,8 @@ var require_gte = __commonJS({
  "node_modules/semver/functions/gte.js"(exports2, module2) {
    "use strict";
    var compare3 = require_compare();
-    var gte5 = (a, b, loose) => compare3(a, b, loose) >= 0;
-    module2.exports = gte5;
+    var gte6 = (a, b, loose) => compare3(a, b, loose) >= 0;
+    module2.exports = gte6;
  }
 });

@@ -26435,7 +26435,7 @@ var require_cmp = __commonJS({
    var eq = require_eq();
    var neq = require_neq();
    var gt = require_gt();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lt = require_lt();
    var lte = require_lte();
    var cmp = (a, op, b, loose) => {
@@ -26465,7 +26465,7 @@ var require_cmp = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -27224,7 +27224,7 @@ var require_outside = __commonJS({
    var gt = require_gt();
    var lt = require_lt();
    var lte = require_lte();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var outside = (version, range, hilo, options) => {
      version = new SemVer(version, options);
      range = new Range2(range, options);
@@ -27239,7 +27239,7 @@ var require_outside = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -27554,7 +27554,7 @@ var require_semver2 = __commonJS({
    var lt = require_lt();
    var eq = require_eq();
    var neq = require_neq();
-    var gte5 = require_gte();
+    var gte6 = require_gte();
    var lte = require_lte();
    var cmp = require_cmp();
    var coerce3 = require_coerce();
@@ -27592,7 +27592,7 @@ var require_semver2 = __commonJS({
      lt,
      eq,
      neq,
-      gte: gte5,
+      gte: gte6,
      lte,
      cmp,
      coerce: coerce3,
@@ -29667,7 +29667,7 @@ var require_brace_expansion = __commonJS({
    function lte(i, y) {
      return i <= y;
    }
-    function gte5(i, y) {
+    function gte6(i, y) {
      return i >= y;
    }
    function expand(str2, isTop) {
@@ -29712,7 +29712,7 @@ var require_brace_expansion = __commonJS({
        var reverse = y < x;
        if (reverse) {
          incr *= -1;
-          test = gte5;
+          test = gte6;
        }
        var pad = n.some(isPadded);
        N = [];
@@ -31865,8 +31865,8 @@ var require_semver3 = __commonJS({
    function neq(a, b, loose) {
      return compare3(a, b, loose) !== 0;
    }
-    exports2.gte = gte5;
-    function gte5(a, b, loose) {
+    exports2.gte = gte6;
+    function gte6(a, b, loose) {
      return compare3(a, b, loose) >= 0;
    }
    exports2.lte = lte;
@@ -31897,7 +31897,7 @@ var require_semver3 = __commonJS({
        case ">":
          return gt(a, b, loose);
        case ">=":
-          return gte5(a, b, loose);
+          return gte6(a, b, loose);
        case "<":
          return lt(a, b, loose);
        case "<=":
@@ -32442,7 +32442,7 @@ var require_semver3 = __commonJS({
          break;
        case "<":
          gtfn = lt;
-          ltefn = gte5;
+          ltefn = gte6;
          ltfn = gt;
          comp = "<";
          ecomp = "<=";
@@ -32643,7 +32643,7 @@ var require_cacheUtils = __commonJS({
    var crypto = __importStar4(require("crypto"));
    var fs13 = __importStar4(require("fs"));
    var path12 = __importStar4(require("path"));
-    var semver8 = __importStar4(require_semver3());
+    var semver9 = __importStar4(require_semver3());
    var util = __importStar4(require("util"));
    var constants_1 = require_constants7();
    var versionSalt = "1.0";
@@ -32740,7 +32740,7 @@ var require_cacheUtils = __commonJS({
    function getCompressionMethod() {
      return __awaiter4(this, void 0, void 0, function* () {
        const versionOutput = yield getVersion("zstd", ["--quiet"]);
-        const version = semver8.clean(versionOutput);
+        const version = semver9.clean(versionOutput);
        core14.debug(`zstd version: ${version}`);
        if (versionOutput === "") {
          return constants_1.CompressionMethod.Gzip;
@@ -77574,7 +77574,7 @@ var require_manifest = __commonJS({
    };
    Object.defineProperty(exports2, "__esModule", { value: true });
    exports2._readLinuxVersionFile = exports2._getOsVersion = exports2._findMatch = void 0;
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var core_1 = require_core();
    var os3 = require("os");
    var cp = require("child_process");
@@ -77588,7 +77588,7 @@ var require_manifest = __commonJS({
        for (const candidate of candidates) {
          const version = candidate.version;
          (0, core_1.debug)(`check ${version} satisfies ${versionSpec}`);
-          if (semver8.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
+          if (semver9.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
            file = candidate.files.find((item) => {
              (0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
              let chk = item.arch === archFilter && item.platform === platFilter;
@@ -77597,7 +77597,7 @@ var require_manifest = __commonJS({
                if (osVersion === item.platform_version) {
                  chk = true;
                } else {
-                  chk = semver8.satisfies(osVersion, item.platform_version);
+                  chk = semver9.satisfies(osVersion, item.platform_version);
                }
              }
              return chk;
@@ -78528,7 +78528,7 @@ var require_tool_cache = __commonJS({
    var os3 = __importStar4(require("os"));
    var path12 = __importStar4(require("path"));
    var httpm = __importStar4(require_lib5());
-    var semver8 = __importStar4(require_semver2());
+    var semver9 = __importStar4(require_semver2());
    var stream2 = __importStar4(require("stream"));
    var util = __importStar4(require("util"));
    var assert_1 = require("assert");
@@ -78802,7 +78802,7 @@ var require_tool_cache = __commonJS({
    }
    function cacheDir(sourceDir, tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch2 = arch2 || os3.arch();
        core14.debug(`Caching tool ${tool} ${version} ${arch2}`);
        core14.debug(`source dir: ${sourceDir}`);
@@ -78821,7 +78821,7 @@ var require_tool_cache = __commonJS({
    exports2.cacheDir = cacheDir;
    function cacheFile(sourceFile, targetFile, tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        version = semver8.clean(version) || version;
+        version = semver9.clean(version) || version;
        arch2 = arch2 || os3.arch();
        core14.debug(`Caching tool ${tool} ${version} ${arch2}`);
        core14.debug(`source file: ${sourceFile}`);
@@ -78852,7 +78852,7 @@ var require_tool_cache = __commonJS({
      }
      let toolPath = "";
      if (versionSpec) {
-        versionSpec = semver8.clean(versionSpec) || "";
+        versionSpec = semver9.clean(versionSpec) || "";
        const cachePath = path12.join(_getCacheDirectory(), toolName, versionSpec, arch2);
        core14.debug(`checking cache: ${cachePath}`);
        if (fs13.existsSync(cachePath) && fs13.existsSync(`${cachePath}.complete`)) {
@@ -78936,7 +78936,7 @@ var require_tool_cache = __commonJS({
    }
    function _createToolPath(tool, version, arch2) {
      return __awaiter4(this, void 0, void 0, function* () {
-        const folderPath = path12.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch2 || "");
+        const folderPath = path12.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
        core14.debug(`destination ${folderPath}`);
        const markerPath = `${folderPath}.complete`;
        yield io6.rmRF(folderPath);
@@ -78946,15 +78946,15 @@ var require_tool_cache = __commonJS({
      });
    }
    function _completeToolPath(tool, version, arch2) {
-      const folderPath = path12.join(_getCacheDirectory(), tool, semver8.clean(version) || version, arch2 || "");
+      const folderPath = path12.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
      const markerPath = `${folderPath}.complete`;
      fs13.writeFileSync(markerPath, "");
      core14.debug("finished caching tool");
    }
    function isExplicitVersion(versionSpec) {
-      const c = semver8.clean(versionSpec) || "";
+      const c = semver9.clean(versionSpec) || "";
      core14.debug(`isExplicit: ${c}`);
-      const valid3 = semver8.valid(c) != null;
+      const valid3 = semver9.valid(c) != null;
      core14.debug(`explicit? ${valid3}`);
      return valid3;
    }
@@ -78963,14 +78963,14 @@ var require_tool_cache = __commonJS({
      let version = "";
      core14.debug(`evaluating ${versions.length} versions`);
      versions = versions.sort((a, b) => {
-        if (semver8.gt(a, b)) {
+        if (semver9.gt(a, b)) {
          return 1;
        }
        return -1;
      });
      for (let i = versions.length - 1; i >= 0; i--) {
        const potential = versions[i];
-        const satisfied = semver8.satisfies(potential, versionSpec);
+        const satisfied = semver9.satisfies(potential, versionSpec);
        if (satisfied) {
          version = potential;
          break;
@@ -86502,7 +86502,7 @@ function wrapApiConfigurationError(e) {
 // src/feature-flags.ts
 var fs4 = __toESM(require("fs"));
 var path4 = __toESM(require("path"));
-var semver3 = __toESM(require_semver2());
+var semver4 = __toESM(require_semver2());

