[pull] main from github:main #1

pull · 2024-05-29T02:51:15Z

See Commits and Changes for more details.

Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

Summary by CodeRabbit

Release Notes

New Features
- Enhanced support for diff-informed analysis during pull request builds.
- Improved diagnostic artifact upload for more reliable debugging.
- Added functionality for overlay database mode in analysis workflows.
- Introduced new utility functions for managing diff-informed analysis in GitHub actions.
Performance & Reliability
- Upgraded CodeQL Bundle and CLI to newer versions for greater stability.
- Optimized dependency caching and refined error handling in analysis workflows.
Workflow Improvements
- Streamlined workflow configurations with clearer permissions and environment settings.
- Updated build modes and documentation to better guide users in selecting the appropriate setup.
Developer Experience
- Expanded documentation and build scripts to simplify project management.
- Enhanced error handling for uploads and refined logging for better debugging insights.

coderabbitai · 2024-07-17T15:36:29Z

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This pull request implements extensive refactoring and enhancements across the entire CodeQL Action repository. Multiple GitHub Actions workflows have been updated by removing an obsolete Kotlin-disable flag and introducing a new input parameter (setup-kotlin: 'true'), while job matrices and permissions have been streamlined (e.g. “latest” → “linked”, “write” → “read”). In addition, core library modules have been refactored—improving module imports, error handling, and version management—and several new utility files and scripts have been introduced to support dependency caching, overlay database modes, and enhanced documentation.

Changes

File(s)	Change Summary
.github/workflows/*	Updated numerous workflow files by removing `CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN`, switching OS matrix versions from “latest” to “linked”, adjusting permissions (e.g. `security-events: write` → `read`), removing Python setup steps, and adding new workflows (e.g. for debug artifacts, Zstandard bundle, start proxy, publish immutable action).
.github/actions/*	Modified action configuration files to update environment variable usage, adopt environment-driven parameter passing, add new inputs (`setup-kotlin`), update error handling (e.g. using `core.setFailed` instead of logging), and update external action references.
.github/codeql/, dependabot.yml, releases.ini*	Introduced a new CodeQL Actions Queries configuration, updated dependency ignore lists (e.g. eslint-plugin-import), and raised the minimum supported major version from 2 to 3.
Documentation Files (CHANGELOG.md, CONTRIBUTING.md, README.md, .gitignore, .pre-commit-config.yaml)	Expanded version histories and deprecation/addition notices, restructured sections (e.g. renaming “Supported versions” to “Build Modes” and adding an “Actions” section), added new ignore rules, and reintroduced linting hooks for TypeScript.
Core Library Modules (lib/*)	Refactored multiple modules with improved `__importStar` implementations, revised error handling and exports, removed obsolete functions, updated version constants, and enhanced functionality in analysis, CodeQL setup, Git utilities, configuration handling, and debug artifact upload.
New Scripts & Tools (justfile; scripts in actions-extractor/tools)	Added a new justfile defining build, lint, test, and sync targets; introduced new shell, batch, and PowerShell scripts to manage the JavaScript extractor’s autobuild process.
New Feature Files (overlay-database-utils.js, dependency-caching.js, doc-url.js)	Introduced modules to support overlay database modes, provide dependency caching utility functions, and centralize documentation URLs.
Git Utilities (lib/git-utils.js and its tests)	Added comprehensive Git utility functions (e.g. getGitRoot, getCommitOid, deepenGitHistory, gitFetch) along with corresponding tests to enhance repository operations.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant U as User
    participant GH as GitHub Actions Workflow
    participant PT as Prepare Test Step
    participant IA as Init Action
    participant AN as Analysis Step
    participant UA as Upload Artifact Step
    participant PS as Post-Step

    U->>GH: Push event / PR trigger
    GH->>PT: Start "Prepare test" (reads setup-kotlin input)
    PT->>IA: Call Init Action with updated parameters (incl. overlay mode)
    IA->>AN: Initialize CodeQL, setup environment, run queries
    AN->>UA: Analyze code and generate SARIF / debug logs
    UA->>PS: Report status and upload artifacts
    PS->>GH: End job with consolidated report

Poem

I’m a little rabbit in a code-filled maze,
Hopping through workflows in a joyful daze.
I nibbled on inputs and cleaned up the mess,
Added new features with complete finesse.
With “setup-kotlin” and changes grand,
I celebrate each commit in this wonderland.
🐰 Code hops on, bright and bold!

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

Review comments: Directly reply to a review comment made by CodeRabbit. Example:
- I pushed a fix in commit <commit_id>, please review it.
- Explain this complex logic.
- Open a follow-up GitHub issue for this discussion.
Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
- @coderabbitai explain this code block.
- @coderabbitai modularize this function.
PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
- @coderabbitai read src/utils.ts and explain its main purpose.
- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
- @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

@coderabbitai pause to pause the reviews on a PR.
@coderabbitai resume to resume the paused reviews.
@coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
@coderabbitai full review to do a full review from scratch and review all the files again.
@coderabbitai summary to regenerate the summary of the PR.
@coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
@coderabbitai resolve resolve all the CodeRabbit review comments.
@coderabbitai configuration to show the current CodeRabbit configuration for the repository.
@coderabbitai help to get help.

Other keywords and placeholders

Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (`.coderabbit.yaml`)

You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
Please see the configuration documentation for more information.
If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

Visit our Documentation for detailed information on how to use CodeRabbit.
Join our Discord Community to get help, request features, and share feedback.
Follow us on X/Twitter for updates and announcements.

coderabbitai

Actionable comments posted: 7

Outside diff range, codebase verification and nitpick comments (18)

.github/workflows/__all-platform-bundle.yml (1)
57-57: Kotlin Setup May Be Incomplete in Workflow

The setup-kotlin: 'true' line is present, but Kotlin is missing from the languages list in the workflow configuration. This could indicate that Kotlin is not fully integrated into the workflow, potentially leading to incomplete setup or execution issues.

File: .github/workflows/__all-platform-bundle.yml

Lines: Around setup-kotlin: 'true'

Please ensure that Kotlin is included in all relevant configurations and dependencies within the workflow.

Analysis chain

Enable Kotlin setup.

The addition of setup-kotlin: 'true' indicates that Kotlin is now explicitly supported. Ensure that any dependencies or configurations required for Kotlin are properly handled in the workflow.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify Kotlin setup dependencies and configurations.

# Test: Search for Kotlin-related setup or configuration files. Expect: Presence of Kotlin setup or configuration.
rg --type yaml 'kotlin'
Length of output: 247

Script:
#!/bin/bash
# Description: Check for Kotlin-related configurations in the workflow file.

# Test: Search for Kotlin-related configurations in the specified workflow file.
rg 'kotlin' .github/workflows/__all-platform-bundle.yml -A 5
Length of output: 302
.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml (1)
57-57: Kotlin setup appears unnecessary in this workflow.

The setup-kotlin: 'true' parameter is the only Kotlin-related configuration in the workflow file, which primarily deals with Go projects. There are no other Kotlin-related actions or dependencies present, suggesting that this setup might not be required. Please review the necessity of this configuration.

.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml: Line with setup-kotlin: 'true'

Analysis chain

Ensure Kotlin setup is necessary.

The setup-kotlin: 'true' parameter has been added. Verify that Kotlin setup is required for this workflow, as it primarily deals with Go projects.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify if Kotlin setup is necessary in the Go workflow.

# Test: Search for Kotlin-related usage in the Go workflow. Expect: No Kotlin-related actions.
rg --type yaml -A 5 'setup-kotlin: true' .github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
Length of output: 113

Script:
#!/bin/bash
# Description: Search for any Kotlin-related keywords or actions in the workflow file.

# Search for Kotlin-related keywords in the workflow file.
rg --type yaml 'kotlin|setup-kotlin' .github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
Length of output: 140
eslint.config.mjs (1)
1-2: Consider removing the auto-generated comment.

The comment indicating that the file was auto-generated might not be necessary in a version-controlled environment.
- // Automatically generated by running npx @eslint/migrate-config .eslintrc.json
lib/start-proxy-action.js (3)
19-19: Consider using optional chaining.

The code could be simplified by using optional chaining, which is a more modern and concise way to handle optional properties.
- if (mod && mod.__esModule) return mod;
+ if (mod?.__esModule) return mod;
Tools

Biome

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

65-66: Clarify the comment on retention days.

The comment about retention days is informative but could be more explicit about the reason for setting it to 7 days.
- // ensure we don't keep the debug artifacts around for too long since they can be large.
+ // Set retention to 7 days to prevent large debug artifacts from being stored for too long.
128-129: Improve the comment on port selection.

The comment about selecting a different port could be more descriptive about the range and the reason for the random selection.
- // If the proxy failed to start, try a different port from the ephemeral range [49152, 65535]
+ // If the proxy fails to start, select a random port from the ephemeral range [49152, 65535] to avoid conflicts.
lib/debug-artifacts.js (1)
69-71: Log the error object for better debugging.

While the warning message is useful, logging the error object can provide more context for debugging purposes.
- core.warning(`Failed to upload debug artifacts: ${e}`);
+ core.warning(`Failed to upload debug artifacts: ${e.message}`);
lib/setup-codeql.js (1)
29-36: Review the removal of exports carefully.

The functions getCodeQLActionRepository, tryGetBundleVersionFromUrl, convertToSemVer, getCodeQLSource, tryGetFallbackToolcacheVersion, getCodeQLURLVersion, and setupCodeQLBundle are still being used in other parts of the codebase, including source and test files. Ensure that their removal from exports does not break functionality or refactor them appropriately to maintain accessibility.

src/codeql.ts

src/setup-codeql.test.ts

lib/codeql.js

Analysis chain

Review the removal of exports.

Several functions have been removed from exports, which may affect their accessibility in other modules. Ensure these functions are not required elsewhere or have been refactored appropriately.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify if removed exports are used elsewhere in the codebase.

# Test: Search for usage of removed functions. Expect: No occurrences.
rg --type javascript -w $'getCodeQLActionRepository|tryGetBundleVersionFromUrl|convertToSemVer|getCodeQLSource|tryGetFallbackToolcacheVersion|getCodeQLURLVersion|setupCodeQLBundle'
Length of output: 216

Script:
#!/bin/bash
# Description: Verify if removed exports are used elsewhere in the codebase.

# Test: Search for usage of removed functions. Expect: No occurrences.
rg -w 'getCodeQLActionRepository|tryGetBundleVersionFromUrl|convertToSemVer|getCodeQLSource|tryGetFallbackToolcacheVersion|getCodeQLURLVersion|setupCodeQLBundle'
Length of output: 7733
CHANGELOG.md (10)
11-13: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.
- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024
Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

16-18: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.
- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024
Tools

LanguageTool

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

20-22: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.
- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024
Tools

LanguageTool

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

24-26: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.
- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024
Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

31-33: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.
- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024
Tools

LanguageTool

[typographical] ~31-~31: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

36-38: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.
- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024
Tools

LanguageTool

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

41-43: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.
- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024
Tools

LanguageTool

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

45-47: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.
- ## 3.25.9 - 12 Jun 2024
+ ## 3.25.9 – 12 Jun 2024
Tools

LanguageTool

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

50-52: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.
- ## 3.25.8 - 04 Jun 2024
+ ## 3.25.8 – 04 Jun 2024
Tools

LanguageTool

[typographical] ~50-~50: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

54-56: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.
- ## 3.25.7 - 31 May 2024
+ ## 3.25.7 – 31 May 2024
Tools

LanguageTool

[typographical] ~54-~54: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 47deadd and 25ad3c8.

Files ignored due to path filters (186)

lib/actions-util.js.map is excluded by !**/*.map
lib/analyze-action-env.test.js.map is excluded by !**/*.map
lib/analyze-action-input.test.js.map is excluded by !**/*.map
lib/analyze-action-post-helper.js.map is excluded by !**/*.map
lib/analyze-action.js.map is excluded by !**/*.map
lib/analyze.js.map is excluded by !**/*.map
lib/api-client.js.map is excluded by !**/*.map
lib/autobuild-action.js.map is excluded by !**/*.map
lib/autobuild.js.map is excluded by !**/*.map
lib/cli-errors.js.map is excluded by !**/*.map
lib/codeql.js.map is excluded by !**/*.map
lib/codeql.test.js.map is excluded by !**/*.map
lib/config-utils.js.map is excluded by !**/*.map
lib/config-utils.test.js.map is excluded by !**/*.map
lib/database-upload.js.map is excluded by !**/*.map
lib/debug-artifacts.js.map is excluded by !**/*.map
lib/diagnostics.js.map is excluded by !**/*.map
lib/doc-url.js.map is excluded by !**/*.map
lib/feature-flags.js.map is excluded by !**/*.map
lib/feature-flags.test.js.map is excluded by !**/*.map
lib/fingerprints.js.map is excluded by !**/*.map
lib/init-action-post-helper.js.map is excluded by !**/*.map
lib/init-action-post-helper.test.js.map is excluded by !**/*.map
lib/init-action.js.map is excluded by !**/*.map
lib/init.js.map is excluded by !**/*.map
lib/init.test.js.map is excluded by !**/*.map
lib/languages.js.map is excluded by !**/*.map
lib/logging.js.map is excluded by !**/*.map
lib/repository.js.map is excluded by !**/*.map
lib/resolve-environment.js.map is excluded by !**/*.map
lib/setup-codeql.js.map is excluded by !**/*.map
lib/setup-codeql.test.js.map is excluded by !**/*.map
lib/start-proxy-action-post.js.map is excluded by !**/*.map
lib/start-proxy-action.js.map is excluded by !**/*.map
lib/status-report.js.map is excluded by !**/*.map
lib/testing-utils.js.map is excluded by !**/*.map
lib/tools-features.js.map is excluded by !**/*.map
lib/tracer-config.js.map is excluded by !**/*.map
lib/tracer-config.test.js.map is excluded by !**/*.map
lib/trap-caching.js.map is excluded by !**/*.map
lib/upload-lib.js.map is excluded by !**/*.map
lib/upload-sarif-action-post-helper.js.map is excluded by !**/*.map
lib/upload-sarif-action.js.map is excluded by !**/*.map
lib/util.js.map is excluded by !**/*.map
lib/workflow.js.map is excluded by !**/*.map
lib/workflow.test.js.map is excluded by !**/*.map
node_modules/@eslint/compat/LICENSE is excluded by !**/node_modules/**
node_modules/@eslint/compat/README.md is excluded by !**/node_modules/**
node_modules/@eslint/compat/dist/cjs/index.cjs is excluded by !**/dist/**, !**/node_modules/**
node_modules/@eslint/compat/dist/cjs/index.d.cts is excluded by !**/dist/**, !**/node_modules/**
node_modules/@eslint/compat/dist/esm/index.d.ts is excluded by !**/dist/**, !**/node_modules/**
node_modules/@eslint/compat/dist/esm/index.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@eslint/compat/package.json is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/README.md is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/dist/eslintrc-universal.cjs is excluded by !**/dist/**, !**/node_modules/**
node_modules/@eslint/eslintrc/dist/eslintrc-universal.cjs.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@eslint/eslintrc/dist/eslintrc.cjs is excluded by !**/dist/**, !**/node_modules/**
node_modules/@eslint/eslintrc/dist/eslintrc.cjs.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@eslint/eslintrc/lib/config-array-factory.js is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/lib/config-array/config-array.js is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/lib/index.js is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/lib/shared/config-validator.js is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/LICENSE is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/README.md is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/dist/eslint-visitor-keys.cjs is excluded by !**/dist/**, !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/dist/eslint-visitor-keys.d.cts is excluded by !**/dist/**, !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/dist/index.d.ts is excluded by !**/dist/**, !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/dist/visitor-keys.d.ts is excluded by !**/dist/**, !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/lib/index.js is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/lib/visitor-keys.js is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/package.json is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/espree/LICENSE is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/espree/README.md is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/espree/dist/espree.cjs is excluded by !**/dist/**, !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/espree/espree.js is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/espree/lib/espree.js is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/espree/lib/features.js is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/espree/lib/options.js is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/espree/lib/token-translator.js is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/espree/lib/version.js is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/espree/package.json is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/globals/globals.json is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/globals/index.d.ts is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/globals/index.js is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/globals/license is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/globals/package.json is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/node_modules/globals/readme.md is excluded by !**/node_modules/**
node_modules/@eslint/eslintrc/package.json is excluded by !**/node_modules/**
node_modules/@eslint/js/package.json is excluded by !**/node_modules/**
node_modules/@eslint/js/src/configs/eslint-all.js is excluded by !**/node_modules/**
node_modules/@eslint/js/src/configs/eslint-recommended.js is excluded by !**/node_modules/**
node_modules/@types/console-log-level/LICENSE is excluded by !**/node_modules/**
node_modules/@types/console-log-level/README.md is excluded by !**/node_modules/**
node_modules/@types/console-log-level/index.d.ts is excluded by !**/node_modules/**
node_modules/@types/console-log-level/package.json is excluded by !**/node_modules/**
node_modules/@types/node-forge/LICENSE is excluded by !**/node_modules/**
node_modules/@types/node-forge/README.md is excluded by !**/node_modules/**
node_modules/@types/node-forge/index.d.ts is excluded by !**/node_modules/**
node_modules/@types/node-forge/package.json is excluded by !**/node_modules/**
node_modules/@types/uuid/README.md is excluded by !**/node_modules/**
node_modules/@types/uuid/index.d.mts is excluded by !**/node_modules/**
node_modules/@types/uuid/index.d.ts is excluded by !**/node_modules/**
node_modules/@types/uuid/package.json is excluded by !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/configs/all.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/configs/all.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/configs/disable-type-checked.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/configs/disable-type-checked.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/configs/recommended-type-checked-only.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/configs/recommended-type-checked-only.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/configs/recommended-type-checked.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/configs/recommended-type-checked.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/configs/recommended.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/configs/recommended.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/configs/strict-type-checked-only.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/configs/strict-type-checked-only.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/configs/strict-type-checked.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/configs/strict-type-checked.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/configs/strict.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/configs/strict.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/configs/stylistic-type-checked-only.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/configs/stylistic-type-checked-only.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/configs/stylistic-type-checked.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/configs/stylistic-type-checked.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/configs/stylistic.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/configs/stylistic.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/adjacent-overload-signatures.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/adjacent-overload-signatures.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/array-type.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/array-type.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/class-literal-property-style.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/class-literal-property-style.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/class-methods-use-this.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-type-assertions.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-type-assertions.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-type-definitions.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-type-definitions.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-type-imports.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-type-imports.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/default-param-last.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/default-param-last.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/dot-notation.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/dot-notation.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/enum-utils/shared.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/enum-utils/shared.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/explicit-member-accessibility.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/explicit-member-accessibility.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/indent.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/index.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/index.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/init-declarations.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/init-declarations.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/member-ordering.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/member-ordering.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/method-signature-style.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/method-signature-style.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/parse-options.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/parse-options.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/schema.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/schema.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/shared.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/shared.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/validator.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/validator.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-array-delete.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-array-delete.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-base-to-string.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-base-to-string.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-duplicate-enum-values.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-duplicate-enum-values.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-duplicate-type-constituents.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-duplicate-type-constituents.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-dynamic-delete.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-dynamic-delete.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-empty-interface.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-empty-interface.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-empty-object-type.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-empty-object-type.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-extraneous-class.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-extraneous-class.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-floating-promises.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-floating-promises.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-implied-eval.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-implied-eval.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-inferrable-types.js is excluded by !**/dist/**, !**/node_modules/**

Files selected for processing (106)

.github/actions/prepare-test/action.yml (2 hunks)
.github/actions/query-filter-test/action.yml (1 hunks)
.github/workflows/__all-platform-bundle.yml (3 hunks)
.github/workflows/__analyze-ref-input.yml (4 hunks)
.github/workflows/__autobuild-action.yml (5 hunks)
.github/workflows/__autobuild-direct-tracing-with-working-dir.yml (1 hunks)
.github/workflows/__autobuild-direct-tracing.yml (4 hunks)
.github/workflows/__build-mode-autobuild.yml (3 hunks)
.github/workflows/__build-mode-manual.yml (4 hunks)
.github/workflows/__build-mode-none.yml (4 hunks)
.github/workflows/__build-mode-rollback.yml (3 hunks)
.github/workflows/__cleanup-db-cluster-dir.yml (1 hunks)
.github/workflows/__config-export.yml (4 hunks)
.github/workflows/__config-input.yml (4 hunks)
.github/workflows/__cpp-deptrace-disabled.yml (4 hunks)
.github/workflows/__cpp-deptrace-enabled-on-macos.yml (3 hunks)
.github/workflows/__cpp-deptrace-enabled.yml (4 hunks)
.github/workflows/__diagnostics-export.yml (6 hunks)
.github/workflows/__export-file-baseline-information.yml (4 hunks)
.github/workflows/__extractor-ram-threads.yml (4 hunks)
.github/workflows/__go-custom-queries.yml (6 hunks)
.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml (3 hunks)
.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml (3 hunks)
.github/workflows/__go-indirect-tracing-workaround.yml (4 hunks)
.github/workflows/__go-tracing-autobuilder.yml (6 hunks)
.github/workflows/__go-tracing-custom-build-steps.yml (6 hunks)
.github/workflows/__go-tracing-legacy-workflow.yml (6 hunks)
.github/workflows/__init-with-registries.yml (4 hunks)
.github/workflows/__javascript-source-root.yml (5 hunks)
.github/workflows/__language-aliases.yml (4 hunks)
.github/workflows/__multi-language-autodetect.yml (6 hunks)
.github/workflows/__packaging-codescanning-config-inputs-js.yml (4 hunks)
.github/workflows/__packaging-config-inputs-js.yml (4 hunks)
.github/workflows/__packaging-config-js.yml (4 hunks)
.github/workflows/__packaging-inputs-js.yml (4 hunks)
.github/workflows/__remote-config.yml (5 hunks)
.github/workflows/__resolve-environment-action.yml (5 hunks)
.github/workflows/__rubocop-multi-language.yml (3 hunks)
.github/workflows/__ruby.yml (4 hunks)
.github/workflows/__split-workflow.yml (4 hunks)
.github/workflows/__submit-sarif-failure.yml (4 hunks)
.github/workflows/__swift-autobuild.yml (4 hunks)
.github/workflows/__swift-custom-build.yml (4 hunks)
.github/workflows/__test-autobuild-working-dir.yml (5 hunks)
.github/workflows/__test-local-codeql.yml (4 hunks)
.github/workflows/__test-proxy.yml (4 hunks)
.github/workflows/__unset-environment.yml (4 hunks)
.github/workflows/__upload-ref-sha-input.yml (4 hunks)
.github/workflows/__with-checkout-path.yml (5 hunks)
.github/workflows/codeql.yml (4 hunks)
.github/workflows/codescanning-config-cli.yml (1 hunks)
.github/workflows/debug-artifacts-failure.yml (2 hunks)
.github/workflows/debug-artifacts.yml (4 hunks)
.github/workflows/expected-queries-runs.yml (1 hunks)
.github/workflows/pr-checks.yml (5 hunks)
.github/workflows/python312-windows.yml (2 hunks)
.github/workflows/query-filters.yml (1 hunks)
.github/workflows/script/update-node-modules.sh (1 hunks)
.github/workflows/script/update-required-checks.sh (1 hunks)
.github/workflows/test-codeql-bundle-all.yml (2 hunks)
CHANGELOG.md (1 hunks)
README.md (1 hunks)
eslint.config.mjs (1 hunks)
init/action.yml (1 hunks)
lib/actions-util.js (16 hunks)
lib/analyze-action-env.test.js (1 hunks)
lib/analyze-action-input.test.js (1 hunks)
lib/analyze-action-post-helper.js (2 hunks)
lib/analyze-action.js (5 hunks)
lib/analyze.js (9 hunks)
lib/api-client.js (11 hunks)
lib/api-compatibility.json (1 hunks)
lib/autobuild-action.js (3 hunks)
lib/autobuild.js (5 hunks)
lib/cli-errors.js (9 hunks)
lib/codeql.js (27 hunks)
lib/codeql.test.js (20 hunks)
lib/config-utils.js (18 hunks)
lib/config-utils.test.js (1 hunks)
lib/database-upload.js (3 hunks)
lib/debug-artifacts.js (6 hunks)
lib/defaults.json (1 hunks)
lib/diagnostics.js (7 hunks)
lib/doc-url.js (1 hunks)
lib/feature-flags.js (4 hunks)
lib/feature-flags.test.js (3 hunks)
lib/fingerprints.js (5 hunks)
lib/init-action-post-helper.js (5 hunks)
lib/init-action-post-helper.test.js (2 hunks)
lib/init-action.js (12 hunks)
lib/init.js (5 hunks)
lib/init.test.js (2 hunks)
lib/languages.js (3 hunks)
lib/logging.js (1 hunks)
lib/repository.js (2 hunks)
lib/resolve-environment.js (2 hunks)
lib/setup-codeql.js (13 hunks)
lib/setup-codeql.test.js (2 hunks)
lib/start-proxy-action-post.js (1 hunks)
lib/start-proxy-action.js (1 hunks)
lib/status-report.js (8 hunks)
lib/testing-utils.js (8 hunks)
lib/tools-features.js (3 hunks)
lib/tracer-config.js (4 hunks)
lib/tracer-config.test.js (3 hunks)
lib/trap-caching.js (5 hunks)

Files not processed due to max files limit (6)

lib/upload-lib.js
lib/upload-sarif-action-post-helper.js
lib/upload-sarif-action.js
lib/util.js
lib/workflow.js
lib/workflow.test.js

Files skipped from review due to trivial changes (13)

.github/actions/query-filter-test/action.yml
.github/workflows/__autobuild-direct-tracing-with-working-dir.yml
.github/workflows/__cleanup-db-cluster-dir.yml
README.md
lib/analyze-action-env.test.js
lib/analyze-action-input.test.js
lib/autobuild-action.js
lib/defaults.json
lib/feature-flags.test.js
lib/languages.js
lib/repository.js
lib/testing-utils.js
lib/trap-caching.js

Additional context used

Biome

lib/doc-url.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[error] 15-15: The assignment should not be in an expression.

The use of assignments in expressions is confusing.
Expressions are often considered as side-effect free.

(lint/suspicious/noAssignInExpressions)

[error] 15-15: The assignment should not be in an expression.

The use of assignments in expressions is confusing.
Expressions are often considered as side-effect free.

(lint/suspicious/noAssignInExpressions)

lib/start-proxy-action-post.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[error] 47-47: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/init.test.js

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[error] 26-26: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/start-proxy-action.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/cli-errors.js

[error] 144-144: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

LanguageTool

CHANGELOG.md

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~31-~31: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~50-~50: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~54-~54: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Additional comments not posted (221)

lib/api-compatibility.json (1)

1-1: Verify impact on users due to version changes.

The changes in maximumVersion and minimumVersion update the supported API versions. Ensure that users relying on older versions are informed about the need to upgrade to maintain compatibility.

.github/workflows/script/update-node-modules.sh (1)

1-2: LGTM! Verify npm cache cleaning permissions.

The addition of #!/bin/bash and set -eu improves script robustness. The changes are approved.

Ensure that the user has the necessary permissions to run sudo npm cache clean --force.
.github/workflows/python312-windows.yml (2)
37-37: Verify impact of changing tools to linked.

The change from tools: latest to tools: linked may affect the version of tools used. Verify its impact on the workflow.

Verification successful

No functional impact from changing tools: latest to tools: linked.

The change is a renaming to clarify that tools: linked specifies using tools shipped with the Action. The old name remains supported for backward compatibility, indicating no immediate impact on the workflow.

Refer to CHANGELOG.md for more details.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the impact of changing tools to linked.

# Test: Search for documentation or code comments related to tools: linked. Expect: Explanation of the change and its impact.
rg "tools: linked" -A 5
Length of output: 2385
17-18: Verify implications of CODEQL_ACTION_TEST_MODE.

The addition of CODEQL_ACTION_TEST_MODE: true suggests a new testing mode. Verify its impact on the workflow and testing process.

Verification successful

Implications of CODEQL_ACTION_TEST_MODE in the Workflow

The CODEQL_ACTION_TEST_MODE environment variable is used to toggle a testing mode for CodeQL actions. It is referenced in several parts of the codebase, indicating its role in modifying the behavior of workflows for testing purposes. This mode might affect how workflows execute, potentially enabling additional logging or altering execution paths.

Files Involved:

src/environment.ts and lib/environment.js define it as a test mode variable.

pr-checks/sync.py checks and sets this variable if not already present.

pr-checks/checks/submit-sarif-failure.yml sets it to false, indicating different configurations for different workflows.

