From cf8b7a6e14d039e1cb0f7b5afbe0f2830bab2c11 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Wed, 12 Nov 2025 11:55:59 +0000 Subject: [PATCH 01/27] Refactor C# cache content paths into a function --- lib/analyze-action.js | 5 ++++- lib/init-action.js | 5 ++++- src/dependency-caching.ts | 13 ++++++++++++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index fd43a2f778..72943ee05a 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -91069,6 +91069,9 @@ function getJavaDependencyDirs() { getJavaTempDependencyDir() ]; } +function getCsharpDependencyDirs() { + return [(0, import_path.join)(os3.homedir(), ".nuget", "packages")]; +} async function makePatternCheck(patterns) { const globber = await makeGlobber(patterns); if ((await globber.glob()).length === 0) { @@ -91113,7 +91116,7 @@ var defaultCacheConfigs = { ]) }, csharp: { - getDependencyPaths: () => [(0, import_path.join)(os3.homedir(), ".nuget", "packages")], + getDependencyPaths: getCsharpDependencyDirs, getHashPatterns: getCsharpHashPatterns }, go: { diff --git a/lib/init-action.js b/lib/init-action.js index 98c23c88fd..2d361f8f43 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -87256,6 +87256,9 @@ function getJavaDependencyDirs() { getJavaTempDependencyDir() ]; } +function getCsharpDependencyDirs() { + return [(0, import_path.join)(os2.homedir(), ".nuget", "packages")]; +} async function makePatternCheck(patterns) { const globber = await makeGlobber(patterns); if ((await globber.glob()).length === 0) { @@ -87300,7 +87303,7 @@ var defaultCacheConfigs = { ]) }, csharp: { - getDependencyPaths: () => [(0, import_path.join)(os2.homedir(), ".nuget", "packages")], + getDependencyPaths: getCsharpDependencyDirs, getHashPatterns: getCsharpHashPatterns }, go: { diff --git a/src/dependency-caching.ts b/src/dependency-caching.ts index 220f1d5bab..e8c31a0761 100644 --- a/src/dependency-caching.ts +++ b/src/dependency-caching.ts @@ -66,6 +66,17 @@ export function getJavaDependencyDirs(): string[] { ]; } +/** + * Returns an array of paths of directories on the runner that should be included in a dependency cache + * for a C# analysis. + * + * @returns The paths of directories on the runner that should be included in a dependency cache + * for a C# analysis. + */ +export function getCsharpDependencyDirs(): string[] { + return [join(os.homedir(), ".nuget", "packages")]; +} + /** * Checks that there are files which match `patterns`. If there are matching files for any of the patterns, * this function returns all `patterns`. Otherwise, `undefined` is returned. @@ -158,7 +169,7 @@ const defaultCacheConfigs: { [language: string]: CacheConfig } = { ]), }, csharp: { - getDependencyPaths: () => [join(os.homedir(), ".nuget", "packages")], + getDependencyPaths: getCsharpDependencyDirs, getHashPatterns: getCsharpHashPatterns, }, go: { From d854ba6ec02875972a6bd990f236c62b8f6f21a2 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Wed, 12 Nov 2025 11:58:22 +0000 Subject: [PATCH 02/27] Pass `FeatureEnablement` to `getDependencyPaths` --- lib/analyze-action.js | 13 ++++++++----- lib/init-action.js | 8 ++++---- src/dependency-caching.test.ts | 4 ++-- src/dependency-caching.ts | 29 ++++++++++++++++++++++------- 4 files changed, 36 insertions(+), 18 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 72943ee05a..fb9ec0a2e7 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -91059,7 +91059,7 @@ var CODEQL_DEPENDENCY_CACHE_VERSION = 1; function getJavaTempDependencyDir() { return (0, import_path.join)(getTemporaryDirectory(), "codeql_java", "repository"); } -function getJavaDependencyDirs() { +async function getJavaDependencyDirs() { return [ // Maven (0, import_path.join)(os3.homedir(), ".m2", "repository"), @@ -91069,7 +91069,7 @@ function getJavaDependencyDirs() { getJavaTempDependencyDir() ]; } -function getCsharpDependencyDirs() { +async function getCsharpDependencyDirs() { return [(0, import_path.join)(os3.homedir(), ".nuget", "packages")]; } async function makePatternCheck(patterns) { @@ -91120,7 +91120,7 @@ var defaultCacheConfigs = { getHashPatterns: getCsharpHashPatterns }, go: { - getDependencyPaths: () => [(0, import_path.join)(os3.homedir(), "go", "pkg", "mod")], + getDependencyPaths: async () => [(0, import_path.join)(os3.homedir(), "go", "pkg", "mod")], getHashPatterns: async () => internal.makePatternCheck(["**/go.sum"]) } }; @@ -91159,7 +91159,7 @@ async function uploadDependencyCaches(codeql, features, config, logger) { continue; } const size = await getTotalCacheSize( - cacheConfig.getDependencyPaths(), + await cacheConfig.getDependencyPaths(codeql, features), logger, true ); @@ -91176,7 +91176,10 @@ async function uploadDependencyCaches(codeql, features, config, logger) { ); try { const start = performance.now(); - await actionsCache3.saveCache(cacheConfig.getDependencyPaths(), key); + await actionsCache3.saveCache( + await cacheConfig.getDependencyPaths(codeql, features), + key + ); const upload_duration_ms = Math.round(performance.now() - start); status.push({ language, diff --git a/lib/init-action.js b/lib/init-action.js index 2d361f8f43..d3f0d35c30 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -87246,7 +87246,7 @@ var CODEQL_DEPENDENCY_CACHE_VERSION = 1; function getJavaTempDependencyDir() { return (0, import_path.join)(getTemporaryDirectory(), "codeql_java", "repository"); } -function getJavaDependencyDirs() { +async function getJavaDependencyDirs() { return [ // Maven (0, import_path.join)(os2.homedir(), ".m2", "repository"), @@ -87256,7 +87256,7 @@ function getJavaDependencyDirs() { getJavaTempDependencyDir() ]; } -function getCsharpDependencyDirs() { +async function getCsharpDependencyDirs() { return [(0, import_path.join)(os2.homedir(), ".nuget", "packages")]; } async function makePatternCheck(patterns) { @@ -87307,7 +87307,7 @@ var defaultCacheConfigs = { getHashPatterns: getCsharpHashPatterns }, go: { - getDependencyPaths: () => [(0, import_path.join)(os2.homedir(), "go", "pkg", "mod")], + getDependencyPaths: async () => [(0, import_path.join)(os2.homedir(), "go", "pkg", "mod")], getHashPatterns: async () => internal.makePatternCheck(["**/go.sum"]) } }; @@ -87356,7 +87356,7 @@ async function downloadDependencyCaches(codeql, features, languages, logger) { ); const start = performance.now(); const hitKey = await actionsCache3.restoreCache( - cacheConfig.getDependencyPaths(), + await cacheConfig.getDependencyPaths(codeql, features), primaryKey, restoreKeys ); diff --git a/src/dependency-caching.test.ts b/src/dependency-caching.test.ts index eefb8504cd..416b096776 100644 --- a/src/dependency-caching.test.ts +++ b/src/dependency-caching.test.ts @@ -126,7 +126,7 @@ test("checkHashPatterns - logs when no patterns match", async (t) => { const features = createFeatures([]); const messages: LoggedMessage[] = []; const config: CacheConfig = { - getDependencyPaths: () => [], + getDependencyPaths: async () => [], getHashPatterns: async () => undefined, }; @@ -155,7 +155,7 @@ test("checkHashPatterns - returns patterns when patterns match", async (t) => { fs.writeFileSync(path.join(tmpDir, "test.java"), ""); const config: CacheConfig = { - getDependencyPaths: () => [], + getDependencyPaths: async () => [], getHashPatterns: async () => makePatternCheck(patterns), }; diff --git a/src/dependency-caching.ts b/src/dependency-caching.ts index e8c31a0761..5ee0504371 100644 --- a/src/dependency-caching.ts +++ b/src/dependency-caching.ts @@ -20,7 +20,10 @@ import { getErrorMessage, getRequiredEnvParam } from "./util"; */ export interface CacheConfig { /** Gets the paths of directories on the runner that should be included in the cache. */ - getDependencyPaths: () => string[]; + getDependencyPaths: ( + codeql: CodeQL, + features: FeatureEnablement, + ) => Promise; /** * Gets an array of glob patterns for the paths of files whose contents affect which dependencies are used * by a project. This function also checks whether there are any matching files and returns @@ -55,7 +58,7 @@ export function getJavaTempDependencyDir(): string { * @returns The paths of directories on the runner that should be included in a dependency cache * for a Java analysis. */ -export function getJavaDependencyDirs(): string[] { +export async function getJavaDependencyDirs(): Promise { return [ // Maven join(os.homedir(), ".m2", "repository"), @@ -66,6 +69,15 @@ export function getJavaDependencyDirs(): string[] { ]; } +/** + * Returns a path to a directory intended to be used to store dependencies + * for the C# `build-mode: none` extractor. + * @returns The path to the directory that should be used by the `build-mode: none` extractor. + */ +export function getCsharpTempDependencyDir(): string { + return join(getTemporaryDirectory(), "codeql_csharp", "repository"); +} + /** * Returns an array of paths of directories on the runner that should be included in a dependency cache * for a C# analysis. @@ -73,7 +85,7 @@ export function getJavaDependencyDirs(): string[] { * @returns The paths of directories on the runner that should be included in a dependency cache * for a C# analysis. */ -export function getCsharpDependencyDirs(): string[] { +export async function getCsharpDependencyDirs(): Promise { return [join(os.homedir(), ".nuget", "packages")]; } @@ -173,7 +185,7 @@ const defaultCacheConfigs: { [language: string]: CacheConfig } = { getHashPatterns: getCsharpHashPatterns, }, go: { - getDependencyPaths: () => [join(os.homedir(), "go", "pkg", "mod")], + getDependencyPaths: async () => [join(os.homedir(), "go", "pkg", "mod")], getHashPatterns: async () => internal.makePatternCheck(["**/go.sum"]), }, }; @@ -291,7 +303,7 @@ export async function downloadDependencyCaches( const start = performance.now(); const hitKey = await actionsCache.restoreCache( - cacheConfig.getDependencyPaths(), + await cacheConfig.getDependencyPaths(codeql, features), primaryKey, restoreKeys, ); @@ -387,7 +399,7 @@ export async function uploadDependencyCaches( // with the dependency caches. For this, we could use the Cache API to check whether other workflows // are using the quota and how full it is. const size = await getTotalCacheSize( - cacheConfig.getDependencyPaths(), + await cacheConfig.getDependencyPaths(codeql, features), logger, true, ); @@ -409,7 +421,10 @@ export async function uploadDependencyCaches( try { const start = performance.now(); - await actionsCache.saveCache(cacheConfig.getDependencyPaths(), key); + await actionsCache.saveCache( + await cacheConfig.getDependencyPaths(codeql, features), + key, + ); const upload_duration_ms = Math.round(performance.now() - start); status.push({ From a47d04cf9b3e812f4fe0998e5e6ffd3a91cc88f2 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Wed, 12 Nov 2025 11:59:13 +0000 Subject: [PATCH 03/27] Add FF for extra C# cache contents --- lib/analyze-action-post.js | 5 +++++ lib/analyze-action.js | 5 +++++ lib/autobuild-action.js | 5 +++++ lib/init-action-post.js | 5 +++++ lib/init-action.js | 5 +++++ lib/resolve-environment-action.js | 5 +++++ lib/setup-codeql-action.js | 5 +++++ lib/start-proxy-action-post.js | 5 +++++ lib/start-proxy-action.js | 5 +++++ lib/upload-lib.js | 5 +++++ lib/upload-sarif-action-post.js | 5 +++++ lib/upload-sarif-action.js | 5 +++++ src/feature-flags.ts | 6 ++++++ 13 files changed, 66 insertions(+) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index b30ab9f097..484df244c7 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -119928,6 +119928,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", diff --git a/lib/analyze-action.js b/lib/analyze-action.js index fb9ec0a2e7..22d01ab285 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -88658,6 +88658,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index d09fe07d82..48485a850d 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -83977,6 +83977,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 1d3c4d5d93..b15b16f377 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -123309,6 +123309,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", diff --git a/lib/init-action.js b/lib/init-action.js index d3f0d35c30..e351b0205b 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -86072,6 +86072,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 7918ab61f7..766a59c171 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -83968,6 +83968,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index c9e95730bf..f00d601e7d 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -83880,6 +83880,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 2386e7c27b..85e0aaeb08 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -119334,6 +119334,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 281341e5aa..5613603cb9 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -99996,6 +99996,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 2e980ba467..a0d12250c7 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -87034,6 +87034,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 1d2a3a44b3..1d63547086 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -119500,6 +119500,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 6fd196c32e..1266953f0c 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -86830,6 +86830,11 @@ var featureConfig = { legacyApi: true, minimumVersion: "2.15.0" }, + ["csharp_cache_bmn" /* CsharpCacheBuildModeNone */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: void 0 + }, ["csharp_new_cache_key" /* CsharpNewCacheKey */]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", diff --git a/src/feature-flags.ts b/src/feature-flags.ts index 1334969795..27a3c0f4f7 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -47,6 +47,7 @@ export enum Feature { AnalyzeUseNewUpload = "analyze_use_new_upload", CleanupTrapCaches = "cleanup_trap_caches", CppDependencyInstallation = "cpp_dependency_installation_enabled", + CsharpCacheBuildModeNone = "csharp_cache_bmn", CsharpNewCacheKey = "csharp_new_cache_key", DiffInformedQueries = "diff_informed_queries", DisableCsharpBuildless = "disable_csharp_buildless", @@ -133,6 +134,11 @@ export const featureConfig: Record< legacyApi: true, minimumVersion: "2.15.0", }, + [Feature.CsharpCacheBuildModeNone]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CSHARP_CACHE_BMN", + minimumVersion: undefined, + }, [Feature.CsharpNewCacheKey]: { defaultValue: false, envVar: "CODEQL_ACTION_CSHARP_NEW_CACHE_KEY", From ecaa6db95a8f53d47a403cf9d16a96daa295f5ff Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 13 Nov 2025 13:40:36 +0000 Subject: [PATCH 04/27] Include `getCsharpTempDependencyDir` in C# caches if FF is enabled --- lib/analyze-action.js | 15 +++++++++-- lib/init-action.js | 15 +++++++++-- src/dependency-caching.test.ts | 49 ++++++++++++++++++++++++++++++++++ src/dependency-caching.ts | 17 ++++++++++-- 4 files changed, 90 insertions(+), 6 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 22d01ab285..6b0e6b92f6 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -91074,8 +91074,18 @@ async function getJavaDependencyDirs() { getJavaTempDependencyDir() ]; } -async function getCsharpDependencyDirs() { - return [(0, import_path.join)(os3.homedir(), ".nuget", "packages")]; +function getCsharpTempDependencyDir() { + return (0, import_path.join)(getTemporaryDirectory(), "codeql_csharp", "repository"); +} +async function getCsharpDependencyDirs(codeql, features) { + const dirs = [ + // Nuget + (0, import_path.join)(os3.homedir(), ".nuget", "packages") + ]; + if (await features.getValue("csharp_cache_bmn" /* CsharpCacheBuildModeNone */, codeql)) { + dirs.push(getCsharpTempDependencyDir()); + } + return dirs; } async function makePatternCheck(patterns) { const globber = await makeGlobber(patterns); @@ -91227,6 +91237,7 @@ async function getFeaturePrefix(codeql, features, language) { } } else if (language === "csharp" /* csharp */) { await addFeatureIfEnabled("csharp_new_cache_key" /* CsharpNewCacheKey */); + await addFeatureIfEnabled("csharp_cache_bmn" /* CsharpCacheBuildModeNone */); } if (enabledFeatures.length > 0) { return `${createCacheKeyHash(enabledFeatures)}-`; diff --git a/lib/init-action.js b/lib/init-action.js index e351b0205b..8d63c95de0 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -87261,8 +87261,18 @@ async function getJavaDependencyDirs() { getJavaTempDependencyDir() ]; } -async function getCsharpDependencyDirs() { - return [(0, import_path.join)(os2.homedir(), ".nuget", "packages")]; +function getCsharpTempDependencyDir() { + return (0, import_path.join)(getTemporaryDirectory(), "codeql_csharp", "repository"); +} +async function getCsharpDependencyDirs(codeql, features) { + const dirs = [ + // Nuget + (0, import_path.join)(os2.homedir(), ".nuget", "packages") + ]; + if (await features.getValue("csharp_cache_bmn" /* CsharpCacheBuildModeNone */, codeql)) { + dirs.push(getCsharpTempDependencyDir()); + } + return dirs; } async function makePatternCheck(patterns) { const globber = await makeGlobber(patterns); @@ -87398,6 +87408,7 @@ async function getFeaturePrefix(codeql, features, language) { } } else if (language === "csharp" /* csharp */) { await addFeatureIfEnabled("csharp_new_cache_key" /* CsharpNewCacheKey */); + await addFeatureIfEnabled("csharp_cache_bmn" /* CsharpCacheBuildModeNone */); } if (enabledFeatures.length > 0) { return `${createCacheKeyHash(enabledFeatures)}-`; diff --git a/src/dependency-caching.test.ts b/src/dependency-caching.test.ts index 416b096776..bf2f7ba74d 100644 --- a/src/dependency-caching.test.ts +++ b/src/dependency-caching.test.ts @@ -20,6 +20,8 @@ import { downloadDependencyCaches, CacheHitKind, cacheKey, + getCsharpDependencyDirs, + getCsharpTempDependencyDir, } from "./dependency-caching"; import { Feature } from "./feature-flags"; import { KnownLanguage } from "./languages"; @@ -38,6 +40,28 @@ function makeAbsolutePatterns(tmpDir: string, patterns: string[]): string[] { return patterns.map((pattern) => path.join(tmpDir, pattern)); } +test("getCsharpDependencyDirs - does not include BMN dir if FF is enabled", async (t) => { + await withTmpDir(async (tmpDir) => { + process.env["RUNNER_TEMP"] = tmpDir; + const codeql = createStubCodeQL({}); + const features = createFeatures([]); + + const results = await getCsharpDependencyDirs(codeql, features); + t.false(results.includes(getCsharpTempDependencyDir())); + }); +}); + +test("getCsharpDependencyDirs - includes BMN dir if FF is enabled", async (t) => { + await withTmpDir(async (tmpDir) => { + process.env["RUNNER_TEMP"] = tmpDir; + const codeql = createStubCodeQL({}); + const features = createFeatures([Feature.CsharpCacheBuildModeNone]); + + const results = await getCsharpDependencyDirs(codeql, features); + t.assert(results.includes(getCsharpTempDependencyDir())); + }); +}); + test("makePatternCheck - returns undefined if no patterns match", async (t) => { await withTmpDir(async (tmpDir) => { fs.writeFileSync(path.join(tmpDir, "test.java"), ""); @@ -387,3 +411,28 @@ test("getFeaturePrefix - non-C# - returns '' if CsharpNewCacheKey is enabled", a t.deepEqual(result, "", `Expected no feature prefix for ${knownLanguage}`); } }); + +test("getFeaturePrefix - C# - returns prefix if CsharpCacheBuildModeNone is enabled", async (t) => { + const codeql = createStubCodeQL({}); + const features = createFeatures([Feature.CsharpCacheBuildModeNone]); + + const result = await getFeaturePrefix(codeql, features, KnownLanguage.csharp); + t.notDeepEqual(result, ""); + t.assert(result.endsWith("-")); + // Check the length of the prefix, which should correspond to `cacheKeyHashLength` + 1 for the trailing `-`. + t.is(result.length, cacheKeyHashLength + 1); +}); + +test("getFeaturePrefix - non-C# - returns '' if CsharpCacheBuildModeNone is enabled", async (t) => { + const codeql = createStubCodeQL({}); + const features = createFeatures([Feature.CsharpCacheBuildModeNone]); + + for (const knownLanguage of Object.values(KnownLanguage)) { + // Skip C# since we expect a result for it, which is tested in the previous test. + if (knownLanguage === KnownLanguage.csharp) { + continue; + } + const result = await getFeaturePrefix(codeql, features, knownLanguage); + t.deepEqual(result, "", `Expected no feature prefix for ${knownLanguage}`); + } +}); diff --git a/src/dependency-caching.ts b/src/dependency-caching.ts index 5ee0504371..bd39bad751 100644 --- a/src/dependency-caching.ts +++ b/src/dependency-caching.ts @@ -85,8 +85,20 @@ export function getCsharpTempDependencyDir(): string { * @returns The paths of directories on the runner that should be included in a dependency cache * for a C# analysis. */ -export async function getCsharpDependencyDirs(): Promise { - return [join(os.homedir(), ".nuget", "packages")]; +export async function getCsharpDependencyDirs( + codeql: CodeQL, + features: FeatureEnablement, +): Promise { + const dirs = [ + // Nuget + join(os.homedir(), ".nuget", "packages"), + ]; + + if (await features.getValue(Feature.CsharpCacheBuildModeNone, codeql)) { + dirs.push(getCsharpTempDependencyDir()); + } + + return dirs; } /** @@ -512,6 +524,7 @@ export async function getFeaturePrefix( } } else if (language === KnownLanguage.csharp) { await addFeatureIfEnabled(Feature.CsharpNewCacheKey); + await addFeatureIfEnabled(Feature.CsharpCacheBuildModeNone); } // If any features that affect the cache are enabled, return a feature prefix by From f5f9571d6184d3cf1e2477d1dfc61c7ce88cdf4b Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 13 Nov 2025 14:03:44 +0000 Subject: [PATCH 05/27] Configure temp dependency dir for C# extractor when FF is enabled And also clean it up. --- lib/analyze-action-post.js | 24 ++++++++++++++++-------- lib/analyze-action.js | 13 +++++++++---- src/analyze-action-env.test.ts | 21 +++++++++++++++------ src/analyze-action-input.test.ts | 21 +++++++++++++++------ src/analyze-action-post.ts | 28 ++++++++++++++++++---------- src/analyze-action.ts | 1 + src/analyze.ts | 22 +++++++++++++++++++--- 7 files changed, 93 insertions(+), 37 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 484df244c7..323549b8b1 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -120768,6 +120768,9 @@ var glob = __toESM(require_glob3()); function getJavaTempDependencyDir() { return (0, import_path.join)(getTemporaryDirectory(), "codeql_java", "repository"); } +function getCsharpTempDependencyDir() { + return (0, import_path.join)(getTemporaryDirectory(), "codeql_csharp", "repository"); +} // src/debug-artifacts.ts function sanitizeArtifactName(name) { @@ -120888,14 +120891,19 @@ async function runWrapper() { ); } } - const javaTempDependencyDir = getJavaTempDependencyDir(); - if (fs6.existsSync(javaTempDependencyDir)) { - try { - fs6.rmSync(javaTempDependencyDir, { recursive: true }); - } catch (error4) { - logger.info( - `Failed to remove temporary Java dependencies directory: ${getErrorMessage(error4)}` - ); + const tempDependencyDirs = [ + getJavaTempDependencyDir(), + getCsharpTempDependencyDir() + ]; + for (const tempDependencyDir of tempDependencyDirs) { + if (fs6.existsSync(tempDependencyDir)) { + try { + fs6.rmSync(tempDependencyDir, { recursive: true }); + } catch (error4) { + logger.info( + `Failed to remove temporary dependencies directory: ${getErrorMessage(error4)}` + ); + } } } } catch (error4) { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 6b0e6b92f6..e5e897ca38 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -91327,7 +91327,7 @@ async function setupPythonExtractor(logger) { ); return; } -async function runExtraction(codeql, config, logger) { +async function runExtraction(codeql, features, config, logger) { for (const language of config.languages) { if (dbIsFinalized(config, language, logger)) { logger.debug( @@ -91347,6 +91347,9 @@ async function runExtraction(codeql, config, logger) { if (language === "java" /* java */ && config.buildMode === "none" /* None */) { process.env["CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_DEPENDENCY_DIR"] = getJavaTempDependencyDir(); } + if (language === "csharp" /* csharp */ && config.buildMode === "none" /* None */ && await features.getValue("csharp_cache_bmn" /* CsharpCacheBuildModeNone */)) { + process.env["CODEQL_EXTRACTOR_CSHARP_OPTION_BUILDLESS_DEPENDENCY_DIR"] = getCsharpTempDependencyDir(); + } await codeql.extractUsingBuildMode(config, language); } else { await codeql.extractScannedLanguage(config, language); @@ -91372,9 +91375,9 @@ function dbIsFinalized(config, language, logger) { return false; } } -async function finalizeDatabaseCreation(codeql, config, threadsFlag, memoryFlag, logger) { +async function finalizeDatabaseCreation(codeql, features, config, threadsFlag, memoryFlag, logger) { const extractionStart = import_perf_hooks2.performance.now(); - await runExtraction(codeql, config, logger); + await runExtraction(codeql, features, config, logger); const extractionTime = import_perf_hooks2.performance.now() - extractionStart; const trapImportStart = import_perf_hooks2.performance.now(); for (const language of config.languages) { @@ -91629,7 +91632,7 @@ async function runQueries(sarifFolder, memoryFlag, threadsFlag, diffRangePackDir return perQueryAlertCounts; } } -async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, logger) { +async function runFinalize(features, outputDir, threadsFlag, memoryFlag, codeql, config, logger) { try { await fs12.promises.rm(outputDir, { force: true, recursive: true }); } catch (error4) { @@ -91640,6 +91643,7 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, l await fs12.promises.mkdir(outputDir, { recursive: true }); const timings = await finalizeDatabaseCreation( codeql, + features, config, threadsFlag, memoryFlag, @@ -93974,6 +93978,7 @@ async function run() { await warnIfGoInstalledAfterInit(config, logger); await runAutobuildIfLegacyGoWorkflow(config, logger); dbCreationTimings = await runFinalize( + features, outputDir, threads, memory, diff --git a/src/analyze-action-env.test.ts b/src/analyze-action-env.test.ts index e4960a5803..aecbae4b02 100644 --- a/src/analyze-action-env.test.ts +++ b/src/analyze-action-env.test.ts @@ -74,11 +74,20 @@ test("analyze action with RAM & threads from environment variables", async (t) = // wait for the action promise to complete before starting verification. await analyzeAction.runPromise; - t.assert(runFinalizeStub.calledOnce); - t.deepEqual(runFinalizeStub.firstCall.args[1], "--threads=-1"); - t.deepEqual(runFinalizeStub.firstCall.args[2], "--ram=4992"); - t.assert(runQueriesStub.calledOnce); - t.deepEqual(runQueriesStub.firstCall.args[2], "--threads=-1"); - t.deepEqual(runQueriesStub.firstCall.args[1], "--ram=4992"); + t.assert( + runFinalizeStub.calledOnceWith( + sinon.match.any, + sinon.match.any, + "--threads=-1", + "--ram=4992", + ), + ); + t.assert( + runQueriesStub.calledOnceWith( + sinon.match.any, + "--ram=4992", + "--threads=-1", + ), + ); }); }); diff --git a/src/analyze-action-input.test.ts b/src/analyze-action-input.test.ts index 48fa216ebf..74c03923da 100644 --- a/src/analyze-action-input.test.ts +++ b/src/analyze-action-input.test.ts @@ -72,11 +72,20 @@ test("analyze action with RAM & threads from action inputs", async (t) => { // wait for the action promise to complete before starting verification. await analyzeAction.runPromise; - t.assert(runFinalizeStub.calledOnce); - t.deepEqual(runFinalizeStub.firstCall.args[1], "--threads=-1"); - t.deepEqual(runFinalizeStub.firstCall.args[2], "--ram=3012"); - t.assert(runQueriesStub.calledOnce); - t.deepEqual(runQueriesStub.firstCall.args[2], "--threads=-1"); - t.deepEqual(runQueriesStub.firstCall.args[1], "--ram=3012"); + t.assert( + runFinalizeStub.calledOnceWith( + sinon.match.any, + sinon.match.any, + "--threads=-1", + "--ram=3012", + ), + ); + t.assert( + runQueriesStub.calledOnceWith( + sinon.match.any, + "--ram=3012", + "--threads=-1", + ), + ); }); }); diff --git a/src/analyze-action-post.ts b/src/analyze-action-post.ts index 1f91b4f0fd..ce8ddd31bb 100644 --- a/src/analyze-action-post.ts +++ b/src/analyze-action-post.ts @@ -12,7 +12,10 @@ import { getGitHubVersion } from "./api-client"; import { getCodeQL } from "./codeql"; import { getConfig } from "./config-utils"; import * as debugArtifacts from "./debug-artifacts"; -import { getJavaTempDependencyDir } from "./dependency-caching"; +import { + getCsharpTempDependencyDir, + getJavaTempDependencyDir, +} from "./dependency-caching"; import { EnvVar } from "./environment"; import { getActionsLogger } from "./logging"; import { checkGitHubVersionInRange, getErrorMessage } from "./util"; @@ -42,17 +45,22 @@ async function runWrapper() { } } - // If we analysed Java in build-mode: none, we may have downloaded dependencies + // If we analysed Java or C# in build-mode: none, we may have downloaded dependencies // to the temp directory. Clean these up so they don't persist unnecessarily // long on self-hosted runners. - const javaTempDependencyDir = getJavaTempDependencyDir(); - if (fs.existsSync(javaTempDependencyDir)) { - try { - fs.rmSync(javaTempDependencyDir, { recursive: true }); - } catch (error) { - logger.info( - `Failed to remove temporary Java dependencies directory: ${getErrorMessage(error)}`, - ); + const tempDependencyDirs = [ + getJavaTempDependencyDir(), + getCsharpTempDependencyDir(), + ]; + for (const tempDependencyDir of tempDependencyDirs) { + if (fs.existsSync(tempDependencyDir)) { + try { + fs.rmSync(tempDependencyDir, { recursive: true }); + } catch (error) { + logger.info( + `Failed to remove temporary dependencies directory: ${getErrorMessage(error)}`, + ); + } } } } catch (error) { diff --git a/src/analyze-action.ts b/src/analyze-action.ts index 3ab1dd1321..0349c13c30 100644 --- a/src/analyze-action.ts +++ b/src/analyze-action.ts @@ -315,6 +315,7 @@ async function run() { await runAutobuildIfLegacyGoWorkflow(config, logger); dbCreationTimings = await runFinalize( + features, outputDir, threads, memory, diff --git a/src/analyze.ts b/src/analyze.ts index cd82ad61b1..dc631ba98f 100644 --- a/src/analyze.ts +++ b/src/analyze.ts @@ -10,7 +10,10 @@ import * as analyses from "./analyses"; import { setupCppAutobuild } from "./autobuild"; import { type CodeQL } from "./codeql"; import * as configUtils from "./config-utils"; -import { getJavaTempDependencyDir } from "./dependency-caching"; +import { + getCsharpTempDependencyDir, + getJavaTempDependencyDir, +} from "./dependency-caching"; import { addDiagnostic, makeDiagnostic } from "./diagnostics"; import { DiffThunkRange, @@ -98,6 +101,7 @@ async function setupPythonExtractor(logger: Logger) { export async function runExtraction( codeql: CodeQL, + features: FeatureEnablement, config: configUtils.Config, logger: Logger, ) { @@ -122,7 +126,7 @@ export async function runExtraction( await setupCppAutobuild(codeql, logger); } - // The Java `build-mode: none` extractor places dependencies (.jar files) in the + // The Java and C# `build-mode: none` extractors place dependencies in the // database scratch directory by default. For dependency caching purposes, we want // a stable path that caches can be restored into and that we can cache at the // end of the workflow (i.e. that does not get removed when the scratch directory is). @@ -133,6 +137,15 @@ export async function runExtraction( process.env["CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_DEPENDENCY_DIR"] = getJavaTempDependencyDir(); } + if ( + language === KnownLanguage.csharp && + config.buildMode === BuildMode.None && + (await features.getValue(Feature.CsharpCacheBuildModeNone)) + ) { + process.env[ + "CODEQL_EXTRACTOR_CSHARP_OPTION_BUILDLESS_DEPENDENCY_DIR" + ] = getCsharpTempDependencyDir(); + } await codeql.extractUsingBuildMode(config, language); } else { @@ -177,13 +190,14 @@ export function dbIsFinalized( async function finalizeDatabaseCreation( codeql: CodeQL, + features: FeatureEnablement, config: configUtils.Config, threadsFlag: string, memoryFlag: string, logger: Logger, ): Promise { const extractionStart = performance.now(); - await runExtraction(codeql, config, logger); + await runExtraction(codeql, features, config, logger); const extractionTime = performance.now() - extractionStart; const trapImportStart = performance.now(); @@ -597,6 +611,7 @@ export async function runQueries( } export async function runFinalize( + features: FeatureEnablement, outputDir: string, threadsFlag: string, memoryFlag: string, @@ -615,6 +630,7 @@ export async function runFinalize( const timings = await finalizeDatabaseCreation( codeql, + features, config, threadsFlag, memoryFlag, From 29e11fdce1ae617d40492467e777f61f2d9fc0c0 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 09:31:18 +0000 Subject: [PATCH 06/27] Update changelog and version after v4.31.5 --- CHANGELOG.md | 4 ++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 762aa1db86..1359cdfd9c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## [UNRELEASED] + +No user facing changes. + ## 4.31.5 - 24 Nov 2025 - Update default CodeQL bundle version to 2.23.6. [#3321](https://github.com/github/codeql-action/pull/3321) diff --git a/package-lock.json b/package-lock.json index 3ee4a5b89f..4c6ca8624d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "4.31.5", + "version": "4.31.6", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "4.31.5", + "version": "4.31.6", "license": "MIT", "dependencies": { "@actions/artifact": "^4.0.0", diff --git a/package.json b/package.json index 61317b90ac..22d5817761 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "4.31.5", + "version": "4.31.6", "private": true, "description": "CodeQL action", "scripts": { From 478350182f3269d74025e346d386b05203bda49f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 10:55:14 +0000 Subject: [PATCH 07/27] Rebuild --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 13589f4965..37725d00bf 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 6f1a1bf428..8206afce01 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 9a7251809f..d4b7fc1f6d 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 89948b8a14..62e78df8a5 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { diff --git a/lib/init-action.js b/lib/init-action.js index f8407c208d..185510e02e 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 48ebce48f2..cd65a4bf1c 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index f1182b65c7..780d2cc6de 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index cdac66bef0..c78e8262a6 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 3c2490783a..f0d7eb5716 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -47285,7 +47285,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 53eaa204e3..de44834ac9 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -28924,7 +28924,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 87ef62a45d..f95b705faf 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 574910f02f..f8ea28a2d0 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -27627,7 +27627,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "4.31.5", + version: "4.31.6", private: true, description: "CodeQL action", scripts: { From e2a623d7cf16cc85bed615db241f461708b7d496 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 17:36:24 +0000 Subject: [PATCH 08/27] Bump the npm-minor group with 3 updates Bumps the npm-minor group with 3 updates: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc). Updates `@typescript-eslint/eslint-plugin` from 8.46.4 to 8.48.