 // src/defaults.json
 var bundleVersion = "codeql-bundle-v2.23.8";
@@ -86517,13 +86517,41 @@ var actionsCache = __toESM(require_cache3());
 var core6 = __toESM(require_core());

 // src/git-utils.ts
-var core7 = __toESM(require_core());
+var core8 = __toESM(require_core());
 var toolrunner2 = __toESM(require_toolrunner());
 var io3 = __toESM(require_io2());
+var semver2 = __toESM(require_semver2());
+
+// src/logging.ts
+var core7 = __toESM(require_core());
+function getActionsLogger() {
+  return {
+    debug: core7.debug,
+    info: core7.info,
+    warning: core7.warning,
+    error: core7.error,
+    isDebug: core7.isDebug,
+    startGroup: core7.startGroup,
+    endGroup: core7.endGroup
+  };
+}
+function formatDuration(durationMs) {
+  if (durationMs < 1e3) {
+    return `${durationMs}ms`;
+  }
+  if (durationMs < 60 * 1e3) {
+    return `${(durationMs / 1e3).toFixed(1)}s`;
+  }
+  const minutes = Math.floor(durationMs / (60 * 1e3));
+  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
+  return `${minutes}m${seconds}s`;
+}
+
+// src/git-utils.ts
 var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
  let stdout = "";
  let stderr = "";
-  core7.debug(`Running git command: git ${args.join(" ")}`);
+  core8.debug(`Running git command: git ${args.join(" ")}`);
  try {
    await new toolrunner2.ToolRunner(await io3.which("git", true), args, {
      silent: true,
@@ -86543,7 +86571,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) {
    if (stderr.includes("not a git repository")) {
      reason = "The checkout path provided to the action does not appear to be a git repository.";
    }
-    core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
+    core8.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
    throw error3;
  }
 };
@@ -86688,7 +86716,7 @@ async function getRef() {
  ) !== head;
  if (hasChangedRef) {
    const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head");
-    core7.debug(
+    core8.debug(
      `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.`
    );
    return newRef;
@@ -86713,31 +86741,6 @@ async function isAnalyzingDefaultBranch() {
  return currentRef === defaultBranch;
 }

-// src/logging.ts
-var core8 = __toESM(require_core());
-function getActionsLogger() {
-  return {
-    debug: core8.debug,
-    info: core8.info,
-    warning: core8.warning,
-    error: core8.error,
-    isDebug: core8.isDebug,
-    startGroup: core8.startGroup,
-    endGroup: core8.endGroup
-  };
-}
-function formatDuration(durationMs) {
-  if (durationMs < 1e3) {
-    return `${durationMs}ms`;
-  }
-  if (durationMs < 60 * 1e3) {
-    return `${(durationMs / 1e3).toFixed(1)}s`;
-  }
-  const minutes = Math.floor(durationMs / (60 * 1e3));
-  const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3);
-  return `${minutes}m${seconds}s`;
-}
-
 // src/overlay-database-utils.ts
 var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.5";
 var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
@@ -86800,7 +86803,7 @@ function computeChangedFiles(baseFileOids, overlayFileOids) {
 }

 // src/tools-features.ts
-var semver2 = __toESM(require_semver2());
+var semver3 = __toESM(require_semver2());
 function isSupportedToolsFeature(versionInfo, feature) {
  return !!versionInfo.features && versionInfo.features[feature];
 }
@@ -86864,6 +86867,11 @@ var featureConfig = {
    legacyApi: true,
    minimumVersion: void 0
  },
+  ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0"
+  },
  ["overlay_analysis" /* OverlayAnalysis */]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
@@ -87108,7 +87116,7 @@ var GitHubFeatureFlags = class {
      DEFAULT_VERSION_FEATURE_FLAG_PREFIX.length,
      f.length - DEFAULT_VERSION_FEATURE_FLAG_SUFFIX.length
    ).replace(/_/g, ".");
-    if (!semver3.valid(version)) {
+    if (!semver4.valid(version)) {
      this.logger.warning(
        `Ignoring feature flag ${f} as it does not specify a valid CodeQL version.`
      );
@@ -87281,7 +87289,7 @@ var path6 = __toESM(require("path"));