Consider reviewing these references to ensure the testing mode's behavior aligns with your expectations for the workflow.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the implications of CODEQL_ACTION_TEST_MODE on the workflow.

# Test: Search for references to CODEQL_ACTION_TEST_MODE in the codebase. Expect: Documentation or code comments explaining its purpose.
rg "CODEQL_ACTION_TEST_MODE" -A 5
Length of output: 1691
.github/workflows/expected-queries-runs.yml (1)

32-32: Switch to a specific version for stability.

The version parameter has been changed from latest to linked. This change can help ensure consistency and avoid unexpected issues due to updates in the latest version.

.github/workflows/test-codeql-bundle-all.yml (1)

45-46: Exclude unsupported languages for efficiency.

Swift has been excluded from the language list as it is not supported on Ubuntu. This change optimizes the workflow by focusing only on compatible languages.

lib/tools-features.js (1)

14-14: Expand feature set with ForceOverwrite.

The addition of ForceOverwrite to the ToolsFeature enum extends the feature set, allowing for more granular control over tool behaviors.

lib/logging.js (2)

26-27: LGTM! The export changes improve clarity.

The direct assignment of exports enhances readability and consistency.

34-40: Enhanced logging functionality is beneficial.

The added methods (info, warning, error) in getRunnerLogger provide a more comprehensive logging interface.

.github/workflows/__test-proxy.yml (1)

31-31: Workflow configuration changes look good.

The shift to version: linked and the addition of setup-kotlin: 'false' streamline the workflow configuration.

Also applies to: 57-57

.github/workflows/__all-platform-bundle.yml (1)

61-62: Update supported languages list.

The languages list now explicitly excludes Swift on Ubuntu. This change should align with the environments and languages supported by your project.

.github/workflows/query-filters.yml (1)

30-30: Change version parameter to linked.

The version parameter change from latest to linked suggests a preference for a specific version. Verify that this change aligns with the intended stability or compatibility goals.

lib/analyze-action-post-helper.js (1)

26-26: Ensure proper export of the run function.

The change to exports.run = run; correctly exports the run function, making it accessible to other modules. This resolves any previous issues with the function not being properly exported.
.github/workflows/__test-local-codeql.yml (3)
57-57: Kotlin setup enabled.

The setup-kotlin parameter is now set to 'true', indicating explicit support for Kotlin. Ensure that this aligns with other configurations.

67-68: Swift exclusion from Ubuntu supported languages.

Swift has been excluded from the list of supported languages on Ubuntu, which aligns with the note that Swift is not supported on this platform.

Line range hint 1-75:
Verify impact of removing CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN.

The removal of this environment variable indicates a change in how Kotlin is handled. Ensure that this does not negatively impact the CodeQL analysis for Kotlin.

Verification successful

Kotlin Analysis Configuration Verified

The removal of CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN does not negatively impact Kotlin analysis. The codebase includes several references to Kotlin, indicating that it is still supported through language aliases and other configurations.

References to Kotlin are found in workflow and configuration files, such as language-aliases.yml and other setup scripts.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the impact of removing `CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN`.

# Test: Check if Kotlin extraction is still functioning as expected.
# Expect: No errors related to Kotlin extraction in CodeQL workflows.
rg --type yaml 'CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN'
Length of output: 59

Script:
#!/bin/bash
# Description: Check for references to Kotlin in workflow files and related configurations.

# Search for any mention of Kotlin in YAML workflow files.
rg --type yaml 'kotlin'

# Search for any mention of Kotlin in the pr-checks directory or related setup scripts.
fd --type f --exec rg 'kotlin' {}
Length of output: 2657
.github/workflows/__language-aliases.yml (3)
57-57: Kotlin setup enabled.

The setup-kotlin parameter is now set to 'true', indicating explicit support for Kotlin. Ensure that this aligns with other configurations.

Line range hint 1-73:
Verify impact of removing CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN.

The removal of this environment variable indicates a change in how Kotlin is handled. Ensure that this does not negatively impact the CodeQL analysis for Kotlin.

31-31: Verify impact of changing version to linked.

The version parameter has been changed from latest to linked. Ensure that this change aligns with the intended version control strategy and does not affect compatibility.

Verification successful

Change to version: linked appears isolated.

The change to version: linked in the .github/workflows/__language-aliases.yml file does not appear to impact other parts of the codebase, as no other references to this specific setting were found. Ensure this aligns with the intended configuration for this workflow.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the impact of changing `version` to `linked`.

# Test: Check for references to the `version` parameter.
# Expect: Consistent usage of `linked` version in relevant workflows.
rg --type yaml 'version: linked'
Length of output: 34

Script:
#!/bin/bash
# Description: Search for any references to the `version` parameter in YAML files.

# Test: Broaden the search to include all `version` references.
rg --type yaml 'version:'
Length of output: 2852
.github/workflows/script/update-required-checks.sh (1)

31-31: Refined filtering logic for check runs.

The filtering logic now excludes check runs with a conclusion of "skipped", ensuring only relevant and completed checks are considered. This change aligns with the intended behavior.

.github/workflows/__analyze-ref-input.yml (1)

61-61: Enable Kotlin setup explicitly.

The addition of setup-kotlin: 'true' ensures that Kotlin is explicitly supported in the workflow setup. This change aligns with the removal of CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN, indicating a shift towards better Kotlin handling.

.github/workflows/__rubocop-multi-language.yml (1)

57-57: Enable Kotlin setup explicitly.

The addition of setup-kotlin: 'true' ensures that Kotlin is explicitly supported in the workflow setup. This change aligns with the removal of CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN, indicating a shift towards better Kotlin handling.

.github/workflows/__build-mode-manual.yml (1)

57-57: Enable Kotlin setup explicitly.

The addition of setup-kotlin: 'true' ensures that Kotlin is explicitly supported in the workflow setup. This change aligns with the removal of CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN, indicating a shift towards better Kotlin handling.

.github/workflows/__javascript-source-root.yml (2)

31-31: Switch to linked version for stability.

Changing the version from latest to linked can enhance stability by using a specific version rather than the most recent one.

61-61: Explicit Kotlin setup enabled.

The addition of setup-kotlin: 'true' ensures that Kotlin is explicitly set up, which may be necessary for the workflow's execution.

.github/workflows/__ruby.yml (3)

31-31: Switch to linked version for Ubuntu stability.

Changing the version from latest to linked for Ubuntu can enhance stability by using a specific version rather than the most recent one.

33-33: Switch to linked version for macOS stability.

Changing the version from latest to linked for macOS can enhance stability by using a specific version rather than the most recent one.

67-67: Explicit Kotlin setup enabled.

The addition of setup-kotlin: 'true' ensures that Kotlin is explicitly set up, which may be necessary for the workflow's execution.

.github/workflows/__test-autobuild-working-dir.yml (2)

31-31: Switch to linked version for stability.

Changing the version from latest to linked can enhance stability by using a specific version rather than the most recent one.

57-57: Explicit Kotlin setup enabled.

The addition of setup-kotlin: 'true' ensures that Kotlin is explicitly set up, which may be necessary for the workflow's execution.

.github/workflows/__cpp-deptrace-enabled.yml (2)

31-31: Use of specific versioning is good practice.

Changing the version from latest to linked enhances build consistency and stability.

61-61: Explicit Kotlin setup is beneficial.

Adding setup-kotlin: 'true' ensures that Kotlin is properly configured, which is important for projects using Kotlin.

.github/workflows/__autobuild-action.yml (2)

31-35: Use of specific versioning is good practice.

Changing the version from latest to linked across multiple OS configurations enhances build consistency and stability.

61-61: Explicit Kotlin setup is beneficial.

Adding setup-kotlin: 'true' ensures that Kotlin is properly configured, which is important for projects using Kotlin.

.github/workflows/__build-mode-none.yml (2)

31-31: Use of specific versioning is good practice.

Changing the version from latest to linked enhances build consistency and stability.

59-59: Explicit Kotlin setup is beneficial.

Adding setup-kotlin: 'true' ensures that Kotlin is properly configured, which is important for projects using Kotlin.
.github/workflows/__cpp-deptrace-enabled-on-macos.yml (1)
57-57: Ensure Kotlin setup is necessary.

The addition of setup-kotlin: 'true' suggests that Kotlin support is now required. Verify that this change aligns with the project's requirements and does not introduce unnecessary dependencies.

Verification successful

Kotlin Setup Justification

The presence of the Kotlin file tests/multi-language-repo/main.kt suggests that the Kotlin setup in the workflow is likely necessary. Ensure that this aligns with the project's requirements and that the Kotlin component is actively utilized in the build or test processes.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Test: Search for Kotlin-related files or configurations. Expect: Relevant Kotlin files or configurations.
rg --type kotlin
Length of output: 415

Script:
#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Test: Search for Kotlin-related files or configurations. Expect: Relevant Kotlin files or configurations.
rg --type kotlin --files-with-matches
Length of output: 436

Script:
#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Test: Search for Kotlin files by their common file extension. Expect: Relevant Kotlin files.
fd --extension kt
Length of output: 53
.github/workflows/__build-mode-autobuild.yml (1)
57-57: Verify Kotlin setup requirements.

The addition of setup-kotlin: 'true' indicates that Kotlin support is now explicitly enabled. Ensure that this aligns with the project's requirements and does not introduce unnecessary dependencies.

Verification successful

Let's correct the command to search for Kotlin-related files and configurations in the repository.

Kotlin setup is justified.

The presence of the Kotlin file tests/multi-language-repo/main.kt indicates that enabling Kotlin support in the workflow is necessary and aligns with the project's requirements. No unnecessary dependencies are introduced by this change.

Kotlin file found: tests/multi-language-repo/main.kt
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Test: Search for Kotlin-related files or configurations. Expect: Relevant Kotlin files or configurations.
rg --type kotlin
Length of output: 415

Script:
#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Corrected command to search for Kotlin files
rg --files | grep '\.kt$'
Length of output: 61
.github/workflows/__cpp-deptrace-disabled.yml (2)
31-31: Review matrix version change.

The matrix version has been changed from latest to linked. Ensure that this change is intentional and aligns with the desired version stability or specificity.

Verification successful

Matrix version change from latest to linked is intentional and documented.

The change from latest to linked is consistent with the documentation and configuration updates. The CHANGELOG.md indicates that tools: latest has been renamed to tools: linked, and this change is recommended for new workflows.

Refer to CHANGELOG.md for more details on this update.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the impact of changing the matrix version from `latest` to `linked`.

# Test: Check for documentation or configuration files that specify the `linked` version. Expect: Relevant documentation or configurations.
rg 'linked'
Length of output: 299908
61-61: Confirm Kotlin setup necessity.

The addition of setup-kotlin: 'true' suggests that Kotlin support is now required. Verify that this change aligns with the project's requirements and does not introduce unnecessary dependencies.

Verification successful

Kotlin setup is justified.

The presence of Kotlin files and references in configuration files confirms that Kotlin support is necessary for this project. The addition of setup-kotlin: 'true' aligns with the project's requirements.

Kotlin file found: tests/multi-language-repo/main.kt

References in configuration files:

pr-checks/checks/language-aliases.yml

pr-checks/checks/export-file-baseline-information.yml
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Test: Search for Kotlin-related files or configurations. Expect: Relevant Kotlin files or configurations.
rg --type kotlin
Length of output: 415

Script:
#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Search for Kotlin files by extension
fd --extension kt

# Search for Kotlin-related keywords in configuration files
rg 'kotlin' --glob '*.gradle' --glob '*.kts' --glob '*.yaml' --glob '*.yml'
Length of output: 353
.github/workflows/__extractor-ram-threads.yml (2)
31-31: Update version to linked.

Changing the version from latest to linked suggests a move towards more stable and predictable builds. Ensure that the linked version is correctly configured and maintained.

Verification successful

Presence of version: linked confirmed.

The version: linked is present in the .github/workflows/__extractor-ram-threads.yml file as expected. Please ensure that this version is correctly configured and maintained for stability and predictability in builds.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the usage of `linked` version in the workflow templates.

# Test: Check if `linked` version is used consistently across workflow templates.
rg --type yaml 'version: linked'
Length of output: 34

Script:
#!/bin/bash
# Description: Verify the specific usage of `version: linked` in the given workflow file.

# Test: Check if `version: linked` is present in the specified workflow file.
rg 'version: linked' .github/workflows/__extractor-ram-threads.yml
Length of output: 96
57-57: Enable Kotlin setup.

The addition of setup-kotlin: 'true' indicates Kotlin setup is now required. Verify that this change aligns with the intended support for Kotlin in the workflow.

Verification successful

Kotlin setup is consistently integrated across workflows.

The addition of setup-kotlin: 'true' in the .github/workflows/__extractor-ram-threads.yml file aligns with the overall configuration for Kotlin support, as evidenced by its presence in multiple workflow files. This suggests a deliberate effort to include Kotlin in the workflow processes.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the impact of enabling Kotlin setup on the workflow.

# Test: Check for Kotlin-related configurations and ensure they are properly set up.
rg --type yaml 'setup-kotlin: true'
Length of output: 37

Script:
#!/bin/bash
# Description: Search for any Kotlin-related configurations or mentions in workflow files.

# Test: Look for 'kotlin' keyword in YAML files within the .github/workflows directory.
rg --type yaml 'kotlin' .github/workflows
Length of output: 3925
.github/workflows/__upload-ref-sha-input.yml (2)
61-61: Enable Kotlin setup.

Adding setup-kotlin: 'true' suggests Kotlin setup is now explicitly required. Ensure this aligns with the intended support for Kotlin in the workflow.

Verification successful

Kotlin setup alignment verified.

The addition of setup-kotlin: 'true' aligns with the intended support for Kotlin, as evidenced by multiple references to Kotlin configurations and logic across the codebase. The workflow change is consistent with existing Kotlin-related setups and tests.

pr-checks/checks/language-aliases.yml: Contains Kotlin in language aliases.

pr-checks/sync.py: Handles Kotlin setup conditionally.

src/init-action.ts: Mentions disabling Kotlin analysis via feature flags.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the impact of enabling Kotlin setup on the workflow.

# Test: Check for Kotlin-related configurations and ensure they are properly set up.
rg --type yaml 'setup-kotlin: true'
Length of output: 37

Script:
#!/bin/bash
# Description: Search for Kotlin-related configurations or mentions across the repository.

# Search for any mention of Kotlin in YAML files to check for related configurations.
rg --type yaml 'kotlin' -i

# Additionally, search for Kotlin mentions in other common configuration files.
rg 'kotlin' -i
Length of output: 5474
71-71: Removal of upload-database input.

The removal of the upload-database input from the analyze action may affect how databases are handled. Verify that this change does not disrupt the workflow's intended functionality.
.github/workflows/__config-input.yml (2)
57-57: Enable Kotlin setup.

The addition of setup-kotlin: 'true' indicates Kotlin setup is now required. Verify that this change aligns with the intended support for Kotlin in the workflow.

Verification successful

Kotlin setup verification complete.

The addition of setup-kotlin: 'true' aligns with existing Kotlin-related configurations in the workflow, confirming the intended support for Kotlin. No further action is required.

Kotlin is mentioned in language lists and associated with build.gradle in several workflow files.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the impact of enabling Kotlin setup on the workflow.

# Test: Check for Kotlin-related configurations and ensure they are properly set up.
rg --type yaml 'setup-kotlin: true'
Length of output: 37

Script:
#!/bin/bash
# Description: Search for Kotlin-related configurations and dependencies in YAML workflow files.

# Check for any Kotlin-related keywords in YAML files to ensure proper setup.
rg --type yaml 'kotlin|gradle|kotlinc'
Length of output: 427
31-31: Update version to linked.

Changing the version from latest to linked suggests a move towards more stable and predictable builds. Ensure that the linked version is correctly configured and maintained.
lib/resolve-environment.js (2)
26-26: Export change approved.

The direct export of runResolveBuildEnvironment clarifies module exports.

43-46: Verify the removal of the version check.

The removal of the version check for CodeQL compatibility assumes that all environments are suitable. Ensure that this change does not introduce compatibility issues.

Verification successful

Version check for language aliasing remains intact.

The version check for CodeQL compatibility regarding language aliasing is still present in lib/resolve-environment.js. This ensures that the appropriate language input is used based on the CodeQL version, mitigating potential compatibility issues. The removal of another version check does not appear to introduce any new compatibility concerns.

The version check at lib/resolve-environment.js ensures compatibility with language aliasing.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify that the removal of the version check does not affect compatibility.

# Test: Search for usage of `codeQlVersionAtLeast` to ensure no other dependencies on this check exist.
rg --type js 'codeQlVersionAtLeast'
Length of output: 2429

Script:
#!/bin/bash
# Examine the context around the usage of `codeQlVersionAtLeast` in `lib/resolve-environment.js`
rg --type js -A 5 -B 5 'codeQlVersionAtLeast' lib/resolve-environment.js
Length of output: 811
.github/workflows/__swift-autobuild.yml (4)

6-6: Job name change approved.

The update to "Swift analysis using autobuild" accurately reflects the new focus of the workflow.

25-32: Matrix configuration change approved.

The simplification to "macos-latest" and "nightly-latest" aligns with the Swift focus and reduces complexity.

61-70: Swift setup steps approved.

The addition of Swift setup and working directory check ensures proper environment configuration for analysis.

76-83: Database check step approved.

The validation step ensures that a Swift database is created, which is essential for verifying the analysis process.

.github/workflows/__build-mode-rollback.yml (2)

57-57: Kotlin setup addition approved.

The addition of setup-kotlin: 'true' aligns with the enhanced support for Kotlin in the workflow.

57-57: Verify the impact of removing Java agent configuration.

The removal of CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN may affect Java analysis. Ensure this change does not introduce issues.

lib/start-proxy-action-post.js (3)

2-24: Custom module binding functions are well-implemented.

These functions ensure compatibility with different module systems.

Tools

Biome

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

31-35: Imports are correctly structured and necessary.

The imports are essential for the functionality provided in this file.

55-55: Appropriate usage of void for async function invocation.

The use of void is correct to suppress unhandled promise rejections.

.github/workflows/__swift-custom-build.yml (2)

31-31: Change to specific versioning strategy is beneficial.

Switching from latest to linked enhances consistency and reliability in the workflow.

61-61: Explicit Kotlin setup improves clarity.

Adding setup-kotlin: 'true' ensures that Kotlin is set up explicitly, clarifying workflow requirements.

.github/workflows/debug-artifacts-failure.yml (1)

37-37: Switch to specific versioning enhances consistency.

Changing the version from latest to linked ensures a stable testing environment.

.github/workflows/__autobuild-direct-tracing.yml (2)

31-33: Approved: Use of version: linked.

Switching from latest to linked for the version parameter can improve build stability by ensuring a consistent environment across runs.

63-63: Approved: Kotlin setup enabled.

Setting setup-kotlin to true ensures that Kotlin is properly configured, which is essential for Kotlin-based projects.

.github/workflows/__submit-sarif-failure.yml (3)

31-31: Approved: Use of version: linked.

Switching from latest to linked for the version parameter can improve build stability by ensuring a consistent environment across runs.

61-61: Approved: Kotlin setup enabled.

Setting setup-kotlin to true ensures that Kotlin is properly configured, which is essential for Kotlin-based projects.

66-66: Approved: Dynamic tools configuration.

Referencing the tools parameter from a previous step's output enhances flexibility and maintainability in the workflow.

.github/workflows/debug-artifacts.yml (4)

25-31: Approved: Updated job matrix versions.

The addition of stable-v2.17.6 and removal of latest focuses on specific stable versions, enhancing compatibility and reliability.

37-37: Approved: Change to runs-on: ubuntu-latest.

Switching the runs-on environment to ubuntu-latest aligns with the focus on supported languages on Ubuntu, potentially improving compatibility.

56-57: Approved: Exclusion of Swift from languages.

Excluding Swift from the languages list reflects a decision to focus on supported languages on Ubuntu, aligning with platform compatibility.

74-74: Approved: Update to VERSIONS variable.

Including stable-v2.17.6 in the VERSIONS variable ensures comprehensive artifact verification, maintaining consistency across the workflow.

.github/actions/prepare-test/action.yml (4)

5-5: Description Update Approved for version Input.

The change to include "linked" as a valid option in the description aligns with the updated logic in the runs section.

11-14: Addition of setup-kotlin Input Approved.

The new setup-kotlin input parameter enhances the workflow by allowing conditional Kotlin setup, with sensible defaults.

57-58: Logic Update for linked Version Approved.

The updated logic correctly handles the "linked" version, ensuring consistency with the input description.

66-69: Conditional Kotlin Setup Step Approved.

The addition of the fwilhe2/setup-kotlin step, conditional on the setup-kotlin input, is correctly implemented and enhances the workflow.

.github/workflows/__go-indirect-tracing-workaround.yml (1)

57-57: Addition of setup-kotlin Input Approved.

The inclusion of the setup-kotlin input parameter aligns with the workflow's objectives and enhances its configurability.

.github/workflows/__go-tracing-legacy-workflow.yml (3)

46-49: Matrix Version Updates Approved.

The addition of new stable versions and removal of outdated ones aligns with the workflow's testing objectives.

55-57: Change from latest to linked Version Approved.

The update from latest to linked for the default version aligns with the workflow's dependency resolution strategy.

87-87: Addition of setup-kotlin Input Approved.

The inclusion of the setup-kotlin input parameter aligns with the workflow's objectives and enhances its configurability.
.github/workflows/__resolve-environment-action.yml (4)
82-82: Conditional language setup.

The conditional setup for languages based on the version is a good practice. Ensure that all required languages are included for each version.

97-104: Conditional check for JavaScript/TypeScript configuration.

The conditional check ensures that JavaScript/TypeScript configurations are only present for specific versions. This is a correct approach to maintain compatibility.

31-35: Update version numbers to stable-v2.13.5 and linked.

The version numbers have been updated to stable-v2.13.5 and linked. Ensure that all dependencies and configurations are compatible with these versions.

Also applies to: 43-47

Verification successful

Version update to stable-v2.13.5 is consistent and without issues.

The version stable-v2.13.5 is consistently used across the configuration files, and there are no indications of compatibility problems or specific changes related to this update. The transition appears to be smooth and correctly implemented.

The old version stable-v2.13.4 is no longer referenced.

No comments or notes suggest any issues with stable-v2.13.5.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify compatibility of updated version numbers.

# Test: Check for any references to the old version `stable-v2.13.4`.
rg --type yaml 'stable-v2.13.4'
Length of output: 31

Script:
#!/bin/bash
# Description: Verify consistency and any notes regarding `stable-v2.13.5`.

# Test: Check for any references to the new version `stable-v2.13.5`.
rg --type yaml 'stable-v2.13.5' -A 2

# Test: Check for any notes or comments regarding version changes.
rg --type yaml '#.*version' -A 2
Length of output: 3284
79-79: Set up Kotlin explicitly.

The setup-kotlin: 'true' parameter is added, indicating explicit Kotlin setup. Ensure that this setup is required and correctly configured in the workflow.

Verification successful

Kotlin setup is necessary and correctly configured.

The repository contains Kotlin code, and the setup-kotlin: 'true' configuration is consistently used across multiple GitHub Actions workflows. This indicates that the Kotlin setup is required and appropriately configured for the workflows.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the necessity and correctness of Kotlin setup.

# Test: Check for any Kotlin-related configurations or dependencies.
rg --type yaml 'setup-kotlin'
Length of output: 29

Script:
#!/bin/bash
# Search for Kotlin-related files in the repository.
fd --extension kt

# Search for any Kotlin-related configurations in all YAML files.
rg --type yaml 'kotlin'

# Search for any references to Kotlin in GitHub Actions workflows.
rg --type yaml 'kotlin' .github/workflows/
Length of output: 4228
.github/workflows/__split-workflow.yml (2)
31-33: Consider implications of version change to linked.

The versioning for ubuntu-latest and macos-latest has been changed from latest to linked. Ensure that this change aligns with the project's stability and compatibility requirements.

Verification successful

The change to linked versioning aligns with project goals.

The use of linked specifies that the tools or environments used are consistent with the version of the Action, as noted in the CHANGELOG.md. This change likely enhances compatibility and stability, aligning with the project's requirements. No further documentation was found discussing additional implications.

Refer to CHANGELOG.md for more details on the linked versioning.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the impact of changing versioning to `linked`.

# Test: Search for documentation or discussions on the implications of using `linked` versions.
rg --type md 'linked' README.md
Length of output: 31

Script:
#!/bin/bash
# Description: Search for mentions of `linked` in markdown and YAML files to understand its implications.

# Search for `linked` in all markdown and YAML files.
rg 'linked' --type md --type yaml
Length of output: 7104
67-67: Ensure Kotlin setup is necessary.

The setup-kotlin: 'true' parameter has been added. Verify that Kotlin setup is required for this workflow, as it primarily deals with JavaScript projects.
.github/workflows/__remote-config.yml (3)
103-103: Ensure Kotlin setup is necessary.

The setup-kotlin: 'true' parameter has been added. Verify that Kotlin setup is required for this workflow, as it primarily deals with multiple languages.

67-71: Consider implications of version change to linked.

The versioning for ubuntu-latest, macos-latest, and windows-latest has been changed from latest to linked. Ensure that this change aligns with the project's stability and compatibility requirements.

Verification successful

Version change to linked aligns with stability goals

The change from latest to linked for versioning in the GitHub Actions workflow is intended to ensure that the tools used are consistent with the version of the Action, as mentioned in the CHANGELOG.md. This approach can enhance stability by preventing unexpected updates. Ensure this aligns with your project's specific stability and compatibility requirements.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the impact of changing versioning to `linked`.

# Test: Search for documentation or discussions on the implications of using `linked` versions.
rg --type md 'linked' README.md
Length of output: 31

Script:
#!/bin/bash
# Description: Search for the term 'linked' in all markdown files to find any documentation.
rg --type md 'linked'

# Description: Search for the term 'linked' in all GitHub Actions workflow files to understand its usage.
rg 'linked' .github/workflows/
Length of output: 10081
54-59: Review new OS versions for compatibility.

New OS versions stable-v2.17.6 have been added. Ensure these versions are compatible with the project's requirements and dependencies.
.github/workflows/__go-custom-queries.yml (2)

54-59: Matrix version updates look good.

The updates to include stable-v2.17.6 and replace latest with linked ensure compatibility with recent versions and maintain a stable environment.

Also applies to: 67-71

103-103: Addition of setup-kotlin is appropriate.

The inclusion of setup-kotlin: 'true' likely improves the Kotlin setup process in the workflow.

.github/workflows/codeql.yml (4)

44-44: Update to tools: linked is appropriate.

Switching from latest to linked provides a more controlled environment for CodeQL tools.

66-66: Update to VERSIONS_JSON is appropriate.

Including linked ensures tests are run with both default and linked bundles, enhancing test coverage.

78-78: OS matrix update to include macos-14 is beneficial.

This addition enhances compatibility and expands the environments for CodeQL analysis.

100-101: Addition of category parameter is appropriate.

Specifying the language with category: "/language:javascript" adds clarity to the workflow.

.github/workflows/__go-tracing-autobuilder.yml (2)

46-49: Matrix version updates look good.

The updates to include stable-v2.17.6 and replace latest with linked ensure compatibility with recent versions and maintain a stable environment.

Also applies to: 55-57

87-87: Addition of setup-kotlin is appropriate.

The inclusion of setup-kotlin: 'true' likely improves the Kotlin setup process in the workflow.
.github/workflows/__packaging-config-js.yml (2)
73-73: Kotlin setup added.

The setup-kotlin: 'true' parameter has been added to the configuration. Ensure that this setup is necessary and correctly configured for Kotlin-related tasks.

31-35: Ensure compatibility with linked versions.

The matrix version has been changed from latest to linked for multiple operating systems. This change aims to ensure compatibility with specific versions. Verify that the linked versions are correctly defined and compatible with your dependencies.

Verification successful

Ensure compatibility with linked versions is verified.

The linked version is a special value used to specify the version of the CodeQL tools, as mentioned in init/action.yml. This aligns with ensuring compatibility with specific versions of the CodeQL CLI, as indicated by comments in other YAML files. The review comment is accurate in its suggestion to verify compatibility with linked versions.

init/action.yml: Mentions linked as a special value for CodeQL tools.

Other YAML files use linked for versioning, with comments about compatibility.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify that the 'linked' versions are correctly defined and compatible.