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.0/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.46.4 to 8.48.0 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.0/packages/parser) Updates `eslint-plugin-jsdoc` from 61.2.1 to 61.4.1 - [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases) - [Changelog](https://github.com/gajus/eslint-plugin-jsdoc/blob/main/.releaserc) - [Commits](https://github.com/gajus/eslint-plugin-jsdoc/compare/v61.2.1...v61.4.1) --- updated-dependencies: - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.48.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: "@typescript-eslint/parser" dependency-version: 8.48.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor - dependency-name: eslint-plugin-jsdoc dependency-version: 61.4.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-minor ... Signed-off-by: dependabot[bot] --- package-lock.json | 246 +++++++++++++++++++++++----------------------- package.json | 4 +- 2 files changed, 125 insertions(+), 125 deletions(-) diff --git a/package-lock.json b/package-lock.json index 4c6ca8624d..0b3ab5312a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -46,7 +46,7 @@ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", "ava": "^6.4.1", "esbuild": "^0.27.0", @@ -55,7 +55,7 @@ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", "glob": "^11.1.0", "nock": "^14.0.10", @@ -2369,17 +2369,17 @@ } }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.46.4.tgz", - "integrity": "sha512-R48VhmTJqplNyDxCyqqVkFSZIx1qX6PzwqgcXn1olLrzxcSBDlOsbtcnQuQhNtnNiJ4Xe5gREI1foajYaYU2Vg==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.48.0.tgz", + "integrity": "sha512-XxXP5tL1txl13YFtrECECQYeZjBZad4fyd3cFV4a19LkAY/bIp9fev3US4S5fDVV2JaYFiKAZ/GRTOLer+mbyQ==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/regexpp": "^4.10.0", - "@typescript-eslint/scope-manager": "8.46.4", - "@typescript-eslint/type-utils": "8.46.4", - "@typescript-eslint/utils": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4", + "@typescript-eslint/scope-manager": "8.48.0", + "@typescript-eslint/type-utils": "8.48.0", + "@typescript-eslint/utils": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", @@ -2393,20 +2393,20 @@ "url": "https://opencollective.com/typescript-eslint" }, "peerDependencies": { - "@typescript-eslint/parser": "^8.46.4", + "@typescript-eslint/parser": "^8.48.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.4.tgz", - "integrity": "sha512-tMDbLGXb1wC+McN1M6QeDx7P7c0UWO5z9CXqp7J8E+xGcJuUuevWKxuG8j41FoweS3+L41SkyKKkia16jpX7CA==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.48.0.tgz", + "integrity": "sha512-uGSSsbrtJrLduti0Q1Q9+BF1/iFKaxGoQwjWOIVNJv0o6omrdyR8ct37m4xIl5Zzpkp69Kkmvom7QFTtue89YQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4" + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2417,9 +2417,9 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.4.tgz", - "integrity": "sha512-USjyxm3gQEePdUwJBFjjGNG18xY9A2grDVGuk7/9AkjIF1L+ZrVnwR5VAU5JXtUnBL/Nwt3H31KlRDaksnM7/w==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.48.0.tgz", + "integrity": "sha512-cQMcGQQH7kwKoVswD1xdOytxQR60MWKM1di26xSUtxehaDs/32Zpqsu5WJlXTtTTqyAVK8R7hvsUnIXRS+bjvA==", "dev": true, "license": "MIT", "engines": { @@ -2431,21 +2431,20 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.4.tgz", - "integrity": "sha512-7oV2qEOr1d4NWNmpXLR35LvCfOkTNymY9oyW+lUHkmCno7aOmIf/hMaydnJBUTBMRCOGZh8YjkFOc8dadEoNGA==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.48.0.tgz", + "integrity": "sha512-ljHab1CSO4rGrQIAyizUS6UGHHCiAYhbfcIZ1zVJr5nMryxlXMVWS3duFPSKvSUbFPwkXMFk1k0EMIjub4sRRQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.46.4", - "@typescript-eslint/tsconfig-utils": "8.46.4", - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4", + "@typescript-eslint/project-service": "8.48.0", + "@typescript-eslint/tsconfig-utils": "8.48.0", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0", "debug": "^4.3.4", - "fast-glob": "^3.3.2", - "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", + "tinyglobby": "^0.2.15", "ts-api-utils": "^2.1.0" }, "engines": { @@ -2460,16 +2459,16 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/utils": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.4.tgz", - "integrity": "sha512-AbSv11fklGXV6T28dp2Me04Uw90R2iJ30g2bgLz529Koehrmkbs1r7paFqr1vPCZi7hHwYxYtxfyQMRC8QaVSg==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.48.0.tgz", + "integrity": "sha512-yTJO1XuGxCsSfIVt1+1UrLHtue8xz16V8apzPYI06W0HbEbEWHxHXgZaAgavIkoh+GeV6hKKd5jm0sS6OYxWXQ==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", - "@typescript-eslint/scope-manager": "8.46.4", - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/typescript-estree": "8.46.4" + "@typescript-eslint/scope-manager": "8.48.0", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/typescript-estree": "8.48.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2484,13 +2483,13 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.4.tgz", - "integrity": "sha512-/++5CYLQqsO9HFGLI7APrxBJYo+5OCMpViuhV8q5/Qa3o5mMrF//eQHks+PXcsAVaLdn817fMuS7zqoXNNZGaw==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.48.0.tgz", + "integrity": "sha512-T0XJMaRPOH3+LBbAfzR2jalckP1MSG/L9eUtY0DEzUyVaXJ/t6zN0nR7co5kz0Jko/nkSYCBRkz1djvjajVTTg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", + "@typescript-eslint/types": "8.48.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -2563,16 +2562,16 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.4.tgz", - "integrity": "sha512-tK3GPFWbirvNgsNKto+UmB/cRtn6TZfyw0D6IKrW55n6Vbs7KJoZtI//kpTKzE/DUmmnAFD8/Ca46s7Obs92/w==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.48.0.tgz", + "integrity": "sha512-jCzKdm/QK0Kg4V4IK/oMlRZlY+QOcdjv89U2NgKHZk1CYTj82/RVSx1mV/0gqCVMJ/DA+Zf/S4NBWNF8GQ+eqQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/scope-manager": "8.46.4", - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/typescript-estree": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4", + "@typescript-eslint/scope-manager": "8.48.0", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/typescript-estree": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0", "debug": "^4.3.4" }, "engines": { @@ -2588,14 +2587,14 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.4.tgz", - "integrity": "sha512-tMDbLGXb1wC+McN1M6QeDx7P7c0UWO5z9CXqp7J8E+xGcJuUuevWKxuG8j41FoweS3+L41SkyKKkia16jpX7CA==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.48.0.tgz", + "integrity": "sha512-uGSSsbrtJrLduti0Q1Q9+BF1/iFKaxGoQwjWOIVNJv0o6omrdyR8ct37m4xIl5Zzpkp69Kkmvom7QFTtue89YQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4" + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2606,9 +2605,9 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.4.tgz", - "integrity": "sha512-USjyxm3gQEePdUwJBFjjGNG18xY9A2grDVGuk7/9AkjIF1L+ZrVnwR5VAU5JXtUnBL/Nwt3H31KlRDaksnM7/w==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.48.0.tgz", + "integrity": "sha512-cQMcGQQH7kwKoVswD1xdOytxQR60MWKM1di26xSUtxehaDs/32Zpqsu5WJlXTtTTqyAVK8R7hvsUnIXRS+bjvA==", "dev": true, "license": "MIT", "engines": { @@ -2620,21 +2619,20 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.4.tgz", - "integrity": "sha512-7oV2qEOr1d4NWNmpXLR35LvCfOkTNymY9oyW+lUHkmCno7aOmIf/hMaydnJBUTBMRCOGZh8YjkFOc8dadEoNGA==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.48.0.tgz", + "integrity": "sha512-ljHab1CSO4rGrQIAyizUS6UGHHCiAYhbfcIZ1zVJr5nMryxlXMVWS3duFPSKvSUbFPwkXMFk1k0EMIjub4sRRQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.46.4", - "@typescript-eslint/tsconfig-utils": "8.46.4", - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4", + "@typescript-eslint/project-service": "8.48.0", + "@typescript-eslint/tsconfig-utils": "8.48.0", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0", "debug": "^4.3.4", - "fast-glob": "^3.3.2", - "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", + "tinyglobby": "^0.2.15", "ts-api-utils": "^2.1.0" }, "engines": { @@ -2649,13 +2647,13 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.4.tgz", - "integrity": "sha512-/++5CYLQqsO9HFGLI7APrxBJYo+5OCMpViuhV8q5/Qa3o5mMrF//eQHks+PXcsAVaLdn817fMuS7zqoXNNZGaw==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.48.0.tgz", + "integrity": "sha512-T0XJMaRPOH3+LBbAfzR2jalckP1MSG/L9eUtY0DEzUyVaXJ/t6zN0nR7co5kz0Jko/nkSYCBRkz1djvjajVTTg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", + "@typescript-eslint/types": "8.48.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -2719,14 +2717,14 @@ } }, "node_modules/@typescript-eslint/project-service": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.46.4.tgz", - "integrity": "sha512-nPiRSKuvtTN+no/2N1kt2tUh/HoFzeEgOm9fQ6XQk4/ApGqjx0zFIIaLJ6wooR1HIoozvj2j6vTi/1fgAz7UYQ==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.48.0.tgz", + "integrity": "sha512-Ne4CTZyRh1BecBf84siv42wv5vQvVmgtk8AuiEffKTUo3DrBaGYZueJSxxBZ8fjk/N3DrgChH4TOdIOwOwiqqw==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/tsconfig-utils": "^8.46.4", - "@typescript-eslint/types": "^8.46.4", + "@typescript-eslint/tsconfig-utils": "^8.48.0", + "@typescript-eslint/types": "^8.48.0", "debug": "^4.3.4" }, "engines": { @@ -2741,9 +2739,9 @@ } }, "node_modules/@typescript-eslint/project-service/node_modules/@typescript-eslint/types": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.4.tgz", - "integrity": "sha512-USjyxm3gQEePdUwJBFjjGNG18xY9A2grDVGuk7/9AkjIF1L+ZrVnwR5VAU5JXtUnBL/Nwt3H31KlRDaksnM7/w==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.48.0.tgz", + "integrity": "sha512-cQMcGQQH7kwKoVswD1xdOytxQR60MWKM1di26xSUtxehaDs/32Zpqsu5WJlXTtTTqyAVK8R7hvsUnIXRS+bjvA==", "dev": true, "license": "MIT", "engines": { @@ -2773,9 +2771,9 @@ } }, "node_modules/@typescript-eslint/tsconfig-utils": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.46.4.tgz", - "integrity": "sha512-+/XqaZPIAk6Cjg7NWgSGe27X4zMGqrFqZ8atJsX3CWxH/jACqWnrWI68h7nHQld0y+k9eTTjb9r+KU4twLoo9A==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.48.0.tgz", + "integrity": "sha512-WNebjBdFdyu10sR1M4OXTt2OkMd5KWIL+LLfeH9KhgP+jzfDV/LI3eXzwJ1s9+Yc0Kzo2fQCdY/OpdusCMmh6w==", "dev": true, "license": "MIT", "engines": { @@ -2790,15 +2788,15 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.46.4.tgz", - "integrity": "sha512-V4QC8h3fdT5Wro6vANk6eojqfbv5bpwHuMsBcJUJkqs2z5XnYhJzyz9Y02eUmF9u3PgXEUiOt4w4KHR3P+z0PQ==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.48.0.tgz", + "integrity": "sha512-zbeVaVqeXhhab6QNEKfK96Xyc7UQuoFWERhEnj3mLVnUWrQnv15cJNseUni7f3g557gm0e46LZ6IJ4NJVOgOpw==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/typescript-estree": "8.46.4", - "@typescript-eslint/utils": "8.46.4", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/typescript-estree": "8.48.0", + "@typescript-eslint/utils": "8.48.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, @@ -2815,14 +2813,14 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/scope-manager": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.4.tgz", - "integrity": "sha512-tMDbLGXb1wC+McN1M6QeDx7P7c0UWO5z9CXqp7J8E+xGcJuUuevWKxuG8j41FoweS3+L41SkyKKkia16jpX7CA==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.48.0.tgz", + "integrity": "sha512-uGSSsbrtJrLduti0Q1Q9+BF1/iFKaxGoQwjWOIVNJv0o6omrdyR8ct37m4xIl5Zzpkp69Kkmvom7QFTtue89YQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4" + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2833,9 +2831,9 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.4.tgz", - "integrity": "sha512-USjyxm3gQEePdUwJBFjjGNG18xY9A2grDVGuk7/9AkjIF1L+ZrVnwR5VAU5JXtUnBL/Nwt3H31KlRDaksnM7/w==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.48.0.tgz", + "integrity": "sha512-cQMcGQQH7kwKoVswD1xdOytxQR60MWKM1di26xSUtxehaDs/32Zpqsu5WJlXTtTTqyAVK8R7hvsUnIXRS+bjvA==", "dev": true, "license": "MIT", "engines": { @@ -2847,21 +2845,20 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.4.tgz", - "integrity": "sha512-7oV2qEOr1d4NWNmpXLR35LvCfOkTNymY9oyW+lUHkmCno7aOmIf/hMaydnJBUTBMRCOGZh8YjkFOc8dadEoNGA==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.48.0.tgz", + "integrity": "sha512-ljHab1CSO4rGrQIAyizUS6UGHHCiAYhbfcIZ1zVJr5nMryxlXMVWS3duFPSKvSUbFPwkXMFk1k0EMIjub4sRRQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.46.4", - "@typescript-eslint/tsconfig-utils": "8.46.4", - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/visitor-keys": "8.46.4", + "@typescript-eslint/project-service": "8.48.0", + "@typescript-eslint/tsconfig-utils": "8.48.0", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/visitor-keys": "8.48.0", "debug": "^4.3.4", - "fast-glob": "^3.3.2", - "is-glob": "^4.0.3", "minimatch": "^9.0.4", "semver": "^7.6.0", + "tinyglobby": "^0.2.15", "ts-api-utils": "^2.1.0" }, "engines": { @@ -2876,16 +2873,16 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/utils": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.4.tgz", - "integrity": "sha512-AbSv11fklGXV6T28dp2Me04Uw90R2iJ30g2bgLz529Koehrmkbs1r7paFqr1vPCZi7hHwYxYtxfyQMRC8QaVSg==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.48.0.tgz", + "integrity": "sha512-yTJO1XuGxCsSfIVt1+1UrLHtue8xz16V8apzPYI06W0HbEbEWHxHXgZaAgavIkoh+GeV6hKKd5jm0sS6OYxWXQ==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", - "@typescript-eslint/scope-manager": "8.46.4", - "@typescript-eslint/types": "8.46.4", - "@typescript-eslint/typescript-estree": "8.46.4" + "@typescript-eslint/scope-manager": "8.48.0", + "@typescript-eslint/types": "8.48.0", + "@typescript-eslint/typescript-estree": "8.48.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2900,13 +2897,13 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.46.4", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.4.tgz", - "integrity": "sha512-/++5CYLQqsO9HFGLI7APrxBJYo+5OCMpViuhV8q5/Qa3o5mMrF//eQHks+PXcsAVaLdn817fMuS7zqoXNNZGaw==", + "version": "8.48.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.48.0.tgz", + "integrity": "sha512-T0XJMaRPOH3+LBbAfzR2jalckP1MSG/L9eUtY0DEzUyVaXJ/t6zN0nR7co5kz0Jko/nkSYCBRkz1djvjajVTTg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.46.4", + "@typescript-eslint/types": "8.48.