 // src/config/db-config.ts
 var jsonschema = __toESM(require_lib4());
-var semver4 = __toESM(require_semver2());
+var semver5 = __toESM(require_semver2());
 var PACK_IDENTIFIER_PATTERN = (function() {
  const alphaNumeric = "[a-z0-9]";
  const alphaNumericDash = "[a-z0-9-]";
@@ -87824,7 +87832,7 @@ var fs9 = __toESM(require("fs"));
 var path8 = __toESM(require("path"));
 var toolcache3 = __toESM(require_tool_cache());
 var import_fast_deep_equal = __toESM(require_fast_deep_equal());
-var semver7 = __toESM(require_semver2());
+var semver8 = __toESM(require_semver2());

 // node_modules/uuid/dist-node/stringify.js
 var byteToHex = [];
@@ -87887,7 +87895,7 @@ var stream = __toESM(require("stream"));
 var import_toolrunner = __toESM(require_toolrunner());
 var io4 = __toESM(require_io2());
 var toolcache = __toESM(require_tool_cache());
-var semver5 = __toESM(require_semver2());
+var semver6 = __toESM(require_semver2());
 var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3";
 var MIN_REQUIRED_GNU_TAR_VERSION = "1.31";
 async function getTarVersion() {
@@ -87929,9 +87937,9 @@ async function isZstdAvailable(logger) {
      case "gnu":
        return {
          available: foundZstdBinary && // GNU tar only uses major and minor version numbers
-          semver5.gte(
-            semver5.coerce(version),
-            semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
+          semver6.gte(
+            semver6.coerce(version),
+            semver6.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
          ),
          foundZstdBinary,
          version: tarVersion
@@ -87940,7 +87948,7 @@ async function isZstdAvailable(logger) {
        return {
          available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain
          // a patch version number.
-          semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
+          semver6.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
          foundZstdBinary,
          version: tarVersion
        };
@@ -88047,7 +88055,7 @@ var core10 = __toESM(require_core());
 var import_http_client = __toESM(require_lib6());
 var toolcache2 = __toESM(require_tool_cache());
 var import_follow_redirects = __toESM(require_follow_redirects());
-var semver6 = __toESM(require_semver2());
+var semver7 = __toESM(require_semver2());
 var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;
 var TOOLCACHE_TOOL_NAME = "CodeQL";
 function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) {
@@ -88177,7 +88185,7 @@ function getToolcacheDirectory(version) {
  return path7.join(
    getRequiredEnvParam("RUNNER_TOOL_CACHE"),
    TOOLCACHE_TOOL_NAME,
-    semver6.clean(version) || version,
+    semver7.clean(version) || version,
    os2.arch() || ""
  );
 }
@@ -88302,13 +88310,13 @@ function tryGetTagNameFromUrl(url2, logger) {
  return match[1];
 }
 function convertToSemVer(version, logger) {
-  if (!semver7.valid(version)) {
+  if (!semver8.valid(version)) {
    logger.debug(
      `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`
    );
    version = `0.0.0-${version}`;
  }
-  const s = semver7.clean(version);
+  const s = semver8.clean(version);
  if (!s) {
    throw new Error(`Bundle version ${version} is not in SemVer format.`);
  }
@@ -88416,7 +88424,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
    url2 = toolsInput;
    if (tagName) {
      const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger);
-      if (bundleVersion3 && semver7.valid(bundleVersion3)) {
+      if (bundleVersion3 && semver8.valid(bundleVersion3)) {
        cliVersion2 = convertToSemVer(bundleVersion3, logger);
      }
    }
@@ -88687,7 +88695,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau
 async function useZstdBundle(cliVersion2, tarSupportsZstd) {
  return (
    // In testing, gzip performs better than zstd on Windows.
-    process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
+    process.platform !== "win32" && tarSupportsZstd && semver8.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
  );
 }
 function getTempExtractionDir(tempDir) {
@@ -88719,7 +88727,7 @@ async function getNightlyToolsUrl(logger) {
  }
 }
 function getLatestToolcacheVersion(logger) {
-  const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver7.compare(b, a));
+  const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver8.compare(b, a));
  logger.debug(
    `Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify(
      allVersions
--- a/src/analyze-action.ts
+++ b/src/analyze-action.ts
@@ -20,10 +20,7 @@ import { runAutobuild } from "./autobuild";
 import { getTotalCacheSize, shouldStoreCache } from "./caching-utils";
 import { getCodeQL } from "./codeql";
 import { Config, getConfig } from "./config-utils";
-import {
-  cleanupAndUploadDatabases,
-  DatabaseUploadResult,
-} from "./database-upload";
+import { cleanupAndUploadDatabases } from "./database-upload";
 import {
  DependencyCacheUploadStatusReport,
  uploadDependencyCaches,
@@ -57,13 +54,15 @@ interface AnalysisStatusReport
  extends uploadLib.UploadStatusReport,
    QueriesStatusReport {}

+interface DependencyCachingUploadStatusReport {
+  dependency_caching_upload_results?: DependencyCacheUploadStatusReport;
+}
+
 interface FinishStatusReport
  extends StatusReportBase,
    DatabaseCreationTimings,
-    AnalysisStatusReport {
-  dependency_caching_upload_results?: DependencyCacheUploadStatusReport;
-  database_upload_results: DatabaseUploadResult[];
-}
+    AnalysisStatusReport,
+    DependencyCachingUploadStatusReport {}

 interface FinishWithTrapUploadStatusReport extends FinishStatusReport {
  /** Size of TRAP caches that we uploaded, in bytes. */
@@ -82,7 +81,6 @@ async function sendStatusReport(
  didUploadTrapCaches: boolean,
  trapCacheCleanup: TrapCacheCleanupStatusReport | undefined,
  dependencyCacheResults: DependencyCacheUploadStatusReport | undefined,
-  databaseUploadResults: DatabaseUploadResult[],
  logger: Logger,
 ) {
  const status = getActionsStatus(error, stats?.analyze_failure_language);
@@ -103,7 +101,6 @@ async function sendStatusReport(
      ...(dbCreationTimings || {}),
      ...(trapCacheCleanup || {}),
      dependency_caching_upload_results: dependencyCacheResults,
-      database_upload_results: databaseUploadResults,
    };
    if (config && didUploadTrapCaches) {
      const trapCacheUploadStatusReport: FinishWithTrapUploadStatusReport = {
@@ -221,7 +218,6 @@ async function run() {
  let dbCreationTimings: DatabaseCreationTimings | undefined = undefined;
  let didUploadTrapCaches = false;
  let dependencyCacheResults: DependencyCacheUploadStatusReport | undefined;
-  let databaseUploadResults: DatabaseUploadResult[] = [];
  util.initializeEnvironment(actionsUtil.getActionVersion());