# Check if the linked versions are specified in the workflow files.
rg --type yaml 'version: linked'
Length of output: 34

Script:
#!/bin/bash
# Search for occurrences of 'linked' across the repository to find any definitions or references.
rg 'linked'
Length of output: 299908

Script:
#!/bin/bash
# Search for occurrences of 'linked' specifically within YAML files to find any definitions or references related to GitHub Actions workflows.
rg 'linked' --type yaml
Length of output: 3476
.github/workflows/__packaging-config-inputs-js.yml (2)

31-35: Ensure compatibility with linked versions.

The matrix version has been changed from latest to linked for multiple operating systems. This change aims to ensure compatibility with specific versions. Verify that the linked versions are correctly defined and compatible with your dependencies.

73-73: Kotlin setup added.

The setup-kotlin: 'true' parameter has been added to the configuration. Ensure that this setup is necessary and correctly configured for Kotlin-related tasks.

.github/workflows/__packaging-inputs-js.yml (2)

31-35: Ensure compatibility with linked versions.

The matrix version has been changed from latest to linked for multiple operating systems. This change aims to ensure compatibility with specific versions. Verify that the linked versions are correctly defined and compatible with your dependencies.

73-73: Kotlin setup added.

The setup-kotlin: 'true' parameter has been added to the configuration. Ensure that this setup is necessary and correctly configured for Kotlin-related tasks.

.github/workflows/__packaging-codescanning-config-inputs-js.yml (2)

31-35: Use stable environment versions.

Changing version: latest to version: linked indicates a move towards more stable and controlled environments, which can improve build consistency.

73-73: Ensure Kotlin setup is necessary.

Adding setup-kotlin: 'true' explicitly sets up Kotlin, which could impact the build process if Kotlin dependencies are involved. Ensure this is necessary for your project.

.github/workflows/__config-export.yml (2)

31-35: Use stable environment versions.

The update from version: latest to version: linked for the OS matrix helps maintain build consistency by using stable versions.

67-67: Verify the need for Kotlin setup.

The addition of setup-kotlin: 'true' suggests a focus on Kotlin support. Verify that this setup is required for your project.

.github/workflows/__go-tracing-custom-build-steps.yml (3)

46-49: Update to newer stable versions.

Including stable-v2.17.6 for both Ubuntu and macOS ensures using the latest stable features and improvements.

55-57: Use stable environment versions.

Switching to version: linked from version: latest enhances stability and consistency across builds.

87-87: Confirm Kotlin setup necessity.

Adding setup-kotlin: 'true' implies Kotlin dependencies. Confirm that this is required for your Go project.

.github/workflows/__with-checkout-path.yml (2)

31-35: Good practice: Use specific versions instead of latest.

Changing the matrix version from latest to linked enhances consistency and predictability across CI runs.

61-61: Explicit Kotlin setup is beneficial.

Adding setup-kotlin: 'true' ensures that Kotlin dependencies are managed properly, enhancing the build process.

.github/workflows/__init-with-registries.yml (2)

37-41: Good practice: Use specific versions instead of latest.

Changing the matrix version from latest to linked enhances consistency and predictability across CI runs.

74-74: Explicit Kotlin setup is beneficial.

Adding setup-kotlin: 'true' ensures that Kotlin dependencies are managed properly, enhancing the build process.

lib/diagnostics.js (3)

6-9: Improved export organization.

Reordering export statements enhances readability and maintainability without altering functionality.

41-43: Enhanced robustness in addDiagnostic.

The updated logic for determining databasePath ensures correct path setting even when language is not specified, preventing potential errors.

63-66: Consistent path determination in writeDiagnostic.

Using the newly defined databasePath for diagnosticsPath computation maintains consistency and reinforces the updated logic.

eslint.config.mjs (3)

25-34: Review ignored files and directories.

Ensure that the ignored files and directories are correct and necessary for your project setup. This list includes common directories like lib, tests, and .github.

36-45: Check compatibility with extended configurations.

The compat.extends function is used to extend configurations. Verify that these configurations are compatible with your codebase.

80-133: Review ESLint rules for potential improvements.

The rules section contains various configurations. Ensure these rules align with your project's coding standards and consider adjusting them if necessary.

lib/database-upload.js (2)

26-26: Export statement updated for clarity.

The export statement now directly references the uploadDatabases function, which is a good practice for clarity and maintainability.

38-41: Test mode check added to uploadDatabases.

The addition of a test mode check is a beneficial change to prevent unnecessary uploads during testing. Ensure that this mode is correctly set and used in your testing environment.

lib/tracer-config.js (3)

35-47: Function shouldEnableIndirectTracing simplified.

The logic in shouldEnableIndirectTracing has been simplified by removing the features parameter and focusing on build mode conditions. This enhances clarity and maintainability.

Line range hint 58-75:
Function endTracingForCluster updated.

The function has been updated to remove the features parameter, aligning with the changes in shouldEnableIndirectTracing. Ensure that this change does not affect other parts of the codebase that might rely on the features parameter.

Line range hint 87-104:
Function getCombinedTracerConfig streamlined.

The removal of the features parameter from getCombinedTracerConfig simplifies the function. Check for any dependencies on the features parameter elsewhere in the codebase.
.github/workflows/pr-checks.yml (4)
66-66: Verify conditional logic for check-file-contents.

Ensure that the conditional logic correctly reflects the desired execution conditions. The current condition prevents execution on non-main branches unless they start with releases/v.

91-91: Verify conditional logic for npm-test.

Ensure that the conditional logic correctly reflects the desired execution conditions. The current condition prevents execution on non-main branches unless they start with releases/v.

55-55: Verify conditional logic for check-node-modules.

Ensure that the conditional logic correctly reflects the desired execution conditions. The current condition prevents execution on non-main branches unless they start with releases/v.

Verification successful

Conditional Logic for check-node-modules is Correctly Implemented

The conditional logic in the workflow file matches the intended behavior described in the review comment. The job is configured to run on events other than push, on the main branch, and on branches starting with releases/v. No changes are necessary.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the conditional logic for `check-node-modules`.

# Test: Search for all instances of `check-node-modules` in the workflow file.
# Expect: The if condition matches the intended workflow behavior.
rg --type yaml 'check-node-modules'
Length of output: 35

Script:
#!/bin/bash
# Description: Search for the conditional logic snippet in the workflow file to gather more context.
rg --type yaml 'if: github.event_name != '\''push'\'' || github.ref == '\''refs/heads/main'\'' || startsWith(github.ref, '\''refs/heads/releases/v'\'')' .github/workflows/pr-checks.yml -A 5
Length of output: 5351
111-111: Verify conditional logic for check-node-version.

The condition has been simplified, but ensure it aligns with the intended workflow behavior. The job now runs only for pull requests.

Verification successful

Conditional Logic Verified for check-node-version

The check-node-version job is correctly configured to run only on pull request events with the condition if: github.event.pull_request. This aligns with the intended workflow behavior. No issues found.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the conditional logic for `check-node-version`.

# Test: Search for all instances of `check-node-version` in the workflow file.
# Expect: The if condition matches the intended workflow behavior.
rg --type yaml 'check-node-version'
Length of output: 35

Script:
#!/bin/bash
# Description: Search for any jobs or steps related to node version checks in the workflow file.

# Test: Search for any references to node version checks in the workflow file.
rg --type yaml 'node' .github/workflows/pr-checks.yml -A 5
Length of output: 3014
lib/tracer-config.test.js (3)
70-70: Verify removal of third argument in getCombinedTracerConfig.

Ensure that the removal of (0, testing_utils_1.createFeatures)([]) does not affect the test logic or outcomes. Verify that the function handles the change correctly.

105-105: Verify removal of third argument in getCombinedTracerConfig.

Ensure that the removal of (0, testing_utils_1.createFeatures)([]) does not affect the test logic or outcomes. Verify that the function handles the change correctly.

49-49: Verify removal of third argument in getCombinedTracerConfig.

Ensure that the removal of (0, testing_utils_1.createFeatures)([]) does not affect the test logic or outcomes. Verify that the function handles the change correctly.

Verification successful

Removal of Third Argument in getCombinedTracerConfig Verified

The function getCombinedTracerConfig is correctly defined to accept only two arguments, codeql and config. The test cases have been updated to match this signature, and the logic within the function does not depend on a third argument. Therefore, the removal does not affect the test logic or outcomes.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the impact of removing the third argument in `getCombinedTracerConfig`.

# Test: Search for all instances of `getCombinedTracerConfig` in the test file.
# Expect: The function calls match the new signature and tests pass without the third argument.
rg --type js 'getCombinedTracerConfig'
Length of output: 1219

Script:
#!/bin/bash
# Extract the implementation of `getCombinedTracerConfig` to verify how it handles the absence of the third argument.
ast-grep --lang javascript --pattern 'async function getCombinedTracerConfig($_, $_) { $$$ }'
Length of output: 1664
.github/workflows/__unset-environment.yml (3)
76-77: Verify exclusion of Swift on Ubuntu.

Ensure that the exclusion of Swift from the supported languages list aligns with the intended testing strategy on Ubuntu.

Verification successful

Swift is correctly excluded from the supported languages on Ubuntu.

The unset-environment.yml file does not list Swift among the supported languages, aligning with the intended testing strategy on Ubuntu. Other YAML files do include Swift, indicating its use in different contexts or environments. No further action is needed.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the exclusion of Swift from the supported languages on Ubuntu.

# Test: Search for all instances of `languages` in the workflow file.
# Expect: Swift is excluded from the list for Ubuntu.
rg --type yaml 'languages'
Length of output: 5254
71-71: Verify Kotlin setup configuration.

Ensure that the setup-kotlin parameter is correctly configured for the new environment. Confirm that it aligns with the intended testing strategy.

Verification successful

Kotlin setup configuration appears consistent across workflows.

The setup-kotlin parameter is consistently set to 'true' in multiple workflow files, including .github/workflows/__unset-environment.yml. This suggests alignment with a common configuration strategy. If further verification against specific testing requirements is necessary, a manual review is recommended.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the `setup-kotlin` configuration in the workflow file.

# Test: Search for all instances of `setup-kotlin` in the workflow file.
# Expect: The configuration aligns with the intended testing strategy.
rg --type yaml 'setup-kotlin'
Length of output: 29

Script:
#!/bin/bash
# Description: Search for `setup-kotlin` in all files to verify its presence and configuration.

# Test: Search for all instances of `setup-kotlin` in the entire repository.
# Expect: To find the configuration and verify its correctness.
rg 'setup-kotlin' --hidden --glob '!.git/**'
Length of output: 4049
30-44: Verify job matrix changes.

Ensure that the job matrix changes align with the intended testing strategy. The shift to ubuntu-latest and the specified versions should be confirmed to meet testing requirements.

Verification successful

Job matrix changes verified successfully.

The job matrix in .github/workflows/__unset-environment.yml includes a comprehensive range of versions, from stable releases to the latest nightly build. This aligns well with a robust testing strategy aimed at ensuring compatibility across different stages of software release.

Versions included: stable-v2.13.5, stable-v2.14.6, stable-v2.15.5, stable-v2.16.6, stable-v2.17.6, default, linked, and nightly-latest.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the job matrix changes in the workflow file.

# Test: Search for all instances of `ubuntu-latest` in the workflow file.
# Expect: The job matrix aligns with the intended testing strategy and includes all necessary versions.
rg --type yaml 'ubuntu-latest'
Length of output: 30

Script:
#!/bin/bash
# Verify the existence of the .github/workflows/__unset-environment.yml file and search for 'ubuntu-latest' in it.

# Check if the file exists
if [ -f ".github/workflows/__unset-environment.yml" ]; then
  # Search for 'ubuntu-latest' in the file
  rg 'ubuntu-latest' .github/workflows/__unset-environment.yml
else
  echo "File .github/workflows/__unset-environment.yml does not exist."
fi
Length of output: 355

Script:
#!/bin/bash
# Extract context around 'ubuntu-latest' entries to verify associated versions in the workflow file.

# Show 3 lines of context around each match to capture associated versions
rg 'ubuntu-latest' .github/workflows/__unset-environment.yml -C 3
Length of output: 696
.github/workflows/__diagnostics-export.yml (4)
67-67: Verify Kotlin setup.

The setup-kotlin parameter is set to 'true'. Ensure this change is intentional and that Kotlin is required for the workflow.

Verification successful

Kotlin setup is intentional and consistent across workflows.

The setup-kotlin: 'true' parameter is used in multiple workflow files, indicating that Kotlin setup is a common requirement. This suggests that the change is intentional and aligns with the overall configuration strategy. No further action is needed.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the usage of `setup-kotlin` in the workflow.

# Test: Check for `setup-kotlin` parameter usage in the workflow file.
rg --type yaml $'setup-kotlin: \'true\''
Length of output: 45

Script:
#!/bin/bash
# Description: Re-verify the usage of `setup-kotlin` in the workflow files.

# Test: Search for any instances of `setup-kotlin` in the .github/workflows directory.
rg 'setup-kotlin' .github/workflows
Length of output: 3681
31-35: Simplify the job matrix.

The job matrix now uses a single linked version entry for each OS. Ensure this change aligns with your versioning strategy and does not omit necessary test cases.

78-84: Streamline diagnostic addition.

The diagnostic addition step has been streamlined to a single entry. Ensure this meets your diagnostic requirements and does not omit necessary diagnostics.

Verification successful

Streamlined diagnostic addition confirmed.

The diagnostic addition step has been successfully streamlined to a single entry in the repository, as indicated by the review comment. There are no other occurrences of the database add-diagnostic command.

Location: pr-checks/checks/diagnostics-export.yml
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the diagnostic addition step in the workflow.

# Test: Check for the diagnostic addition command in the workflow file.
rg --type yaml $'database add-diagnostic'
Length of output: 129

Script:
#!/bin/bash
# Description: Search for all occurrences of the `database add-diagnostic` command in the repository.

rg 'database add-diagnostic'
Length of output: 117
104-107: Check status page notification logic.

Ensure the expected message in the status page notification matches the actual output. This is crucial for accurate diagnostic reporting.

Verification successful

Status page notification logic is correctly implemented.

The logic to verify the expected message in the status page notification is present and functioning as intended. The code checks if the message text matches the expected value and sets a failure if it does not. No issues were found with this logic.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the status page notification logic in the workflow.

# Test: Check the expected message in the status page notification logic.
rg --type javascript $'Expected the status page diagnostic to have the message'
Length of output: 115

Script:
#!/bin/bash
# Description: Verify the status page notification logic in the workflow.

# Test: Check the expected message in the status page notification logic.
rg 'Expected the status page diagnostic to have the message' .github/workflows/__diagnostics-export.yml -A 5
Length of output: 478
.github/workflows/__multi-language-autodetect.yml (3)
154-155: Check Swift language autodetection condition.

The condition for Swift language autodetection is now specific to macOS. Ensure this change aligns with your platform requirements and does not exclude necessary cases.

Verification successful

Swift language autodetection condition is appropriate.

The condition for Swift language autodetection being specific to macOS is justified by the comment in the workflow file, which states that Swift is not supported on Ubuntu. This aligns with platform requirements and does not exclude necessary cases.

Comment in pr-checks/checks/multi-language-autodetect.yml explains the exclusion of Swift on Ubuntu.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the Swift language autodetection condition in the workflow.

# Test: Check the condition for Swift language autodetection in the workflow file.
rg --type yaml $'runner.os == \'macOS\''
Length of output: 197

Script:
#!/bin/bash
# Description: Search for comments or documentation related to the Swift language autodetection condition in the workflow file.

# Search for comments in the workflow file for context on the macOS condition.
rg --type yaml --context 5 'runner.os == '\''macOS'\''' pr-checks/checks/multi-language-autodetect.yml
Length of output: 1018
31-61: Expanded job matrix for multiple versions.

The job matrix now includes multiple stable versions for macOS and Ubuntu. Ensure these versions are necessary and align with your testing strategy.

Verification successful

Expanded job matrix confirmed

The .github/workflows/__multi-language-autodetect.yml file indeed includes multiple stable versions for macOS and Ubuntu as part of the job matrix. This aligns with the review comment's observation about the expanded job matrix. Ensure these versions are necessary for your testing strategy.

Versions included: stable-v2.13.5, stable-v2.14.6, stable-v2.15.5, stable-v2.16.6, stable-v2.17.6
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the expanded job matrix in the workflow.

# Test: Check for the presence of multiple stable versions in the workflow file.
rg --type yaml $'version: stable-v'
Length of output: 36

Script:
#!/bin/bash
# Re-run the search for stable versions in the workflow file with a broader pattern.
rg --type yaml 'version: stable-v' -A 1
Length of output: 41

Script:
#!/bin/bash
# Directly view the contents of the specified workflow file to verify job matrix entries.
cat .github/workflows/__multi-language-autodetect.yml
Length of output: 6010
87-87: Verify Kotlin setup.

The setup-kotlin parameter is set to 'true'. Ensure this change is necessary for the workflow and that Kotlin is required.
lib/init.test.js (2)

53-68: Ensure comprehensive test coverage for cleanup.

The test cleanupDatabaseClusterDirectory cleans up where possible checks the cleanup process and logs. Ensure it covers all necessary scenarios for directory cleanup.

69-109: Validate error handling in cleanup tests.

The tests for error handling in cleanupDatabaseClusterDirectory ensure correct exceptions are thrown. Verify that all expected error scenarios are covered.

lib/debug-artifacts.js (2)

29-33: Export statements are well-placed after function definitions.

The export statements have been moved to after the function definitions, which improves code readability and logical flow.

58-58: Ensure the catch block handles JSON parsing errors.

The catch block logs a message if the matrix input cannot be parsed. Ensure that this is sufficient for your use case and consider logging the error for debugging purposes.

init/action.yml (1)

142-143: New output parameter codeql-version is correctly added.

The addition of the codeql-version output parameter enhances the action's functionality by providing additional information.

.github/workflows/codescanning-config-cli.yml (1)

31-33: LGTM! Ensure the impact on the CI/CD pipeline is verified.

The change from version: latest to version: linked can improve build consistency by using specific versions. Ensure that these linked versions are correctly configured and tested in your CI/CD pipeline.

lib/init.js (3)

26-32: LGTM! Export reordering and initCodeQL changes improve clarity and functionality.

The reordering of exports enhances code organization. The change in initCodeQL to use toolsDownloadStatusReport instead of toolsDownloadDurationMs likely provides more comprehensive reporting.

62-71: LGTM! Verify the impact of removing the features parameter.

The removal of the features parameter from runInit simplifies the function. Ensure that this change does not negatively impact other parts of the codebase that might rely on this parameter.

116-149: LGTM! The cleanupDatabaseClusterDirectory function adds valuable error handling.

The function enhances robustness by providing detailed error handling and feedback for different environments, improving reliability.

lib/autobuild.js (3)

26-33: LGTM! Export reordering and documentation link improvements enhance clarity and maintainability.

The reordering of exports improves code organization. Using a constant for documentation links in determineAutobuildLanguages ensures easier updates and better maintainability.

122-127: LGTM! Documentation link structure in setupCppAutobuild improves user experience.

The updated logging messages ensure users are directed to the correct documentation, enhancing clarity and usability.

136-143: LGTM! Verify the impact of removing the features parameter in runAutobuild.

The removal of the features parameter simplifies the function. Ensure that this change does not negatively impact other parts of the codebase that might rely on this parameter.
lib/setup-codeql.test.js (1)
118-122: LGTM! Verify the usage of the new structure in tests.

The restructuring of the statusReport object in the stubbed downloadCodeQL function enhances clarity. Ensure that the tests correctly utilize this new structure.

Verification successful

Verification Successful: New statusReport Structure Utilized in Tests

The restructuring of the statusReport object is correctly utilized in the tests. Assertions in test files confirm that the new structure is being checked for expected values.

lib/setup-codeql.test.js: Direct usage of statusReport in test cases.

lib/status-report.test.js: Assertions verifying statusReport properties.

lib/trap-caching.test.js: Checks involving statusReport.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the usage of the new `statusReport` structure in tests.

# Test: Search for the usage of `statusReport`. Expect: Correct utilization in assertions.
rg --type js 'statusReport'
Length of output: 14170

Script:
#!/bin/bash
# Description: Search for `statusReport` usage in test files with context to verify correct utilization in assertions.
rg --type js 'statusReport' -A 5 -g '*test.js'
Length of output: 8498
lib/api-client.js (2)

30-41: Reordering of exports improves readability.

The reorganization of export statements enhances the clarity of the module's interface.

126-132: Verify the regex logic in getWorkflowRelativePath.

The regex check optimizes the function by reducing unnecessary API calls. Ensure that it correctly identifies invalid workflow URLs.
lib/init-action-post-helper.js (3)
26-28: Reordering of exports improves clarity.

The explicit assignment of exports enhances the module's interface clarity.

139-155: Verify enhancements in run function.

The new logic for cleaning up the database cluster directory improves resource management. Ensure that the error handling and conditions are correctly implemented.

Verification successful

Enhancements in run function verified successfully.

The logic for cleaning up the database cluster directory is well-implemented with appropriate error handling and condition checks. The use of a try-catch block ensures errors are logged without disrupting the flow, and the condition to check for a self-hosted runner is correctly applied.

Confirmed the presence of fs.rmSync usage in lib/init-action-post-helper.js.

Error handling and conditions are correctly implemented.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the enhancements in the `run` function.

# Test: Search for `fs.rmSync` usage. Expect: Correct error handling and conditions.
rg --type js 'fs.rmSync'
Length of output: 325
77-80: Verify changes in maybeUploadFailedSarif.

The simplification of the databaseExportDiagnostics call likely reflects a change in diagnostics processing. Ensure that the new logic is correct.
lib/fingerprints.js (3)

29-31: Export statements improved.

The export statements have been reordered and simplified, enhancing the readability of the module's interface.

203-203: Streamlined error handling.

The catch block now omits the unused error parameter, which is a good practice when the error object is not needed.

242-242: Improved logging with dynamic URL reference.

The logging message now uses a dynamic URL reference, enhancing maintainability.

lib/cli-errors.js (4)

3-5: Reordered export statements for better organization.

The export order of functions has been adjusted, improving code organization without altering functionality.

23-32: Consistent error message formatting.

The use of ensureEndsInPeriod ensures that fatal error messages are consistently formatted, which is a good practice.

74-74: Enhanced regex pattern for error detection.

The regex pattern now accommodates variations in the error message format, increasing robustness.

Line range hint 118-133:
Expanded error categorization.

The CliConfigErrorCategory enumeration and cliErrorsConfig object have been expanded, allowing for more granular categorization of CLI errors.

Also applies to: 142-231

lib/status-report.js (2)

26-31: Improved export structure.

The restructuring of exports enhances readability and clarity regarding the module's public API.

Line range hint 257-281:
Enhanced error logging.

The error handling in sendStatusReport has been refined with more descriptive logging messages, improving the debugging process.

lib/analyze-action.js (4)

Line range hint 111-138:
Simplified function signature.

The removal of the features parameter from runAutobuildIfLegacyGoWorkflow simplifies the function signature without affecting its logic.

173-173: Updated function call for consistency.

The function call to runAutobuildIfLegacyGoWorkflow has been updated to match its new signature, ensuring consistency.

189-189: Refactored upload function call.

The call to uploadLib.uploadFiles reflects an update in the upload mechanism, allowing it to utilize feature flags more effectively.

223-225: Improved error handling.

The consolidation of error handling using a ternary operator enhances code readability and reduces redundancy.

lib/init-action-post-helper.test.js (2)

318-322: Updated stub method and version.

The stub method for uploads has been updated to uploadFiles, and the CodeQL version has been updated to "2.17.6". These changes align the test with the updated functionality.

340-352: Adjusted test assertions.

The test assertions have been adjusted to verify the expected behavior of the updated uploadFiles method accurately.

lib/analyze.js (4)

54-59: Enhanced error handling in CodeQLAnalysisError.

The inclusion of an error parameter in the constructor allows for more detailed error information, enhancing error handling capabilities.

29-35: Restructured export statements for clarity.

The restructuring of export statements improves the readability and maintainability of the code.

189-189: Refined error handling in runQueries.

The refinement to wrap and pass the original error enhances the traceability of errors during query execution.

Line range hint 222-235:
Simplified function signature in runFinalize.

The removal of the features parameter simplifies the function signature, aligning with potential design changes.
lib/feature-flags.js (4)
49-49: Update Feature enum with new feature flag.

The Feature enum has been updated to include DisableCsharpBuildless. Ensure that this new feature flag is correctly integrated and used where applicable.

67-70: Add configuration for DisableCsharpBuildless.

The featureConfig object now includes a configuration for DisableCsharpBuildless. Verify that this configuration is correctly utilized in the application logic.

212-212: Simplify filtering logic in GitHubFeatureFlags.

The filtering logic in GitHubFeatureFlags has been simplified. Ensure that this change does not affect the intended behavior of the feature flag processing.

26-26: Verify removal of CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED.

The export for CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED has been removed. Ensure that any references to this export elsewhere in the codebase are also removed or updated.

Verification successful

Removal of CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED verified.

There are no remaining references to CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED in the codebase, confirming its successful removal.
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify removal of `CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED`.

# Test: Search for any remaining references to `CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED`.
rg --type javascript 'CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED'
Length of output: 102

Script:
#!/bin/bash
# Description: Verify removal of `CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED`.

# Test: Search for any remaining references to `CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED` with the correct file type.
rg --type js 'CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED'
Length of output: 59
lib/actions-util.js (4)

107-107: Simplify error handling in getCommitOid.

The error handling in getCommitOid has been simplified by removing the error parameter. This change improves clarity and reduces unnecessary variable declarations.

164-164: Simplify error handling in determineMergeBaseCommitOid.

The error handling in determineMergeBaseCommitOid has been simplified by removing the error parameter. This change improves clarity and reduces unnecessary variable declarations.

429-431: Add isSelfHostedRunner function.

The isSelfHostedRunner function has been added to check if the runner is self-hosted. Ensure that this function is used appropriately where needed.

26-39: Verify removal of multiple exports.

Several functions have been removed from the exports list. Ensure that these functions are not used elsewhere in the codebase or are accessed differently.

lib/init-action.js (6)

47-47: Update sendCompletedStatusReport function signature.

The function signature has been updated to replace toolsDownloadDurationMs with toolsDownloadStatusReport. Ensure that this change is reflected in all calls to this function.

61-63: Handle toolsDownloadStatusReport in status report.

The toolsDownloadStatusReport is now used to populate the tools_download_duration_ms field. Ensure that this object is correctly constructed and used.

86-103: Enhance status report with additional fields.

Additional fields such as packs, query_filters, and registries have been added to the status report. Verify that these fields are correctly populated and useful for reporting.

133-133: Update variable to toolsDownloadStatusReport.

The variable toolsDownloadDurationMs has been replaced with toolsDownloadStatusReport. Ensure that this change is consistent throughout the code.

206-220: Log CodeQL download telemetry.

The CodeQL download telemetry is now logged if toolsDownloadStatusReport is available. Ensure that this telemetry is useful for diagnostics and monitoring.

369-375: Update error handling in run function.

The error handling in the run function has been updated to accommodate the new status report structure. Ensure that errors are reported accurately.

lib/setup-codeql.js (3)

459-461: Ensure compatibility with semantic versioning.

The logic for determining the toolcache version has been updated to use semantic versioning. Verify that this aligns with the rest of the codebase and does not introduce inconsistencies.

Line range hint 369-430: Ensure proper handling of download and extraction durations.

The downloadCodeQL function now returns a statusReport object with download and extraction durations. Verify that this change is correctly handled in all places where the function is used.

Line range hint 480-503: Review the return structure of setupCodeQLBundle.

The function now returns a toolsDownloadStatusReport object. Ensure that all consumers of this function are updated to handle the new structure correctly.
lib/config-utils.js (2)
26-50: Review the restructuring of export statements.

The export statements have been restructured for clarity. Ensure that all necessary functions and constants are exported as intended and that there are no missing exports.

511-516: Security enhancement with parseRegistriesWithoutCredentials.

The new function processes registries without exposing credentials. Ensure that this function is used wherever registry parsing is required to enhance security.

Verification successful

Security enhancement verified for parseRegistriesWithoutCredentials.

The function parseRegistriesWithoutCredentials is used across the codebase, ensuring registry parsing without exposing credentials, as recommended.

Files where it is used:

src/init-action.ts

lib/init-action.js
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify usage of `parseRegistriesWithoutCredentials`.

# Test: Search for registry parsing logic. Expect: Use of `parseRegistriesWithoutCredentials`.
rg --type javascript 'parseRegistries'
Length of output: 73

Script:
#!/bin/bash
# Description: Verify usage of `parseRegistriesWithoutCredentials`.