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -4952,9 +4949,9 @@ } }, "node_modules/eslint-plugin-jsdoc": { - "version": "61.2.1", - "resolved": "https://registry.npmjs.org/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-61.2.1.tgz", - "integrity": "sha512-Htacti3dbkNm4rlp/Bk9lqhv+gi6US9jyN22yaJ42G6wbteiTbNLChQwi25jr/BN+NOzDWhZHvCDdrhX0F8dXQ==", + "version": "61.4.1", + "resolved": "https://registry.npmjs.org/eslint-plugin-jsdoc/-/eslint-plugin-jsdoc-61.4.1.tgz", + "integrity": "sha512-3c1QW/bV25sJ1MsIvsvW+EtLtN6yZMduw7LVQNVt72y2/5BbV5Pg5b//TE5T48LRUxoEQGaZJejCmcj3wCxBzw==", "dev": true, "license": "BSD-3-Clause", "dependencies": { @@ -8304,14 +8301,14 @@ } }, "node_modules/tinyglobby": { - "version": "0.2.12", - "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.12.tgz", - "integrity": "sha512-qkf4trmKSIiMTs/E63cxH+ojC2unam7rJ0WrauAzpT3ECNTxGRMlaXxVbfxMUC/w0LaYk6jQ4y/nGR9uBO3tww==", + "version": "0.2.15", + "resolved": "https://registry.npmjs.org/tinyglobby/-/tinyglobby-0.2.15.tgz", + "integrity": "sha512-j2Zq4NyQYG5XMST4cbs02Ak8iJUdxRM0XI5QyxXuZOzKOINmWurp3smXu3y5wDcJrptwpSjgXHzIQxR0omXljQ==", "dev": true, "license": "MIT", "dependencies": { - "fdir": "^6.4.3", - "picomatch": "^4.0.2" + "fdir": "^6.5.0", + "picomatch": "^4.0.3" }, "engines": { "node": ">=12.0.0" @@ -8321,11 +8318,14 @@ } }, "node_modules/tinyglobby/node_modules/fdir": { - "version": "6.4.3", - "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.4.3.tgz", - "integrity": "sha512-PMXmW2y1hDDfTSRc9gaXIuCCRpuoz3Kaz8cUelp3smouvfT632ozg2vrT6lJsHKKOF59YLbOGfAWGUcKEfRMQw==", + "version": "6.5.0", + "resolved": "https://registry.npmjs.org/fdir/-/fdir-6.5.0.tgz", + "integrity": "sha512-tIbYtZbucOs0BRGqPJkshJUYdL+SDH7dVM8gjy+ERp3WAUjLEFJE+02kanyHtwjWOnwrKYBiwAmM0p4kLJAnXg==", "dev": true, "license": "MIT", + "engines": { + "node": ">=12.0.0" + }, "peerDependencies": { "picomatch": "^3 || ^4" }, @@ -8336,9 +8336,9 @@ } }, "node_modules/tinyglobby/node_modules/picomatch": { - "version": "4.0.2", - "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz", - "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==", + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz", + "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "dev": true, "license": "MIT", "engines": { diff --git a/package.json b/package.json index 22d5817761..473701b8f9 100644 --- a/package.json +++ b/package.json @@ -61,7 +61,7 @@ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", "ava": "^6.4.1", "esbuild": "^0.27.0", @@ -70,7 +70,7 @@ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", "glob": "^11.1.0", "nock": "^14.0.10", From 514279113a2b4711fb532dad8108e552d5e61471 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 17:38:19 +0000 Subject: [PATCH 09/27] Rebuild --- lib/analyze-action-post.js | 4 ++-- lib/analyze-action.js | 4 ++-- lib/autobuild-action.js | 4 ++-- lib/init-action-post.js | 4 ++-- lib/init-action.js | 4 ++-- lib/resolve-environment-action.js | 4 ++-- lib/setup-codeql-action.js | 4 ++-- lib/start-proxy-action-post.js | 4 ++-- lib/start-proxy-action.js | 4 ++-- lib/upload-lib.js | 4 ++-- lib/upload-sarif-action-post.js | 4 ++-- lib/upload-sarif-action.js | 4 ++-- 12 files changed, 24 insertions(+), 24 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 37725d00bf..8f6481a506 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -27688,7 +27688,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.27.0", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 8206afce01..fd6eb68601 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -27688,7 +27688,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.27.0", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index d4b7fc1f6d..29d16b639c 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -27688,7 +27688,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.27.0", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 62e78df8a5..c35e5f24d1 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -27688,7 +27688,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.27.0", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", diff --git a/lib/init-action.js b/lib/init-action.js index 185510e02e..d60e2dffe1 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -27688,7 +27688,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.27.0", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index cd65a4bf1c..6ea61cbb56 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -27688,7 +27688,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.27.0", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 780d2cc6de..906c7d1a54 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -27688,7 +27688,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.27.0", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index c78e8262a6..e31470e3e8 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -27688,7 +27688,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.27.0", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index f0d7eb5716..4b0d9fc6ea 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -47346,7 +47346,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.27.0", @@ -47355,7 +47355,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index de44834ac9..d077e689be 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -28985,7 +28985,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.27.0", @@ -28994,7 +28994,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index f95b705faf..31ad0d31cd 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -27688,7 +27688,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.27.0", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index f8ea28a2d0..dd50fc65cd 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -27688,7 +27688,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", - "@typescript-eslint/eslint-plugin": "^8.46.4", + "@typescript-eslint/eslint-plugin": "^8.48.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.27.0", @@ -27697,7 +27697,7 @@ var require_package = __commonJS({ "eslint-plugin-filenames": "^1.3.2", "eslint-plugin-github": "^5.1.8", "eslint-plugin-import": "2.29.1", - "eslint-plugin-jsdoc": "^61.2.1", + "eslint-plugin-jsdoc": "^61.4.1", "eslint-plugin-no-async-foreach": "^0.1.1", glob: "^11.1.0", nock: "^14.0.10", From 6feac2b36a5ca1b9bef24d689424860a700aaf65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 17:59:04 +0000 Subject: [PATCH 10/27] Bump actions/create-github-app-token Bumps the actions-minor group with 1 update in the /.github/workflows directory: [actions/create-github-app-token](https://github.com/actions/create-github-app-token). Updates `actions/create-github-app-token` from 2.1.4 to 2.2.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](https://github.com/actions/create-github-app-token/compare/v2.1.4...v2.2.0) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 2.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/post-release-mergeback.yml | 2 +- .github/workflows/rollback-release.yml | 2 +- .github/workflows/update-release-branch.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index 1731a78ff9..4be56da522 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -142,7 +142,7 @@ jobs: token: "${{ secrets.GITHUB_TOKEN }}" - name: Generate token - uses: actions/create-github-app-token@v2.1.4 + uses: actions/create-github-app-token@v2.2.0 id: app-token with: app-id: ${{ vars.AUTOMATION_APP_ID }} diff --git a/.github/workflows/rollback-release.yml b/.github/workflows/rollback-release.yml index 8d8e872fa7..a218fd57e4 100644 --- a/.github/workflows/rollback-release.yml +++ b/.github/workflows/rollback-release.yml @@ -137,7 +137,7 @@ jobs: - name: Generate token if: github.event_name == 'workflow_dispatch' - uses: actions/create-github-app-token@v2.1.4 + uses: actions/create-github-app-token@v2.2.0 id: app-token with: app-id: ${{ vars.AUTOMATION_APP_ID }} diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index 830ed7c2a5..74349965b0 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -93,7 +93,7 @@ jobs: pull-requests: write # needed to create pull request steps: - name: Generate token - uses: actions/create-github-app-token@v2.1.4 + uses: actions/create-github-app-token@v2.2.0 id: app-token with: app-id: ${{ vars.AUTOMATION_APP_ID }} From 5bd8069afb7ffe286094a9d3f1026925d4ac7990 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 18:01:10 +0000 Subject: [PATCH 11/27] Bump actions/checkout from 5 to 6 in /.github/workflows Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/__all-platform-bundle.yml | 2 +- .github/workflows/__analyze-ref-input.yml | 2 +- .github/workflows/__autobuild-action.yml | 2 +- .../__autobuild-direct-tracing-with-working-dir.yml | 2 +- .github/workflows/__autobuild-working-dir.yml | 2 +- .github/workflows/__build-mode-autobuild.yml | 2 +- .github/workflows/__build-mode-manual.yml | 2 +- .github/workflows/__build-mode-none.yml | 2 +- .github/workflows/__build-mode-rollback.yml | 2 +- .github/workflows/__bundle-from-toolcache.yml | 2 +- .github/workflows/__bundle-toolcache.yml | 2 +- .github/workflows/__bundle-zstd.yml | 2 +- .github/workflows/__cleanup-db-cluster-dir.yml | 2 +- .github/workflows/__config-export.yml | 2 +- .github/workflows/__config-input.yml | 2 +- .github/workflows/__cpp-deptrace-disabled.yml | 2 +- .github/workflows/__cpp-deptrace-enabled-on-macos.yml | 2 +- .github/workflows/__cpp-deptrace-enabled.yml | 2 +- .github/workflows/__diagnostics-export.yml | 2 +- .github/workflows/__export-file-baseline-information.yml | 2 +- .github/workflows/__extractor-ram-threads.yml | 2 +- .github/workflows/__global-proxy.yml | 2 +- .github/workflows/__go-custom-queries.yml | 2 +- .../__go-indirect-tracing-workaround-diagnostic.yml | 2 +- .../__go-indirect-tracing-workaround-no-file-program.yml | 2 +- .github/workflows/__go-indirect-tracing-workaround.yml | 2 +- .github/workflows/__go-tracing-autobuilder.yml | 2 +- .github/workflows/__go-tracing-custom-build-steps.yml | 2 +- .github/workflows/__go-tracing-legacy-workflow.yml | 2 +- .github/workflows/__init-with-registries.yml | 2 +- .github/workflows/__javascript-source-root.yml | 2 +- .github/workflows/__job-run-uuid-sarif.yml | 2 +- .github/workflows/__language-aliases.yml | 2 +- .github/workflows/__local-bundle.yml | 2 +- .github/workflows/__multi-language-autodetect.yml | 2 +- .github/workflows/__overlay-init-fallback.yml | 2 +- .../workflows/__packaging-codescanning-config-inputs-js.yml | 2 +- .github/workflows/__packaging-config-inputs-js.yml | 2 +- .github/workflows/__packaging-config-js.yml | 2 +- .github/workflows/__packaging-inputs-js.yml | 2 +- .github/workflows/__quality-queries.yml | 2 +- .github/workflows/__remote-config.yml | 2 +- .github/workflows/__resolve-environment-action.yml | 2 +- .github/workflows/__rubocop-multi-language.yml | 2 +- .github/workflows/__ruby.yml | 2 +- .github/workflows/__rust.yml | 2 +- .github/workflows/__split-workflow.yml | 2 +- .github/workflows/__start-proxy.yml | 2 +- .github/workflows/__submit-sarif-failure.yml | 4 ++-- .github/workflows/__swift-autobuild.yml | 2 +- .github/workflows/__swift-custom-build.yml | 2 +- .github/workflows/__unset-environment.yml | 2 +- .github/workflows/__upload-ref-sha-input.yml | 2 +- .github/workflows/__upload-sarif.yml | 2 +- .github/workflows/__with-checkout-path.yml | 4 ++-- .github/workflows/check-expected-release-files.yml | 2 +- .github/workflows/codeql.yml | 6 +++--- .github/workflows/codescanning-config-cli.yml | 2 +- .github/workflows/debug-artifacts-failure-safe.yml | 2 +- .github/workflows/debug-artifacts-safe.yml | 2 +- .github/workflows/post-release-mergeback.yml | 2 +- .github/workflows/pr-checks.yml | 6 +++--- .github/workflows/prepare-release.yml | 2 +- .github/workflows/publish-immutable-action.yml | 2 +- .github/workflows/python312-windows.yml | 2 +- .github/workflows/query-filters.yml | 2 +- .github/workflows/rebuild.yml | 2 +- .github/workflows/rollback-release.yml | 2 +- .github/workflows/test-codeql-bundle-all.yml | 2 +- .github/workflows/update-bundle.yml | 2 +- .github/workflows/update-release-branch.yml | 4 ++-- .../update-supported-enterprise-server-versions.yml | 4 ++-- 72 files changed, 80 insertions(+), 80 deletions(-) diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index e2b5e69fc4..2340be49c7 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -71,7 +71,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index 9efe4a8c32..161942723a 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -77,7 +77,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index 0e617afe1c..08470bcff9 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -61,7 +61,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml index c1de5c19de..9607fce187 100644 --- a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml +++ b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml @@ -63,7 +63,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__autobuild-working-dir.yml b/.github/workflows/__autobuild-working-dir.yml index 3a3ca9e5f0..e9d1d7d5db 100644 --- a/.github/workflows/__autobuild-working-dir.yml +++ b/.github/workflows/__autobuild-working-dir.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__build-mode-autobuild.yml b/.github/workflows/__build-mode-autobuild.yml index 878c941a47..87ed95e1ea 100644 --- a/.github/workflows/__build-mode-autobuild.yml +++ b/.github/workflows/__build-mode-autobuild.yml @@ -63,7 +63,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__build-mode-manual.yml b/.github/workflows/__build-mode-manual.yml index 4be0c42d15..c164a1a7b5 100644 --- a/.github/workflows/__build-mode-manual.yml +++ b/.github/workflows/__build-mode-manual.yml @@ -67,7 +67,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__build-mode-none.yml b/.github/workflows/__build-mode-none.yml index 7584f90650..7bb121810f 100644 --- a/.github/workflows/__build-mode-none.yml +++ b/.github/workflows/__build-mode-none.yml @@ -49,7 +49,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__build-mode-rollback.yml b/.github/workflows/__build-mode-rollback.yml index c1f3ccd0c2..e9d85968c4 100644 --- a/.github/workflows/__build-mode-rollback.yml +++ b/.github/workflows/__build-mode-rollback.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__bundle-from-toolcache.yml b/.github/workflows/__bundle-from-toolcache.yml index 639595af5d..96858acd1d 100644 --- a/.github/workflows/__bundle-from-toolcache.yml +++ b/.github/workflows/__bundle-from-toolcache.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__bundle-toolcache.yml b/.github/workflows/__bundle-toolcache.yml index de3826b656..59d06b49bf 100644 --- a/.github/workflows/__bundle-toolcache.yml +++ b/.github/workflows/__bundle-toolcache.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__bundle-zstd.yml b/.github/workflows/__bundle-zstd.yml index f5b1ab3aad..18185ada3f 100644 --- a/.github/workflows/__bundle-zstd.yml +++ b/.github/workflows/__bundle-zstd.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__cleanup-db-cluster-dir.yml b/.github/workflows/__cleanup-db-cluster-dir.yml index dfe53c67ce..8bf4659ae5 100644 --- a/.github/workflows/__cleanup-db-cluster-dir.yml +++ b/.github/workflows/__cleanup-db-cluster-dir.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index f01c4ae3d3..1c98958544 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -49,7 +49,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__config-input.yml b/.github/workflows/__config-input.yml index 59db10d4d6..2a006be21d 100644 --- a/.github/workflows/__config-input.yml +++ b/.github/workflows/__config-input.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install Node.js uses: actions/setup-node@v6 with: diff --git a/.github/workflows/__cpp-deptrace-disabled.yml b/.github/workflows/__cpp-deptrace-disabled.yml index 1221592366..2116e5c4fa 100644 --- a/.github/workflows/__cpp-deptrace-disabled.yml +++ b/.github/workflows/__cpp-deptrace-disabled.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml index b9669b8703..1039cc3213 100644 --- a/.github/workflows/__cpp-deptrace-enabled-on-macos.yml +++ b/.github/workflows/__cpp-deptrace-enabled-on-macos.yml @@ -49,7 +49,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__cpp-deptrace-enabled.yml b/.github/workflows/__cpp-deptrace-enabled.yml index bf155a64d2..9a57d0041a 100644 --- a/.github/workflows/__cpp-deptrace-enabled.yml +++ b/.github/workflows/__cpp-deptrace-enabled.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index 9251e04a8b..8c05b6d92e 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -49,7 +49,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index 980535c84d..7ebf51f3fa 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -71,7 +71,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml index 2d8316f52a..09c1cbbf43 100644 --- a/.github/workflows/__extractor-ram-threads.yml +++ b/.github/workflows/__extractor-ram-threads.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__global-proxy.yml b/.github/workflows/__global-proxy.yml index bd5d64b5f4..35f1f08fc9 100644 --- a/.github/workflows/__global-proxy.yml +++ b/.github/workflows/__global-proxy.yml @@ -61,7 +61,7 @@ jobs: apt install -y gh env: {} - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index fe35b5b4d8..32912ee078 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -69,7 +69,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index 061ad42549..b140b13c4a 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -57,7 +57,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml index 0a347c65c7..d6cf269d71 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml @@ -57,7 +57,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-indirect-tracing-workaround.yml b/.github/workflows/__go-indirect-tracing-workaround.yml index bb811d4d51..8b0c3d13da 100644 --- a/.github/workflows/__go-indirect-tracing-workaround.yml +++ b/.github/workflows/__go-indirect-tracing-workaround.yml @@ -57,7 +57,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-tracing-autobuilder.yml b/.github/workflows/__go-tracing-autobuilder.yml index 6d4cc91cc9..0d2db37343 100644 --- a/.github/workflows/__go-tracing-autobuilder.yml +++ b/.github/workflows/__go-tracing-autobuilder.yml @@ -91,7 +91,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-tracing-custom-build-steps.yml b/.github/workflows/__go-tracing-custom-build-steps.yml index 634b074c08..bbd461c891 100644 --- a/.github/workflows/__go-tracing-custom-build-steps.yml +++ b/.github/workflows/__go-tracing-custom-build-steps.yml @@ -91,7 +91,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__go-tracing-legacy-workflow.yml b/.github/workflows/__go-tracing-legacy-workflow.yml index 8168e3b108..feedfdff5d 100644 --- a/.github/workflows/__go-tracing-legacy-workflow.yml +++ b/.github/workflows/__go-tracing-legacy-workflow.yml @@ -91,7 +91,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index bbbc55bf12..8403d63e4e 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -52,7 +52,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml index e6c883966e..97caa3a69e 100644 --- a/.github/workflows/__javascript-source-root.yml +++ b/.github/workflows/__javascript-source-root.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__job-run-uuid-sarif.yml b/.github/workflows/__job-run-uuid-sarif.yml index b9f3eed911..73cb295fe9 100644 --- a/.github/workflows/__job-run-uuid-sarif.yml +++ b/.github/workflows/__job-run-uuid-sarif.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__language-aliases.yml b/.github/workflows/__language-aliases.yml index 5f95caa131..b8976bb5da 100644 --- a/.github/workflows/__language-aliases.yml +++ b/.github/workflows/__language-aliases.