  // Make inputs accessible in the `post` step, details at
@@ -393,7 +389,7 @@ async function run() {
    // Possibly upload the database bundles for remote queries.
    // Note: Take care with the ordering of this call since databases may be cleaned up
    // at the `overlay` or `clear` level.
-    databaseUploadResults = await cleanupAndUploadDatabases(
+    await cleanupAndUploadDatabases(
      repositoryNwo,
      codeql,
      config,
@@ -465,7 +461,6 @@ async function run() {
      didUploadTrapCaches,
      trapCacheCleanupTelemetry,
      dependencyCacheResults,
-      databaseUploadResults,
      logger,
    );
    return;
@@ -488,7 +483,6 @@ async function run() {
      didUploadTrapCaches,
      trapCacheCleanupTelemetry,
      dependencyCacheResults,
-      databaseUploadResults,
      logger,
    );
  } else if (runStats !== undefined) {
@@ -502,7 +496,6 @@ async function run() {
      didUploadTrapCaches,
      trapCacheCleanupTelemetry,
      dependencyCacheResults,
-      databaseUploadResults,
      logger,
    );
  } else {
@@ -516,7 +509,6 @@ async function run() {
      didUploadTrapCaches,
      trapCacheCleanupTelemetry,
      dependencyCacheResults,
-      databaseUploadResults,
      logger,
    );
  }
--- a/src/config-utils.test.ts
+++ b/src/config-utils.test.ts
@@ -4,6 +4,7 @@ import * as path from "path";
 import * as github from "@actions/github";
 import test, { ExecutionContext } from "ava";
 import * as yaml from "js-yaml";
+import * as semver from "semver";
 import * as sinon from "sinon";

 import * as actionsUtil from "./actions-util";
@@ -978,6 +979,7 @@ interface OverlayDatabaseModeTestSetup {
  languages: Language[];
  codeqlVersion: string;
  gitRoot: string | undefined;
+  gitVersion: string | undefined;
  codeScanningConfig: configUtils.UserConfig;
  diskUsage: DiskUsage | undefined;
  memoryFlagValue: number;
@@ -992,6 +994,7 @@ const defaultOverlayDatabaseModeTestSetup: OverlayDatabaseModeTestSetup = {
  languages: [KnownLanguage.javascript],
  codeqlVersion: CODEQL_OVERLAY_MINIMUM_VERSION,
  gitRoot: "/some/git/root",
+  gitVersion: "2.40.0", // Default to a version that supports overlay analysis
  codeScanningConfig: {},
  diskUsage: {
    numAvailableBytes: 50_000_000_000,
@@ -1057,6 +1060,19 @@ const getOverlayDatabaseModeMacro = test.macro({
          sinon.stub(gitUtils, "getGitRoot").resolves(setup.gitRoot);
        }

+        // Mock git version detection - stub gitVersionAtLeast directly
+        // since internal calls to getGitVersion won't be stubbed
+        if (setup.gitVersion !== undefined) {
+          sinon
+            .stub(gitUtils, "gitVersionAtLeast")
+            .callsFake(async (requiredVersion: string) => {
+              return semver.gte(setup.gitVersion!, requiredVersion);
+            });
+        } else {
+          // When git version is undefined, gitVersionAtLeast should return false
+          sinon.stub(gitUtils, "gitVersionAtLeast").resolves(false);
+        }
+
        // Mock default branch detection
        sinon
          .stub(gitUtils, "isAnalyzingDefaultBranch")
@@ -1773,6 +1789,32 @@ test(
  },
 );

+test(
+  getOverlayDatabaseModeMacro,
+  "Fallback due to old git version",
+  {
+    overlayDatabaseEnvVar: "overlay",
+    gitVersion: "2.30.0", // Version below required 2.38.0
+  },
+  {
+    overlayDatabaseMode: OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+  },
+);
+
+test(
+  getOverlayDatabaseModeMacro,
+  "Fallback when git version cannot be determined",
+  {
+    overlayDatabaseEnvVar: "overlay",
+    gitVersion: undefined,
+  },
+  {
+    overlayDatabaseMode: OverlayDatabaseMode.None,
+    useOverlayDatabaseCaching: false,
+  },
+);
+
 // Exercise language-specific overlay analysis features code paths
 for (const language in KnownLanguage) {
  test(
--- a/src/config-utils.ts
+++ b/src/config-utils.ts
@@ -26,7 +26,12 @@ import { shouldPerformDiffInformedAnalysis } from "./diff-informed-analysis-util
 import * as errorMessages from "./error-messages";
 import { Feature, FeatureEnablement } from "./feature-flags";
 import { RepositoryProperties } from "./feature-flags/properties";
-import { getGitRoot, isAnalyzingDefaultBranch } from "./git-utils";
+import {
+  getGitRoot,
+  GIT_MINIMUM_VERSION_FOR_OVERLAY,
+  gitVersionAtLeast,
+  isAnalyzingDefaultBranch,
+} from "./git-utils";
 import { KnownLanguage, Language } from "./languages";
 import { Logger } from "./logging";
 import {
@@ -811,6 +816,14 @@ export async function getOverlayDatabaseMode(
    );
    return nonOverlayAnalysis;
  }
+  if (!(await gitVersionAtLeast(GIT_MINIMUM_VERSION_FOR_OVERLAY, logger))) {
+    logger.warning(
+      `Cannot build an ${overlayDatabaseMode} database because ` +
+        `the installed Git version is older than ${GIT_MINIMUM_VERSION_FOR_OVERLAY}. ` +
+        "Falling back to creating a normal full database instead.",
+    );
+    return nonOverlayAnalysis;
+  }

  return {
    overlayDatabaseMode,
--- a/src/database-upload.test.ts
+++ b/src/database-upload.test.ts
@@ -231,7 +231,7 @@ test("Don't crash if uploading a database fails", async (t) => {
        (v) =>
          v.type === "warning" &&
          v.message ===
-            "Failed to upload database for javascript: some error message",
+            "Failed to upload database for javascript: Error: some error message",
      ) !== undefined,
    );
  });
--- a/src/database-upload.ts
+++ b/src/database-upload.ts
@@ -13,20 +13,6 @@ import { RepositoryNwo } from "./repository";
 import * as util from "./util";
 import { bundleDb, CleanupLevel, parseGitHubUrl } from "./util";