# Test: Search for usage of `parseRegistriesWithoutCredentials`.
rg 'parseRegistriesWithoutCredentials'
Length of output: 528
lib/codeql.test.js (12)

29-29: Export stubToolRunnerConstructor for testing.

The function stubToolRunnerConstructor is now exported, which is useful for testing purposes. Ensure that this change does not inadvertently expose the function in unintended contexts.

104-104: Verify download duration reporting in tests.

The test now checks for toolsDownloadStatusReport?.downloadDurationMs. Ensure that this change accurately reflects the updated logic and is consistent across all relevant tests.

121-121: Ensure semantic versioning in test assertions.

The test checks for semantic versioning in the toolcache. Verify that this aligns with the code changes and does not introduce inconsistencies.

139-139: Check for download duration reporting consistency.

The test ensures that toolsDownloadStatusReport?.downloadDurationMs is an integer. Verify that this check is consistent across all tests that involve download operations.

144-149: Update test cases for new tag names.

The test cases have been updated to reflect new tag names for explicitly requested bundles. Ensure that these updates are consistent with the changes in the main codebase.

153-165: Verify caching logic for requested bundles.

The test ensures that explicitly requested bundles are cached correctly. Verify that this logic aligns with the updated caching strategy in the codebase.

Line range hint 445-462: Test for qlconfig and code scanning config injection.

The test checks that both a qlconfig and a code scanning config are passed to the CLI. Ensure that this behavior is consistent with the intended functionality.

516-519: Check for new analysis summary flag in tests.

The test verifies the correct passing of the --new-analysis-summary flag. Ensure that this logic is consistent with the code changes and accurately reflects the intended behavior.

529-529: Enhance error reporting in tests.

The test captures and reports detailed error messages for fatal internal errors. Ensure that this enhancement improves the robustness of the test suite.

551-558: Summarize autobuilder errors in tests.

The test captures autobuilder errors and provides a summary. Ensure that this change enhances error reporting and aligns with the main codebase.

581-599: Recognize fatal internal errors in tests.

The test ensures that fatal internal errors are recognized and reported. Verify that this logic is consistent with the error handling improvements in the codebase.

616-621: Avoid duplicate flags in tests.

The test ensures that the --overwrite flag is not duplicated. Verify that this behavior is consistent with the intended functionality and does not introduce issues.

lib/config-utils.test.js (3)

767-784: Refactoring improves maintainability.

The consolidation of test cases into a loop reduces redundancy and enhances readability while maintaining the original test logic.

785-790: Refactoring maintains test logic.

The refactored loop structure preserves the original test intent and enhances code clarity.

791-801: Refactoring enhances readability.

The use of a loop to consolidate test cases maintains the original logic and improves code maintainability.

lib/codeql.js (6)

66-78: Version constants updated for compatibility.

The updates to CODEQL_MINIMUM_VERSION, CODEQL_NEXT_MINIMUM_VERSION, GHES_VERSION_MOST_RECENTLY_DEPRECATED, and GHES_MOST_RECENT_DEPRECATION_DATE ensure compatibility with the latest versions.

Line range hint 123-134: Improved reporting in setupCodeQL.

The change from toolsDownloadDurationMs to toolsDownloadStatusReport likely provides more detailed status information.

Line range hint 255-290: Simplified parameter management in databaseInitCluster.

The removal of the features parameter likely streamlines the function's interface.

Line range hint 468-511: Refined diagnostics handling in databaseInterpretResults.

The refined handling of diagnostics export improves the function's clarity and functionality.

284-286: Enhanced flexibility in getCodeQLForCmd.

The addition of overwriteFlag logic allows for dynamic selection of overwrite options, improving command execution flexibility.

33-36: Streamlined module API.

The removal of exports like getExtraOptions and others likely reflects a refactoring to streamline the module's public API.

.github/workflows/__export-file-baseline-information.yml (2)

61-61: Kotlin setup enabled.

The addition of setup-kotlin: 'true' explicitly enables Kotlin setup in the workflow. Ensure that this change integrates smoothly with other steps and doesn't introduce conflicts.

87-87: Refined Swift condition for macOS.

The condition for including Swift in the expected baseline languages now checks specifically for macOS. This change aligns with macOS compatibility requirements.

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml (3)

57-57: Kotlin setup enabled.

The addition of setup-kotlin: 'true' explicitly enables Kotlin setup in the workflow. Ensure that this change integrates smoothly with other steps and doesn't introduce conflicts.

Line range hint 20-20:
Streamlined version checks.

The version check for stable-20230403 has been removed, focusing on stable-v2.13.5 and stable-v2.14.6. Ensure that this change aligns with the intended workflow requirements.

12-12: Removed Kotlin-related environment variable.

The removal of CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN suggests a change in Kotlin handling. Ensure that this change aligns with the intended workflow requirements and doesn't introduce issues.

coderabbitai · 2024-08-08T19:38:47Z

lib/doc-url.js

+    DocUrl["SCANNING_ON_PUSH"] = "https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push";
+    DocUrl["SPECIFY_BUILD_STEPS_MANUALLY"] = "https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-specifying-build-steps-manually";
+    DocUrl["TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS"] = "https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs";
+})(DocUrl || (exports.DocUrl = DocUrl = {}));


Refactor to avoid assignment within an expression.

Assignments within expressions can be confusing. Consider separating the assignment from the expression.

-})(DocUrl || (exports.DocUrl = DocUrl = {})); +})(DocUrl || (exports.DocUrl = (DocUrl = {})));

Committable suggestion was skipped due to low confidence.

Tools

Biome

[error] 15-15: The assignment should not be in an expression.

The use of assignments in expressions is confusing.
Expressions are often considered as side-effect free.

(lint/suspicious/noAssignInExpressions)

[error] 15-15: The assignment should not be in an expression.

The use of assignments in expressions is confusing.
Expressions are often considered as side-effect free.

(lint/suspicious/noAssignInExpressions)

coderabbitai · 2024-08-08T19:38:47Z

lib/doc-url.js

@@ -0,0 +1,16 @@
+"use strict";


Remove redundant "use strict" directive.

In ES6 modules, the "use strict" directive is unnecessary because modules are always in strict mode.

-"use strict";

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"use strict";

Tools

Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

coderabbitai · 2024-08-08T19:38:47Z

lib/tools-features.js

+exports.ToolsFeature = void 0;
+exports.isSupportedToolsFeature = isSupportedToolsFeature;


Reorder exports for clarity.

The export statement for isSupportedToolsFeature is now placed after its definition. This reordering enhances readability by aligning the export with its definition.

coderabbitai · 2024-08-08T19:38:47Z

lib/start-proxy-action-post.js

+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;


Consider using optional chaining for improved readability.

Using optional chaining can make the code more concise and readable.

- if ((config && config.debugMode) || core.isDebug()) { + if ((config?.debugMode) || core.isDebug()) {

Also applies to: 47-47

Tools

Biome

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

coderabbitai · 2024-08-08T19:38:47Z

lib/start-proxy-action-post.js

@@ -0,0 +1,56 @@
+"use strict";


Remove redundant "use strict" directive.

JavaScript modules are in strict mode by default, so this directive is unnecessary.

- "use strict";

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"use strict";

Tools

Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

coderabbitai · 2024-08-08T19:38:47Z

lib/cli-errors.js

@@ -138,6 +139,11 @@ var CliConfigErrorCategory;
 * would like to categorize an error as a configuration error or not.
 */
 exports.cliErrorsConfig = {
+    [CliConfigErrorCategory.AutobuildError]: {
+        cliErrorMessageCandidates: [
+            new RegExp("We were unable to automatically build your code"),


Use regex literal instead of constructor.

Regular expression literals are preferred over the RegExp constructor for simplicity and better static analysis.

- new RegExp("We were unable to automatically build your code"), + /We were unable to automatically build your code/,

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

new RegExp("We were unable to automatically build your code"),

/We were unable to automatically build your code/,

Tools

Biome

[error] 144-144: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

coderabbitai · 2024-08-08T19:38:47Z

lib/start-proxy-action.js

@@ -0,0 +1,152 @@
+"use strict";


Remove the redundant 'use strict' directive.

The 'use strict' directive is unnecessary in JavaScript modules as they are in strict mode by default.

- "use strict";

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"use strict";

Tools

Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

coderabbitai

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (2)

CHANGELOG.md (2)
11-11: Use en dashes for date ranges.

Consider using en dashes (–) instead of hyphens (-) for date ranges to improve readability and adhere to typographical standards.
- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024

- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024

- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024

- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024

- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024

- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024

- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024

- ## 3.25.9 - 12 Jun 2024
+ ## 3.25.9 – 12 Jun 2024

- ## 3.25.8 - 04 Jun 2024
+ ## 3.25.8 – 04 Jun 2024

- ## 3.25.7 - 31 May 2024
+ ## 3.25.7 – 31 May 2024
Also applies to: 16-16, 20-20, 24-24, 31-31, 36-36, 41-41, 45-45, 50-50, 54-54

Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

22-22: Add a comma for clarity.

Consider adding a comma after "production" for better readability.
- Do not use this in production as it is part of an internal experiment and subject to change at any time.
+ Do not use this in production, as it is part of an internal experiment and subject to change at any time.
Tools

LanguageTool

[uncategorized] ~22-~22: Possible missing comma found.
Context: .../dependabot-action). Do not use this in production as it is part of an internal experiment...

(AI_HYDRA_LEO_MISSING_COMMA)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 25ad3c8 and c4c3c44.

Files ignored due to path filters (7)

node_modules/@eslint/js/package.json is excluded by !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/member-ordering.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/member-ordering.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-floating-promises.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-floating-promises.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map

Files selected for processing (2)

CHANGELOG.md (1 hunks)
lib/defaults.json (1 hunks)

Files skipped from review due to trivial changes (1)

lib/defaults.json

Additional context used

LanguageTool

CHANGELOG.md

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[uncategorized] ~22-~22: Possible missing comma found.
Context: .../dependabot-action). Do not use this in production as it is part of an internal experiment...

(AI_HYDRA_LEO_MISSING_COMMA)

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~31-~31: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~50-~50: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~54-~54: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

coderabbitai

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between c4c3c44 and da9ecb0.

Files ignored due to path filters (1)

lib/init-action.js.map is excluded by !**/*.map

Files selected for processing (1)

lib/init-action.js (13 hunks)

Additional comments not posted (4)

lib/init-action.js (4)

Line range hint 47-116:
Enhancement to status reporting mechanism.

The changes to the sendCompletedStatusReport function enhance the reporting mechanism by providing more detailed information through the toolsDownloadStatusReport object and additional fields like packs, query_filters, and registries. Ensure that these changes are correctly integrated and that any dependent code is updated accordingly.

133-133: Consistent replacement of toolsDownloadDurationMs.

The variable toolsDownloadDurationMs has been consistently replaced with toolsDownloadStatusReport. Ensure that this change is reflected throughout the codebase and that the new variable is used correctly.

208-232: Updated logic for Go and Swift analysis.

The logic for handling Go binaries and Swift analysis on Ubuntu runners has been updated. These changes ensure compatibility with current platform support and address specific configuration needs. Verify that these updates are correctly implemented and that they do not introduce any issues.

Line range hint 296-346:
Environment variable settings based on CodeQL version.

The logic for setting environment variables based on CodeQL version checks is correctly implemented. This ensures that the appropriate features are enabled or disabled based on the version in use. Verify that these settings align with the intended functionality and do not cause any unintended side effects.

coderabbitai

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (1)

README.md (1)
38-38: Consider improving adjective order for clarity.

The sentence "We typically release new minor versions of the CodeQL Action and Bundle..." can be improved by adjusting the adjective order for better readability.
- We typically release new minor versions of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GHES) is released.
+ We typically release minor new versions of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GHES) is released.
Tools

LanguageTool

[style] ~38-~38: This is not the usual sequence for adjectives that have no special emphasis.
Context: ...Enterprise Server We typically release new minor versions of the CodeQL Action and Bundl...

(EN_ADJ_ORDER)

[style] ~38-~38: This is not the usual sequence for adjectives that have no special emphasis.
Context: ... of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GH...

(EN_ADJ_ORDER)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between da9ecb0 and 0d5982a.

Files selected for processing (1)

README.md (1 hunks)

Additional context used

LanguageTool

README.md

[style] ~38-~38: This is not the usual sequence for adjectives that have no special emphasis.
Context: ...Enterprise Server We typically release new minor versions of the CodeQL Action and Bundl...

(EN_ADJ_ORDER)

[style] ~38-~38: This is not the usual sequence for adjectives that have no special emphasis.
Context: ... of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GH...

(EN_ADJ_ORDER)

Additional comments not posted (2)

README.md (2)

36-40: Terminology update approved. Verify consistency across the document.

The changes from "CLI" to "Bundle" are consistent with the updated terminology. Ensure that all references to "CLI" have been updated to "Bundle" throughout the document.

Tools

LanguageTool

[style] ~38-~38: This is not the usual sequence for adjectives that have no special emphasis.
Context: ...Enterprise Server We typically release new minor versions of the CodeQL Action and Bundl...

(EN_ADJ_ORDER)

[style] ~38-~38: This is not the usual sequence for adjectives that have no special emphasis.
Context: ... of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GH...

(EN_ADJ_ORDER)

43-47: Version updates approved. Verify version consistency.

The table updates align with the latest recommendations. Ensure that the version numbers are accurate and consistent with the latest releases.

coderabbitai

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (11)

CHANGELOG.md (11)
11-11: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.
- ## 3.26.1 - 13 Aug 2024
+ ## 3.26.1 – 13 Aug 2024
Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

13-13: Consider using a hyphen for compound adjectives.

If "user facing" is intended as a compound adjective, use a hyphen.
- No user facing changes.
+ No user-facing changes.
Tools

LanguageTool

[uncategorized] ~13-~13: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

15-15: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.
- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024
Tools

LanguageTool

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

20-20: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.
- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024
Tools

LanguageTool

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

24-24: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.
- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024
Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

28-28: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.
- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024
Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

35-35: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.
- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024
Tools

LanguageTool

[typographical] ~35-~35: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

40-40: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.
- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024
Tools

LanguageTool

[typographical] ~40-~40: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

45-45: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.
- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024
Tools

LanguageTool

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

49-49: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.
- ## 3.25.9 - 12 Jun 2024
+ ## 3.25.9 – 12 Jun 2024
Tools

LanguageTool

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

54-54: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.
- ## 3.25.8 - 04 Jun 2024
+ ## 3.25.8 – 04 Jun 2024
Tools

LanguageTool

[typographical] ~54-~54: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 0d5982a and a93f8c2.

Files selected for processing (1)

CHANGELOG.md (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~13-~13: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~35-~35: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~40-~40: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~54-~54: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

coderabbitai

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (14)

CHANGELOG.md (14)
9-9: Consider using a hyphen for compound adjectives.

In "user facing changes," if this is a compound adjective, use a hyphen: "user-facing changes."
- No user facing changes.
+ No user-facing changes.
Tools

LanguageTool

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.2 - 14 Aug 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

11-11: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "14 Aug 2024."
- ## 3.26.2 - 14 Aug 2024
+ ## 3.26.2 – 14 Aug 2024
Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

15-15: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "13 Aug 2024."
- ## 3.26.1 - 13 Aug 2024
+ ## 3.26.1 – 13 Aug 2024
Tools

LanguageTool

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

17-17: Consider using a hyphen for compound adjectives.

In "user facing changes," if this is a compound adjective, use a hyphen: "user-facing changes."
- No user facing changes.
+ No user-facing changes.
Tools

LanguageTool

[uncategorized] ~17-~17: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

19-19: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "06 Aug 2024."
- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024
Tools

LanguageTool

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

24-24: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "26 Jul 2024."
- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024
Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

28-28: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "25 Jul 2024."
- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024
Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

32-32: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "19 Jul 2024."
- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024
Tools

LanguageTool

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

39-39: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "12 Jul 2024."
- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024
Tools

LanguageTool

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

44-44: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "28 Jun 2024."
- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024
Tools

LanguageTool

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

49-49: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "13 Jun 2024."
- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024
Tools

LanguageTool

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

53-53: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "12 Jun 2024."
- ## 3.25.9 - 12 Jun 2024
+ ## 3.25.9 – 12 Jun 2024
Tools

LanguageTool

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

58-58: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "04 Jun 2024."
- ## 3.25.8 - 04 Jun 2024
+ ## 3.25.8 – 04 Jun 2024
Tools

LanguageTool

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

62-62: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "31 May 2024."
- ## 3.25.7 - 31 May 2024
+ ## 3.25.7 – 31 May 2024
Tools

LanguageTool

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between a93f8c2 and 5c681ef.

Files selected for processing (1)

CHANGELOG.md (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.2 - 14 Aug 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~17-~17: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

coderabbitai

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (11)

CHANGELOG.md (11)
11-11: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.
- ## 3.26.2 - 14 Aug 2024
+ ## 3.26.2 – 14 Aug 2024
Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

15-15: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.
- ## 3.26.1 - 13 Aug 2024
+ ## 3.26.1 – 13 Aug 2024
Tools

LanguageTool

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

19-19: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.
- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024
Tools

LanguageTool

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

24-24: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.
- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024
Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

28-28: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.
- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024
Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

32-32: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.
- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024
Tools

LanguageTool

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

39-39: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.
- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024
Tools

LanguageTool

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

44-44: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.
- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024
Tools

LanguageTool

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

49-49: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.
- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024
Tools

LanguageTool

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

53-53: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.
- ## 3.25.9 - 12 Jun 2024
+ ## 3.25.9 – 12 Jun 2024
Tools

LanguageTool

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

58-58: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.
- ## 3.25.8 - 04 Jun 2024
+ ## 3.25.8 – 04 Jun 2024
Tools

LanguageTool

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 5c681ef and b187c86.

Files ignored due to path filters (1)

lib/diagnostics.js.map is excluded by !**/*.map

Files selected for processing (2)

CHANGELOG.md (1 hunks)
lib/diagnostics.js (7 hunks)

Files skipped from review as they are similar to previous changes (1)

lib/diagnostics.js

Additional context used

LanguageTool

CHANGELOG.md

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~17-~17: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

coderabbitai

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (2)

CHANGELOG.md (2)
9-9: Consider using a hyphen for compound adjectives.

To improve clarity, consider using a hyphen in "user facing" to form "user-facing".
- No user facing changes.
+ No user-facing changes.
Tools

LanguageTool

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.3 - 19 Aug 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

11-11: Consider using an en dash for date ranges.

For consistency and typographical correctness, consider using an en dash for date ranges, e.g., "3.26.3 – 19 Aug 2024".
- ## 3.26.3 - 19 Aug 2024
+ ## 3.26.3 – 19 Aug 2024
Also applies to: 15-15, 19-19, 23-23, 28-28, 32-32, 36-36, 43-43, 48-48, 53-53, 57-57, 62-62, 66-66

Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between b187c86 and 339aada.

Files selected for processing (1)

CHANGELOG.md (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.3 - 19 Aug 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~21-~21: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~23-~23: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~43-~43: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~57-~57: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

coderabbitai

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 339aada and 512e306.

Files ignored due to path filters (2)

lib/start-proxy-action-post.js.map is excluded by !**/*.map
lib/start-proxy-action.js.map is excluded by !**/*.map

Files selected for processing (2)

lib/start-proxy-action-post.js (1 hunks)
lib/start-proxy-action.js (1 hunks)

Additional context used

Biome

lib/start-proxy-action-post.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[error] 47-47: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/start-proxy-action.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

Additional comments not posted (8)

lib/start-proxy-action-post.js (3)
1-1: Remove the redundant "use strict" directive.

JavaScript modules are in strict mode by default, so this directive is unnecessary.

Tools

Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

19-19: Consider using optional chaining for improved readability.

Using optional chaining can make the code more concise and readable.
- if ((config && config.debugMode) || core.isDebug()) {
+ if ((config?.debugMode) || core.isDebug()) {
Also applies to: 47-47

Tools

Biome

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

36-64: LGTM!

The runWrapper function is well-structured and handles errors appropriately.

Tools

Biome

[error] 47-47: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)
lib/start-proxy-action.js (5)

1-1: Remove the redundant "use strict" directive.

JavaScript modules are in strict mode by default, so this directive is unnecessary.

Tools

Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

66-80: LGTM!

The generateCertificateAuthority function correctly implements certificate generation using node-forge.

104-147: LGTM!

The startProxy function is well-structured with appropriate error handling and retry logic.

151-183: LGTM!

The getCredentials function correctly retrieves and validates credentials from action inputs.

186-195: LGTM!

The getProxyAuth function correctly handles optional input retrieval for proxy authentication.

coderabbitai

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (12)

CHANGELOG.md (12)
9-9: Correct the operating system name to "macOS".

The correct spelling for Apple's operating system is "macOS".
- on MacOS ARM machines
+ on macOS ARM machines
Tools

LanguageTool

[grammar] ~9-~9: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

11-11: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.
- ## 3.26.3 - 19 Aug 2024
+ ## 3.26.3 – 19 Aug 2024
Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

15-15: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.
- ## 3.26.2 - 14 Aug 2024
+ ## 3.26.2 – 14 Aug 2024
Tools

LanguageTool

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

19-19: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.
- ## 3.26.1 - 13 Aug 2024
+ ## 3.26.1 – 13 Aug 2024
Tools

LanguageTool

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

21-21: Hyphenate the compound adjective "user-facing".

The phrase "user-facing" should be hyphenated as it is a compound adjective.
- No user facing changes.
+ No user-facing changes.
Tools

LanguageTool

[uncategorized] ~21-~21: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

23-23: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.
- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024
Tools

LanguageTool

[typographical] ~23-~23: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

28-28: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.
- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024
Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

32-32: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.
- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024
Tools

LanguageTool

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

36-36: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.
- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024
Tools

LanguageTool

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

43-43: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.
- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024
Tools

LanguageTool

[typographical] ~43-~43: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

48-48: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.
- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024
Tools

LanguageTool

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

53-53: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.
- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024
Tools

LanguageTool

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 512e306 and 202b3b9.

Files ignored due to path filters (7)

lib/analyze-action.js.map is excluded by !**/*.map
lib/init-action-post.js.map is excluded by !**/*.map
lib/init-action.js.map is excluded by !**/*.map
lib/init.js.map is excluded by !**/*.map
lib/resolve-environment-action.js.map is excluded by !**/*.map
lib/upload-sarif-action.js.map is excluded by !**/*.map
lib/util.js.map is excluded by !**/*.map

Files selected for processing (8)

CHANGELOG.md (1 hunks)
lib/analyze-action.js (6 hunks)
lib/init-action-post.js (1 hunks)
lib/init-action.js (13 hunks)
lib/init.js (4 hunks)
lib/resolve-environment-action.js (2 hunks)
lib/upload-sarif-action.js (3 hunks)
lib/util.js (33 hunks)

Files skipped from review as they are similar to previous changes (2)

lib/analyze-action.js
lib/init.js

Additional context used

LanguageTool

CHANGELOG.md

[grammar] ~9-~9: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~21-~21: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~23-~23: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~43-~43: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~57-~57: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Additional comments not posted (5)

lib/init-action-post.js (1)
62-62: LGTM! Verify the checkDiskUsage function usage.

The changes enhance logging by passing the logger to checkDiskUsage. Ensure all calls to checkDiskUsage are updated accordingly.

To verify the function usage, run the following script:
#!/bin/bash
# Description: Verify all function calls to `checkDiskUsage` include the logger parameter.

# Test: Search for the function usage. Expect: Only occurrences with the logger parameter.
rg --type js -A 1 $'checkDiskUsage(logger)'
Also applies to: 70-70
lib/resolve-environment-action.js (1)
41-41: LGTM! Verify the checkDiskUsage function usage.

The changes enhance logging by passing the logger to checkDiskUsage. Ensure all calls to checkDiskUsage are updated accordingly.

To verify the function usage, run the following script:
#!/bin/bash
# Description: Verify all function calls to `checkDiskUsage` include the logger parameter.

# Test: Search for the function usage. Expect: Only occurrences with the logger parameter.
rg --type js -A 1 $'checkDiskUsage(logger)'
Also applies to: 67-67, 74-74
lib/upload-sarif-action.js (1)
37-37: LGTM! Verify the checkDiskUsage function usage and Features instance.

The changes enhance logging by passing the logger to checkDiskUsage and introduce a Features instance for feature-aware processes. Ensure all calls to checkDiskUsage are updated accordingly and verify the correct initialization and usage of Features.

To verify the function usage, run the following script:
#!/bin/bash
# Description: Verify all function calls to `checkDiskUsage` include the logger parameter and check the initialization of `Features`.

# Test: Search for the function usage. Expect: Only occurrences with the logger parameter.
rg --type js -A 1 $'checkDiskUsage(logger)'

# Test: Verify the initialization of `Features`.
rg --type js -A 3 $'new feature_flags_1.Features'
Also applies to: 54-54, 77-77
lib/init-action.js (1)
47-47: LGTM! Verify the new status report fields.

The changes enhance the status reporting mechanism by incorporating more detailed configuration data. Ensure that the new fields are correctly populated and used throughout the codebase.

To verify the new status report fields, run the following script:
#!/bin/bash
# Description: Verify the new fields in the status report are correctly populated and used.

# Test: Search for the usage of new fields in the status report.
rg --type js -A 5 $'initWithConfigStatusReport'
Also applies to: 61-63, 86-103, 111-116, 133-133, 161-161, 201-201, 208-221, 229-232, 296-296, 332-332, 337-346, 356-366, 371-371, 377-377
lib/util.js (1)
29-70: LGTM! Verify the new utility functions and checkDiskUsage modifications.

The restructuring of exports improves readability, and the new utility functions enhance functionality. The checkDiskUsage function is streamlined for better performance. Ensure the new functions are correctly implemented and utilized.

To verify the new utility functions and checkDiskUsage modifications, run the following script:
#!/bin/bash
# Description: Verify the new utility functions and modifications to `checkDiskUsage`.

# Test: Search for the implementation and usage of `cloneObject`.
rg --type js -A 2 $'function cloneObject'

# Test: Search for the implementation and usage of `isSipEnabled`.
rg --type js -A 2 $'async function isSipEnabled'

# Test: Verify the modifications to `checkDiskUsage`.
rg --type js -A 5 $'checkDiskUsage'
Also applies to: 795-820, 868-870, 873-890

coderabbitai

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (2)

CHANGELOG.md (2)
9-9: Typographical improvement: Use "macOS" instead of "MacOS".

Correct the capitalization for consistency with Apple's branding.
- Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning.
+ Fix an issue where the disk usage system call used for telemetry would fail on macOS ARM machines with System Integrity Protection disabled, and then surface a warning.
12-12: Typographical improvement: Use en dashes for date ranges.

Consider using en dashes for numerical ranges or time ranges for consistency and clarity.
- ## 3.26.3 - 19 Aug 2024
+ ## 3.26.3 – 19 Aug 2024
Repeat this change for all similar instances.

Also applies to: 16-16, 20-20, 24-24, 29-29, 33-33, 37-37, 44-44, 49-49, 54-54, 58-58, 63-63, 67-67

Tools

LanguageTool

[typographical] ~12-~12: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 202b3b9 and ae01f80.

Files selected for processing (2)

CHANGELOG.md (1 hunks)
analyze/action.yml (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[grammar] ~10-~10: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

[typographical] ~12-~12: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~22-~22: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~29-~29: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~33-~33: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~54-~54: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~63-~63: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~67-~67: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Additional comments not posted (1)

analyze/action.yml (1)

37-41: Deprecation notice for add-snippets input is clear and informative.

The deprecation message provides a clear timeline and explanation for the removal of the add-snippets input.

coderabbitai

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (15)

CHANGELOG.md (15)
9-9: Use a hyphen for compound adjectives.

Change "user facing" to "user-facing" for clarity.

Apply this diff:
- No user facing changes.
+ No user-facing changes.
Tools

LanguageTool

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.4 - 21 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

11-11: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:
- ## 3.26.4 - 21 Aug 2024
+ ## 3.26.4 – 21 Aug 2024
Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

14-14: Correct capitalization of "macOS".

Change "MacOS" to "macOS" for correct capitalization.

Apply this diff:
- MacOS ARM machines
+ macOS ARM machines
Tools

LanguageTool

[grammar] ~14-~14: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

16-16: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:
- ## 3.26.3 - 19 Aug 2024
+ ## 3.26.3 – 19 Aug 2024
Tools

LanguageTool

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

20-20: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:
- ## 3.26.2 - 14 Aug 2024
+ ## 3.26.2 – 14 Aug 2024
Tools

LanguageTool

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

24-24: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:
- ## 3.26.1 - 13 Aug 2024
+ ## 3.26.1 – 13 Aug 2024
Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

26-26: Use a hyphen for compound adjectives.