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__local-bundle.yml b/.github/workflows/__local-bundle.yml index 3fc89f381a..094f22ebc0 100644 --- a/.github/workflows/__local-bundle.yml +++ b/.github/workflows/__local-bundle.yml @@ -77,7 +77,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index 3704cdbf51..8e0b44dbf6 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -111,7 +111,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__overlay-init-fallback.yml b/.github/workflows/__overlay-init-fallback.yml index d85e58aa17..b843b8aac5 100644 --- a/.github/workflows/__overlay-init-fallback.yml +++ b/.github/workflows/__overlay-init-fallback.yml @@ -49,7 +49,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 53f280ab96..63875502f2 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -81,7 +81,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install Node.js uses: actions/setup-node@v6 with: diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 2b483b41a3..7a79729718 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -71,7 +71,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install Node.js uses: actions/setup-node@v6 with: diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index d45ca3b369..00a6fc9dae 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -71,7 +71,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install Node.js uses: actions/setup-node@v6 with: diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 41ca571b8c..ec3ef3d5bf 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -71,7 +71,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install Node.js uses: actions/setup-node@v6 with: diff --git a/.github/workflows/__quality-queries.yml b/.github/workflows/__quality-queries.yml index 2a30bfcebe..caef10d27a 100644 --- a/.github/workflows/__quality-queries.yml +++ b/.github/workflows/__quality-queries.yml @@ -63,7 +63,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index 20a308e748..f39b6f6f93 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -79,7 +79,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index 2203f3316c..01e242ebb9 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index a5e457bb74..8340feced8 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__ruby.yml b/.github/workflows/__ruby.yml index 769a119253..3050bf7353 100644 --- a/.github/workflows/__ruby.yml +++ b/.github/workflows/__ruby.yml @@ -57,7 +57,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__rust.yml b/.github/workflows/__rust.yml index d788e5226d..352ffdee7d 100644 --- a/.github/workflows/__rust.yml +++ b/.github/workflows/__rust.yml @@ -55,7 +55,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 3ffb099286..c02385a728 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -77,7 +77,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__start-proxy.yml b/.github/workflows/__start-proxy.yml index 26f1184608..40a2993cac 100644 --- a/.github/workflows/__start-proxy.yml +++ b/.github/workflows/__start-proxy.yml @@ -51,7 +51,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index 7383b52a8d..60c3510204 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -52,7 +52,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test @@ -60,7 +60,7 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: ./init with: languages: javascript diff --git a/.github/workflows/__swift-autobuild.yml b/.github/workflows/__swift-autobuild.yml index 9d18d0c978..447f4ea9a2 100644 --- a/.github/workflows/__swift-autobuild.yml +++ b/.github/workflows/__swift-autobuild.yml @@ -47,7 +47,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index a1c5a556ff..49f6558803 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -71,7 +71,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index c1a62b1108..2d52f3a800 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -79,7 +79,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index 1c2c5975d1..8de95e42ac 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -77,7 +77,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml index 361c8228fc..c4c31e4e47 100644 --- a/.github/workflows/__upload-sarif.yml +++ b/.github/workflows/__upload-sarif.yml @@ -84,7 +84,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index 5aa2b631c2..0ebb46432f 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -77,7 +77,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test @@ -107,7 +107,7 @@ jobs: rm -rf ./* .github .git # Check out the actions repo again, but at a different location. # choose an arbitrary SHA so that we can later test that the commit_oid is not from main - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 path: x/y/z/some-path diff --git a/.github/workflows/check-expected-release-files.yml b/.github/workflows/check-expected-release-files.yml index a066cbde55..c0dd21af64 100644 --- a/.github/workflows/check-expected-release-files.yml +++ b/.github/workflows/check-expected-release-files.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout CodeQL Action - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Check Expected Release Files run: | bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 24dace33cf..8ea440089d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -32,7 +32,7 @@ jobs: contents: read steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Init with default CodeQL bundle from the VM image id: init-default uses: ./init @@ -91,7 +91,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Initialize CodeQL uses: ./init id: init @@ -128,7 +128,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Initialize CodeQL uses: ./init with: diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index 5ae95f68af..3c97239d5d 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -53,7 +53,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Set up Node.js uses: actions/setup-node@v6 diff --git a/.github/workflows/debug-artifacts-failure-safe.yml b/.github/workflows/debug-artifacts-failure-safe.yml index 768f88f965..3f710863e7 100644 --- a/.github/workflows/debug-artifacts-failure-safe.yml +++ b/.github/workflows/debug-artifacts-failure-safe.yml @@ -45,7 +45,7 @@ jobs: - name: Dump GitHub event run: cat "${GITHUB_EVENT_PATH}" - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/debug-artifacts-safe.yml b/.github/workflows/debug-artifacts-safe.yml index e33d70cc3a..7cee73cbe7 100644 --- a/.github/workflows/debug-artifacts-safe.yml +++ b/.github/workflows/debug-artifacts-safe.yml @@ -41,7 +41,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml index 1731a78ff9..71dae6a3ae 100644 --- a/.github/workflows/post-release-mergeback.yml +++ b/.github/workflows/post-release-mergeback.yml @@ -44,7 +44,7 @@ jobs: GITHUB_CONTEXT: '${{ toJson(github) }}' run: echo "${GITHUB_CONTEXT}" - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 0 # ensure we have all tags and can push commits - uses: actions/setup-node@v6 diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 9aa0355c13..5badaab815 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -32,7 +32,7 @@ jobs: if: runner.os == 'Windows' run: git config --global core.autocrlf false - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Set up Node.js uses: actions/setup-node@v6 @@ -91,7 +91,7 @@ jobs: contents: read steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - id: head-version name: Verify all Actions use the same Node version run: | @@ -106,7 +106,7 @@ jobs: - id: checkout-base name: 'Backport: Check out base ref' if: ${{ startsWith(github.head_ref, 'backport-') }} - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: ref: ${{ env.BASE_REF }} diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml index dad6fce39a..7e9486bb49 100644 --- a/.github/workflows/prepare-release.yml +++ b/.github/workflows/prepare-release.yml @@ -44,7 +44,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 # Need full history for calculation of diffs diff --git a/.github/workflows/publish-immutable-action.yml b/.github/workflows/publish-immutable-action.yml index c6084573c0..e14bc30bc4 100644 --- a/.github/workflows/publish-immutable-action.yml +++ b/.github/workflows/publish-immutable-action.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Publish immutable release id: publish diff --git a/.github/workflows/python312-windows.yml b/.github/workflows/python312-windows.yml index aa2a034200..8ef1be8667 100644 --- a/.github/workflows/python312-windows.yml +++ b/.github/workflows/python312-windows.yml @@ -31,7 +31,7 @@ jobs: with: python-version: 3.12 - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Prepare test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml index 3e17d989e4..90e702c934 100644 --- a/.github/workflows/query-filters.yml +++ b/.github/workflows/query-filters.yml @@ -29,7 +29,7 @@ jobs: contents: read # This permission is needed to allow the GitHub Actions workflow to read the contents of the repository. steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install Node.js uses: actions/setup-node@v6 diff --git a/.github/workflows/rebuild.yml b/.github/workflows/rebuild.yml index e7b9022be9..9740a0d163 100644 --- a/.github/workflows/rebuild.yml +++ b/.github/workflows/rebuild.yml @@ -24,7 +24,7 @@ jobs: pull-requests: write # needed to comment on the PR steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 ref: ${{ env.HEAD_REF }} diff --git a/.github/workflows/rollback-release.yml b/.github/workflows/rollback-release.yml index 8d8e872fa7..4f419b82b2 100644 --- a/.github/workflows/rollback-release.yml +++ b/.github/workflows/rollback-release.yml @@ -52,7 +52,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 # Need full history for calculation of diffs diff --git a/.github/workflows/test-codeql-bundle-all.yml b/.github/workflows/test-codeql-bundle-all.yml index 6465d6a1d8..3952882758 100644 --- a/.github/workflows/test-codeql-bundle-all.yml +++ b/.github/workflows/test-codeql-bundle-all.yml @@ -36,7 +36,7 @@ jobs: runs-on: ${{ matrix.os }} steps: - name: Check out repository - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test diff --git a/.github/workflows/update-bundle.yml b/.github/workflows/update-bundle.yml index 184c339fff..951b89066d 100644 --- a/.github/workflows/update-bundle.yml +++ b/.github/workflows/update-bundle.yml @@ -33,7 +33,7 @@ jobs: GITHUB_CONTEXT: '${{ toJson(github) }}' run: echo "$GITHUB_CONTEXT" - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Update git config run: | diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml index 830ed7c2a5..bd678c6551 100644 --- a/.github/workflows/update-release-branch.yml +++ b/.github/workflows/update-release-branch.yml @@ -38,7 +38,7 @@ jobs: contents: write # needed to push commits pull-requests: write # needed to create pull request steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: fetch-depth: 0 # Need full history for calculation of diffs - uses: ./.github/actions/release-initialise @@ -100,7 +100,7 @@ jobs: private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: fetch-depth: 0 # Need full history for calculation of diffs token: ${{ steps.app-token.outputs.token }} diff --git a/.github/workflows/update-supported-enterprise-server-versions.yml b/.github/workflows/update-supported-enterprise-server-versions.yml index 421a63c699..4cead58f4f 100644 --- a/.github/workflows/update-supported-enterprise-server-versions.yml +++ b/.github/workflows/update-supported-enterprise-server-versions.yml @@ -27,9 +27,9 @@ jobs: with: python-version: "3.13" - name: Checkout CodeQL Action - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Checkout Enterprise Releases - uses: actions/checkout@v5 + uses: actions/checkout@v6 with: repository: github/enterprise-releases token: ${{ secrets.ENTERPRISE_RELEASE_TOKEN }} From 8484f54a0a681dd8cf94876c4283a3e8ea0e6178 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 24 Nov 2025 18:02:41 +0000 Subject: [PATCH 12/27] Rebuild --- pr-checks/checks/submit-sarif-failure.yml | 2 +- pr-checks/checks/with-checkout-path.yml | 2 +- pr-checks/sync.py | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pr-checks/checks/submit-sarif-failure.yml b/pr-checks/checks/submit-sarif-failure.yml index 97332e4c94..5db63bb813 100644 --- a/pr-checks/checks/submit-sarif-failure.yml +++ b/pr-checks/checks/submit-sarif-failure.yml @@ -18,7 +18,7 @@ permissions: security-events: write # needed to upload the SARIF file steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: ./init with: languages: javascript diff --git a/pr-checks/checks/with-checkout-path.yml b/pr-checks/checks/with-checkout-path.yml index 5cdd02c0d0..230e342e30 100644 --- a/pr-checks/checks/with-checkout-path.yml +++ b/pr-checks/checks/with-checkout-path.yml @@ -14,7 +14,7 @@ steps: rm -rf ./* .github .git # Check out the actions repo again, but at a different location. # choose an arbitrary SHA so that we can later test that the commit_oid is not from main - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 path: x/y/z/some-path diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 77816be760..7d412e9b03 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -107,7 +107,7 @@ def writeHeader(checkStream): steps = [ { 'name': 'Check out repository', - 'uses': 'actions/checkout@v5' + 'uses': 'actions/checkout@v6' }, ] From 6b7e963cf11f2f85252e7f46d4aec80ebe55734c Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 26 Nov 2025 00:18:14 +0000 Subject: [PATCH 13/27] Update supported GitHub Enterprise Server versions --- lib/analyze-action-post.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/upload-sarif-action-post.js | 2 +- src/api-compatibility.json | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 37725d00bf..a4a863c061 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -119201,7 +119201,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index d4b7fc1f6d..7794e99ef3 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -82979,7 +82979,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 62e78df8a5..e242122a34 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -122099,7 +122099,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts diff --git a/lib/init-action.js b/lib/init-action.js index 185510e02e..fad222e7c3 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -84289,7 +84289,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index cd65a4bf1c..5b74aaa099 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -82979,7 +82979,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 780d2cc6de..2fa301ebb6 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -83035,7 +83035,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index c78e8262a6..c2b72f4494 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -119198,7 +119198,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index f95b705faf..aa4b9e9461 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -119198,7 +119198,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.19"; +var maximumVersion = "3.20"; var minimumVersion = "3.14"; // src/util.ts diff --git a/src/api-compatibility.json b/src/api-compatibility.json index bf5f9437b4..b61bbd26d3 100644 --- a/src/api-compatibility.json +++ b/src/api-compatibility.json @@ -1 +1 @@ -{"maximumVersion": "3.19", "minimumVersion": "3.14"} +{"maximumVersion": "3.20", "minimumVersion": "3.14"} From d8e497a759fbe9fe3e93515527906a5a44aee251 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 26 Nov 2025 10:13:41 +0000 Subject: [PATCH 14/27] Update version in package.json too Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index 473701b8f9..aa4fad58e3 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", "ava": "^6.4.1", "esbuild": "^0.27.0", "eslint": "^8.57.1", From 510d25ff7f32e520106b13854aa9ca6278e9fabe Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 26 Nov 2025 10:15:27 +0000 Subject: [PATCH 15/27] Rebuild --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index ca5827e6dc..acbcc8d3c3 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -27689,7 +27689,7 @@ var require_package = __commonJS({ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", diff --git a/lib/analyze-action.js b/lib/analyze-action.js index fd6eb68601..72e795fd2d 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -27689,7 +27689,7 @@ var require_package = __commonJS({ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 27de5551dd..85e882dd20 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -27689,7 +27689,7 @@ var require_package = __commonJS({ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 89b78b1bf0..3433675d67 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -27689,7 +27689,7 @@ var require_package = __commonJS({ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", diff --git a/lib/init-action.js b/lib/init-action.js index 19f8ad5f95..9d59f07dff 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -27689,7 +27689,7 @@ var require_package = __commonJS({ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 9d71cb5b5c..f69d601533 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -27689,7 +27689,7 @@ var require_package = __commonJS({ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index eb834634fb..273b74c9d8 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -27689,7 +27689,7 @@ var require_package = __commonJS({ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index fa2fbe40ae..88e6f02dd5 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -27689,7 +27689,7 @@ var require_package = __commonJS({ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 4b0d9fc6ea..e8c3e58970 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -47347,7 +47347,7 @@ var require_package = __commonJS({ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index d077e689be..74a5a25c61 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -28986,7 +28986,7 @@ var require_package = __commonJS({ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 027aba977e..2f640ad589 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -27689,7 +27689,7 @@ var require_package = __commonJS({ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index dd50fc65cd..cfa0cba588 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -27689,7 +27689,7 @@ var require_package = __commonJS({ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", ava: "^6.4.1", esbuild: "^0.27.0", eslint: "^8.57.1", From a6909455e40fa08e7333d16a2055a66b0c90ce47 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Wed, 26 Nov 2025 10:27:48 +0000 Subject: [PATCH 16/27] Remove `push` triggers from workflow collections --- .github/workflows/__go.yml | 3 --- pr-checks/sync.py | 5 ----- 2 files changed, 8 deletions(-) diff --git a/.github/workflows/__go.yml b/.github/workflows/__go.yml index fb27da710a..76d178b723 100644 --- a/.github/workflows/__go.yml +++ b/.github/workflows/__go.yml @@ -8,9 +8,6 @@ env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto on: - push: - paths: - - .github/workflows/__go.yml workflow_dispatch: inputs: go-version: diff --git a/pr-checks/sync.py b/pr-checks/sync.py index 7d412e9b03..ebc37b9f85 100755 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -356,11 +356,6 @@ def writeHeader(checkStream): 'GO111MODULE': 'auto' }, 'on': { - 'push': { - 'paths': [ - f'.github/workflows/__{collection_name}.yml' - ] - }, 'workflow_dispatch': { 'inputs': combinedInputs }, From 0c204fc557d5e9ec3da5b1b3770cfa05c19c7da0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 26 Nov 2025 22:33:20 +0000 Subject: [PATCH 17/27] Bump node-forge from 1.3.1 to 1.3.2 Bumps [node-forge](https://github.com/digitalbazaar/forge) from 1.3.1 to 1.3.2. - [Changelog](https://github.com/digitalbazaar/forge/blob/main/CHANGELOG.md) - [Commits](https://github.com/digitalbazaar/forge/compare/v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: node-forge dependency-version: 1.3.