-/** Information about a database upload. */
-export interface DatabaseUploadResult {
-  /** Language of the database. */
-  language: string;
-  /** Size of the zipped database in bytes. */
-  zipped_upload_size_bytes?: number;
-  /** Whether the uploaded database is an overlay base. */
-  is_overlay_base?: boolean;
-  /** Time taken to upload database in milliseconds. */
-  upload_duration_ms?: number;
-  /** If there was an error during database upload, this is its message. */
-  error?: string;
-}
-
 export async function cleanupAndUploadDatabases(
  repositoryNwo: RepositoryNwo,
  codeql: CodeQL,
@@ -34,22 +20,22 @@ export async function cleanupAndUploadDatabases(
  apiDetails: GitHubApiDetails,
  features: FeatureEnablement,
  logger: Logger,
-): Promise<DatabaseUploadResult[]> {
+): Promise<void> {
  if (actionsUtil.getRequiredInput("upload-database") !== "true") {
    logger.debug("Database upload disabled in workflow. Skipping upload.");
-    return [];
+    return;
  }

  if (!config.analysisKinds.includes(AnalysisKind.CodeScanning)) {
    logger.debug(
      `Not uploading database because 'analysis-kinds: ${AnalysisKind.CodeScanning}' is not enabled.`,
    );
-    return [];
+    return;
  }

  if (util.isInTestMode()) {
    logger.debug("In test mode. Skipping database upload.");
-    return [];
+    return;
  }

  // Do nothing when not running against github.com
@@ -58,22 +44,20 @@ export async function cleanupAndUploadDatabases(
    config.gitHubVersion.type !== util.GitHubVariant.GHEC_DR
  ) {
    logger.debug("Not running against github.com or GHEC-DR. Skipping upload.");
-    return [];
+    return;
  }

  if (!(await gitUtils.isAnalyzingDefaultBranch())) {
    // We only want to upload a database if we are analyzing the default branch.
    logger.debug("Not analyzing default branch. Skipping upload.");
-    return [];
+    return;
  }

-  // If config.overlayDatabaseMode is OverlayBase, then we have overlay base databases for all languages.
-  const shouldUploadOverlayBase =
+  const cleanupLevel =
    config.overlayDatabaseMode === OverlayDatabaseMode.OverlayBase &&
-    (await features.getValue(Feature.UploadOverlayDbToApi));
-  const cleanupLevel = shouldUploadOverlayBase
-    ? CleanupLevel.Overlay
-    : CleanupLevel.Clear;
+    (await features.getValue(Feature.UploadOverlayDbToApi))
+      ? CleanupLevel.Overlay
+      : CleanupLevel.Clear;

  // Clean up the database, since intermediate results may still be written to the
  // database if there is high RAM pressure.
@@ -93,7 +77,6 @@ export async function cleanupAndUploadDatabases(
    uploadsBaseUrl = uploadsBaseUrl.slice(0, -1);
  }

-  const reports: DatabaseUploadResult[] = [];
  for (const language of config.languages) {
    try {
      // Upload the database bundle.
@@ -107,7 +90,6 @@ export async function cleanupAndUploadDatabases(
        actionsUtil.getRequiredInput("checkout_path"),
      );
      try {
-        const startTime = performance.now();
        await client.request(
          `POST /repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid`,
          {
@@ -125,27 +107,13 @@ export async function cleanupAndUploadDatabases(
            },
          },
        );
-        const endTime = performance.now();
-        reports.push({
-          language,
-          zipped_upload_size_bytes: bundledDbSize,
-          is_overlay_base: shouldUploadOverlayBase,
-          upload_duration_ms: endTime - startTime,
-        });
        logger.debug(`Successfully uploaded database for ${language}`);
      } finally {
        bundledDbReadStream.close();
      }
    } catch (e) {
      // Log a warning but don't fail the workflow
-      logger.warning(
-        `Failed to upload database for ${language}: ${util.getErrorMessage(e)}`,
-      );
-      reports.push({
-        language,
-        error: util.getErrorMessage(e),
-      });
+      logger.warning(`Failed to upload database for ${language}: ${e}`);
    }
  }
-  return reports;
 }
--- a/src/dependency-caching.test.ts
+++ b/src/dependency-caching.test.ts
@@ -603,6 +603,28 @@ test("getFeaturePrefix - returns empty string if no features are enabled", async
  }
 });

+test("getFeaturePrefix - Java - returns 'minify-' if JavaMinimizeDependencyJars is enabled", async (t) => {
+  const codeql = createStubCodeQL({});
+  const features = createFeatures([Feature.JavaMinimizeDependencyJars]);
+
+  const result = await getFeaturePrefix(codeql, features, KnownLanguage.java);
+  t.deepEqual(result, "minify-");
+});
+
+test("getFeaturePrefix - non-Java - returns '' if JavaMinimizeDependencyJars is enabled", async (t) => {
+  const codeql = createStubCodeQL({});
+  const features = createFeatures([Feature.JavaMinimizeDependencyJars]);
+
+  for (const knownLanguage of Object.values(KnownLanguage)) {
+    // Skip Java since we expect a result for it, which is tested in the previous test.
+    if (knownLanguage === KnownLanguage.java) {
+      continue;
+    }
+    const result = await getFeaturePrefix(codeql, features, knownLanguage);
+    t.deepEqual(result, "", `Expected no feature prefix for ${knownLanguage}`);
+  }
+});
+
 test("getFeaturePrefix - C# - returns prefix if CsharpNewCacheKey is enabled", async (t) => {
  const codeql = createStubCodeQL({});
  const features = createFeatures([Feature.CsharpNewCacheKey]);
--- a/src/dependency-caching.ts
+++ b/src/dependency-caching.ts
@@ -541,7 +541,18 @@ export async function getFeaturePrefix(
    }
  };

-  if (language === KnownLanguage.csharp) {
+  if (language === KnownLanguage.java) {
+    // To ensure a safe rollout of JAR minimization, we change the key when the feature is enabled.
+    const minimizeJavaJars = await features.getValue(
+      Feature.JavaMinimizeDependencyJars,
+      codeql,
+    );
+
+    // To maintain backwards compatibility with this, we return "minify-" instead of a hash.
+    if (minimizeJavaJars) {
+      return "minify-";
+    }
+  } else if (language === KnownLanguage.csharp) {
    await addFeatureIfEnabled(Feature.CsharpNewCacheKey);
    await addFeatureIfEnabled(Feature.CsharpCacheBuildModeNone);
  }
@@ -582,8 +593,14 @@ async function cachePrefix(
  // experimental features that affect the cache contents.
  const featurePrefix = await getFeaturePrefix(codeql, features, language);