Change "user facing" to "user-facing" for clarity.

Apply this diff:
- No user facing changes.
+ No user-facing changes.
Tools

LanguageTool

[uncategorized] ~26-~26: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

28-28: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:
- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024
Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

33-33: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:
- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024
Tools

LanguageTool

[typographical] ~33-~33: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

37-37: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:
- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024
Tools

LanguageTool

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

41-41: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:
- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024
Tools

LanguageTool

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

48-48: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:
- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024
Tools

LanguageTool

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

53-53: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:
- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024
Tools

LanguageTool

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

58-58: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:
- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024
Tools

LanguageTool

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

62-62: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:
- ## 3.25.9 - 12 Jun 2024
+ ## 3.25.9 – 12 Jun 2024
Tools

LanguageTool

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between ae01f80 and fd5fa13.

Files selected for processing (1)

CHANGELOG.md (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.4 - 21 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

[grammar] ~14-~14: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~26-~26: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~33-~33: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~67-~67: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

coderabbitai

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (10)

CHANGELOG.md (10)
9-9: Correct the operating system name to "macOS".

The term "MacOS" should be corrected to "macOS" for consistency with Apple's branding.

Apply this diff to correct the name:
- Fix an issue where the `csrutil` system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled.
+ Fix an issue where the `csrutil` system call used for telemetry would fail on macOS ARM machines with System Integrity Protection disabled.
Tools

LanguageTool

[grammar] ~9-~9: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

11-11: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:
- ## 3.26.4 - 21 Aug 2024
+ ## 3.26.4 – 21 Aug 2024
Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

14-14: Correct the operating system name to "macOS".

The term "MacOS" should be corrected to "macOS" for consistency with Apple's branding.

Apply this diff to correct the name:
- Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning.
+ Fix an issue where the disk usage system call used for telemetry would fail on macOS ARM machines with System Integrity Protection disabled, and then surface a warning.
Tools

LanguageTool

[grammar] ~14-~14: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

16-16: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:
- ## 3.26.3 - 19 Aug 2024
+ ## 3.26.3 – 19 Aug 2024
Tools

LanguageTool

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

20-20: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:
- ## 3.26.2 - 14 Aug 2024
+ ## 3.26.2 – 14 Aug 2024
Tools

LanguageTool

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

24-24: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:
- ## 3.26.1 - 13 Aug 2024
+ ## 3.26.1 – 13 Aug 2024
Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

26-26: Hyphenate compound adjectives.

The phrase "user facing" should be hyphenated as "user-facing" since it is a compound adjective.

Apply this diff to correct the phrase:
- No user facing changes.
+ No user-facing changes.
Tools

LanguageTool

[uncategorized] ~26-~26: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

28-28: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:
- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024
Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

33-33: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:
- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024
Tools

LanguageTool

[typographical] ~33-~33: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

37-37: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:
- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024
Tools

LanguageTool

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between fd5fa13 and 7e27807.

Files ignored due to path filters (3)

lib/environment.js.map is excluded by !**/*.map
lib/init-action.js.map is excluded by !**/*.map
lib/util.js.map is excluded by !**/*.map

Files selected for processing (4)

CHANGELOG.md (1 hunks)
lib/environment.js (1 hunks)
lib/init-action.js (13 hunks)
lib/util.js (33 hunks)

Files skipped from review as they are similar to previous changes (1)

lib/init-action.js

Additional context used

LanguageTool

CHANGELOG.md

[grammar] ~9-~9: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

[grammar] ~14-~14: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~26-~26: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~33-~33: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~67-~67: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Additional comments not posted (8)

lib/environment.js (1)

46-50: Addition of IS_SIP_ENABLED is clear and well-documented.

The new environment variable IS_SIP_ENABLED is appropriately added with a clear comment explaining its purpose related to MacOS System Integrity Protection.

lib/util.js (2)

868-870: cloneObject function is correctly implemented.

The function uses JSON serialization to create a deep copy of an object, which is suitable for objects without circular references.

871-898: checkSipEnablement function is well-implemented.

The function effectively checks and caches the SIP status on macOS, handling errors and logging warnings as needed.

Ensure that the csrutil status command is executed correctly across different macOS environments. Consider testing on various macOS versions to confirm consistent behavior.

CHANGELOG.md (5)

18-18: LGTM!

The changes made to fix the diagnostic messages on Windows look good.

22-22: LGTM!

The update to the default CodeQL bundle version looks good.

30-31: LGTM!

The deprecation notice and version bump look good.

35-35: LGTM!

The update to the default CodeQL bundle version looks good.

39-39: LGTM!

The introduction of the experimental start-proxy action looks good.

coderabbitai

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (2)

CHANGELOG.md (2)

13-13: Correct the spelling of "MacOS" to "macOS".

The operating system from Apple is written as "macOS".

Tools

LanguageTool

[grammar] ~13-~13: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

17-18: Correct the spelling of "MacOS" to "macOS".

The operating system from Apple is written as "macOS".

Tools

LanguageTool

[grammar] ~18-~18: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 7e27807 and 715faf4.

Files selected for processing (1)

CHANGELOG.md (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.5 - 23 Aug 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

[grammar] ~13-~13: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

[grammar] ~18-~18: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~30-~30: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~52-~52: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~57-~57: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Additional comments not posted (4)

CHANGELOG.md (4)

22-22: Entry is clear and well-documented.

The changelog entry provides a clear description of the fix and references the relevant pull request.

26-26: Entry is clear and well-documented.

The changelog entry provides a clear description of the update and references the relevant pull request.

34-35: Entry is clear and well-documented.

The changelog entry provides a clear description of the deprecation and version bump, with references to the relevant pull requests.

47-50: Entry is clear and well-documented.

The changelog entry provides a clear description of the changes and offers detailed guidance for users.

coderabbitai

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 715faf4 and 864b979.

Files ignored due to path filters (18)

lib/init-action.js.map is excluded by !**/*.map
node_modules/@eslint/js/package.json is excluded by !**/node_modules/**
node_modules/@nolyfill/is-core-module/LICENSE is excluded by !**/node_modules/**
node_modules/@nolyfill/is-core-module/index.d.ts is excluded by !**/node_modules/**
node_modules/@nolyfill/is-core-module/index.js is excluded by !**/node_modules/**
node_modules/@nolyfill/is-core-module/package.json is excluded by !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/array-type.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/array-type.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-generic-constructors.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-generic-constructors.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/enum-utils/shared.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/enum-utils/shared.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/init-declarations.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/init-declarations.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/member-ordering.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/member-ordering.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/shared.js is excluded by !**/dist/**, !**/node_modules/**
node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/shared.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map

Files selected for processing (1)

lib/init-action.js (14 hunks)

Files skipped from review as they are similar to previous changes (1)

lib/init-action.js

coderabbitai

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 864b979 and b8efe4d.

Files selected for processing (1)

lib/api-compatibility.json (1 hunks)

Files skipped from review as they are similar to previous changes (1)

lib/api-compatibility.json

coderabbitai

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between b8efe4d and 7233ec5.

Files selected for processing (2)

CHANGELOG.md (1 hunks)
lib/defaults.json (1 hunks)

Files skipped from review due to trivial changes (1)

lib/defaults.json

Additional context used

LanguageTool

CHANGELOG.md

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

[grammar] ~13-~13: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

[grammar] ~18-~18: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~30-~30: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~52-~52: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~57-~57: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Additional comments not posted (12)

CHANGELOG.md (12)

9-10: Update default CodeQL bundle version to 2.18.3.

This entry clearly communicates the update of the default CodeQL bundle version. The link to the pull request provides additional context.

13-14: Fix telemetry system call issue on macOS ARM machines.

This change addresses a specific issue with the csrutil system call on macOS ARM machines. The entry is clear and includes a link to the relevant pull request.

Tools

LanguageTool

[grammar] ~13-~13: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

17-18: Deprecate the add-snippets input on the analyze action.

This entry clearly marks the deprecation of the add-snippets input and provides a timeline for its removal. It is well-documented with a link to the pull request.

Tools

LanguageTool

[grammar] ~18-~18: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

22-23: Fix diagnostic message writing issue on Windows.

This entry addresses a fix for an issue where the CodeQL Action could not write diagnostic messages on Windows. The issue's impact on analysis quality is also clarified.

26-27: Update default CodeQL bundle version to 2.18.2.

Another version update for the CodeQL bundle is documented here. The change is straightforward and includes a link for more details.

34-35: Deprecate Swift analysis on Ubuntu runner images.

This entry informs users about the deprecation of Swift analysis on Ubuntu runners and advises migration to macOS runners. It is clear and actionable.

43-44: Introduce experimental start-proxy action.

This entry introduces a new experimental feature. It is clearly marked as experimental and not for production use, providing users with appropriate warnings.

47-50: Add deprecation warning for outdated CodeQL versions.

This entry effectively communicates critical deprecation warnings for older CodeQL versions, providing clear instructions for users on how to update or maintain their current setup.

54-55: Improve reliability and performance for compiled languages.

This entry highlights improvements in reliability and performance for analyzing compiled languages, which is a significant update for users working with these languages.

59-60: Handle errors during debug artifact uploads more gracefully.

This change aims to improve the user experience by avoiding workflow failures in case of errors during debug artifact uploads. It's a useful update for users relying on these artifacts for troubleshooting.

68-69: Enhance database creation robustness.

This entry addresses improvements in the database creation process, specifically aimed at handling unexpected files in the database folder. It includes measures to clean up the database directory, which is a practical enhancement for maintaining consistency.

76-76: Reduce Actions cache usage by managing TRAP cache.

This entry announces a feature rollout aimed at reducing the Actions cache usage by managing the TRAP cache more efficiently. It's a significant update for users concerned with resource management.

coderabbitai

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (16)

CHANGELOG.md (16)
11-11: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.26.6 - 29 Aug 2024
+## 3.26.6 – 29 Aug 2024
Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

15-17: Use an en dash for date ranges and correct "MacOS" to "macOS".

Consider using an en dash for the date range and correcting "MacOS" to "macOS" to improve readability and accuracy.
-## 3.26.5 - 23 Aug 2024
+## 3.26.5 – 23 Aug 2024

- Fix an issue where the `csrutil` system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled.
+ Fix an issue where the `csrutil` system call used for telemetry would fail on macOS ARM machines with System Integrity Protection disabled.
Tools

LanguageTool

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

[grammar] ~17-~17: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

19-22: Use an en dash for date ranges and correct "MacOS" to "macOS".

Consider using an en dash for the date range and correcting "MacOS" to "macOS" to improve readability and accuracy.
-## 3.26.4 - 21 Aug 2024
+## 3.26.4 – 21 Aug 2024

- Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines.
+ Fix an issue where the disk usage system call used for telemetry would fail on macOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines.
Tools

LanguageTool

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

[grammar] ~22-~22: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

24-26: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.26.3 - 19 Aug 2024
+## 3.26.3 – 19 Aug 2024
Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

28-28: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.26.2 - 14 Aug 2024
+## 3.26.2 – 14 Aug 2024
Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

32-34: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.26.1 - 13 Aug 2024
+## 3.26.1 – 13 Aug 2024
Tools

LanguageTool

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~34-~34: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

36-39: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.26.0 - 06 Aug 2024
+## 3.26.0 – 06 Aug 2024
Tools

LanguageTool

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

41-41: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.25.15 - 26 Jul 2024
+## 3.25.15 – 26 Jul 2024
Tools

LanguageTool

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

45-47: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.25.14 - 25 Jul 2024
+## 3.25.14 – 25 Jul 2024
Tools

LanguageTool

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

49-51: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.25.13 - 19 Jul 2024
+## 3.25.13 – 19 Jul 2024
Tools

LanguageTool

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

56-58: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.25.12 - 12 Jul 2024
+## 3.25.12 – 12 Jul 2024
Tools

LanguageTool

[typographical] ~56-~56: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

61-63: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.25.11 - 28 Jun 2024
+## 3.25.11 – 28 Jun 2024
Tools

LanguageTool

[typographical] ~61-~61: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

66-68: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.25.10 - 13 Jun 2024
+## 3.25.10 – 13 Jun 2024
Tools

LanguageTool

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

70-72: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.25.9 - 12 Jun 2024
+## 3.25.9 – 12 Jun 2024
Tools

LanguageTool

[typographical] ~70-~70: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

75-77: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.25.8 - 04 Jun 2024
+## 3.25.8 – 04 Jun 2024
Tools

LanguageTool

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

79-80: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.
-## 3.25.7 - 31 May 2024
+## 3.25.7 – 31 May 2024
Tools

LanguageTool

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 7233ec5 and b43ac1c.

Files selected for processing (1)

CHANGELOG.md (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.6 - 29 Aug 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

[grammar] ~17-~17: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

[grammar] ~22-~22: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~34-~34: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~56-~56: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~61-~61: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~70-~70: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

coderabbitai

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between b43ac1c and 821ab42.

Files ignored due to path filters (5)

lib/codeql.js.map is excluded by !**/*.map
lib/init-action.js.map is excluded by !**/*.map
lib/setup-codeql.js.map is excluded by !**/*.map
lib/setup-codeql.test.js.map is excluded by !**/*.map
lib/tar.js.map is excluded by !**/*.map

Files selected for processing (7)

.github/actions/prepare-test/action.yml (3 hunks)
.github/workflows/__test-local-codeql.yml (4 hunks)
lib/codeql.js (27 hunks)
lib/init-action.js (15 hunks)
lib/setup-codeql.js (11 hunks)
lib/setup-codeql.test.js (2 hunks)
lib/tar.js (1 hunks)

Files skipped from review as they are similar to previous changes (3)

.github/actions/prepare-test/action.yml
.github/workflows/__test-local-codeql.yml
lib/setup-codeql.test.js

Additional context used

Biome

lib/tar.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

Additional comments not posted (13)

lib/tar.js (2)
2-24: Utility functions for module handling are well-implemented.

The utility functions for creating bindings and setting module defaults are implemented with compatibility in mind, providing both modern and fallback methods.

The implementation is robust and ensures compatibility across environments.

Tools

Biome

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

33-92: Core tar handling functions are well-implemented but consider enhancing error messages.

The functions for handling tar versions and checking zstd availability are crucial and well-implemented. Consider adding more descriptive error messages to improve debugging and user experience.

The logic and structure are correct. Suggest enhancing error messages for better clarity:
- throw new Error("Unknown tar version");
+ throw new Error("Unknown tar version. Please ensure the tar utility is installed and accessible.");
lib/setup-codeql.js (1)
Line range hint 370-434: Enhancements to the downloadCodeQL function improve robustness.

The modifications to the downloadCodeQL function enhance its ability to handle different scenarios and compression methods effectively. Consider adding more specific error handling for network issues to further improve robustness.

The changes are well-thought-out and improve the function's flexibility and error handling. Suggest adding specific catch blocks for network-related errors to provide clearer user guidance:
+ catch (networkError) {
+   logger.error("Network error occurred during download: " + networkError.message);
+   throw networkError;
+ }
lib/init-action.js (1)
Line range hint 48-382: Updated sendCompletedStatusReport function enhances status reporting.

The updates to the sendCompletedStatusReport function improve the detail and accuracy of the status reports by including more configuration data and a more detailed download status. Consider adding validation for the new fields to ensure data integrity.

The changes are beneficial and enhance the functionality of the status reporting. Suggest adding validation checks for the new fields to ensure the integrity of the data being reported:
+ if (!validateConfigFields(config)) {
+   throw new Error("Invalid configuration data");
+ }
lib/codeql.js (9)
66-66: Approved: Updated CODEQL_MINIMUM_VERSION.

The update from "2.12.6" to "2.13.5" aligns with the PR's objective to increase the minimum required CodeQL bundle version.

70-70: Approved: Updated CODEQL_NEXT_MINIMUM_VERSION.

The update from "2.12.6" to "2.13.5" aligns with the PR's objective to prepare for future minimum version requirements.

74-74: Approved: Updated GHES_VERSION_MOST_RECENTLY_DEPRECATED.

The update from "3.8" to "3.9" aligns with the PR's objective to keep the toolchain up to date with the latest GHES versions.

78-78: Approved: Updated GHES_MOST_RECENT_DEPRECATION_DATE.

The update from "2024-03-26" to "2024-07-09" aligns with the PR's objective to reflect the new deprecation schedule.

Line range hint 123-135: Approved: Enhanced return value in setupCodeQL.

The change from toolsDownloadDurationMs to toolsDownloadStatusReport likely provides more detailed information about the tool download process, enhancing the function's utility.

Line range hint 469-512: Approved: Streamlined databaseInterpretResults.

The removal of unnecessary checks related to invalid notifications simplifies the function and potentially improves performance.

285-291: Approved: Enhanced flexibility in getCodeQLForCmd.

The addition of overwriteFlag logic allows dynamic determination of overwrite options based on feature support, enhancing the flexibility of command execution.

Line range hint 256-291: Approved: Simplified databaseInitCluster function signature.

The removal of the features parameter simplifies the function signature. Verify that this change does not negatively impact how feature flags are managed within the application.

Verification successful

Removal of features parameter is safe and well-tested.

The databaseInitCluster function is thoroughly tested in lib/codeql.test.js, covering various configurations. This indicates that the removal of the features parameter is unlikely to negatively impact feature flag management. The tests would catch any issues if they existed.

Files to note:

lib/init.js

lib/codeql.test.js
Scripts executed

The following scripts were executed for the analysis:

Script:
#!/bin/bash
# Description: Verify the impact of removing the `features` parameter on feature flag management.

# Test: Search for the function usage. Expect: No adverse effects on feature flag management.
rg --type javascript -A 5 $'databaseInitCluster'
Length of output: 82

Script:
#!/bin/bash
# Description: Verify the impact of removing the `features` parameter on feature flag management.

# Test: Search for the function usage. Expect: No adverse effects on feature flag management.
rg --type js -A 5 $'databaseInitCluster'
Length of output: 4258
33-35: Approved: Streamlined exports in codeql.js.

The removal of several functions from exports likely indicates a refactoring effort to streamline the module's public API, potentially improving maintainability. Verify that this change does not negatively impact the module's usability.

coderabbitai · 2024-08-30T10:52:11Z

lib/tar.js

@@ -0,0 +1,112 @@
+"use strict";


Remove redundant 'use strict' directive.

The 'use strict' directive is unnecessary in ES6 modules as they are strict by default.

Remove the line to clean up the code:

- "use strict";

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"use strict";

Tools

Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

…er-versions Update supported GitHub Enterprise Server versions

adjust string for handling rate limit error

coderabbitai

Actionable comments posted: 3

🧹 Nitpick comments (63)

.github/workflows/script/prepare_changelog.py (3)
20-20: Unused loop variable detected.

The loop variable i is not used in the loop body. Consider renaming it to _i or using just _ to indicate it's intentionally unused.
- for i, line in enumerate(lines):
+ for _, line in enumerate(lines):
🧰 Tools

🪛 Ruff (0.8.2)

20-20: Loop control variable i not used within loop body

Rename unused i to _i

(B007)

14-16: Add error handling for file operations.

The file opening operation lacks error handling. Consider using a try-except block to catch potential exceptions like PermissionError when opening the file.
  else:
-    with open('CHANGELOG.md', 'r') as f:
-      lines = f.readlines()
+    try:
+      with open('CHANGELOG.md', 'r') as f:
+        lines = f.readlines()
+    except (IOError, PermissionError) as e:
+      print(f"Error reading changelog file: {e}")
+      return EMPTY_CHANGELOG
33-35: Add more descriptive error message for command-line arguments.

The error message when command-line arguments are missing doesn't clearly explain what parameters are expected.
- raise Exception('Expecting argument: changelog_file version_tag')
+ raise Exception('Usage: python prepare_changelog.py <path_to_changelog_file> <version_tag>')
actions-extractor/codeql-extractor.yml (1)

4-4: Consider semver conventions for version numbering.

While 0.0.1 is appropriate for an initial implementation, consider adopting semantic versioning (semver) conventions for future releases to communicate the nature of changes more effectively.
actions-extractor/tools/autobuild-impl.ps1 (1)
37-40: Consider enhancing error reporting.

While the error handling is present, it could be improved by capturing and including the actual error output from the JavaScript autobuilder.
-&$JavaScriptAutoBuild
-if ($LASTEXITCODE -ne 0) {
-    throw "JavaScript autobuilder failed."
-}
+$output = & $JavaScriptAutoBuild 2>&1
+if ($LASTEXITCODE -ne 0) {
+    throw "JavaScript autobuilder failed with exit code $LASTEXITCODE. Error: $output"
+}
lib/init-action-post.js (2)
23-31: Consider adding comments to explain the ownKeys function

The newly added ownKeys function implementation is complex and would benefit from comments explaining its purpose and how it determines the appropriate method to obtain property names.
 var __importStar = (this && this.__importStar) || (function () {
+    // Helper function to get all own property names of an object
+    // Falls back to iterating over properties if Object.getOwnPropertyNames is not available
     var ownKeys = function(o) {
         ownKeys = Object.getOwnPropertyNames || function (o) {
             var ar = [];
             for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
             return ar;
         };
         return ownKeys(o);
     };
33-33: Use optional chaining for safer code

The static analysis tool suggests using optional chaining which would make the code more robust.
-        if (mod && mod.__esModule) return mod;
+        if (mod?..__esModule) return mod;
🧰 Tools

🪛 Biome (1.9.4)

[error] 33-33: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)
.github/workflows/test-codeql-bundle-all.yml (1)
45-46: Remove trailing spaces in line 46

There are trailing spaces at the end of line 46 that should be removed for consistency.
-        languages: cpp,csharp,go,java,javascript,python,ruby 
+        languages: cpp,csharp,go,java,javascript,python,ruby
🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 46-46: trailing spaces

(trailing-spaces)
.github/workflows/__autobuild-direct-tracing-with-working-dir.yml (1)
69-69: Use -n instead of ! -z for better shell script style

For better shell script style and readability, use -n instead of ! -z when checking if a variable is not empty.
-          if [[ ! -z "${CODEQL_RUNNER}" ]]; then
+          if [[ -n "${CODEQL_RUNNER}" ]]; then
.github/workflows/debug-artifacts-failure-safe.yml (1)
94-94: Add comment explaining special treatment for Go language

The script has a special condition for the Go language, but it's not clear why Go is treated differently. Adding a comment would improve code readability.
-              if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then
+              # Skip checking language/log directory for Go as it has a different logging structure
+              if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then
lib/feature-flags.test.js (2)
18-34: Consider optional chaining.
The statement at line 28 could be simplified by using optional chaining, though this is purely stylistic and non-blocking.
- if (mod && mod.__esModule) return mod;
+ if (mod?.__esModule) return mod;
🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

68-81: Potential negative test cases.
You might consider adding negative tests (e.g., handling a 404 from Proxima, invalid JSON) to increase robustness.
CONTRIBUTING.md (2)
30-30: Use hyphen in “up to date.”
Consider using “up-to-date” if treating it as a single adjective.
- ...not up to date. ...
+ ...not up-to-date. ...
🧰 Tools

🪛 LanguageTool

[uncategorized] ~30-~30: It appears that hyphens are missing in the adjective “up-to-date”.
Context: ...f any of the compiled artifacts are not up to date. Compiled artifacts are stored in the `...

(UP_TO_DATE_HYPHEN)

77-79: Simplify phrasing.
“In order to maintain” can be shortened to “To maintain” for clarity.
- ...in order to maintain...
+ ...to maintain...
🧰 Tools

🪛 LanguageTool

[style] ~79-~79: Consider a shorter alternative to avoid wordiness.
Context: ...ently supported major version branches, in order to maintain the same set of names for requ...

(IN_ORDER_TO_PREMIUM)
lib/dependency-caching.js (3)
1-1: Redundant "use strict".
This file is an ES module, so "use strict"; is unnecessary.
- "use strict";
🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

28-28: Optional chaining suggestion.
Consider using optional chaining here for cleaner code, though it’s not strictly required.
- if (mod && mod.__esModule) return mod;
+ if (mod?.__esModule) return mod;
🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

94-122: Restore cache loop clarity.
Your loop and log statements give good feedback about which caches are found. Might also handle potential partial hits or fallback logic (e.g., fallback to language-agnostic cache?).
lib/codeql.test.js (1)
74-74: Consider naming the boolean parameter.
Passing an inline false literal can reduce clarity. Consider using a named parameter or an options object.
-        : testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        : testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, /* isPinned? */ false);
.github/actions/check-codescanning-config/index.ts (1)
10-11: Enhanced error handling with better failure signaling

The change from core.info() to core.setFailed() provides clearer feedback when no expected configuration is provided, properly marking the action as failed rather than just logging a message.

However, notice that after setting the action as failed, execution continues to the assertion check on line 20-24, which will either:

Pass silently if actualConfig is also undefined

Throw a different error if actualConfig exists

Consider adding an early return after setFailed() to prevent further execution:
if (!rawExpectedConfig) {
  core.setFailed('No expected configuration provided')
+  return
} else {
.github/dependabot.yml (1)
19-22: Dependency maintenance for broken plugin

Good addition of the ignore rule for eslint-plugin-import with appropriate comments explaining the rationale.

However, there's a trailing space at the end of line 19.

Remove the trailing space:
-      # This is broken due to the way configuration files have changed. 
+      # This is broken due to the way configuration files have changed.
🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 19-19: trailing spaces

(trailing-spaces)
lib/fingerprints.test.js (1)
18-34: Improved module import handling with more robust property enumeration

The updated __importStar implementation introduces a more thorough approach to retrieving an object's own properties, with a proper fallback mechanism.

Consider implementing the optional chaining suggestion from the static analysis tool:
-        if (mod && mod.__esModule) return mod;
+        if (mod?.__ esModule) return mod;
🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)
lib/api-client.test.js (1)
18-34: Improved module import handling for better compatibility

The updated __importStar implementation matches the changes in fingerprints.test.js, providing a more robust approach to module imports. The consistency across files is good for maintainability.

Consider implementing the optional chaining suggestion from the static analysis tool:
-        if (mod && mod.__esModule) return mod;
+        if (mod?.__ esModule) return mod;
🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)
lib/diff-filtering-utils.js (4)
1-1: Remove redundant 'use strict' directive

The 'use strict' directive is redundant in ES modules as they are automatically in strict mode.
-"use strict";
🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

28-28: Use optional chaining for more concise code

Consider using optional chaining for a more modern and concise approach.
-        if (mod && mod.__esModule) return mod;
+        if (mod?.__esModule) return mod;
🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

44-49: Ensure error handling for file write operations

The writeDiffRangesJsonFile function doesn't handle potential errors when writing to the file system, which could fail due to permissions or disk space issues.
function writeDiffRangesJsonFile(logger, ranges) {
    const jsonContents = JSON.stringify(ranges, null, 2);
    const jsonFilePath = getDiffRangesJsonFilePath();
-    fs.writeFileSync(jsonFilePath, jsonContents);
-    logger.debug(`Wrote pr-diff-range JSON file to ${jsonFilePath}:\n${jsonContents}`);
+    try {
+        fs.writeFileSync(jsonFilePath, jsonContents);
+        logger.debug(`Wrote pr-diff-range JSON file to ${jsonFilePath}:\n${jsonContents}`);
+    } catch (error) {
+        logger.warning(`Failed to write pr-diff-range JSON file: ${error.message}`);
+    }
}
50-59: Add error handling for JSON parsing

The readDiffRangesJsonFile function should handle potential JSON parsing errors that could occur with malformed JSON.
function readDiffRangesJsonFile(logger) {
    const jsonFilePath = getDiffRangesJsonFilePath();
    if (!fs.existsSync(jsonFilePath)) {
        logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`);
        return undefined;
    }
    const jsonContents = fs.readFileSync(jsonFilePath, "utf8");
    logger.debug(`Read pr-diff-range JSON file from ${jsonFilePath}:\n${jsonContents}`);
-    return JSON.parse(jsonContents);
+    try {
+        return JSON.parse(jsonContents);
+    } catch (error) {
+        logger.warning(`Failed to parse pr-diff-range JSON file: ${error.message}`);
+        return undefined;
+    }
}
lib/autobuild-action.js (1)
28-28: Consider using optional chaining for better readability

The static analysis tool suggests using optional chaining here which could make the code more concise.
-        if (mod && mod.__esModule) return mod;
+        if (mod?.___esModule) return mod;
🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)
lib/git-utils.test.js (3)
1-1: Remove redundant 'use strict' directive

JavaScript modules are automatically in strict mode, making this directive unnecessary.
-"use strict";
🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

28-34: Consider using optional chaining

Replace the conditional check with optional chaining for more concise code.
-        if (mod && mod.__esModule) return mod;
+        return mod?.__esModule ? mod : { ...result };
🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

35-37: Consider using optional chaining

Replace the conditional check with optional chaining for more concise code.
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return mod?.__esModule ? mod : { "default": mod };
+};
🧰 Tools

🪛 Biome (1.9.4)

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)
.github/workflows/__extract-direct-to-toolcache.yml (1)
25-93: Job steps and toolcache verification logic are well-constructed.