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- package-lock.json | 22 +++++++++++++++++----- package.json | 2 +- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0b3ab5312a..c24715d343 100644 --- a/package-lock.json +++ b/package-lock.json @@ -28,7 +28,7 @@ "js-yaml": "^4.1.1", "jsonschema": "1.4.1", "long": "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", "semver": "^7.7.3", "uuid": "^13.0.0" }, @@ -47,7 +47,7 @@ "@types/semver": "^7.7.1", "@types/sinon": "^21.0.0", "@typescript-eslint/eslint-plugin": "^8.48.0", - "@typescript-eslint/parser": "^8.41.0", + "@typescript-eslint/parser": "^8.48.0", "ava": "^6.4.1", "esbuild": "^0.27.0", "eslint": "^8.57.1", @@ -1798,6 +1798,7 @@ "resolved": "https://registry.npmjs.org/@octokit/core/-/core-5.2.2.tgz", "integrity": "sha512-/g2d4sW9nUDJOMz3mabVQvOGhVa4e/BN/Um7yca9Bb2XTzPPnfTWHWQg+IsEYO7M3Vx+EXvaM/I2pJWIMun1bg==", "license": "MIT", + "peer": true, "dependencies": { "@octokit/auth-token": "^4.0.0", "@octokit/graphql": "^7.1.0", @@ -2567,6 +2568,7 @@ "integrity": "sha512-jCzKdm/QK0Kg4V4IK/oMlRZlY+QOcdjv89U2NgKHZk1CYTj82/RVSx1mV/0gqCVMJ/DA+Zf/S4NBWNF8GQ+eqQ==", "dev": true, "license": "MIT", + "peer": true, "dependencies": { "@typescript-eslint/scope-manager": "8.48.0", "@typescript-eslint/types": "8.48.0", @@ -3161,6 +3163,7 @@ "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz", "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==", "dev": true, + "peer": true, "bin": { "acorn": "bin/acorn" }, @@ -3736,6 +3739,7 @@ } ], "license": "MIT", + "peer": true, "dependencies": { "caniuse-lite": "^1.0.30001669", "electron-to-chromium": "^1.5.41", @@ -4589,6 +4593,7 @@ "resolved": "https://registry.npmjs.org/eslint/-/eslint-8.57.1.tgz", "integrity": "sha512-ypowyDxpVSYpkXr9WPv2PAZCtNip1Mv5KTW0SCurXv/9iOpcrH9PaqUElksqEB6pChqHGDRCFTyrZlGhnLNGiA==", "dev": true, + "peer": true, "dependencies": { "@eslint-community/eslint-utils": "^4.2.0", "@eslint-community/regexpp": "^4.6.1", @@ -4643,6 +4648,7 @@ "version": "8.3.0", "dev": true, "license": "MIT", + "peer": true, "bin": { "eslint-config-prettier": "bin/cli.js" }, @@ -4914,6 +4920,7 @@ "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.29.1.tgz", "integrity": "sha512-BbPC0cuExzhiMo4Ff1BTVwHpjjv28C5R+btTOGaCRC7UEz801up0JadwkeSk5Ued6TG34uaczuVuH6qyy5YUxw==", "dev": true, + "peer": true, "dependencies": { "array-includes": "^3.1.7", "array.prototype.findlastindex": "^1.2.3", @@ -6969,9 +6976,10 @@ } }, "node_modules/node-forge": { - "version": "1.3.1", - "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.1.tgz", - "integrity": "sha512-dPEtOeMvF9VMcYV/1Wb8CPoVAXtp6MKMlcbAt4ddqmGqUJ6fQZFXkNZNkNlfevtNkGtaSoXf/vNNNSvgrdXwtA==", + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/node-forge/-/node-forge-1.3.2.tgz", + "integrity": "sha512-6xKiQ+cph9KImrRh0VsjH2d8/GXA4FIMlgU4B757iI1ApvcyA9VlouP0yZJha01V+huImO+kKMU7ih+2+E14fw==", + "license": "(BSD-3-Clause OR GPL-2.0)", "engines": { "node": ">= 6.13.0" } @@ -7348,6 +7356,7 @@ "integrity": "sha512-G+YdqtITVZmOJje6QkXQWzl3fSfMxFwm1tjTyo9exhkmWSqC4Yhd1+lug++IlR2mvRVAxEDDWYkQdeSztajqgg==", "dev": true, "license": "MIT", + "peer": true, "bin": { "prettier": "bin/prettier.cjs" }, @@ -8341,6 +8350,7 @@ "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==", "dev": true, "license": "MIT", + "peer": true, "engines": { "node": ">=12" }, @@ -8549,6 +8559,7 @@ "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "dev": true, "license": "Apache-2.0", + "peer": true, "bin": { "tsc": "bin/tsc", "tsserver": "bin/tsserver" @@ -8622,6 +8633,7 @@ "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.17.0.tgz", "integrity": "sha512-Drp39TXuUlD49F7ilHHCG7TTg8IkA+hxCuULdmzWYICxGXvDXmDmWEjJYZQYgf6l/TFfYNE167m7isnc3xlIEg==", "dev": true, + "peer": true, "dependencies": { "@typescript-eslint/scope-manager": "8.17.0", "@typescript-eslint/types": "8.17.0", diff --git a/package.json b/package.json index aa4fad58e3..14f1e770e6 100644 --- a/package.json +++ b/package.json @@ -43,7 +43,7 @@ "js-yaml": "^4.1.1", "jsonschema": "1.4.1", "long": "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", "semver": "^7.7.3", "uuid": "^13.0.0" }, From 4822f934e3f8dfd9dfc70074084316471099a0fb Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 26 Nov 2025 22:34:54 +0000 Subject: [PATCH 18/27] Rebuild --- lib/analyze-action-post.js | 2 +- lib/analyze-action.js | 2 +- lib/autobuild-action.js | 2 +- lib/init-action-post.js | 2 +- lib/init-action.js | 2 +- lib/resolve-environment-action.js | 2 +- lib/setup-codeql-action.js | 2 +- lib/start-proxy-action-post.js | 2 +- lib/start-proxy-action.js | 66 ++++++++++++++++++++++++------- lib/upload-lib.js | 2 +- lib/upload-sarif-action-post.js | 2 +- lib/upload-sarif-action.js | 2 +- 12 files changed, 62 insertions(+), 26 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index e152705021..66c01e2a4f 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 703a47c7d6..431c37513d 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 51ead50dec..ede7a9a6d4 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, diff --git a/lib/init-action-post.js b/lib/init-action-post.js index b04b27ecf8..5852bbba4c 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, diff --git a/lib/init-action.js b/lib/init-action.js index c6ab60184f..58a789deb5 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 6cf6de54c2..e346b6cb35 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 01b0ac9e3d..dad178be4f 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 64fbae0d0a..fba9c177e7 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index b4834b1cf6..b32d70b20b 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -24935,7 +24935,7 @@ var require_util8 = __commonJS({ parts.push(""); } break; - // FIXME: do proper formating for numbers, etc + // FIXME: do proper formatting for numbers, etc //case 'f': //case 'd': case "%": @@ -26386,6 +26386,7 @@ var require_asn1 = __commonJS({ GENERALIZEDTIME: 24, BMPSTRING: 30 }; + asn1.maxDepth = 256; asn1.create = function(tagClass, type2, constructed, value, options) { if (forge.util.isArray(value)) { var tmp = []; @@ -26527,6 +26528,9 @@ var require_asn1 = __commonJS({ if (!("decodeBitStrings" in options)) { options.decodeBitStrings = true; } + if (!("maxDepth" in options)) { + options.maxDepth = asn1.maxDepth; + } if (typeof bytes === "string") { bytes = forge.util.createBuffer(bytes); } @@ -26541,6 +26545,9 @@ var require_asn1 = __commonJS({ return value; }; function _fromDer(bytes, remaining, depth, options) { + if (depth >= options.maxDepth) { + throw new Error("ASN.1 parsing error: Max depth exceeded."); + } var start; _checkBufferLength(bytes, remaining, 2); var b1 = bytes.getByte(); @@ -26716,6 +26723,9 @@ var require_asn1 = __commonJS({ last = true; valueBytes = []; value = parseInt(values[i], 10); + if (value > 4294967295) { + throw new Error("OID value too large; max is 32-bits."); + } do { b = value & 127; value = value >>> 7; @@ -26740,8 +26750,11 @@ var require_asn1 = __commonJS({ oid = Math.floor(b / 40) + "." + b % 40; var value = 0; while (bytes.length() > 0) { + if (value > 70368744177663) { + throw new Error("OID value too large; max is 53-bits."); + } b = bytes.getByte(); - value = value << 7; + value = value * 128; if (b & 128) { value += b & 127; } else { @@ -26902,19 +26915,40 @@ var require_asn1 = __commonJS({ if (v.value && forge.util.isArray(v.value)) { var j = 0; for (var i = 0; rval && i < v.value.length; ++i) { - rval = v.value[i].optional || false; - if (obj.value[j]) { - rval = asn1.validate(obj.value[j], v.value[i], capture, errors); - if (rval) { - ++j; - } else if (v.value[i].optional) { + var schemaItem = v.value[i]; + rval = !!schemaItem.optional; + var objChild = obj.value[j]; + if (!objChild) { + if (!schemaItem.optional) { + rval = false; + if (errors) { + errors.push("[" + v.name + '] Missing required element. Expected tag class "' + schemaItem.tagClass + '", type "' + schemaItem.type + '"'); + } + } + continue; + } + var schemaHasTag = typeof schemaItem.tagClass !== "undefined" && typeof schemaItem.type !== "undefined"; + if (schemaHasTag && (objChild.tagClass !== schemaItem.tagClass || objChild.type !== schemaItem.type)) { + if (schemaItem.optional) { rval = true; + continue; + } else { + rval = false; + if (errors) { + errors.push("[" + v.name + "] Tag mismatch. Expected (" + schemaItem.tagClass + "," + schemaItem.type + "), got (" + objChild.tagClass + "," + objChild.type + ")"); + } + break; } } - if (!rval && errors) { - errors.push( - "[" + v.name + '] Tag class "' + v.tagClass + '", type "' + v.type + '" expected value length "' + v.value.length + '", got "' + obj.value.length + '"' - ); + var childRval = asn1.validate(objChild, schemaItem, capture, errors); + if (childRval) { + ++j; + rval = true; + } else if (schemaItem.optional) { + rval = true; + } else { + rval = false; + break; } } } @@ -30955,7 +30989,7 @@ var require_rsa = __commonJS({ constructed: false, capture: "algorithmIdentifier" }, { - // NULL paramters + // NULL parameters name: "DigestInfo.DigestAlgorithm.parameters", tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.NULL, @@ -31468,7 +31502,7 @@ var require_rsa = __commonJS({ if (oid === forge.oids.md2 || oid === forge.oids.md5) { if (!("parameters" in capture)) { throw new Error( - "ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 DigestInfo value. Missing algorithm identifer NULL parameters." + "ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 DigestInfo value. Missing algorithm identifier NULL parameters." ); } } @@ -35665,6 +35699,8 @@ var require_pkcs12 = __commonJS({ if (macValue.getBytes() !== capture.macDigest) { throw new Error("PKCS#12 MAC could not be verified. Invalid password?"); } + } else if (Array.isArray(obj.value) && obj.value.length > 2) { + throw new Error("Invalid PKCS#12. macData field present but MAC was not validated."); } _decodeAuthenticatedSafe(pfx, data.value, strict, password); return pfx; @@ -47328,7 +47364,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 3be03091e3..78848db809 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -28967,7 +28967,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index c4385bbf91..c389b8b0ec 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index ef6bb9aaa3..c3ea61b53c 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -27670,7 +27670,7 @@ var require_package = __commonJS({ "js-yaml": "^4.1.1", jsonschema: "1.4.1", long: "^5.3.2", - "node-forge": "^1.3.1", + "node-forge": "^1.3.2", semver: "^7.7.3", uuid: "^13.0.0" }, From bd30e753a67b4b7b2cbbd95f1ae2aef4e38e339a Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Thu, 27 Nov 2025 08:34:43 +0100 Subject: [PATCH 19/27] Simplify getOverlayDatabaseMode --- src/config-utils.ts | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/src/config-utils.ts b/src/config-utils.ts index ee9d411982..9dcd520c11 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -706,22 +706,20 @@ export async function getOverlayDatabaseMode( `Setting overlay database mode to ${overlayDatabaseMode} ` + `due to insufficient disk space (${diskSpaceMb} MB).`, ); - } else { - if (isAnalyzingPullRequest()) { - overlayDatabaseMode = OverlayDatabaseMode.Overlay; - useOverlayDatabaseCaching = true; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} ` + - "with caching because we are analyzing a pull request.", - ); - } else if (await isAnalyzingDefaultBranch()) { - overlayDatabaseMode = OverlayDatabaseMode.OverlayBase; - useOverlayDatabaseCaching = true; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} ` + - "with caching because we are analyzing the default branch.", - ); - } + } else if (isAnalyzingPullRequest()) { + overlayDatabaseMode = OverlayDatabaseMode.Overlay; + useOverlayDatabaseCaching = true; + logger.info( + `Setting overlay database mode to ${overlayDatabaseMode} ` + + "with caching because we are analyzing a pull request.", + ); + } else if (await isAnalyzingDefaultBranch()) { + overlayDatabaseMode = OverlayDatabaseMode.OverlayBase; + useOverlayDatabaseCaching = true; + logger.info( + `Setting overlay database mode to ${overlayDatabaseMode} ` + + "with caching because we are analyzing the default branch.", + ); } } From bd8d26b618c41ab79fd5e145da06af66458ca35b Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Thu, 27 Nov 2025 08:57:21 +0100 Subject: [PATCH 20/27] Overlay: Fall back to full analysis if memory flag is low --- lib/init-action.js | 37 +++++++++++++++++++++-------------- src/config-utils.test.ts | 42 ++++++++++++++++++++++++++++++++++++++++ src/config-utils.ts | 12 ++++++++++++ src/init-action.ts | 1 + 4 files changed, 77 insertions(+), 15 deletions(-) diff --git a/lib/init-action.js b/lib/init-action.js index c6ab60184f..5486d558b7 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -86920,7 +86920,7 @@ async function isOverlayAnalysisFeatureEnabled(features, codeql, languages, code } return true; } -async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, buildMode, codeScanningConfig, logger) { +async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, buildMode, ramInput, codeScanningConfig, logger) { let overlayDatabaseMode = "none" /* None */; let useOverlayDatabaseCaching = false; const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE; @@ -86936,6 +86936,7 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b codeScanningConfig )) { const diskUsage = await checkDiskUsage(logger); + const memoryFlagValue = getMemoryFlagValue(ramInput, logger); if (diskUsage === void 0 || diskUsage.numAvailableBytes < OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES) { const diskSpaceMb = diskUsage === void 0 ? 0 : Math.round(diskUsage.numAvailableBytes / 1e6); overlayDatabaseMode = "none" /* None */; @@ -86943,20 +86944,24 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b logger.info( `Setting overlay database mode to ${overlayDatabaseMode} due to insufficient disk space (${diskSpaceMb} MB).` ); - } else { - if (isAnalyzingPullRequest()) { - overlayDatabaseMode = "overlay" /* Overlay */; - useOverlayDatabaseCaching = true; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing a pull request.` - ); - } else if (await isAnalyzingDefaultBranch()) { - overlayDatabaseMode = "overlay-base" /* OverlayBase */; - useOverlayDatabaseCaching = true; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing the default branch.` - ); - } + } else if (memoryFlagValue < 5 * 1024) { + overlayDatabaseMode = "none" /* None */; + useOverlayDatabaseCaching = false; + logger.info( + `Setting overlay database mode to ${overlayDatabaseMode} due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB).` + ); + } else if (isAnalyzingPullRequest()) { + overlayDatabaseMode = "overlay" /* Overlay */; + useOverlayDatabaseCaching = true; + logger.info( + `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing a pull request.