-  // Assemble the cache key.
-  return `${prefix}-${featurePrefix}${CODEQL_DEPENDENCY_CACHE_VERSION}-${runnerOs}-${language}-`;
+  // Assemble the cache key. For backwards compatibility with the JAR minification experiment's existing
+  // feature prefix usage, we add that feature prefix at the start. Other feature prefixes are inserted
+  // after the general CodeQL dependency cache prefix.
+  if (featurePrefix === "minify-") {
+    return `${featurePrefix}${prefix}-${CODEQL_DEPENDENCY_CACHE_VERSION}-${runnerOs}-${language}-`;
+  } else {
+    return `${prefix}-${featurePrefix}${CODEQL_DEPENDENCY_CACHE_VERSION}-${runnerOs}-${language}-`;
+  }
 }

 /** Represents information about our overall cache usage for CodeQL dependency caches. */
--- a/src/diagnostics.ts
+++ b/src/diagnostics.ts
@@ -185,3 +185,28 @@ export function flushDiagnostics(config: Config) {
  // Reset the unwritten diagnostics array.
  unwrittenDiagnostics = [];
 }
+
+/**
+ * Creates a telemetry-only diagnostic message. This is a convenience function
+ * for creating diagnostics that should only be sent to telemetry and not
+ * displayed on the status page or CLI summary table.
+ *
+ * @param id An identifier under which it makes sense to group this diagnostic message.
+ * @param name Display name for the ID.
+ * @param attributes Structured metadata about the diagnostic message.
+ * @returns Returns the new telemetry diagnostic message.
+ */
+export function makeTelemetryDiagnostic(
+  id: string,
+  name: string,
+  attributes: { [key: string]: any },
+): DiagnosticMessage {
+  return makeDiagnostic(id, name, {
+    attributes,
+    visibility: {
+      cliSummaryTable: false,
+      statusPage: false,
+      telemetry: true,
+    },
+  });
+}
--- a/src/feature-flags.ts
+++ b/src/feature-flags.ts
@@ -53,6 +53,7 @@ export enum Feature {
  DisableJavaBuildlessEnabled = "disable_java_buildless_enabled",
  DisableKotlinAnalysisEnabled = "disable_kotlin_analysis_enabled",
  ExportDiagnosticsEnabled = "export_diagnostics_enabled",
+  JavaMinimizeDependencyJars = "java_minimize_dependency_jars",
  OverlayAnalysis = "overlay_analysis",
  OverlayAnalysisActions = "overlay_analysis_actions",
  OverlayAnalysisCodeScanningActions = "overlay_analysis_code_scanning_actions",
@@ -167,6 +168,11 @@ export const featureConfig: Record<
    legacyApi: true,
    minimumVersion: undefined,
  },
+  [Feature.JavaMinimizeDependencyJars]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS",
+    minimumVersion: "2.23.0",
+  },
  [Feature.OverlayAnalysis]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS",
--- a/src/git-utils.test.ts
+++ b/src/git-utils.test.ts
@@ -7,7 +7,12 @@ import * as sinon from "sinon";

 import * as actionsUtil from "./actions-util";
 import * as gitUtils from "./git-utils";
-import { setupActionsVars, setupTests } from "./testing-utils";
+import {
+  getRecordingLogger,
+  LoggedMessage,
+  setupActionsVars,
+  setupTests,
+} from "./testing-utils";
 import { withTmpDir } from "./util";

 setupTests(test);
@@ -392,3 +397,190 @@ test("getFileOidsUnderPath throws on unexpected output format", async (t) => {
    runGitCommandStub.restore();
  }
 });
+
+test("getGitVersionOrThrow returns version for valid git output", async (t) => {
+  const runGitCommandStub = sinon
+    .stub(gitUtils as any, "runGitCommand")
+    .resolves("git version 2.40.0\n");
+
+  try {
+    const version = await gitUtils.getGitVersionOrThrow();
+    t.is(version, "2.40.0");
+  } finally {
+    runGitCommandStub.restore();
+  }
+});
+
+test("getGitVersionOrThrow throws for invalid git output", async (t) => {
+  const runGitCommandStub = sinon
+    .stub(gitUtils as any, "runGitCommand")
+    .resolves("invalid output");
+
+  try {
+    await t.throwsAsync(
+      async () => {
+        await gitUtils.getGitVersionOrThrow();
+      },
+      {
+        instanceOf: Error,
+        message: "Could not parse Git version from output: invalid output",
+      },
+    );
+  } finally {
+    runGitCommandStub.restore();
+  }
+});
+
+test("getGitVersionOrThrow handles Windows-style git output", async (t) => {
+  const runGitCommandStub = sinon
+    .stub(gitUtils as any, "runGitCommand")
+    .resolves("git version 2.40.0.windows.1\n");
+
+  try {
+    const version = await gitUtils.getGitVersionOrThrow();
+    // Should extract just the major.minor.patch portion
+    t.is(version, "2.40.0");
+  } finally {
+    runGitCommandStub.restore();
+  }
+});
+
+test("getGitVersionOrThrow throws when git command fails", async (t) => {
+  const runGitCommandStub = sinon
+    .stub(gitUtils as any, "runGitCommand")
+    .rejects(new Error("git not found"));
+
+  try {
+    await t.throwsAsync(
+      async () => {
+        await gitUtils.getGitVersionOrThrow();
+      },
+      {
+        instanceOf: Error,
+        message: "git not found",
+      },
+    );
+  } finally {
+    runGitCommandStub.restore();
+  }
+});
+
+test("getGitVersion returns version and caches it", async (t) => {
+  gitUtils.resetCachedGitVersion();
+  const runGitCommandStub = sinon
+    .stub(gitUtils as any, "runGitCommand")
+    .resolves("git version 2.40.0\n");
+
+  const messages: LoggedMessage[] = [];
+  const logger = getRecordingLogger(messages);
+
+  try {
+    // First call should fetch and cache
+    const version1 = await gitUtils.getGitVersion(logger);
+    t.is(version1, "2.40.0");
+    t.is(runGitCommandStub.callCount, 1);
+
+    // Second call should use cache
+    const version2 = await gitUtils.getGitVersion(logger);
+    t.is(version2, "2.40.0");
+    t.is(runGitCommandStub.callCount, 1); // Should still be 1
+  } finally {
+    runGitCommandStub.restore();
+    gitUtils.resetCachedGitVersion();
+  }
+});
+
+test("getGitVersion returns undefined when version cannot be determined", async (t) => {
+  gitUtils.resetCachedGitVersion();
+  const runGitCommandStub = sinon
+    .stub(gitUtils as any, "runGitCommand")
+    .rejects(new Error("git not found"));
+
+  const messages: LoggedMessage[] = [];
+  const logger = getRecordingLogger(messages);
+
+  try {
+    const version = await gitUtils.getGitVersion(logger);
+    t.is(version, undefined);
+    t.true(
+      messages.some(
+        (m) =>
+          m.type === "debug" &&
+          typeof m.message === "string" &&
+          m.message.includes("Could not determine Git version"),
+      ),
+    );
+  } finally {
+    runGitCommandStub.restore();
+    gitUtils.resetCachedGitVersion();
+  }
+});
+
+test("gitVersionAtLeast returns true for version meeting requirement", async (t) => {
+  gitUtils.resetCachedGitVersion();
+  const runGitCommandStub = sinon
+    .stub(gitUtils as any, "runGitCommand")
+    .resolves("git version 2.40.0\n");
+
+  const messages: LoggedMessage[] = [];
+  const logger = getRecordingLogger(messages);
+
+  try {
+    const result = await gitUtils.gitVersionAtLeast("2.38.0", logger);
+    t.true(result);
+    t.true(
+      messages.some(
+        (m) =>
+          m.type === "debug" &&
+          m.message === "Installed Git version is 2.40.0.",
+      ),
+    );
+  } finally {
+    runGitCommandStub.restore();
+    gitUtils.resetCachedGitVersion();
+  }
+});
+
+test("gitVersionAtLeast returns false for version not meeting requirement", async (t) => {
+  gitUtils.resetCachedGitVersion();
+  const runGitCommandStub = sinon
+    .stub(gitUtils as any, "runGitCommand")
+    .resolves("git version 2.30.0\n");
+
+  const messages: LoggedMessage[] = [];
+  const logger = getRecordingLogger(messages);
+
+  try {
+    const result = await gitUtils.gitVersionAtLeast("2.38.0", logger);
+    t.false(result);
+  } finally {
+    runGitCommandStub.restore();
+    gitUtils.resetCachedGitVersion();
+  }
+});
+
+test("gitVersionAtLeast returns false when version cannot be determined", async (t) => {
+  gitUtils.resetCachedGitVersion();
+  const runGitCommandStub = sinon
+    .stub(gitUtils as any, "runGitCommand")
+    .rejects(new Error("git not found"));
+
+  const messages: LoggedMessage[] = [];
+  const logger = getRecordingLogger(messages);
+
+  try {
+    const result = await gitUtils.gitVersionAtLeast("2.38.0", logger);
+    t.false(result);
+    t.true(
+      messages.some(
+        (m) =>
+          m.type === "debug" &&
+          typeof m.message === "string" &&
+          m.message.includes("Could not determine Git version"),
+      ),
+    );
+  } finally {
+    runGitCommandStub.restore();
+    gitUtils.resetCachedGitVersion();
+  }
+});
--- a/src/git-utils.ts
+++ b/src/git-utils.ts
@@ -1,13 +1,127 @@
 import * as core from "@actions/core";
 import * as toolrunner from "@actions/exec/lib/toolrunner";
 import * as io from "@actions/io";
+import * as semver from "semver";