The matrix strategy over macOS, Ubuntu, and Windows is correctly defined.

The step to remove any existing CodeQL installation (using fs.rmdirSync with recursive deletion) works as intended, although you may consider a try-catch block for improved robustness if the directory is absent.

Installing the @actions/tool-cache package and verifying its state via findAllVersions is a solid approach to ensure a clean environment.

The initialization and analysis steps correctly leverage custom actions and environment variables.

Suggestion: Consider wrapping the removal of the CodeQL directory in a try-catch (or checking for existence) to prevent potential runtime errors if the directory does not exist.

Example diff snippet:
-            fs.rmdirSync(codeqlPath, { recursive: true });
+            if (fs.existsSync(codeqlPath)) {
+              fs.rmdirSync(codeqlPath, { recursive: true });
+            }
lib/database-upload.js (1)
18-34: Refactored __importStar function

The implementation now uses a helper function ownKeys to better retrieve property names from module objects.

Consider using optional chaining for a more modern approach:
-        if (mod && mod.__esModule) return mod;
+        if (mod?.__esModule) return mod;
🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)
.github/workflows/__zstd-bundle.yml (2)

52-61: Validate CodeQL Tool Cache Removal

In the "Remove CodeQL from toolcache" step, consider using fs.existsSync(codeqlPath) instead of checking if (codeqlPath !== undefined). This change ensures that the directory actually exists before attempting removal, reducing the risk of runtime errors.

83-87: Enhance Error Handling for SARIF Parsing

Wrap the JSON.parse call in a try-catch block to gracefully handle potential errors if the SARIF file is malformed or unreadable. This will improve the robustness of the diagnostic check.
.github/workflows/__test-proxy.yml (1)
41-52: GitHub CLI setup steps added for container environment

Good addition of GitHub CLI setup for containers that don't have it pre-installed. The comment explains clearly why this is needed - to find the latest CodeQL release.

However, there's an empty env section at the end that could be removed.
  apt install -y gh
- env: {}
🧰 Tools

🪛 actionlint (1.7.4)

52-52: env should not be empty. please remove this section if it's unnecessary

(syntax-check)
lib/analyze.test.js (1)
18-34: Enhanced __importStar implementation with improved property retrieval

The __importStar function has been updated with a more robust implementation for retrieving object properties. The new implementation includes a custom ownKeys function that provides a fallback when Object.getOwnPropertyNames is not available.

However, there's a potential improvement opportunity based on the static analysis hint:
- if (mod && mod.__esModule) return mod;
+ if (mod?.esModule) return mod;
This would use an optional chain which is safer and more modern.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)
CHANGELOG.md (2)
7-7: Compound Adjective Consistency – Line 7
It looks like the phrase "No user facing changes." is intended to be a compound adjective modifying “changes.” Consider updating it to "No user‐facing changes." to improve clarity.
[typographical]

🧰 Tools

🪛 LanguageTool

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.10 - 21 Feb 2025 - U...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

9-14: Typographical Consistency for Date Ranges – Lines 9-14
In changelog headings such as "## 3.28.10 - 21 Feb 2025", consider using an en dash (–) rather than a hyphen (-) to separate the version and date (e.g. "## 3.28.10 – 21 Feb 2025"). This subtle typographical improvement enhances readability and aligns with best practices.
Example fix:
-## 3.28.10 - 21 Feb 2025
+## 3.28.10 – 21 Feb 2025
[typographical]

🧰 Tools

🪛 LanguageTool

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)
lib/caching-utils.js (1)
1-1: Remove redundant 'use strict' directive.

Within modern JavaScript modules (including TypeScript-compiled modules), strict mode is automatically enforced. You can safely remove the 'use strict' directive without affecting functionality.
- "use strict";
🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)
lib/database-upload.test.js (1)
18-34: Improved module property collection with helper function

The __importStar function has been enhanced with a new ownKeys helper function that provides a more robust way to retrieve object properties. This implementation handles cases where Object.getOwnPropertyNames might not be available.

Consider using optional chaining on line 28 for more concise code:
-        if (mod && mod.__esModule) return mod;
+        if (mod?.__esModule) return mod;
🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)
.github/workflows/post-release-mergeback.yml (1)
120-120: Missing quotes in Python script command

The Python script command is missing quotes around arguments, which could cause issues with file paths containing spaces.

Fix by adding quotes around the arguments:
-  python .github/workflows/script/prepare_changelog.py CHANGELOG.md "$VERSION" > $PARTIAL_CHANGELOG
+  python .github/workflows/script/prepare_changelog.py "CHANGELOG.md" "$VERSION" > "$PARTIAL_CHANGELOG"
🧰 Tools

🪛 actionlint (1.7.4)

120-120: shellcheck reported issue in this script: SC2086:info:1:80: Double quote to prevent globbing and word splitting

(shellcheck)

120-120: shellcheck reported issue in this script: SC2086:info:4:5: Double quote to prevent globbing and word splitting

(shellcheck)
lib/config-utils.test.js (1)
27-28: Consider using optional chaining for better readability

The mod checking could be simplified using optional chaining.
-        if (mod && mod.__esModule) return mod;
+        if (mod?.esModule) return mod;
🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)
README.md (2)
19-37: Well-structured documentation addition for Actions

The new "Actions" section provides clear information about the different actions available in the repository, their purposes, and links to their definitions. This enhances usability by giving users a central reference for available actions.

However, there's some terminology inconsistency between "analyses" and "analyze" throughout this section.

Consider standardizing terminology by consistently using either "analyses" or "analysis" throughout the documentation:
-Actions for CodeQL analyses:
+Actions for CodeQL analysis:

-Actions for uploading analyses generated by third-party tools:
+Actions for uploading analysis generated by third-party tools:
🧰 Tools

🪛 LanguageTool

[uncategorized] ~21-~21: Do not mix variants of the same word (‘analyse’ and ‘analyze’) within a single text.
Context: ...tory also allow you to upload to GitHub analyses generated by any SARIF-producing SAST t...

(EN_WORD_COHERENCY)

[uncategorized] ~23-~23: Do not mix variants of the same word (‘analyse’ and ‘analyze’) within a single text.
Context: ...roducing SAST tool. Actions for CodeQL analyses: - init: Sets up CodeQL for analysis...

(EN_WORD_COHERENCY)

[uncategorized] ~25-~25: Loose punctuation mark.
Context: ... Actions for CodeQL analyses: - init: Sets up CodeQL for analysis. For inform...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~26-~26: Loose punctuation mark.
Context: .../blob/main/init/action.yml). - analyze: Finalizes the CodeQL database, runs the...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~28-~28: Do not mix variants of the same word (‘analyse’ and ‘analyze’) within a single text.
Context: ...yze/action.yml). Actions for uploading analyses generated by third-party tools: - `upl...

(EN_WORD_COHERENCY)

[uncategorized] ~30-~30: Loose punctuation mark.
Context: ... by third-party tools: - upload-sarif: Uploads a SARIF file to Code Scanning. ...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~34-~34: Loose punctuation mark.
Context: ...kely to be used directly: - autobuild: Attempts to automatically build the cod...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~35-~35: Loose punctuation mark.
Context: ...ild/action.yml). - resolve-environment: [Experimental] Attempts to infer a buil...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~36-~36: Loose punctuation mark.
Context: ...environment/action.yml). - start-proxy: [Experimental] Start the HTTP proxy ser...

(UNLIKELY_OPENING_PUNCTUATION)

47-47: Minor grammatical improvement opportunity

There's a split infinitive in this line that could be improved for better readability.
-The database will be created by attempting to automatically build the source code.
+The database will be created by attempting to build the source code automatically.
🧰 Tools

🪛 LanguageTool

[uncategorized] ~47-~47: Loose punctuation mark.
Context: ...d some compiled languages. - autobuild: The database will be created by attempt...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~47-~47: Style-wise, it’s not ideal to insert an adverb (‘automatically’) in the middle of an infinitive construction (‘to build’). Try moving the adverb to avoid split infinitives.
Context: ...build`: The database will be created by attempting to automatically build the source code. Available for all compiled languages. ...

(SPLIT_INFINITIVE)
lib/fingerprints.js (2)
213-213: Error information is discarded in catch block

The catch block has been modified to remove the error parameter, which means error information is discarded.

While this doesn't affect functionality since the error isn't being used, it's generally good practice to capture error information for potential debugging:
-    catch {
+    catch (e) {
28-28: Opportunity to use optional chaining

The static analysis tool suggests using optional chaining for better readability.

Consider using optional chaining to simplify these conditionals:
-        if (mod && mod.__esModule) return mod;
+        if (mod?.__esModule) return mod;

-    return (mod && mod.__esModule) ? mod : { "default": mod };
+    return (mod?.__esModule) ? mod : { "default": mod };
Also applies to: 36-36

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)
lib/debug-artifacts.js (1)

58-58: Potential edge case in sanitizeArtifactName.
If the input is all invalid characters, it could produce an empty string. Consider adding a fallback for this scenario.

lib/init-action.js (1)

59-115: Consider splitting out large logic into smaller helper functions.
The sendCompletedStatusReport function includes significant branching and data collection. For improved readability and maintainability, consider extracting smaller helper functions or objects that handle specific logic (e.g., constructing pack objects, building the report payload, etc.).
lib/cli-errors.js (3)
143-145: Use a regular expression literal instead of the RegExp constructor.
Regular expression literals enable better static analysis and are more concise than new RegExp("pattern").
-        cliErrorMessageCandidates: [new RegExp("Could not create temp directory")],
+        cliErrorMessageCandidates: [/Could not create temp directory/],
🧰 Tools

🪛 Biome (1.9.4)

[error] 144-144: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

174-178: Use a regular expression literal here as well.
Following lint guidelines will aid readability and maintainability.
-            new RegExp("Specifier for external repository is invalid"),
+            /Specifier for external repository is invalid/,
🧰 Tools

🪛 Biome (1.9.4)

[error] 176-176: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

231-235: Replace RegExp constructors with regex literals.
Adopting regex literals is a good practice and helps static analyzers identify potential issues more reliably.
-            new RegExp("GitHub Container registry .* 403 Forbidden"),
-            new RegExp("Do you need to specify a token to authenticate to the registry?"),
+            /GitHub Container registry .* 403 Forbidden/,
+            /Do you need to specify a token to authenticate to the registry?/,
🧰 Tools

🪛 Biome (1.9.4)

[error] 232-232: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

[error] 233-233: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)
lib/api-client.js (3)
18-34: Consider using optional chaining for improved readability.

Static analysis suggested using an optional chain to simplify checks around mod && mod.__esModule. While not strictly necessary, switching to optional chaining can make the code more concise and arguably clearer:
-if (mod && mod.__esModule) return mod;
+if (mod?.__esModule) return mod;
🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

95-95: Re-check the need to disable ESLint rule.

Adding // eslint-disable-next-line @typescript-eslint/no-unsafe-call might hide legitimate type issues. If feasible, consider fixing the underlying type definition instead of disabling this rule to ensure consistent type safety.

209-209: Extended error handling appears correct.

This additional check for rate limit and missing references is a sensible step to wrap errors. You might consider also logging the exact status code when available for more precise debugging.
lib/git-utils.js (2)
1-1: Remove redundant "use strict".

In ES modules (or transpiled TypeScript outputs), 'use strict'; is automatically applied. Removing it eliminates unnecessary clutter:
- "use strict";
🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

2-34: Optional chaining could simplify the import logic.

Similar to the behavior in lib/api-client.js, optional chaining can streamline the check around mod && mod.__esModule. If the current approach is part of a known polyfill pattern, feel free to keep it as-is. Otherwise, consider:
-if (mod && mod.__esModule) return mod;
+if (mod?.__esModule) return mod;
🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)
lib/analyze-action.js (3)
124-124: Consider documenting the new function.
A brief JSDoc or code comment can help clarify the purpose and usage of this function.

164-171: Potential performance consideration with the 'delete' operator.
Although removing environment variables is valid, repeated usage of the delete operator in tight loops can affect performance. Consider setting them to undefined if complete removal is not strictly required.
- delete process.env.CODEQL_PROXY_HOST;
- delete process.env.CODEQL_PROXY_PORT;
- delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
+ process.env.CODEQL_PROXY_HOST = undefined;
+ process.env.CODEQL_PROXY_PORT = undefined;
+ process.env.CODEQL_PROXY_CA_CERTIFICATE = undefined;
🧰 Tools

🪛 Biome (1.9.4)

[error] 167-167: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

[error] 168-168: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

[error] 169-169: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

197-199: Optional chaining could simplify this conditional.
Using optional chaining avoids nested checks for presence of pull_request.
- const pull_request = github.context.payload.pull_request;
- const diffRangePackDir = pull_request &&
-   (await (0, analyze_1.setupDiffInformedQueryRun)(
-     pull_request.base.ref,
-     pull_request.head.label,
-     codeql,
-     logger,
-     features
-   ));
+ const pull_request = github.context.payload?.pull_request;
+ const diffRangePackDir = pull_request?.base?.ref &&
+   (await (0, analyze_1.setupDiffInformedQueryRun)(
+     pull_request.base.ref,
+     pull_request.head.label,
+     codeql,
+     logger,
+     features
+   ));
lib/codeql.js (1)
18-34: Consider using optional chaining
The static analyzer suggests replacing if (mod && mod.__esModule) with an optional chain. If this code is auto-generated or intentionally matches TypeScript output, you may safely ignore. Otherwise, here’s a possible refinement:
- if (mod && mod.__esModule) return mod;
+ if (mod?.__esModule) return mod;
🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)
lib/analyze.js (3)
28-28: Consider optional chaining to simplify the condition.

The static analysis tool suggests using optional chaining here (mod?.__esModule) to reduce complexity. However, if this snippet is auto-generated code, manually modifying it might lead to unexpected side effects. If it’s under your control, you can safely adopt optional chaining.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

126-129: Consider logging the actual error object.

Catching without referencing the error prevents insights into the specific failure’s cause. Logging the exception or including it in the warning message may aid debugging.
     ...
-} catch {
+} catch (error) {
     logger.warning(\`Could not check whether database for \${language} was finalized. Assuming it is not.\`);
     return false;
 }
315-319: Remove the unnecessary continue statement.

The loop body does nothing after incrementing currentLine. You can safely remove the continue; to simplify the logic.
        if (diffLine.startsWith(" ")) {
            currentLine++;
-           continue;
        }
🧰 Tools

🪛 Biome (1.9.4)

[error] 318-318: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 821ab42 and 911d845.

⛔ Files ignored due to path filters (122)

lib/actions-util.js.map is excluded by !**/*.map
lib/actions-util.test.js.map is excluded by !**/*.map
lib/analyze-action-env.test.js.map is excluded by !**/*.map
lib/analyze-action-input.test.js.map is excluded by !**/*.map
lib/analyze-action-post-helper.js.map is excluded by !**/*.map
lib/analyze-action-post-helper.test.js.map is excluded by !**/*.map
lib/analyze-action-post.js.map is excluded by !**/*.map
lib/analyze-action.js.map is excluded by !**/*.map
lib/analyze.js.map is excluded by !**/*.map
lib/analyze.test.js.map is excluded by !**/*.map
lib/api-client.js.map is excluded by !**/*.map
lib/api-client.test.js.map is excluded by !**/*.map
lib/autobuild-action.js.map is excluded by !**/*.map
lib/autobuild.js.map is excluded by !**/*.map
lib/caching-utils.js.map is excluded by !**/*.map
lib/cli-errors.js.map is excluded by !**/*.map
lib/codeql.js.map is excluded by !**/*.map
lib/codeql.test.js.map is excluded by !**/*.map
lib/config-utils.js.map is excluded by !**/*.map
lib/config-utils.test.js.map is excluded by !**/*.map
lib/database-upload.js.map is excluded by !**/*.map
lib/database-upload.test.js.map is excluded by !**/*.map
lib/debug-artifacts.js.map is excluded by !**/*.map
lib/debug-artifacts.test.js.map is excluded by !**/*.map
lib/dependency-caching.js.map is excluded by !**/*.map
lib/diff-filtering-utils.js.map is excluded by !**/*.map
lib/doc-url.js.map is excluded by !**/*.map
lib/environment.js.map is excluded by !**/*.map
lib/feature-flags.js.map is excluded by !**/*.map
lib/feature-flags.test.js.map is excluded by !**/*.map
lib/fingerprints.js.map is excluded by !**/*.map
lib/fingerprints.test.js.map is excluded by !**/*.map
lib/git-utils.js.map is excluded by !**/*.map
lib/git-utils.test.js.map is excluded by !**/*.map
lib/init-action-post-helper.js.map is excluded by !**/*.map
lib/init-action-post-helper.test.js.map is excluded by !**/*.map
lib/init-action-post.js.map is excluded by !**/*.map
lib/init-action.js.map is excluded by !**/*.map
lib/init.js.map is excluded by !**/*.map
lib/init.test.js.map is excluded by !**/*.map
lib/languages.js.map is excluded by !**/*.map
lib/languages.test.js.map is excluded by !**/*.map
lib/logging.js.map is excluded by !**/*.map
lib/resolve-environment-action.js.map is excluded by !**/*.map
lib/resolve-environment.js.map is excluded by !**/*.map
lib/setup-codeql.js.map is excluded by !**/*.map
lib/setup-codeql.test.js.map is excluded by !**/*.map
lib/start-proxy-action-post.js.map is excluded by !**/*.map
lib/start-proxy-action.js.map is excluded by !**/*.map
lib/start-proxy.js.map is excluded by !**/*.map
lib/start-proxy.test.js.map is excluded by !**/*.map
lib/status-report.js.map is excluded by !**/*.map
lib/status-report.test.js.map is excluded by !**/*.map
lib/tar.js.map is excluded by !**/*.map
lib/testing-utils.js.map is excluded by !**/*.map
lib/tools-download.js.map is excluded by !**/*.map
lib/tools-features.js.map is excluded by !**/*.map
lib/tracer-config.js.map is excluded by !**/*.map
lib/tracer-config.test.js.map is excluded by !**/*.map
lib/trap-caching.js.map is excluded by !**/*.map
lib/trap-caching.test.js.map is excluded by !**/*.map
lib/upload-lib.js.map is excluded by !**/*.map
lib/upload-lib.test.js.map is excluded by !**/*.map
lib/upload-sarif-action-post-helper.js.map is excluded by !**/*.map
lib/upload-sarif-action-post.js.map is excluded by !**/*.map
lib/upload-sarif-action.js.map is excluded by !**/*.map
lib/util.js.map is excluded by !**/*.map
lib/util.test.js.map is excluded by !**/*.map
lib/workflow.js.map is excluded by !**/*.map
lib/workflow.test.js.map is excluded by !**/*.map
node_modules/.bin/crc32 is excluded by !**/node_modules/**
node_modules/.bin/dot-object is excluded by !**/node_modules/**
node_modules/.bin/fxparser is excluded by !**/node_modules/**
node_modules/.bin/glob is excluded by !**/node_modules/**
node_modules/.bin/is-docker is excluded by !**/node_modules/**
node_modules/.bin/is-inside-container is excluded by !**/node_modules/**
node_modules/.bin/mkdirp is excluded by !**/node_modules/**
node_modules/.bin/protoc is excluded by !**/node_modules/**
node_modules/.bin/protoc-gen-dump is excluded by !**/node_modules/**
node_modules/.bin/protoc-gen-ts is excluded by !**/node_modules/**
node_modules/.bin/protoc-gen-twirp_ts is excluded by !**/node_modules/**
node_modules/.bin/update-browserslist-db is excluded by !**/node_modules/**
node_modules/.bin/uuid is excluded by !**/node_modules/**
node_modules/.package-lock.json is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/LICENSE.md is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/README.md is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/artifact-client.d.ts is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/artifact-client.js is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/artifact-client.js.map is excluded by !**/node_modules/**, !**/*.map
node_modules/@actions/artifact-legacy/lib/internal/artifact-client.d.ts is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/artifact-client.js is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/artifact-client.js.map is excluded by !**/node_modules/**, !**/*.map
node_modules/@actions/artifact-legacy/lib/internal/config-variables.d.ts is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/config-variables.js is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/config-variables.js.map is excluded by !**/node_modules/**, !**/*.map
node_modules/@actions/artifact-legacy/lib/internal/contracts.d.ts is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/contracts.js is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/contracts.js.map is excluded by !**/node_modules/**, !**/*.map
node_modules/@actions/artifact-legacy/lib/internal/crc64.d.ts is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/crc64.js is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/crc64.js.map is excluded by !**/node_modules/**, !**/*.map
node_modules/@actions/artifact-legacy/lib/internal/download-http-client.d.ts is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/download-http-client.js is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/download-http-client.js.map is excluded by !**/node_modules/**, !**/*.map
node_modules/@actions/artifact-legacy/lib/internal/download-options.d.ts is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/download-options.js is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/download-options.js.map is excluded by !**/node_modules/**, !**/*.map
node_modules/@actions/artifact-legacy/lib/internal/download-response.d.ts is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/download-response.js is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/download-response.js.map is excluded by !**/node_modules/**, !**/*.map
node_modules/@actions/artifact-legacy/lib/internal/download-specification.d.ts is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/download-specification.js is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/download-specification.js.map is excluded by !**/node_modules/**, !**/*.map
node_modules/@actions/artifact-legacy/lib/internal/http-manager.d.ts is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/http-manager.js is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/http-manager.js.map is excluded by !**/node_modules/**, !**/*.map
node_modules/@actions/artifact-legacy/lib/internal/path-and-artifact-name-validation.d.ts is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/path-and-artifact-name-validation.js is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/path-and-artifact-name-validation.js.map is excluded by !**/node_modules/**, !**/*.map
node_modules/@actions/artifact-legacy/lib/internal/requestUtils.d.ts is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/requestUtils.js is excluded by !**/node_modules/**
node_modules/@actions/artifact-legacy/lib/internal/requestUtils.js.map is excluded by !**/node_modules/**, !**/*.map

📒 Files selected for processing (137)

.eslintignore (0 hunks)
.github/actions/check-codescanning-config/action.yml (1 hunks)
.github/actions/check-codescanning-config/index.ts (1 hunks)
.github/actions/prepare-test/action.yml (3 hunks)
.github/actions/setup-swift/action.yml (2 hunks)
.github/codeql/codeql-actions-config.yml (1 hunks)
.github/dependabot.yml (1 hunks)
.github/releases.ini (1 hunks)
.github/workflows/__all-platform-bundle.yml (2 hunks)
.github/workflows/__analyze-ref-input.yml (2 hunks)
.github/workflows/__autobuild-action.yml (2 hunks)
.github/workflows/__autobuild-direct-tracing-with-working-dir.yml (1 hunks)
.github/workflows/__autobuild-direct-tracing.yml (2 hunks)
.github/workflows/__build-mode-autobuild.yml (2 hunks)
.github/workflows/__build-mode-manual.yml (2 hunks)
.github/workflows/__build-mode-none.yml (2 hunks)
.github/workflows/__build-mode-rollback.yml (2 hunks)
.github/workflows/__cleanup-db-cluster-dir.yml (1 hunks)
.github/workflows/__config-export.yml (4 hunks)
.github/workflows/__config-input.yml (2 hunks)
.github/workflows/__cpp-deptrace-disabled.yml (2 hunks)
.github/workflows/__cpp-deptrace-enabled-on-macos.yml (2 hunks)
.github/workflows/__cpp-deptrace-enabled.yml (2 hunks)
.github/workflows/__diagnostics-export.yml (5 hunks)
.github/workflows/__export-file-baseline-information.yml (4 hunks)
.github/workflows/__extract-direct-to-toolcache.yml (1 hunks)
.github/workflows/__extractor-ram-threads.yml (2 hunks)
.github/workflows/__go-custom-queries.yml (2 hunks)
.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml (2 hunks)
.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml (2 hunks)
.github/workflows/__go-indirect-tracing-workaround.yml (2 hunks)
.github/workflows/__go-tracing-autobuilder.yml (2 hunks)
.github/workflows/__go-tracing-custom-build-steps.yml (2 hunks)
.github/workflows/__go-tracing-legacy-workflow.yml (2 hunks)
.github/workflows/__init-with-registries.yml (2 hunks)
.github/workflows/__javascript-source-root.yml (2 hunks)
.github/workflows/__job-run-uuid-sarif.yml (1 hunks)
.github/workflows/__language-aliases.yml (2 hunks)
.github/workflows/__multi-language-autodetect.yml (4 hunks)
.github/workflows/__packaging-codescanning-config-inputs-js.yml (4 hunks)
.github/workflows/__packaging-config-inputs-js.yml (4 hunks)
.github/workflows/__packaging-config-js.yml (4 hunks)
.github/workflows/__packaging-inputs-js.yml (4 hunks)
.github/workflows/__remote-config.yml (2 hunks)
.github/workflows/__resolve-environment-action.yml (4 hunks)
.github/workflows/__rubocop-multi-language.yml (2 hunks)
.github/workflows/__ruby.yml (3 hunks)
.github/workflows/__rust.yml (1 hunks)
.github/workflows/__split-workflow.yml (3 hunks)
.github/workflows/__start-proxy.yml (1 hunks)
.github/workflows/__submit-sarif-failure.yml (2 hunks)
.github/workflows/__swift-autobuild.yml (1 hunks)
.github/workflows/__swift-custom-build.yml (2 hunks)
.github/workflows/__test-autobuild-working-dir.yml (2 hunks)
.github/workflows/__test-local-codeql.yml (3 hunks)
.github/workflows/__test-proxy.yml (2 hunks)
.github/workflows/__unset-environment.yml (2 hunks)
.github/workflows/__upload-ref-sha-input.yml (3 hunks)
.github/workflows/__with-checkout-path.yml (2 hunks)
.github/workflows/__zstd-bundle-streaming.yml (1 hunks)
.github/workflows/__zstd-bundle.yml (1 hunks)
.github/workflows/check-expected-release-files.yml (1 hunks)
.github/workflows/codeql.yml (4 hunks)
.github/workflows/codescanning-config-cli.yml (1 hunks)
.github/workflows/debug-artifacts-failure-safe.yml (1 hunks)
.github/workflows/debug-artifacts-failure.yml (0 hunks)
.github/workflows/debug-artifacts-safe.yml (1 hunks)
.github/workflows/debug-artifacts.yml (0 hunks)
.github/workflows/expected-queries-runs.yml (1 hunks)
.github/workflows/post-release-mergeback.yml (3 hunks)
.github/workflows/pr-checks.yml (4 hunks)
.github/workflows/publish-immutable-action.yml (1 hunks)
.github/workflows/python312-windows.yml (2 hunks)
.github/workflows/query-filters.yml (1 hunks)
.github/workflows/rebuild.yml (2 hunks)
.github/workflows/script/check-js.sh (1 hunks)
.github/workflows/script/prepare_changelog.py (1 hunks)
.github/workflows/script/update-required-checks.sh (1 hunks)
.github/workflows/test-codeql-bundle-all.yml (2 hunks)
.github/workflows/update-bundle.yml (1 hunks)
.github/workflows/update-dependencies.yml (1 hunks)
.github/workflows/update-release-branch.yml (4 hunks)
.github/workflows/update-supported-enterprise-server-versions.yml (2 hunks)
.gitignore (1 hunks)
.pre-commit-config.yaml (1 hunks)
CHANGELOG.md (2 hunks)
CONTRIBUTING.md (4 hunks)
README.md (1 hunks)
action.yml (1 hunks)
actions-extractor/codeql-extractor.yml (1 hunks)
actions-extractor/tools/autobuild-impl.ps1 (1 hunks)
actions-extractor/tools/autobuild.cmd (1 hunks)
actions-extractor/tools/autobuild.sh (1 hunks)
analyze/action.yml (3 hunks)
autobuild/action.yml (1 hunks)
init/action.yml (1 hunks)
justfile (1 hunks)
lib/actions-util.js (3 hunks)
lib/actions-util.test.js (0 hunks)
lib/analyze-action-env.test.js (4 hunks)
lib/analyze-action-input.test.js (4 hunks)
lib/analyze-action-post-helper.js (0 hunks)
lib/analyze-action-post-helper.test.js (0 hunks)
lib/analyze-action-post.js (1 hunks)
lib/analyze-action.js (12 hunks)
lib/analyze.js (8 hunks)
lib/analyze.test.js (4 hunks)
lib/api-client.js (4 hunks)
lib/api-client.test.js (1 hunks)
lib/api-compatibility.json (1 hunks)
lib/autobuild-action.js (3 hunks)
lib/autobuild.js (5 hunks)
lib/caching-utils.js (1 hunks)
lib/cli-errors.js (8 hunks)
lib/codeql.js (28 hunks)
lib/codeql.test.js (21 hunks)
lib/config-utils.js (11 hunks)
lib/config-utils.test.js (5 hunks)
lib/database-upload.js (2 hunks)
lib/database-upload.test.js (8 hunks)
lib/debug-artifacts.js (1 hunks)
lib/debug-artifacts.test.js (1 hunks)
lib/defaults.json (1 hunks)
lib/dependency-caching.js (1 hunks)
lib/diff-filtering-utils.js (1 hunks)
lib/doc-url.js (1 hunks)
lib/environment.js (2 hunks)
lib/feature-flags.js (6 hunks)
lib/feature-flags.test.js (4 hunks)
lib/fingerprints.js (3 hunks)
lib/fingerprints.test.js (1 hunks)
lib/git-utils.js (1 hunks)
lib/git-utils.test.js (1 hunks)
lib/init-action-post-helper.js (4 hunks)
lib/init-action-post-helper.test.js (4 hunks)
lib/init-action-post.js (2 hunks)
lib/init-action.js (12 hunks)