` + ); + } else if (await isAnalyzingDefaultBranch()) { + overlayDatabaseMode = "overlay-base" /* OverlayBase */; + useOverlayDatabaseCaching = true; + logger.info( + `Setting overlay database mode to ${overlayDatabaseMode} with caching because we are analyzing the default branch.` + ); } } const nonOverlayAnalysis = { @@ -87051,6 +87056,7 @@ async function initConfig(features, inputs) { config.languages, inputs.sourceRoot, config.buildMode, + inputs.ramInput, config.computedConfig, logger ); @@ -89998,6 +90004,7 @@ async function run() { queriesInput: getOptionalInput("queries"), packsInput: getOptionalInput("packs"), buildModeInput: getOptionalInput("build-mode"), + ramInput: getOptionalInput("ram"), configFile, dbLocation: getOptionalInput("db-location"), configInput: getOptionalInput("config"), diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index 7f991ea24c..623eccea72 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -59,6 +59,7 @@ function createTestInitConfigInputs( dbLocation: undefined, configInput: undefined, buildModeInput: undefined, + ramInput: undefined, trapCachingEnabled: false, dependencyCachingEnabled: CachingKind.None, debugMode: false, @@ -979,6 +980,7 @@ interface OverlayDatabaseModeTestSetup { gitRoot: string | undefined; codeScanningConfig: configUtils.UserConfig; diskUsage: DiskUsage | undefined; + memoryFlagValue: number; } const defaultOverlayDatabaseModeTestSetup: OverlayDatabaseModeTestSetup = { @@ -995,6 +997,7 @@ const defaultOverlayDatabaseModeTestSetup: OverlayDatabaseModeTestSetup = { numAvailableBytes: 50_000_000_000, numTotalBytes: 100_000_000_000, }, + memoryFlagValue: 6920, }; const getOverlayDatabaseModeMacro = test.macro({ @@ -1037,6 +1040,8 @@ const getOverlayDatabaseModeMacro = test.macro({ .stub(actionsUtil, "isAnalyzingPullRequest") .returns(setup.isPullRequest); + sinon.stub(util, "getMemoryFlagValue").returns(setup.memoryFlagValue); + // Set up CodeQL mock const codeql = mockCodeQLVersion(setup.codeqlVersion); @@ -1063,6 +1068,7 @@ const getOverlayDatabaseModeMacro = test.macro({ setup.languages, tempDir, // sourceRoot setup.buildMode, + undefined, setup.codeScanningConfig, logger, ); @@ -1225,6 +1231,24 @@ test( }, ); +test( + getOverlayDatabaseModeMacro, + "No overlay-base database on default branch if memory flag is too low", + { + languages: [KnownLanguage.javascript], + features: [ + Feature.OverlayAnalysis, + Feature.OverlayAnalysisCodeScanningJavascript, + ], + isDefaultBranch: true, + memoryFlagValue: 3072, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.None, + useOverlayDatabaseCaching: false, + }, +); + test( getOverlayDatabaseModeMacro, "No overlay-base database on default branch when code-scanning feature enabled with disable-default-queries", @@ -1434,6 +1458,24 @@ test( }, ); +test( + getOverlayDatabaseModeMacro, + "No overlay analysis on PR if memory flag is too low", + { + languages: [KnownLanguage.javascript], + features: [ + Feature.OverlayAnalysis, + Feature.OverlayAnalysisCodeScanningJavascript, + ], + isPullRequest: true, + memoryFlagValue: 3072, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.None, + useOverlayDatabaseCaching: false, + }, +); + test( getOverlayDatabaseModeMacro, "No overlay analysis on PR when code-scanning feature enabled with disable-default-queries", diff --git a/src/config-utils.ts b/src/config-utils.ts index 9dcd520c11..fa3bbeb183 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -44,6 +44,7 @@ import { cloneObject, isDefined, checkDiskUsage, + getMemoryFlagValue, } from "./util"; export * from "./config/db-config"; @@ -393,6 +394,7 @@ export interface InitConfigInputs { dbLocation: string | undefined; configInput: string | undefined; buildModeInput: string | undefined; + ramInput: string | undefined; trapCachingEnabled: boolean; dependencyCachingEnabled: string | undefined; debugMode: boolean; @@ -661,6 +663,7 @@ export async function getOverlayDatabaseMode( languages: Language[], sourceRoot: string, buildMode: BuildMode | undefined, + ramInput: string | undefined, codeScanningConfig: UserConfig, logger: Logger, ): Promise<{ @@ -692,6 +695,7 @@ export async function getOverlayDatabaseMode( ) ) { const diskUsage = await checkDiskUsage(logger); + const memoryFlagValue = getMemoryFlagValue(ramInput, logger); if ( diskUsage === undefined || diskUsage.numAvailableBytes < OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES @@ -706,6 +710,13 @@ export async function getOverlayDatabaseMode( `Setting overlay database mode to ${overlayDatabaseMode} ` + `due to insufficient disk space (${diskSpaceMb} MB).`, ); + } else if (memoryFlagValue < 5 * 1024) { + overlayDatabaseMode = OverlayDatabaseMode.None; + useOverlayDatabaseCaching = false; + logger.info( + `Setting overlay database mode to ${overlayDatabaseMode} ` + + `due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB).`, + ); } else if (isAnalyzingPullRequest()) { overlayDatabaseMode = OverlayDatabaseMode.Overlay; useOverlayDatabaseCaching = true; @@ -873,6 +884,7 @@ export async function initConfig( config.languages, inputs.sourceRoot, config.buildMode, + inputs.ramInput, config.computedConfig, logger, ); diff --git a/src/init-action.ts b/src/init-action.ts index 689ded2fc1..692f0370dd 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -324,6 +324,7 @@ async function run() { queriesInput: getOptionalInput("queries"), packsInput: getOptionalInput("packs"), buildModeInput: getOptionalInput("build-mode"), + ramInput: getOptionalInput("ram"), configFile, dbLocation: getOptionalInput("db-location"), configInput: getOptionalInput("config"), From 1ffb7dd0c8bcb456c8ba5e69af148cacf2dbdd5a Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Thu, 27 Nov 2025 12:07:17 +0100 Subject: [PATCH 21/27] Overlay: Add feature flag to skip resource checks --- lib/analyze-action-post.js | 5 ++ lib/analyze-action.js | 5 ++ lib/autobuild-action.js | 5 ++ lib/init-action-post.js | 5 ++ lib/init-action.js | 42 ++++++++++------ lib/resolve-environment-action.js | 5 ++ lib/setup-codeql-action.js | 5 ++ lib/start-proxy-action-post.js | 5 ++ lib/start-proxy-action.js | 5 ++ lib/upload-lib.js | 5 ++ lib/upload-sarif-action-post.js | 5 ++ lib/upload-sarif-action.js | 5 ++ src/config-utils.test.ts | 82 +++++++++++++++++++++++++++++++ src/config-utils.ts | 58 ++++++++++++++-------- src/feature-flags.ts | 6 +++ 15 files changed, 209 insertions(+), 34 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index e152705021..fc75996bcd 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -120186,6 +120186,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { defaultValue: false, envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 703a47c7d6..aecec30716 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -88807,6 +88807,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { defaultValue: false, envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 51ead50dec..2b65659589 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -84126,6 +84126,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { defaultValue: false, envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", diff --git a/lib/init-action-post.js b/lib/init-action-post.js index b04b27ecf8..f83e500325 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -123567,6 +123567,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { defaultValue: false, envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", diff --git a/lib/init-action.js b/lib/init-action.js index 5486d558b7..14cecedd7b 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -86221,6 +86221,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { defaultValue: false, envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", @@ -86920,6 +86925,24 @@ async function isOverlayAnalysisFeatureEnabled(features, codeql, languages, code } return true; } +async function runnerSupportsOverlayAnalysis(ramInput, logger) { + const diskUsage = await checkDiskUsage(logger); + if (diskUsage === void 0 || diskUsage.numAvailableBytes < OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES) { + const diskSpaceMb = diskUsage === void 0 ? 0 : Math.round(diskUsage.numAvailableBytes / 1e6); + logger.info( + `Setting overlay database mode to ${"none" /* None */} due to insufficient disk space (${diskSpaceMb} MB).` + ); + return false; + } + const memoryFlagValue = getMemoryFlagValue(ramInput, logger); + if (memoryFlagValue < 5 * 1024) { + logger.info( + `Setting overlay database mode to ${"none" /* None */} due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB).` + ); + return false; + } + return true; +} async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, buildMode, ramInput, codeScanningConfig, logger) { let overlayDatabaseMode = "none" /* None */; let useOverlayDatabaseCaching = false; @@ -86935,21 +86958,12 @@ async function getOverlayDatabaseMode(codeql, features, languages, sourceRoot, b languages, codeScanningConfig )) { - const diskUsage = await checkDiskUsage(logger); - const memoryFlagValue = getMemoryFlagValue(ramInput, logger); - if (diskUsage === void 0 || diskUsage.numAvailableBytes < OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES) { - const diskSpaceMb = diskUsage === void 0 ? 0 : Math.round(diskUsage.numAvailableBytes / 1e6); - overlayDatabaseMode = "none" /* None */; - useOverlayDatabaseCaching = false; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} due to insufficient disk space (${diskSpaceMb} MB).` - ); - } else if (memoryFlagValue < 5 * 1024) { + const performResourceChecks = !await features.getValue( + "overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */, + codeql + ); + if (performResourceChecks && !await runnerSupportsOverlayAnalysis(ramInput, logger)) { overlayDatabaseMode = "none" /* None */; - useOverlayDatabaseCaching = false; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB).` - ); } else if (isAnalyzingPullRequest()) { overlayDatabaseMode = "overlay" /* Overlay */; useOverlayDatabaseCaching = true; diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 6cf6de54c2..1d30ed9ff9 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -84117,6 +84117,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { defaultValue: false, envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 01b0ac9e3d..53f9075221 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -84029,6 +84029,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { defaultValue: false, envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 64fbae0d0a..5411f021ef 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -119592,6 +119592,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { defaultValue: false, envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index b4834b1cf6..31f1526c70 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -100145,6 +100145,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { defaultValue: false, envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 3be03091e3..e026ae89b9 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -87182,6 +87182,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { defaultValue: false, envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index c4385bbf91..f54ec4495d 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -119758,6 +119758,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { defaultValue: false, envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index ef6bb9aaa3..231fac13c6 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -86979,6 +86979,11 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: void 0 + }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { defaultValue: false, envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index 623eccea72..d07aacde2e 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -1231,6 +1231,28 @@ test( }, ); +test( + getOverlayDatabaseModeMacro, + "Overlay-base database on default branch if runner disk space is too low and skip resource checks flag is enabled", + { + languages: [KnownLanguage.javascript], + features: [ + Feature.OverlayAnalysis, + Feature.OverlayAnalysisCodeScanningJavascript, + Feature.OverlayAnalysisSkipResourceChecks, + ], + isDefaultBranch: true, + diskUsage: { + numAvailableBytes: 1_000_000_000, + numTotalBytes: 100_000_000_000, + }, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.OverlayBase, + useOverlayDatabaseCaching: true, + }, +); + test( getOverlayDatabaseModeMacro, "No overlay-base database on default branch if memory flag is too low", @@ -1249,6 +1271,25 @@ test( }, ); +test( + getOverlayDatabaseModeMacro, + "Overlay-base database on default branch if memory flag is too low and skip resource checks flag is enabled", + { + languages: [KnownLanguage.javascript], + features: [ + Feature.OverlayAnalysis, + Feature.OverlayAnalysisCodeScanningJavascript, + Feature.OverlayAnalysisSkipResourceChecks, + ], + isDefaultBranch: true, + memoryFlagValue: 3072, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.OverlayBase, + useOverlayDatabaseCaching: true, + }, +); + test( getOverlayDatabaseModeMacro, "No overlay-base database on default branch when code-scanning feature enabled with disable-default-queries", @@ -1440,6 +1481,28 @@ test( }, ); +test( + getOverlayDatabaseModeMacro, + "Overlay analysis on PR if runner disk space is too low and skip resource checks flag is enabled", + { + languages: [KnownLanguage.javascript], + features: [ + Feature.OverlayAnalysis, + Feature.OverlayAnalysisCodeScanningJavascript, + Feature.OverlayAnalysisSkipResourceChecks, + ], + isPullRequest: true, + diskUsage: { + numAvailableBytes: 1_000_000_000, + numTotalBytes: 100_000_000_000, + }, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.Overlay, + useOverlayDatabaseCaching: true, + }, +); + test( getOverlayDatabaseModeMacro, "No overlay analysis on PR if we can't determine runner disk space", @@ -1476,6 +1539,25 @@ test( }, ); +test( + getOverlayDatabaseModeMacro, + "Overlay analysis on PR if memory flag is too low and skip resource checks flag is enabled", + { + languages: [KnownLanguage.javascript], + features: [ + Feature.OverlayAnalysis, + Feature.OverlayAnalysisCodeScanningJavascript, + Feature.OverlayAnalysisSkipResourceChecks, + ], + isPullRequest: true, + memoryFlagValue: 3072, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.Overlay, + useOverlayDatabaseCaching: true, + }, +); + test( getOverlayDatabaseModeMacro, "No overlay analysis on PR when code-scanning feature enabled with disable-default-queries", diff --git a/src/config-utils.ts b/src/config-utils.ts index fa3bbeb183..4f3fadf662 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -636,6 +636,38 @@ async function isOverlayAnalysisFeatureEnabled( return true; } +async function runnerSupportsOverlayAnalysis( + ramInput: string | undefined, + logger: Logger, +): Promise { + const diskUsage = await checkDiskUsage(logger); + if ( + diskUsage === undefined || + diskUsage.numAvailableBytes < OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES + ) { + const diskSpaceMb = + diskUsage === undefined + ? 0 + : Math.round(diskUsage.numAvailableBytes / 1_000_000); + logger.info( + `Setting overlay database mode to ${OverlayDatabaseMode.None} ` + + `due to insufficient disk space (${diskSpaceMb} MB).`, + ); + return false; + } + + const memoryFlagValue = getMemoryFlagValue(ramInput, logger); + if (memoryFlagValue < 5 * 1024) { + logger.info( + `Setting overlay database mode to ${OverlayDatabaseMode.None} ` + + `due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB).`, + ); + return false; + } + + return true; +} + /** * Calculate and validate the overlay database mode and caching to use. * @@ -694,29 +726,15 @@ export async function getOverlayDatabaseMode( codeScanningConfig, ) ) { - const diskUsage = await checkDiskUsage(logger); - const memoryFlagValue = getMemoryFlagValue(ramInput, logger); + const performResourceChecks = !(await features.getValue( + Feature.OverlayAnalysisSkipResourceChecks, + codeql, + )); if ( - diskUsage === undefined || - diskUsage.numAvailableBytes < OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES + performResourceChecks && + !(await runnerSupportsOverlayAnalysis(ramInput, logger)) ) { - const diskSpaceMb = - diskUsage === undefined - ? 0 - : Math.round(diskUsage.numAvailableBytes / 1_000_000); overlayDatabaseMode = OverlayDatabaseMode.None; - useOverlayDatabaseCaching = false; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} ` + - `due to insufficient disk space (${diskSpaceMb} MB).`, - ); - } else if (memoryFlagValue < 5 * 1024) { - overlayDatabaseMode = OverlayDatabaseMode.None; - useOverlayDatabaseCaching = false; - logger.info( - `Setting overlay database mode to ${overlayDatabaseMode} ` + - `due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB).`, - ); } else if (isAnalyzingPullRequest()) { overlayDatabaseMode = OverlayDatabaseMode.Overlay; useOverlayDatabaseCaching = true; diff --git a/src/feature-flags.ts b/src/feature-flags.ts index 8ea1d4c1a4..2085dccc40 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -76,6 +76,7 @@ export enum Feature { OverlayAnalysisRuby = "overlay_analysis_ruby", OverlayAnalysisRust = "overlay_analysis_rust", OverlayAnalysisSwift = "overlay_analysis_swift", + OverlayAnalysisSkipResourceChecks = "overlay_analysis_skip_resource_checks", PythonDefaultIsToNotExtractStdlib = "python_default_is_to_not_extract_stdlib", QaTelemetryEnabled = "qa_telemetry_enabled", UploadOverlayDbToApi = "upload_overlay_db_to_api", @@ -283,6 +284,11 @@ export const featureConfig: Record< envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: undefined, }, + [Feature.OverlayAnalysisSkipResourceChecks]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + minimumVersion: undefined, + }, [Feature.PythonDefaultIsToNotExtractStdlib]: { defaultValue: false, envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", From 2f3bbce9a6f0f0daaa2e3e8480b0b9cdd6039cce Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Thu, 27 Nov 2025 15:33:22 +0100 Subject: [PATCH 22/27] Overlay: Introduce overlay memory limit constant --- lib/analyze-action-post.js | 1 + lib/analyze-action.js | 1 + lib/autobuild-action.js | 1 + lib/init-action-post.js | 1 + lib/init-action.js | 3 ++- lib/resolve-environment-action.js | 1 + lib/setup-codeql-action.js | 1 + lib/start-proxy-action-post.js | 1 + lib/start-proxy-action.js | 1 + lib/upload-lib.js | 1 + lib/upload-sarif-action-post.js | 1 + lib/upload-sarif-action.js | 1 + src/config-utils.ts | 10 +++++++++- 13 files changed, 22 insertions(+), 2 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index fc75996bcd..69c8cd2370 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -120226,6 +120226,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/analyze-action.js b/lib/analyze-action.js index aecec30716..f4d98a7ff7 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -89385,6 +89385,7 @@ async function cachePrefix(codeql, language) { // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 2b65659589..7b64276931 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -84431,6 +84431,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/init-action-post.js b/lib/init-action-post.js index f83e500325..f26a8a6cde 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -123890,6 +123890,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/init-action.js b/lib/init-action.js index 14cecedd7b..7fc57970e5 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -86668,6 +86668,7 @@ async function cachePrefix(codeql, language) { // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; async function getSupportedLanguageMap(codeql, logger) { const resolveSupportedLanguagesUsingCli = await codeql.supportsFeature( "builtinExtractorsSpecifyDefaultQueries" /* BuiltinExtractorsSpecifyDefaultQueries */ @@ -86935,7 +86936,7 @@ async function runnerSupportsOverlayAnalysis(ramInput, logger) { return false; } const memoryFlagValue = getMemoryFlagValue(ramInput, logger); - if (memoryFlagValue < 5 * 1024) { + if (memoryFlagValue < OVERLAY_MINIMUM_MEMORY_MB) { logger.info( `Setting overlay database mode to ${"none" /* None */} due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB).` ); diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 1d30ed9ff9..4c1ff07350 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -84157,6 +84157,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 53f9075221..76baae1afc 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -84602,6 +84602,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 5411f021ef..2a299b8974 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -119632,6 +119632,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 31f1526c70..82458c2188 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -100185,6 +100185,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/upload-lib.js b/lib/upload-lib.js index e026ae89b9..9e5c8738ee 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -87240,6 +87240,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index f54ec4495d..42449d2187 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -119798,6 +119798,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 231fac13c6..37dc6bbaff 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -87322,6 +87322,7 @@ var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/src/config-utils.ts b/src/config-utils.ts index 4f3fadf662..15f56a350c 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -60,6 +60,14 @@ const OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 20000; const OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1_000_000; +/** + * The minimum memory (in MB) that must be available for CodeQL to perform overlay + * analysis. If CodeQL will be given less memory than this threshold, then the + * action will not perform overlay analysis unless overlay analysis has been + * explicitly enabled via environment variable. + */ +const OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; + export type RegistryConfigWithCredentials = RegistryConfigNoCredentials & { // Token to use when downloading packs from this registry. token: string; @@ -657,7 +665,7 @@ async function runnerSupportsOverlayAnalysis( } const memoryFlagValue = getMemoryFlagValue(ramInput, logger); - if (memoryFlagValue < 5 * 1024) { + if (memoryFlagValue < OVERLAY_MINIMUM_MEMORY_MB) { logger.info( `Setting overlay database mode to ${OverlayDatabaseMode.None} ` + `due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB).`, From 8d91fa189dd7a678f4f9b218f0e255362f1097d8 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Thu, 27 Nov 2025 15:39:50 +0100 Subject: [PATCH 23/27] Rename getMemoryFlagValue --- lib/analyze-action.js | 4 ++-- lib/init-action.js | 6 +++--- src/config-utils.test.ts | 2 +- src/config-utils.ts | 4 ++-- src/init-action.ts | 4 ++-- src/util.ts | 10 +++++----- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index f4d98a7ff7..2ba02a47bb 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -87093,7 +87093,7 @@ function getCgroupMemoryLimitBytes(limitFile, logger) { ); return limit; } -function getMemoryFlagValue(userInput, logger) { +function getCodeQLMemoryLimit(userInput, logger) { return getMemoryFlagValueForPlatform( userInput, getTotalMemoryBytes(logger), @@ -87101,7 +87101,7 @@ function getMemoryFlagValue(userInput, logger) { ); } function getMemoryFlag(userInput, logger) { - const megabytes = getMemoryFlagValue(userInput, logger); + const megabytes = getCodeQLMemoryLimit(userInput, logger); return `--ram=${megabytes}`; } function getThreadsFlagValue(userInput, logger) { diff --git a/lib/init-action.js b/lib/init-action.js index 7fc57970e5..a5dd93847a 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -84396,7 +84396,7 @@ function getCgroupMemoryLimitBytes(limitFile, logger) { ); return limit; } -function getMemoryFlagValue(userInput, logger) { +function getCodeQLMemoryLimit(userInput, logger) { return getMemoryFlagValueForPlatform( userInput, getTotalMemoryBytes(logger), @@ -86935,7 +86935,7 @@ async function runnerSupportsOverlayAnalysis(ramInput, logger) { ); return false; } - const memoryFlagValue = getMemoryFlagValue(ramInput, logger); + const memoryFlagValue = getCodeQLMemoryLimit(ramInput, logger); if (memoryFlagValue < OVERLAY_MINIMUM_MEMORY_MB) { logger.info( `Setting overlay database mode to ${"none" /* None */} due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB).` @@ -90176,7 +90176,7 @@ exec ${goBinaryPath} "$@"` } core13.exportVariable( "CODEQL_RAM", - process.env["CODEQL_RAM"] || getMemoryFlagValue(getOptionalInput("ram"), logger).toString() + process.env["CODEQL_RAM"] || getCodeQLMemoryLimit(getOptionalInput("ram"), logger).toString() ); core13.exportVariable( "CODEQL_THREADS", diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index d07aacde2e..9f4fb8f137 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -1040,7 +1040,7 @@ const getOverlayDatabaseModeMacro = test.macro({ .stub(actionsUtil, "isAnalyzingPullRequest") .returns(setup.isPullRequest); - sinon.stub(util, "getMemoryFlagValue").returns(setup.memoryFlagValue); + sinon.stub(util, "getCodeQLMemoryLimit").returns(setup.memoryFlagValue); // Set up CodeQL mock const codeql = mockCodeQLVersion(setup.codeqlVersion); diff --git a/src/config-utils.ts b/src/config-utils.ts index 15f56a350c..34d625773d 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -44,7 +44,7 @@ import { cloneObject, isDefined, checkDiskUsage, - getMemoryFlagValue, + getCodeQLMemoryLimit, } from "./util"; export * from "./config/db-config"; @@ -664,7 +664,7 @@ async function runnerSupportsOverlayAnalysis( return false; } - const memoryFlagValue = getMemoryFlagValue(ramInput, logger); + const memoryFlagValue = getCodeQLMemoryLimit(ramInput, logger); if (memoryFlagValue < OVERLAY_MINIMUM_MEMORY_MB) { logger.info( `Setting overlay database mode to ${OverlayDatabaseMode.None} ` + diff --git a/src/init-action.ts b/src/init-action.ts index 692f0370dd..8fa7899d8f 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -75,7 +75,7 @@ import { codeQlVersionAtLeast, DEFAULT_DEBUG_ARTIFACT_NAME, DEFAULT_DEBUG_DATABASE_NAME, - getMemoryFlagValue, + getCodeQLMemoryLimit, getRequiredEnvParam, getThreadsFlagValue, initializeEnvironment, @@ -538,7 +538,7 @@ async function run() { core.exportVariable( "CODEQL_RAM", process.env["CODEQL_RAM"] || - getMemoryFlagValue(getOptionalInput("ram"), logger).toString(), + getCodeQLMemoryLimit(getOptionalInput("ram"), logger).toString(), ); core.exportVariable( "CODEQL_THREADS", diff --git a/src/util.ts b/src/util.ts index aefcc5a2af..7bcdb41621 100644 --- a/src/util.ts +++ b/src/util.ts @@ -309,13 +309,13 @@ function getCgroupMemoryLimitBytes( } /** - * Get the value of the codeql `--ram` flag as configured by the `ram` input. - * If no value was specified, the total available memory will be used minus a + * Get the maximum amount of memory CodeQL is allowed to use. If no limit has been + * configured by the user, then the total available memory will be used minus a * threshold reserved for the OS. * - * @returns {number} the amount of RAM to use, in megabytes + * @returns {number} the amount of RAM CodeQL is allowed to use, in megabytes */ -export function getMemoryFlagValue( +export function getCodeQLMemoryLimit( userInput: string | undefined, logger: Logger, ): number { @@ -337,7 +337,7 @@ export function getMemoryFlag( userInput: string | undefined, logger: Logger, ): string { - const megabytes = getMemoryFlagValue(userInput, logger); + const megabytes = getCodeQLMemoryLimit(userInput, logger); return `--ram=${megabytes}`; } From b02fa13292ce189c02cbb1ba5488f7dbbc8c6b14 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Thu, 27 Nov 2025 15:42:17 +0100 Subject: [PATCH 24/27] Order feature flags alphabetically --- lib/analyze-action-post.js | 8 ++++---- lib/analyze-action.js | 8 ++++---- lib/autobuild-action.js | 8 ++++---- lib/init-action-post.js | 8 ++++---- lib/init-action.js | 8 ++++---- lib/resolve-environment-action.js | 8 ++++---- lib/setup-codeql-action.js | 8 ++++---- lib/start-proxy-action-post.js | 8 ++++---- lib/start-proxy-action.js | 8 ++++---- lib/upload-lib.js | 8 ++++---- lib/upload-sarif-action-post.js | 8 ++++---- lib/upload-sarif-action.js | 8 ++++---- src/feature-flags.ts | 10 +++++----- 13 files changed, 53 insertions(+), 53 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 69c8cd2370..0577f6b154 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -120181,14 +120181,14 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", minimumVersion: void 0 }, - ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 2ba02a47bb..ac60a71e3b 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -88802,14 +88802,14 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", minimumVersion: void 0 }, - ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 7b64276931..0c391dbd82 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -84121,14 +84121,14 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", minimumVersion: void 0 }, - ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { diff --git a/lib/init-action-post.js b/lib/init-action-post.js index f26a8a6cde..f12ac4d896 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -123562,14 +123562,14 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", minimumVersion: void 0 }, - ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { diff --git a/lib/init-action.js b/lib/init-action.js index a5dd93847a..b89763b9c4 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -86216,14 +86216,14 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", minimumVersion: void 0 }, - ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 4c1ff07350..b39d65f2d8 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -84112,14 +84112,14 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", minimumVersion: void 0 }, - ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 76baae1afc..24f26faca5 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -84024,14 +84024,14 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", minimumVersion: void 0 }, - ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 2a299b8974..8243b3e41a 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -119587,14 +119587,14 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", minimumVersion: void 0 }, - ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 82458c2188..cd17b0f156 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -100140,14 +100140,14 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", minimumVersion: void 0 }, - ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 9e5c8738ee..9362f4ec53 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -87177,14 +87177,14 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", minimumVersion: void 0 }, - ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 42449d2187..35495da738 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -119753,14 +119753,14 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", minimumVersion: void 0 }, - ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 37dc6bbaff..77f8a7ad14 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -86974,14 +86974,14 @@ var featureConfig = { envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: void 0 }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", minimumVersion: void 0 }, - ["overlay_analysis_skip_resource_checks" /* OverlayAnalysisSkipResourceChecks */]: { + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: void 0 }, ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { diff --git a/src/feature-flags.ts b/src/feature-flags.ts index 2085dccc40..999ed20d7b 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -75,8 +75,8 @@ export enum Feature { OverlayAnalysisPython = "overlay_analysis_python", OverlayAnalysisRuby = "overlay_analysis_ruby", OverlayAnalysisRust = "overlay_analysis_rust", - OverlayAnalysisSwift = "overlay_analysis_swift", OverlayAnalysisSkipResourceChecks = "overlay_analysis_skip_resource_checks", + OverlayAnalysisSwift = "overlay_analysis_swift", PythonDefaultIsToNotExtractStdlib = "python_default_is_to_not_extract_stdlib", QaTelemetryEnabled = "qa_telemetry_enabled", UploadOverlayDbToApi = "upload_overlay_db_to_api", @@ -279,14 +279,14 @@ export const featureConfig: Record< envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", minimumVersion: undefined, }, - [Feature.OverlayAnalysisSwift]: { + [Feature.OverlayAnalysisSkipResourceChecks]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", minimumVersion: undefined, }, - [Feature.OverlayAnalysisSkipResourceChecks]: { + [Feature.OverlayAnalysisSwift]: { defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS", + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", minimumVersion: undefined, }, [Feature.PythonDefaultIsToNotExtractStdlib]: { From 58c5954801c246a3975b658372285b37c45de271 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Thu, 27 Nov 2025 15:45:17 +0100 Subject: [PATCH 25/27] Add comment to runnerSupportsOverlayAnalysis --- src/config-utils.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/config-utils.ts b/src/config-utils.ts index 34d625773d..7376d5aab6 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -644,6 +644,10 @@ async function isOverlayAnalysisFeatureEnabled( return true; } +/** + * Checks if the runner supports overlay analysis based on available disk space + * and the maximum memory CodeQL will be allowed to use. + */ async function runnerSupportsOverlayAnalysis( ramInput: string | undefined, logger: Logger, From f7abc748a3da068e17cfd0e1086e8d72e51f17b6 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 28 Nov 2025 09:12:53 +0000 Subject: [PATCH 26/27] Remove branch filter for PR event in CodeQL workflow --- .github/workflows/codeql.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8ea440089d..999aa6dfd0 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -4,7 +4,6 @@ on: push: branches: [main, releases/v*] pull_request: - branches: [main, releases/v*] # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. types: [opened, synchronize, reopened, ready_for_review] From 88c2ab5eee3b475eef2f7aabf89bd9f052153d91 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 1 Dec 2025 09:26:09 +0000 Subject: [PATCH 27/27] Update changelog for v4.31.6 --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1359cdfd9c..5fe221f689 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,7 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. -## [UNRELEASED] +## 4.31.6 - 01 Dec 2025 No user facing changes.