 import {
  getOptionalInput,
  getWorkflowEvent,
  getWorkflowEventName,
 } from "./actions-util";
-import { ConfigurationError, getRequiredEnvParam } from "./util";
+import type { Config } from "./config-utils";
+import { addDiagnostic, makeTelemetryDiagnostic } from "./diagnostics";
+import { Logger } from "./logging";
+import {
+  ConfigurationError,
+  getErrorMessage,
+  getRequiredEnvParam,
+} from "./util";
+
+/**
+ * Minimum Git version required for overlay analysis. The `git ls-files --format`
+ * option, which is used by `getFileOidsUnderPath`, was introduced in Git 2.38.0.
+ */
+export const GIT_MINIMUM_VERSION_FOR_OVERLAY = "2.38.0";
+
+/** Cached git version to avoid recomputing it multiple times. */
+let cachedGitVersion: string | undefined;
+
+/**
+ * Resets the cached git version. This is intended for use in tests only.
+ */
+export function resetCachedGitVersion(): void {
+  cachedGitVersion = undefined;
+}
+
+/**
+ * Gets the version of Git installed on the system and throws an error if
+ * the version cannot be determined.
+ *
+ * @returns The Git version string (e.g., "2.40.0").
+ * @throws {Error} if the version could not be determined.
+ */
+export async function getGitVersionOrThrow(): Promise<string> {
+  const stdout = await runGitCommand(
+    undefined,
+    ["--version"],
+    "Failed to get git version.",
+  );
+  // Git version output can vary: "git version 2.40.0" or "git version 2.40.0.windows.1"
+  // We capture just the major.minor.patch portion to ensure semver compatibility.
+  const match = stdout.match(/git version (\d+\.\d+\.\d+)/);
+  if (match?.[1]) {
+    return match[1];
+  }
+  throw new Error(`Could not parse Git version from output: ${stdout.trim()}`);
+}
+
+/**
+ * Gets the cached Git version, or fetches and caches it if not yet cached.
+ *
+ * @param logger A logger to use for logging errors.
+ * @returns The cached Git version, or undefined if the version could not be determined.
+ */
+export async function getGitVersion(
+  logger: Logger,
+): Promise<string | undefined> {
+  if (cachedGitVersion !== undefined) {
+    return cachedGitVersion;
+  }
+  try {
+    cachedGitVersion = await getGitVersionOrThrow();
+    return cachedGitVersion;
+  } catch (e) {
+    logger.debug(`Could not determine Git version: ${getErrorMessage(e)}`);
+    return undefined;
+  }
+}
+
+/**
+ * Logs the Git version as a telemetry diagnostic. Should be called once during
+ * initialization after the config is available.
+ *
+ * @param config The configuration that tells us where to store the diagnostic.
+ * @param logger A logger to use for logging errors.
+ */
+export async function logGitVersionTelemetry(
+  config: Config,
+  logger: Logger,
+): Promise<void> {
+  const version = await getGitVersion(logger);
+  if (version !== undefined && config.languages.length > 0) {
+    addDiagnostic(
+      config,
+      // Arbitrarily choose the first language. We could also choose all languages, but that
+      // increases the risk of misinterpreting the data.
+      config.languages[0],
+      makeTelemetryDiagnostic(
+        "codeql-action/git-version-telemetry",
+        "Git version telemetry",
+        { gitVersion: version },
+      ),
+    );
+  }
+}
+
+/**
+ * Checks if the installed Git version is at least the given required version.
+ *
+ * @param requiredVersion The minimum required Git version.
+ * @param logger A logger to use for logging.
+ * @returns `true` if the installed Git version is at least the required version,
+ *          `false` otherwise.
+ */
+export async function gitVersionAtLeast(
+  requiredVersion: string,
+  logger: Logger,
+): Promise<boolean> {
+  const version = await getGitVersion(logger);
+  if (version === undefined) {
+    return false;
+  }
+  logger.debug(`Installed Git version is ${version}.`);
+  return semver.gte(version, requiredVersion);
+}