💤 Files with no reviewable changes (6)

.eslintignore
lib/actions-util.test.js
lib/analyze-action-post-helper.test.js
lib/analyze-action-post-helper.js
.github/workflows/debug-artifacts.yml
.github/workflows/debug-artifacts-failure.yml

✅ Files skipped from review due to trivial changes (14)

.github/workflows/script/check-js.sh
.github/codeql/codeql-actions-config.yml
lib/defaults.json
.github/releases.ini
autobuild/action.yml
actions-extractor/tools/autobuild.cmd
.github/workflows/__cleanup-db-cluster-dir.yml
.github/workflows/__start-proxy.yml
.github/actions/setup-swift/action.yml
.github/workflows/__job-run-uuid-sarif.yml
action.yml
.github/workflows/__zstd-bundle-streaming.yml
.github/workflows/__swift-autobuild.yml
.gitignore

🧰 Additional context used

🪛 Biome (1.9.4)

lib/doc-url.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

lib/analyze-action-env.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/fingerprints.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/init-action-post.js

[error] 33-33: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/api-client.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/diff-filtering-utils.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze-action-input.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/git-utils.test.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/database-upload.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/autobuild-action.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/dependency-caching.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/config-utils.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/debug-artifacts.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/api-client.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/caching-utils.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/database-upload.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze-action-post.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/init-action-post-helper.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/codeql.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/actions-util.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/debug-artifacts.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/feature-flags.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/fingerprints.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/autobuild.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/init-action-post-helper.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/codeql.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/git-utils.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze-action.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[error] 167-167: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

[error] 168-168: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

[error] 169-169: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

lib/feature-flags.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[error] 318-318: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

lib/init-action.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/config-utils.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/cli-errors.js

[error] 140-140: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

[error] 144-144: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

[error] 176-176: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

[error] 232-232: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

[error] 233-233: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

🪛 YAMLlint (1.35.1)

.github/dependabot.yml

[error] 19-19: trailing spaces

(trailing-spaces)

.github/workflows/test-codeql-bundle-all.yml

[error] 46-46: trailing spaces

(trailing-spaces)

🪛 actionlint (1.7.4)

.github/workflows/publish-immutable-action.yml

20-20: shellcheck reported issue in this script: SC2086:info:4:36: Double quote to prevent globbing and word splitting

(shellcheck)

20-20: shellcheck reported issue in this script: SC2086:info:7:37: Double quote to prevent globbing and word splitting

(shellcheck)

.github/workflows/__test-proxy.yml

52-52: env should not be empty. please remove this section if it's unnecessary

(syntax-check)

.github/workflows/post-release-mergeback.yml

120-120: shellcheck reported issue in this script: SC2086:info:1:80: Double quote to prevent globbing and word splitting

(shellcheck)

120-120: shellcheck reported issue in this script: SC2086:info:4:5: Double quote to prevent globbing and word splitting

(shellcheck)

.github/workflows/__autobuild-direct-tracing-with-working-dir.yml

68-68: shellcheck reported issue in this script: SC2236:style:1:7: Use -n instead of ! -z

(shellcheck)

🪛 LanguageTool

README.md

[uncategorized] ~21-~21: Do not mix variants of the same word (‘analyse’ and ‘analyze’) within a single text.
Context: ...tory also allow you to upload to GitHub analyses generated by any SARIF-producing SAST t...

(EN_WORD_COHERENCY)

[uncategorized] ~23-~23: Do not mix variants of the same word (‘analyse’ and ‘analyze’) within a single text.
Context: ...roducing SAST tool. Actions for CodeQL analyses: - init: Sets up CodeQL for analysis...

(EN_WORD_COHERENCY)

[uncategorized] ~25-~25: Loose punctuation mark.
Context: ... Actions for CodeQL analyses: - init: Sets up CodeQL for analysis. For inform...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~26-~26: Loose punctuation mark.
Context: .../blob/main/init/action.yml). - analyze: Finalizes the CodeQL database, runs the...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~28-~28: Do not mix variants of the same word (‘analyse’ and ‘analyze’) within a single text.
Context: ...yze/action.yml). Actions for uploading analyses generated by third-party tools: - `upl...

(EN_WORD_COHERENCY)

[uncategorized] ~30-~30: Loose punctuation mark.
Context: ... by third-party tools: - upload-sarif: Uploads a SARIF file to Code Scanning. ...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~34-~34: Loose punctuation mark.
Context: ...kely to be used directly: - autobuild: Attempts to automatically build the cod...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~35-~35: Loose punctuation mark.
Context: ...ild/action.yml). - resolve-environment: [Experimental] Attempts to infer a buil...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~36-~36: Loose punctuation mark.
Context: ...environment/action.yml). - start-proxy: [Experimental] Start the HTTP proxy ser...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~46-~46: Loose punctuation mark.
Context: ...The available build modes are: - none: The database will be created without bu...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~47-~47: Loose punctuation mark.
Context: ...d some compiled languages. - autobuild: The database will be created by attempt...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~47-~47: Style-wise, it’s not ideal to insert an adverb (‘automatically’) in the middle of an infinitive construction (‘to build’). Try moving the adverb to avoid split infinitives.
Context: ...build`: The database will be created by attempting to automatically build the source code. Available for all compiled languages. ...

(SPLIT_INFINITIVE)

[uncategorized] ~48-~48: Loose punctuation mark.
Context: ...e for all compiled languages. - manual: The database will be created by buildin...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~69-~69: This is not the usual sequence for adjectives that have no special emphasis.
Context: ...Enterprise Server We typically release new minor versions of the CodeQL Action and Bundl...

(EN_ADJ_ORDER)

[style] ~69-~69: This is not the usual sequence for adjectives that have no special emphasis.
Context: ... of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GH...

(EN_ADJ_ORDER)

CHANGELOG.md

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.10 - 21 Feb 2025 - U...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

[typographical] ~22-~22: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~24-~24: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~26-~26: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

[typographical] ~30-~30: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~34-~34: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~36-~36: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~38-~38: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~46-~46: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~60-~60: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

[style] ~64-~64: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~77-~77: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~81-~81: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~83-~83: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~85-~85: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~87-~87: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

[style] ~89-~89: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

[typographical] ~91-~91: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

[typographical] ~102-~102: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~104-~104: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~106-~106: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

[typographical] ~114-~114: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

[typographical] ~123-~123: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

[style] ~125-~125: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

[typographical] ~127-~127: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~129-~129: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~131-~131: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~135-~135: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~139-~139: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~143-~143: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

[typographical] ~147-~147: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~160-~160: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~162-~162: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~164-~164: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~169-~169: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~177-~177: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~184-~184: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~189-~189: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~194-~194: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~198-~198: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~203-~203: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~207-~207: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

CONTRIBUTING.md

[uncategorized] ~30-~30: It appears that hyphens are missing in the adjective “up-to-date”.
Context: ...f any of the compiled artifacts are not up to date. Compiled artifacts are stored in the `...

(UP_TO_DATE_HYPHEN)

[style] ~79-~79: Consider a shorter alternative to avoid wordiness.
Context: ...ently supported major version branches, in order to maintain the same set of names for requ...

(IN_ORDER_TO_PREMIUM)

[uncategorized] ~105-~105: The preposition ‘for’ seems more likely in this position.
Context: ... the release process automation listens to updates to the release branch for the n...

(AI_HYDRA_LEO_REPLACE_TO_FOR)

[uncategorized] ~110-~110: The preposition “of” seems more likely in this position.
Context: ... major version deprecation for examples on which parts of the documentation should...

(AI_EN_LECTOR_REPLACEMENT_PREPOSITION)

🪛 Ruff (0.8.2)

.github/workflows/script/prepare_changelog.py

20-20: Loop control variable i not used within loop body

Rename unused i to _i

(B007)

🔇 Additional comments (485)

.github/workflows/query-filters.yml (2)

23-24: Appropriate permissions restriction added.

The PR properly adds explicit content read permissions to the workflow, following security best practices by applying the principle of least privilege. This change ensures the workflow only has the necessary access to repository contents.

32-32: Version parameter updated from 'latest' to 'linked'.

Changing from latest to linked improves workflow stability and consistency by using a specific linked version rather than always pulling the latest version, which might introduce unexpected changes.
lib/api-compatibility.json (1)

1-1:
❓ Verification inconclusive

API compatibility range updated.

The compatible API version range has been updated:

maximumVersion increased from "3.13" to "3.17"

minimumVersion increased from "3.9" to "3.12"

This change keeps the action compatible with newer API versions while removing support for older, potentially outdated versions.

🏁 Script executed:
#!/bin/bash
# Check current CodeQL API versions
echo "Checking for documentation or changelog entry for CodeQL version 3.17..."
rg -i "version 3.17|codeql 3.17" -g "**/*.md"

echo "Checking for references to new minimum version..."
rg -i "minimum.*version.*3.12|3.12.*minimum" -g "**/*.md"
Length of output: 371
API compatibility update – Further Manual Verification Recommended

The API compatibility range in lib/api-compatibility.json has been updated as follows:

maximumVersion increased from "3.13" to "3.17"

minimumVersion increased from "3.9" to "3.12"

While the intended changes align with the goal of supporting newer CodeQL API versions and deprecating older ones, our automated search for references (documentation/changelog entries) for these version changes returned no matches. Please manually verify that any related documentation or changelog entries are updated accordingly.
lib/doc-url.js (3)

1-1: Remove redundant "use strict" directive.

In ES6 modules, the "use strict" directive is unnecessary because modules are always in strict mode.
-"use strict";
🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

8-16: Documentation URL constants centralized - good practice.

Creating a centralized enum for documentation URLs is a good practice that:

Ensures consistency across the codebase

Makes it easier to update URLs if documentation paths change

Improves code readability by using descriptive enum names

These documentation links cover key areas like permissions, troubleshooting, and environment variables.

16-16: Refactor to avoid assignment within an expression.

Assignments within expressions can be confusing. Consider separating the assignment from the expression.
-})(DocUrl || (exports.DocUrl = DocUrl = {}));
+})(DocUrl || (exports.DocUrl = (DocUrl = {})));
.github/workflows/expected-queries-runs.yml (3)

25-27: Appropriate permission restrictions added.

The PR properly adds explicit permissions to the workflow, restricting it to only read access for contents and security-events. This follows the principle of least privilege, which is a security best practice for GitHub Actions workflows.

35-35: Version parameter updated from 'latest' to 'linked'.

Changing from latest to linked improves workflow stability and consistency by using a specific linked version rather than always pulling the latest version, which might introduce unexpected changes.

40-43: Simplified analyze step configuration.

The analyze step configuration has been simplified by removing the upload-database and upload parameters, streamlining the analysis process while maintaining the necessary output specification.

.github/workflows/rebuild.yml (2)

14-16: Permissions Block Update for the Rebuild Job

The addition of the permissions block with contents: write and pull-requests: write ensures that the rebuild job can push commits and comment on the PR as intended. This explicit declaration improves clarity and aligns with the overall workflow strategy.

75-76: Improved Git Commit Process

Splitting the commit sequence into git add --all and git commit -m "Rebuild" enhances transparency in what is being committed compared to the compact -am form. This change makes the commit process clearer and may help in debugging unexpected file changes.

.github/workflows/update-dependencies.yml (1)

12-14: Permissions Block Update for the Update Dependencies Job

The new permissions—contents: write and pull-requests: write—enable the job to push updated dependencies and interact with the pull request. This change is consistent with similar updates across the workflows and looks well implemented.

.pre-commit-config.yaml (2)

4-8: Reintroduction of the lint-ts Hook

Reinstating the lint-ts hook with the command npm run lint -- --fix ensures TypeScript files are linted as expected, especially following the removal of the .eslintignore file. Please verify that this change does not lead to unintended lint errors in files previously excluded.

19-19: Updated pr-checks-sync Hook Entry

Switching the hook entry from python3 pr-checks/sync.py to pr-checks/sync.sh shifts the execution to a shell script. Confirm that the new script meets the desired behavior for synchronizing PR check workflows.

.github/workflows/update-bundle.yml (1)

20-22: Permissions Block Update for the Update Bundle Job

The added permissions (contents: write and pull-requests: write) are necessary for pushing commits and creating pull requests when updating the default CodeQL bundle. This update is in line with other workflow modifications and appears robust.

.github/workflows/__autobuild-direct-tracing.yml (3)

31-33: Matrix Strategy Update for OS Versions

Updating the matrix entries to use version: linked for both Ubuntu and Windows runners standardizes the build version for these environments. Please ensure that this change is compatible with the rest of the testing infrastructure.

40-41: Adjusted Security Events Permission

Changing the security-events permission from write to read adheres to the principle of least privilege. This adjustment reduces potential risk while still providing the necessary read access.

53-53: Addition of the setup-kotlin Parameter

Adding setup-kotlin: 'true' to the Prepare test step supports Kotlin integration in the workflow. Verify that all downstream processes correctly interpret and act upon this new parameter.

.github/workflows/python312-windows.yml (3)

17-18: Good addition of test mode environment variable.

Setting CODEQL_ACTION_TEST_MODE to true explicitly indicates that this workflow is running in test mode, improving clarity and maintainability.

20-21: Security improvement through explicit permissions.

Following the principle of least privilege by explicitly setting read-only permissions for repository contents is a good security practice.

39-39: Tools parameter changed from 'latest' to 'linked'.

This change from using "latest" to "linked" for the tools parameter aligns with the standardization effort across workflows and reflects the updated versioning strategy for CodeQL tools.

actions-extractor/codeql-extractor.yml (3)

1-4: Well-structured metadata for the GitHub Actions extractor.

The configuration properly defines the extractor's name, display name, and version, establishing a clear identity for this CodeQL component.

12-18: Appropriate file type configuration for GitHub Actions workflows.

The file type configuration correctly identifies GitHub Actions workflow files with their common extensions (.yml and .yaml), providing clear targeting for the extractor.

26-44: Well-designed TRAP cache configuration options.

The TRAP cache options are properly structured with clear descriptions, appropriate types, and validation patterns for numeric and boolean values, enabling flexible caching behavior.

actions-extractor/tools/autobuild.sh (4)

3-3: Good shell scripting practice with strict error handling.

Setting set -eu ensures the script exits immediately on errors and treats unset variables as errors, which helps prevent silent failures and makes debugging easier.

5-12: Well-defined default path filters for GitHub Actions files.

The default path filters appropriately target GitHub Actions workflow files and action definitions while excluding other files, which focuses the analysis on relevant content.

14-20: Proper handling of custom path filters.

The script checks for user-defined path filters before applying defaults, allowing for customization while providing sensible defaults when needed.

33-39: Effective environment variable forwarding.

The script correctly forwards all relevant environment variables from the Actions extractor to the JavaScript extractor, ensuring consistent configuration across both extractors.

.github/workflows/script/update-required-checks.sh (1)

30-31: Improved check filtering logic.

The updated logic now excludes ESLint checks and skips check runs with a "skipped" conclusion, which are good improvements. This ensures that only relevant checks are considered as required status checks.

.github/workflows/codescanning-config-cli.yml (2)

26-29: Good security practice: explicit limited permissions.

Adding explicit permission settings with read-only access follows the principle of least privilege, improving security by ensuring the job only has the minimum permissions required.

36-38: Version strategy changed from 'latest' to 'linked'.

The version specification has been updated from 'latest' to 'linked', which should provide more consistent test results by using a specific version linked to each OS.

.github/workflows/publish-immutable-action.yml (1)

1-36: Good implementation of a conditional immutable action publisher.

This workflow effectively handles the publishing of immutable actions only for CodeQL Action releases (those with names starting with "v"), while skipping bundle releases. The workflow has appropriate permissions and a clear conditional logic.

🧰 Tools

🪛 actionlint (1.7.4)

20-20: shellcheck reported issue in this script: SC2086:info:4:36: Double quote to prevent globbing and word splitting

(shellcheck)

20-20: shellcheck reported issue in this script: SC2086:info:7:37: Double quote to prevent globbing and word splitting

(shellcheck)

actions-extractor/tools/autobuild-impl.ps1 (3)

1-14: Good implementation of default path filters.

The script sensibly checks for existing path filters before applying defaults, and the default filters are appropriately focused on GitHub Actions workflow files.

16-23: Robust JavaScript extractor resolution.

The script correctly resolves the JavaScript extractor path using the CodeQL CLI and includes appropriate error handling.

29-36: Well-structured environment variable propagation.

The script properly copies all necessary environment variables from the Actions extractor to the JavaScript extractor, ensuring consistent configuration across extractors.

lib/init-action-post.js (2)

58-59: LGTM - Restoring inputs from init Action

Good addition of a comment explaining what the function call is doing.

68-70: LGTM - Improved error handling for config

The improved handling for the case when config is defined looks good.
.github/workflows/test-codeql-bundle-all.yml (1)

30-30:
❓ Verification inconclusive

Verify impact of changing security-events permission from write to read

The permission for security-events has been changed from write to read, which might impact the workflow's ability to write security events. Please verify that this change is intentional and doesn't break any functionality.

🏁 Script executed:
#!/bin/bash
# Search for uses of security-events write permission in this repository
echo "Searching for security-events write permissions in workflow files..."
grep -r "security-events: write" --include="*.yml" .github/workflows/
Length of output: 537
Action Required: Verify the Changed Permission for Security Events

The change in .github/workflows/test-codeql-bundle-all.yml where security-events is now set to read contrasts with other workflow files that still use write. Notably:

.github/workflows/pr-checks.yml uses security-events: write (required for uploading ESLint results)

.github/workflows/codeql.yml and .github/workflows/__submit-sarif-failure.yml also retain the write permission

Please confirm whether the lower permission in the test-codeql-bundle-all workflow is an intentional security hardening measure or if it might inadvertently break functionality. If writing security events is required for proper operation, consider aligning this workflow with the rest of the repository.
.github/workflows/__autobuild-direct-tracing-with-working-dir.yml (2)

1-4: LGTM - Clear warning about auto-generated file

Good inclusion of a warning that this file is generated automatically and should not be modified directly.

53-53: LGTM - Setup Kotlin option added

Great addition of the setup-kotlin option, which aligns with the PR's objective of improving Kotlin support.

lib/feature-flags.test.js (4)

39-39: Export statement looks good.
Exporting initializeFeatures here allows for clearer referencing externally.

67-67: New Proxima test detected.
Adding a test covering Proxima ensures the environment-specific behavior is tested.

285-285: Clearer test name.
Renaming the test to "includes tag name" broadens clarity on how it checks the tag presence.

347-353: Naming convention validation.
This is a good addition to ensure non-legacy feature flags follow consistent naming.

CONTRIBUTING.md (3)

64-67: Release process steps.
The clarified steps for merging “Merge main into releases/v3” and subsequent backports improve transparency.

103-114: Guide for adding a major version is clear.
The step-by-step outline for introducing new major versions effectively documents best practices.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~105-~105: The preposition ‘for’ seems more likely in this position.
Context: ... the release process automation listens to updates to the release branch for the n...

(AI_HYDRA_LEO_REPLACE_TO_FOR)

[uncategorized] ~110-~110: The preposition “of” seems more likely in this position.
Context: ... major version deprecation for examples on which parts of the documentation should...

(AI_EN_LECTOR_REPLACEMENT_PREPOSITION)

115-115: New deprecation section.
This additional heading helps separate the major version deprecation from the CodeQL version deprecation steps.

.github/workflows/update-release-branch.yml (6)

25-26: Read-only content permissions.
Allowing only contents: read in the prepare job reduces exposure. Good minimal permissions principle.

68-70: Write permissions for PR creation.
Granting contents: write and pull-requests: write is necessary for opening the release PR.

112-112: Automation environment.
Defining environment: Automation helps isolate sensitive operations from standard pipeline runs.

122-124: Sensible fail-fast strategy.
Matrix with fail-fast: false ensures each target branch attempt is independent.

126-130: GitHub App token usage.
Using [email protected] secures the pull request actions. Good practice.

133-138: Token usage for checkout.
Switching to the GitHub App token for the checkout step ensures consistent authentication with the correct permissions.

lib/dependency-caching.js (3)

129-178: Upload condition checks.
Including detailed logs to clarify why caching is skipped (e.g., zero-sized caches) is excellent. Helps future debugging.

186-189: Prefix-based hashing.
Combining a language-specific prefix with a dynamic hash is a robust approach to avoid collisions between languages.

197-205: Custom prefix for advanced usage.
Allowing ENV-based prefix expansions can be helpful for specialized builds. Good forward-thinking design.

lib/codeql.test.js (31)

18-34: No concerns for auto-generated import logic.
This block appears to be standard TypeScript/JavaScript compilation output.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

39-39: Export statement seems fine.
No issues identified.

42-42: New import statement is clear.
No problems found.

63-63: Definition of NO_FEATURES.
This provides a stubbed features config for tests. No issues.

95-96: Environment variable usage in tests.
No concerns here.

108-110: Assertions for toolcache references.
The checks appear correct.

112-112: Additional assertion for result.toolsSource.
No issues found.

120-130: Verifying semantic version caching logic.
Looks good and ensures correct version handling.

137-140: Installing pinned bundle.
Implementation maintains correct test flow.

144-150: Duration integer checks in tests.
Correct approach to verifying numeric fields.

153-160: EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES addition.
Well-structured tests for multiple versions.

163-174: Test logic for explicit bundle requests.
Implementation is consistent with the rest of the test suite.

189-200: Toolcache usage checks.
No new specific concerns.

215-220: Checking final result properties.
Implementation is valid for test coverage.

239-244: Ensuring defaults.bundleVersion is used.
No issues.

260-265: Confirming successful download for 'latest' tools.
All logic looks correct.

296-304: assertDurationsInteger helper.
Ensures durations are integers. Good approach.

316-318: Additional test coverage for getExtraOptions.
No concerns.

338-340: Injected config verification.
Implementation aligns with test macro usage.

474-475: Stubbing version for databaseInitCluster test.
This approach is valid.

484-490: QL config file logic.
This covers the case for undefined qlconfig. Looks good.

533-536: Parameter checks in runTool test.
No new issues identified.

548-550: Handling insufficient permissions scenario.
Clear warning logic is included.

572-572: Autobuilder error detection start.
No issues located here.

584-584: Re-throw logic for autobuilder errors.
Seems appropriate.

586-590: Truncating lengthy autobuild errors.
Implementation is correct.

601-607: Handling fatal internal errors with messages.
This robust error capturing is good.

608-610: Extractor resolution stubs.
All good.

611-613: Additional test environment stubbing.
No concerns.

614-619: Throws if a fatal internal error is found.
Error summarization logic is valid.

621-627: Outputting last line of stderr if no fatal error.
Ensures meaningful context for debugging.

analyze/action.yml (3)

22-22: Updated cleanup-level description.
Redirecting to --cache-cleanup is consistent with the modern CLI usage.

37-41: Deprecated input with deprecationMessage.
Clearly communicates removal timeline and status.

77-77: Expanded token requirements.
This clarifies practice for GitHub’s built-in token usage.

.github/workflows/update-supported-enterprise-server-versions.yml (4)

13-16: Conditional job check and permissions update.
Allowing write to contents and pull-requests is correct for the intended workflow.

22-22: Upgrading to Python 3.13.
Ensure the runner environment fully supports Python 3.13 as it’s relatively new.

Would you like to confirm with a web query or pinned environment doc that 3.13 is stable on GitHub Actions?

29-29: Switching from SSH key to token for checkout.
This simplifies authentication handling.

60-61: Enhancing PR body formatting.
Use of $'\n\n' is valid for line break insertion.

lib/feature-flags.js (11)

18-34: No concerns for this import logic.
Likely auto-generated code again.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

36-36: Rearranged exports.
No issues found.

49-49: Declaring CODEQL_VERSION_ZSTD_BUNDLE.
No concerns – consistent version naming.

53-54: Additional doc comment lines.
Documentation clarity is good.

62-73: New or updated feature enum values.
Implementation is straightforward and aligns with feature-flag approach.

75-77: Configuration for CleanupTrapCaches and CppBuildModeNone.
No concerns.

82-88: ZstdBundleStreamingExtraction config.
Implementation consistent with main code.

92-101: DiffInformedQueries and DisableCsharpBuildless config.
Handled consistently in feature flags.

130-135: PythonDefaultIsToNotExtractStdlib feature.
No issues identified.

136-140: RustAnalysis minimum version usage.
Declaring 2.19.3 is appropriate.

353-354: Excluding flags for non-dotcom variants.
Ensures consistent gating.

init/action.yml (2)

139-142: New dependency caching control option

Good addition of the dependency-caching input parameter to allow users to explicitly control caching behavior of project build dependencies.

146-147: Useful new output for version identification

Adding the codeql-version output is helpful for diagnostics and tracking which version was used for analysis.

.github/workflows/check-expected-release-files.yml (1)

16-18: Enhanced security through explicit permission scoping

Adding explicit permissions that follow the principle of least privilege is a security best practice. This job only needs read access to contents, so limiting it appropriately is the right approach.
justfile (2)

1-17: Well-structured task organization

The new justfile provides a clean, hierarchical organization of build tasks with clear dependencies between them. This is a good practice for managing project workflows.

12-13:
✅ Verification successful

Verify the PR checks script exists

Make sure the referenced script pr-checks/sync.sh exists and has executable permissions.

🏁 Script executed:
#!/bin/bash
# Check if the PR checks script exists and is executable
if [ -f "pr-checks/sync.sh" ]; then
  if [ -x "pr-checks/sync.sh" ]; then
    echo "✅ pr-checks/sync.sh exists and is executable"
  else
    echo "❌ pr-checks/sync.sh exists but is not executable"
    ls -la pr-checks/sync.sh
  fi
else
  echo "❌ pr-checks/sync.sh does not exist"
  ls -la pr-checks/ 2>/dev/null || echo "pr-checks directory not found"
fi
Length of output: 160
PR Checks Script Verification Passed
The referenced script pr-checks/sync.sh exists and has executable permissions. No further action is necessary.
.github/workflows/__autobuild-action.yml (3)

30-35: Updated version from 'latest' to 'linked' in matrix configuration

The change from 'latest' to 'linked' aligns with updates to the version input parameter descriptions elsewhere in the codebase, reflecting a shift in version specification strategy.

51-51: Added Kotlin setup parameter

The addition of the setup-kotlin: 'true' parameter aligns with the changes to the prepare-test action mentioned in the summaries. This ensures consistent Kotlin setup across the workflow.

39-39:
❓ Verification inconclusive

Reduced permissions for security-events

Changing the permissions from 'write' to 'read' follows the principle of least privilege, which is a security best practice. Ensure this change doesn't affect any functionality that requires write access to security events.

🏁 Script executed:
#!/bin/bash
# Check if any other workflow files still use write permissions for security-events
echo "Checking for workflows that still use write permissions for security-events"
rg -l "security-events:\s+write" --glob "*.yml" .github/workflows/ || echo "No workflows found with write permissions for security-events"
Length of output: 335
Reduced security-events permissions require further review for consistency

In .github/workflows/__autobuild-action.yml, you've changed the permission from write to read on line 39, which aligns with the principle of least privilege. However, our verification found that several other workflow files still use security-events: write:

.github/workflows/__submit-sarif-failure.yml

.github/workflows/codeql.yml

.github/workflows/pr-checks.yml

Please double-check that lowering the permission in __autobuild-action.yml does not inadvertently affect any functionality relying on write access. Also, consider whether these other workflows should be audited for consistency or if their higher permissions are necessary.
.github/workflows/__language-aliases.yml (3)

31-31: Version matrix change from 'latest' to 'linked'

Changing from 'latest' to 'linked' version indicates a move towards a more deterministic build process, which helps ensure consistent behavior across different runs.