 export const runGitCommand = async function (
  workingDirectory: string | undefined,
--- a/src/init-action.ts
+++ b/src/init-action.ts
@@ -33,10 +33,12 @@ import {
  flushDiagnostics,
  logUnwrittenDiagnostics,
  makeDiagnostic,
+  makeTelemetryDiagnostic,
 } from "./diagnostics";
 import { EnvVar } from "./environment";
 import { Feature, Features } from "./feature-flags";
 import { loadPropertiesFromApi } from "./feature-flags/properties";
+import { logGitVersionTelemetry } from "./git-utils";
 import {
  checkInstallPython311,
  checkPacksForOverlayCompatibility,
@@ -88,13 +90,6 @@ import {
 } from "./util";
 import { checkWorkflow } from "./workflow";

-/**
- * First version of CodeQL where the Java extractor safely supports the option to minimize
- * dependency jars. Note: some earlier versions of the extractor will respond to the corresponding
- * option, but may rewrite jars in ways that lead to extraction errors.
- */
-export const CODEQL_VERSION_JAR_MINIMIZATION = "2.23.0";
-
 /**
 * Sends a status report indicating that the `init` Action is starting.
 *
@@ -425,21 +420,17 @@ async function run() {
        // Arbitrarily choose the first language. We could also choose all languages, but that
        // increases the risk of misinterpreting the data.
        config.languages[0],
-        makeDiagnostic(
+        makeTelemetryDiagnostic(
          "codeql-action/bundle-download-telemetry",
          "CodeQL bundle download telemetry",
-          {
-            attributes: toolsDownloadStatusReport,
-            visibility: {
-              cliSummaryTable: false,
-              statusPage: false,
-              telemetry: true,
-            },
-          },
+          toolsDownloadStatusReport,
        ),
      );
    }

+    // Log Git version telemetry
+    await logGitVersionTelemetry(config, logger);
+
    // Forward Go flags
    const goFlags = process.env["GOFLAGS"];
    if (goFlags) {
@@ -645,20 +636,18 @@ async function run() {
      }
    }

-    // If we are doing a Java `build-mode: none` analysis, then set the environment variable that
-    // enables the option in the Java extractor to minimize dependency jars. We also only do this if
-    // dependency caching is enabled, since the option is intended to reduce the size of dependency
-    // caches, but the jar-rewriting does have a performance cost that we'd like to avoid when
-    // caching is not being used.
-    // TODO: Remove this language-specific mechanism and replace it with a more general one that
-    // tells extractors when dependency caching is enabled, and then the Java extractor can make its
-    // own decision about whether to rewrite jars.
+    // If the feature flag to minimize Java dependency jars is enabled, and we are doing a Java
+    // `build-mode: none` analysis (i.e. the flag is relevant), then set the environment variable
+    // that enables the corresponding option in the Java extractor. We also only do this if
+    // dependency caching is enabled, since the option is intended to reduce the size of
+    // dependency caches, but the jar-rewriting does have a performance cost that we'd like to avoid
+    // when caching is not being used.
    if (process.env[EnvVar.JAVA_EXTRACTOR_MINIMIZE_DEPENDENCY_JARS]) {
      logger.debug(
        `${EnvVar.JAVA_EXTRACTOR_MINIMIZE_DEPENDENCY_JARS} is already set to '${process.env[EnvVar.JAVA_EXTRACTOR_MINIMIZE_DEPENDENCY_JARS]}', so the Action will not override it.`,
      );
    } else if (
-      (await codeQlVersionAtLeast(codeql, CODEQL_VERSION_JAR_MINIMIZATION)) &&
+      (await features.getValue(Feature.JavaMinimizeDependencyJars, codeql)) &&
      config.dependencyCachingEnabled &&
      config.buildMode === BuildMode.None &&
      config.languages.includes(KnownLanguage.java)
@@ -794,17 +783,10 @@ async function recordZstdAvailability(
    // Arbitrarily choose the first language. We could also choose all languages, but that
    // increases the risk of misinterpreting the data.
    config.languages[0],
-    makeDiagnostic(
+    makeTelemetryDiagnostic(
      "codeql-action/zstd-availability",
      "Zstandard availability",
-      {
-        attributes: zstdAvailability,
-        visibility: {
-          cliSummaryTable: false,
-          statusPage: false,
-          telemetry: true,
-        },
-      },
+      zstdAvailability,
    ),
  );
 }
Author	SHA1	Message	Date
copilot-swe-agent[bot]	393c074965	Refactor existing telemetry diagnostics to use makeTelemetryDiagnostic Refactored bundle-download-telemetry and zstd-availability diagnostics in init-action.ts to use the new makeTelemetryDiagnostic helper function. Also added guard for empty languages array in logGitVersionTelemetry. Co-authored-by: henrymercer <14129055+henrymercer@users.noreply.github.com>	2025-12-16 17:24:57 +00:00
copilot-swe-agent[bot]	c3dc529aef	Address feedback: cache git version, improve error handling, add telemetry - Cache the git version to avoid recomputing on repeated calls - Refactor getGitVersion to getGitVersionOrThrow with detailed errors - Add getGitVersion that logs errors and handles caching - Add makeTelemetryDiagnostic helper to diagnostics.ts - Add logGitVersionTelemetry function to log git version telemetry - Call logGitVersionTelemetry in init-action.ts - Add resetCachedGitVersion for testing - Update tests to work with new function signatures and caching Co-authored-by: henrymercer <14129055+henrymercer@users.noreply.github.com>	2025-12-16 17:19:46 +00:00
copilot-swe-agent[bot]	fc2bbb041e	Address code review feedback - Add test for Windows-style git version format - Add comment clarifying regex extracts major.minor.patch - Replace dynamic import with static import for semver Co-authored-by: henrymercer <14129055+henrymercer@users.noreply.github.com>	2025-12-16 16:27:41 +00:00
copilot-swe-agent[bot]	89753aa84b	Add git version check for overlay analysis enablement Overlay analysis depends on `getFileOidsUnderPath`, which uses `git ls-files --format` option that requires Git 2.38.0+. This change adds a check for the git version before enabling overlay analysis. Co-authored-by: henrymercer <14129055+henrymercer@users.noreply.github.com>	2025-12-16 16:22:23 +00:00
copilot-swe-agent[bot]	aff7998c4a	Initial plan	2025-12-16 16:09:09 +00:00