47-47: Addition of Kotlin setup parameter

Adding the setup-kotlin: 'true' parameter aligns with the removal of the environment variable CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN mentioned in the summary, indicating a shift towards explicit Kotlin support configuration.

35-35:
✅ Verification successful

Security permission downgrade from write to read

Reducing the permission level from write to read for security-events follows the principle of least privilege, which is a security best practice. Ensure this doesn't break any functionality that requires write access to security events.

🏁 Script executed:
#!/bin/bash
# Check for patterns that might require security-events:write permission
rg -A 3 -B 3 "security-events.*write" --type yaml
Length of output: 3649
Security Permissions Update Verified

The change in .github/workflows/__language-aliases.yml to use security-events: read adheres to the principle of least privilege for this workflow. Our repository scan confirms that this file does not appear to depend on write access, while other workflows (e.g. in pr-checks/checks/submit-sarif-failure.yml) still specify security-events: write where required. Please double-check that no future modifications in this workflow rely on write capabilities.
.github/workflows/__go-custom-queries.yml (3)

31-31: Version matrix change from 'latest' to 'linked'

Similar to the change in __language-aliases.yml, this change to use 'linked' provides more deterministic builds.

37-37: Security permission downgrade from write to read

As with __language-aliases.yml, reducing the permission level from write to read for security-events follows security best practices. Verify that this doesn't break functionality that requires write access.

49-49: Addition of Kotlin setup parameter

The addition of the setup-kotlin: 'true' parameter here maintains consistency with the changes in other workflow files, suggesting a coordinated update to how Kotlin is handled across the entire codebase.

lib/diff-filtering-utils.js (1)

41-43: File path isolation function

Good isolation of the file path logic in a separate function that can be reused by both write and read operations.

lib/analyze-action-env.test.js (4)

18-34: Updated importStar implementation

The updated __importStar function implementation includes a more robust property enumeration approach, which should lead to more reliable module imports.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

45-45: New gitUtils import

Added import for gitUtils aligns with the subsequent change to use gitUtils.isAnalyzingDefaultBranch instead of the same function from actionsUtil, indicating a refactoring of responsibilities.

65-65: Function call moved to gitUtils

Shifting the isAnalyzingDefaultBranch stub from actionsUtil to gitUtils reflects an improved separation of concerns, with git-related functionality now properly located in the git utilities module.

91-91: ESLint disable comment added

The added ESLint disable comment for the @typescript-eslint/no-require-imports rule is appropriate here since dynamic requires are sometimes necessary in tests, especially when testing module side effects.

.github/workflows/__build-mode-rollback.yml (2)

35-35: Improved security posture by reducing permissions.

You've decreased the permission level for security-events from write to read, which aligns with the principle of least privilege. This is a good security practice that minimizes potential attack surface.

47-47: Kotlin setup now explicitly required.

Adding setup-kotlin: 'true' parameter complements the removal of the CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN environment variable mentioned in the PR summary. This makes Kotlin setup more explicit and configurable.

.github/workflows/__cpp-deptrace-disabled.yml (3)

31-31: Version specification changed from 'latest' to 'linked'.

Switching from latest to linked provides more deterministic builds by using a specific version rather than always using the most recent one. This improves reproducibility and stability of the workflow.

39-39: Improved security posture by reducing permissions.

You've decreased the permission level for security-events from write to read, which aligns with the principle of least privilege. This is a good security practice.

51-51: Kotlin setup now explicitly required.

Adding setup-kotlin: 'true' parameter provides better control over the test environment configuration and makes Kotlin setup explicit.

lib/analyze-action-input.test.js (3)

18-34: Enhanced property handling in __importStar implementation.

The new implementation adds an ownKeys function that retrieves property names from an object, improving how properties are accessed during module imports. The implementation now handles both Object.getOwnPropertyNames and provides a fallback mechanism to ensure comprehensive property collection.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

45-45: Added import for gitUtils module.

This addition supports the functionality change on line 81 where methods are now referenced from the gitUtils module instead of actionsUtil.

81-81: Function reference updated from actionsUtil to gitUtils.

The isAnalyzingDefaultBranch function is now being stubbed from gitUtils instead of actionsUtil, reflecting a refactoring where this functionality has been moved to a more appropriate module.

.github/workflows/__build-mode-none.yml (3)

31-31: Version specification changed from 'latest' to 'linked'.

Switching from latest to linked provides more deterministic builds by using a specific version rather than always using the most recent one. This improves reproducibility and stability of the workflow.

37-37: Improved security posture by reducing permissions.

You've decreased the permission level for security-events from write to read, which aligns with the principle of least privilege. This is a good security practice that minimizes potential attack surface.

49-49: Kotlin setup now explicitly required.

Adding setup-kotlin: 'true' parameter provides better control over the test environment configuration and makes Kotlin setup explicit.

lib/autobuild-action.js (4)

18-34: Implementation of __importStar has been updated with explicit property key collection

This change enhances the way object property keys are collected from imported modules by using a more explicit approach with the ownKeys helper function. The implementation now ensures proper handling of various object types.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

88-88: The features parameter has been removed from the runAutobuild call

The function call has been simplified by removing the features parameter, which aligns with the broader changes in the codebase to streamline feature management.

93-93: The features parameter has been removed from the endTracingForCluster call

Similar to the runAutobuild change, this function call has been simplified by removing the features parameter.

109-109: Improved error message handling using the getErrorMessage utility

The error message in the runWrapper catch block now uses the getErrorMessage utility, which provides more consistent error formatting.
.github/workflows/__test-autobuild-working-dir.yml (3)

31-31: Matrix version updated from latest to linked

The version parameter has been changed from latest to linked, which appears to be part of a consistent change across multiple workflow files.

47-47: Added Kotlin setup to the test preparation

A new parameter setup-kotlin: 'true' has been added to the test preparation step, indicating that Kotlin support is now explicitly enabled during testing.

35-35:
❓ Verification inconclusive

Security events permission changed from write to read

The permission for security-events has been downgraded from write to read. Verify that this doesn't affect the functionality of the workflow, as some security-related operations might require write permissions.

🏁 Script executed:
#!/bin/bash
# Check if any steps in the workflow might require write permissions to security-events

# Look for steps that typically need write permissions
grep -r "upload-sarif\|analyze" .github/workflows/__test-autobuild-working-dir.yml
Length of output: 118
Security events permission change – verify potential impact on the analyze action

The workflow now uses security-events: read, but we detected that the workflow invokes the custom analyze action (via ./../action/analyze). If this action relies on write permissions for any security event operations (e.g., updating SARIF reports), then the permission downgrade could introduce issues. Please double-check the implementation of the analyze action to ensure that it functions correctly with only read permissions.

File: .github/workflows/__test-autobuild-working-dir.yml (line 35)

Action to verify: ./../action/analyze (confirm its requirements regarding security events permissions)
.github/workflows/__upload-ref-sha-input.yml (3)

51-51: Added Kotlin setup to the test preparation

A new parameter setup-kotlin: 'true' has been added to the test preparation step, indicating that Kotlin support is now explicitly enabled during testing.

61-62: Comment formatting has been adjusted before the analyze step

The formatting of the comment has been changed slightly. The content remains the same.

39-39:
✅ Verification successful

Security events permission changed from write to read

The permission for security-events has been downgraded from write to read. This might impact the ability to upload SARIF files, as that typically requires write permissions.

🏁 Script executed:
#!/bin/bash
# Check if this workflow attempts to upload SARIF data which would require write permissions

# Look for upload-sarif steps
grep -r "upload-sarif" .github/workflows/__upload-ref-sha-input.yml

# Check analyze steps with upload parameters
grep -r "upload: " .github/workflows/__upload-ref-sha-input.yml
Length of output: 261
Security events permission downgrade confirmed as safe for this workflow

The verification shows that although the workflow now uses security-events: read, the SARIF upload action is effectively disabled (with upload: never). This means that the reduced permission does not affect the workflow's current behavior. If SARIF upload functionality is enabled in the future, please ensure to adjust the permission accordingly.
.github/workflows/__init-with-registries.yml (2)

37-41: Matrix version updated from latest to linked for all OS platforms

The version parameter has been changed from latest to linked for Ubuntu, macOS, and Windows, which appears to be part of a consistent change across multiple workflow files.

64-64: Added Kotlin setup to the test preparation

A new parameter setup-kotlin: 'true' has been added to the test preparation step, indicating that Kotlin support is now explicitly enabled during testing.

.github/workflows/__analyze-ref-input.yml (2)

39-39: Permissions reduced following principle of least privilege

The permission for security-events has been changed from write to read. This follows the principle of least privilege by granting only the minimum access level required.

51-51: Kotlin setup support added

The addition of setup-kotlin: 'true' aligns with the broader changes across workflow files to support Kotlin analysis.

lib/git-utils.test.js (4)

49-52: Good test for edge case handling

This test properly verifies that the function throws an error when given an empty string, which is important for robustness.

53-66: Thorough test for PR reference handling

This test comprehensively verifies the behavior when handling merge PR references with matching SHA values.

137-150: Input validation tests are well structured

These tests properly ensure that the function validates its inputs correctly, confirming that both 'ref' and 'sha' inputs are required together.

Also applies to: 151-164

238-252: Great test coverage for file path decoding

Comprehensive test cases covering both quoted and unquoted strings, including various escape sequences, which is crucial for correctly handling Git file paths.

Also applies to: 253-267

.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml (3)

31-31: Version updated to default

Changed from a specific version (stable-v2.14.6) to the more maintainable default option, which will automatically use the latest stable version.

35-35: Permissions reduced following principle of least privilege

The permission for security-events has been changed from write to read. This follows security best practices by granting only the minimum necessary access.

47-47: Kotlin setup support added

The addition of setup-kotlin: 'true' is consistent with changes across other workflow files to standardize Kotlin analysis support.

.github/workflows/__config-input.yml (3)

31-31: Version changed to linked

Changed from latest to linked version, which likely ensures consistent tool versions across different parts of the workflow.

35-35: Permissions reduced following principle of least privilege

The permission for security-events has been changed from write to read. This enhances security by limiting permissions to only what's necessary.

47-47: Kotlin setup support added

The addition of setup-kotlin: 'true' aligns with the broader standardization of Kotlin analysis support across the codebase.

.github/workflows/__extract-direct-to-toolcache.yml (4)

1-5: Auto-generated header is correctly included.
The header and instructions clearly indicate that this file is generated automatically and should not be modified directly.

6-9: Workflow name and environment variables set appropriately.
Defining the workflow as "PR Check - Extract directly to toolcache" along with the necessary environment variables (GITHUB_TOKEN and GO111MODULE) is clear and correct.

10-24: Trigger events are well-specified.
The triggers (push, pull_request, schedule, and workflow_dispatch) cover the required branches and event types. No issues detected.

94-97: Final environment variables for the job are set consistently.
Setting CODEQL_ACTION_EXTRACT_TOOLCACHE and CODEQL_ACTION_TEST_MODE at the job level is a proper way to ensure downstream steps receive these flags.

.github/workflows/__build-mode-autobuild.yml (5)

1-5: Auto-generated file header confirmed.
The header provides the necessary directions regarding regeneration.

33-35: Updated job permissions enhance security.
Changing security-events permission from a higher privilege (write) to read-only follows the principle of least privilege.

41-47: Inclusion of Kotlin setup is explicit.
The addition of the setup-kotlin: 'true' input in the “Prepare test” step ensures that Kotlin is now explicitly configured. This aligns with your broader CI/CD updates.

48-53: Test repository preparation step review.
The commands under "Set up Java test repo configuration" move files as expected. Just verify that the relative paths and source contents match the repository structure for all scenarios.

🧰 Tools

🪛 actionlint (1.7.4)

49-49: shellcheck reported issue in this script: SC2035:info:1:4: Use ./glob or -- glob so names with dashes won't become options

(shellcheck)

54-72: Database initialization and validation steps are properly defined.
The steps to initialize with ./../action/init, validate the database build mode via parsing the YAML file, and ensure proper error reporting are implemented correctly.

.github/workflows/__build-mode-manual.yml (4)

1-5: Header section is appropriately auto-generated.
No issues with the header and instructions; they clearly state that the file is generated from templates.

33-35: Security permissions updated in manual build mode.
Changing the security-events permission to read helps restrict unnecessary write access and is in line with improved security practices.

41-47: Kotlin setup flag added consistently.
The addition of setup-kotlin: 'true' in the “Prepare test” step guarantees that Kotlin is explicitly configured in manual build mode.

48-63: Database build mode validation is executed correctly.
The steps that initialize the build and subsequently validate that the build mode is “manual” by parsing and checking the configuration file are clear and effective.

.github/actions/check-codescanning-config/action.yml (2)

60-67: Using environment variables in the "Check config" step enhances clarity.
Replacing direct input passing with the environment variable EXPECTED_CONFIG_FILE_CONTENTS makes the command invocation cleaner and separates configuration from command logic.

67-73: Cleanup step uses consistent environment variable usage.
Updating the cleanup commands to reference $RUNNER_TEMP instead of ${{ runner.temp }} ensures consistency throughout the workflow.

.github/workflows/__rust.yml (9)

1-5: Auto-generated header for Rust analysis workflow is in order.
The header instructions clearly state that the file should not be manually modified.

6-9: Workflow naming and environment variables are set correctly.
The workflow is aptly named "PR Check - Rust analysis" and key environment variables like GITHUB_TOKEN and GO111MODULE are configured properly.

10-23: Trigger configuration is consistent with other workflows.
The triggers (push, pull_request, schedule, and manual dispatch) are appropriately defined.

25-35: Matrix configuration covers multiple Rust versions.
Having multiple configurations for version (linked, default, nightly-latest) ensures comprehensive Rust analysis testing.

37-40: Job permissions are secured.
The permissions (contents: read and security-events: read) are set with minimal necessary access.

43-51: Repository checkout and test preparation are correctly implemented.
The checkout step and the subsequent “Prepare test” step using the custom action (with setup-kotlin: 'true' even for Rust) appear to be leveraging a unified test preparation routine. If Kotlin setup is shared among multiple languages, this is acceptable; otherwise, ensure it does not add unnecessary overhead for Rust analysis.

52-57: Initialization step is tailored for Rust analysis.
Specifying languages: rust and setting the environment variable CODEQL_ACTION_RUST_ANALYSIS: true ensure the initialization is configured for Rust.

58-62: Analysis step and database check are robust.
The analysis action is correctly set up, and the subsequent shell step properly retrieves the Rust database location from the analysis output. The conditional check confirms that the Rust database directory exists, which is essential for validating the analysis.

63-72: Job-level environment variables are consistently applied.
Finalizing the job with CODEQL_ACTION_TEST_MODE: true ensures that test mode is enabled for the entire workflow.
.github/workflows/__with-checkout-path.yml (3)

31-35: Version specification changed from 'latest' to 'linked'

The change from "latest" to "linked" appears to be part of a standardization effort across workflows. This creates more deterministic builds, which is generally a good practice to avoid unexpected behavior due to version changes.

51-51: Kotlin setup added

The addition of the setup-kotlin parameter aligns with the PR's focus on enhancing Kotlin support throughout the codebase.

39-39:
✅ Verification successful

Security permission downgraded

The permission for security-events has been reduced from "write" to "read". Verify that this workflow doesn't require write permissions for security-events.

🏁 Script executed:
#!/bin/bash
# Check if this workflow uses any actions that might require security-events write permission
grep -r "upload-sarif" .github/workflows/__with-checkout-path.yml
Length of output: 65

Security permission downgrade verification:

The workflow file (.github/workflows/__with-checkout-path.yml) has been updated so that the security-events permission is now set to read rather than write. Our verification scripts did not find any instances of explicitly elevated permissions (i.e. no occurrences of "security-events: write" or references to actions such as actions/upload-sarif that typically require write access) in this workflow file.

Please ensure manually that no future steps or external integrations in this workflow require write access to security events before merging.

🏁 Script executed:
#!/bin/bash
# Verify that the workflow doesn't contain any instance of write permission on security-events 
# or usage of actions that might require elevated permissions (such as actions/upload-sarif).

echo "Searching for any explicit 'security-events: write' entries:"
grep -R "security-events: write" .github/workflows/__with-checkout-path.yml

echo -e "\nSearching for usage of 'actions/upload-sarif':"
grep -R "actions/upload-sarif" .github/workflows/__with-checkout-path.yml
Length of output: 403
Security Permission Check Passed

The workflow file (.github/workflows/__with-checkout-path.yml) now sets security-events to read, and our additional searches did not reveal any references to "security-events: write" or usage of actions like actions/upload-sarif that might require write permissions. Please double-check manually to ensure that no future steps depend on write access to security-events.
lib/environment.js (3)

46-52: Added new environment variables for version deprecation and SIP status

These environment variables enhance the functionality by tracking when version deprecation errors are logged and checking System Integrity Protection status on macOS.

58-59: Added environment variable for SARIF results output directory

This addition improves configuration flexibility by allowing the output directory for SARIF results to be specified via an environment variable.

85-95: Added environment variables for dependency caching

These additions provide alternative ways to configure dependency caching, which is especially useful for testing scenarios where multiple caches are needed in the same repository.

.github/workflows/__submit-sarif-failure.yml (4)

31-31: Version specification changed from 'latest' to 'linked'

The version change aligns with the standardization effort seen in other workflow files.

39-40: Added clarifying comment for security-events permission

Good documentation addition explaining why write permission is needed for security-events in this workflow.

52-52: Kotlin setup added

Similar to other workflow files, the setup-kotlin parameter has been added for consistent Kotlin support.

57-57: Updated tools parameter to use prepare-test output

This change ensures consistency in tool versions used throughout the workflow.
lib/database-upload.js (4)

36-36: Fixed exports statement

Changed from exports.uploadDatabases = void 0; to properly export the function.

41-41: Added import for gitUtils module

Indicates refactoring to move Git-related functionality to a specialized module.

49-52: Added test mode check

This improvement skips database upload when in test mode, which is appropriate for testing environments.

59-59:
✅ Verification successful

Migrated from actionsUtil to gitUtils

Git-related functions have been moved from actionsUtil to a more specialized gitUtils module, improving code organization.

Also applies to: 83-83

🏁 Script executed:
#!/bin/bash
# Verify that the gitUtils functions have equivalent implementations to the original actionsUtil functions
echo "Checking isAnalyzingDefaultBranch implementation:"
grep -A 10 "isAnalyzingDefaultBranch" lib/git-utils.js

echo -e "\nChecking getCommitOid implementation:"
grep -A 10 "getCommitOid" lib/git-utils.js

echo -e "\nComparing with original actionsUtil implementations:"
grep -A 10 "isAnalyzingDefaultBranch\|getCommitOid" lib/actions-util.js
Length of output: 4357
Migration Verified: gitUtils Functions in Place
The verification confirms that the implementations for isAnalyzingDefaultBranch and getCommitOid now reside in lib/git-utils.js and no longer appear in lib/actions-util.js. This migration correctly centralizes Git-related functionality to the specialized gitUtils module. The changes in both line 59 and 83 of lib/database-upload.js are consistent with this update.
.github/workflows/__zstd-bundle.yml (1)

45-51: Confirm Kotlin Setup Configuration

The inclusion of setup-kotlin: 'true' in the "Prepare test" step is consistent with the broader integration of Kotlin across workflows. Please verify that downstream steps (such as tool initialization) work seamlessly with this configuration.

.github/workflows/__export-file-baseline-information.yml (3)

38-39: Review Permissions Update

The change of the security-events permission to read helps tighten security. Please ensure that this lower permission level does not adversely affect any functionality that might rely on write access if such operations are expected.

49-51: Addition of Kotlin Setup Step

Adding setup-kotlin: 'true' in the "Prepare test" step enforces a consistent Kotlin environment. Verify that any components previously relying on a Python setup are updated accordingly.

57-60: Validate Swift Setup Condition

The conditional execution of the Swift setup (for macOS only) appears well implemented. Please confirm that the action path (./../action/.github/actions/setup-swift) is correct and maintained for future updates.

.github/workflows/__all-platform-bundle.yml (3)

34-35: Permissions Update Review

Updating the security-events permission to read aligns with current security best practices. Make sure that this access level is sufficient for all operations within this workflow.

44-47: Kotlin Setup Integration

The addition of setup-kotlin: 'true' in the "Prepare test" step ensures consistency with the new Kotlin integration strategy. Confirm that this does not unintentionally impact any previous assumptions about the test environment.

51-52: Languages List Exclusion Note

The explicit listing of languages—excluding Swift for non-macOS scenarios—works well here. Please review that this exclusion is intentional and matches the capabilities of the target environments.

.github/workflows/__cpp-deptrace-enabled-on-macos.yml (2)

33-35: Permissions Update for macOS Job

Changing the security-events permission to read is a sensible security improvement. Ensure that this adjustment does not affect any expected write operations within the C/C++ dependency installation process.

41-47: Kotlin Setup Parameter Addition

Introducing setup-kotlin: 'true' in the "Prepare test" step helps standardize the environment even for macOS jobs. Please double-check that all necessary Kotlin-related dependencies are properly initialized.

.github/workflows/__extractor-ram-threads.yml (3)

30-31: Matrix Version Update

The matrix version has been updated to linked. Verify that all dependent actions and tools are compatible with this version setting to ensure consistent behavior across runs.

33-35: Permissions Adjustment Review

Changing the security-events permission from write to read is a positive security-oriented change. Ensure that this level of permission continues to support any operations that might require reading security events data.

45-47: Addition of Kotlin Setup

The addition of setup-kotlin: 'true' in the "Prepare test" step helps unify the processing environment with the updated Kotlin integration across workflows. This change appears consistent and beneficial.

.github/workflows/__split-workflow.yml (3)

31-33: Matrix Version Update to 'linked'

The matrix entries for ubuntu-latest and macos-latest now use version: linked. This change appears intentional to direct the workflow toward a consolidated release configuration. Please verify that downstream steps and tooling correctly interpret the new version value.

45-45: Updated Job Permissions for Security Events

Changing the security-events permission from write to read improves security. Confirm that none of the workflow steps require write access to security events.

57-57: Addition of the setup-kotlin Parameter

Introducing setup-kotlin: 'true' in the Prepare test step aligns with the PR’s move toward Kotlin integration. Ensure that the corresponding action properly initializes Kotlin.

.github/workflows/__remote-config.yml (3)

30-33: Matrix Configuration Simplification

The job matrix now includes one entry with version: linked and one with version: nightly-latest for ubuntu-latest. This consolidation streamlines the configuration while still testing multiple release channels. Please confirm that this setup meets your intended test coverage.

37-37: Updated Job Permissions for Security Events

Modifying the permission to security-events: read enforces a more restrictive access level. Verify that this change does not conflict with any steps expecting broader permissions.

49-49: Inclusion of setup-kotlin in Prepare Test

Adding setup-kotlin: 'true' continues the theme of Kotlin integration. Ensure that subsequent steps are adapted to work with or without Kotlin setup as needed.

.github/workflows/__config-export.yml (4)

30-35: Matrix Version Updates for Config Export Workflow

The matrix now uses version: linked for ubuntu-latest, macos-latest, and windows-latest alongside entries for nightly versions. This dual configuration helps cover multiple release scenarios. Make sure that the testing environment and artifact management correctly handle these version types.

45-45: Job Permissions Adjustment

Updating security-events permission to read is a positive change for tighter access control. Confirm that all workflow tasks continue to perform as expected with the reduced permission.

57-57: setup-kotlin Parameter Inclusion

The addition of setup-kotlin: 'true' in the Prepare test step is consistent with the overall Kotlin integration strategy. Ensure that any dependencies on Kotlin in later steps are documented and tested.

68-68: Artifact Action Upgrade

The upgrade from actions/upload-artifact@v3 to @v4 is a welcome update. Verify that the new version’s behavior and syntax match your requirements, especially regarding artifact retention and path handling.

.github/actions/prepare-test/action.yml (5)

5-7: Updated Version Input Description

The version input description now clearly lists the new acceptable values (including 'linked' and 'stable-vX.Y.Z'), which improves user guidance.

11-14: New Input Parameter for Kotlin Setup

The addition of the setup-kotlin input parameter (defaulting to 'true' and marked as required) is well implemented, fulfilling the PR objective of enabling Kotlin setup.

35-41: Simplified Tools URL Determination for 'linked' and 'default'

The early exit logic for the linked and default version cases is clear and concise. Just ensure that downstream steps can handle an empty tools-url in the default case.

43-47: OS-specific Artifact Extension Handling

The conditional setting of the file extension to tar.zst for non-Windows runners when using nightly-latest is a good optimization. Verify that the extension choice aligns with your artifact hosting and extraction expectations.

76-80: Kotlin Setup Action Integration

The new step to set up Kotlin using fwilhe2/setup-kotlin@9c245a6425255f5e98ba1ce6c15d31fce7eca9da executes based on the setup-kotlin input and appears correctly integrated.

.github/workflows/__packaging-config-js.yml (4)

31-35: Matrix Version Updates for Packaging Config

Switching the version value to linked for the initial entries (across Ubuntu, macOS, and Windows) promotes consistency with other workflows. Confirm that the remaining entries (default and nightly-latest) are still being exercised as intended.

51-51: Updated Permissions for Security Events

The change to security-events: read reflects a move toward more restrictive permissions, enhancing security. Make sure that this does not inadvertently impact any processes expecting write permissions.

63-63: Inclusion of setup-kotlin in Prepare Test

Adding setup-kotlin: 'true' in the Prepare test step is in line with the overall Kotlin integration strategy and is implemented consistently with other workflow files.

81-83: Query Run Configuration Verification

The queries-run field now lists comma-separated query identifiers. Please verify that the order and formatting match what the subsequent SARIF check expects.

.github/workflows/__test-proxy.yml (3)

31-33: Matrix strategy updated to use specific version identifiers

The matrix has been updated to use 'linked' instead of 'latest' and added 'nightly-latest' as an additional configuration. This provides more explicit versioning control and allows testing against both stable and development builds.

37-37: Permission scope reduced for security-events

Changing from 'write' to 'read' follows the principle of least privilege, which is a security best practice. This ensures the workflow only has the minimum necessary permissions.

61-61: Kotlin setup explicitly disabled

The setup-kotlin parameter has been added and set to 'false', explicitly disabling Kotlin setup for this workflow. This aligns with other changes in the PR that seem to be making Kotlin setup more configurable.

.github/workflows/debug-artifacts-safe.yml (1)

1-98: New workflow for verifying debug artifacts is well-structured

This new workflow effectively tests that debug artifacts (logs, SARIF files, and database bundles) are correctly generated and uploaded. The implementation with matrix strategy for different versions and the verification script is well designed.

The script properly checks for artifacts across multiple language types and versions, which helps ensure robustness of the debugging capability.

.github/workflows/__packaging-inputs-js.yml (4)

31-35: Matrix strategy updated to use specific version identifiers

Consistent with other workflow changes, the version values have been changed from 'latest' to 'linked', providing more explicit versioning control.

51-51: Permission scope reduced for security-events

Reducing permissions from 'write' to 'read' follows the principle of least privilege, enhancing security by limiting the workflow to only what it needs.

63-63: Kotlin setup explicitly enabled

The setup-kotlin parameter has been added and set to 'true', enabling Kotlin setup for this workflow. This is the opposite of what was done in the test-proxy workflow, suggesting different requirements for different workflows.

81-82: Query formatting improved for readability

The queries-run parameter has been reformatted with proper indentation while maintaining the same content, improving readability.

lib/analyze.test.js (3)

117-117: Updated runQueries function call with additional parameter

The runQueries function call now includes an additional undefined parameter, which suggests a change in the function signature in the analyze.js file.

119-119: Added analysis_is_diff_informed field to status report

The status report verification now includes the "analysis_is_diff_informed" field, which indicates that diff-aware analysis capabilities have been added to the system.

132-315: Comprehensive test suite for diff range calculations

Excellent addition of extensive test cases for the getDiffRanges function. The tests cover various scenarios including:

Unchanged files

Large diffs

Single addition/deletion ranges

Updates

Mixed ranges

Multiple diff thunks

Edge cases with malformed headers

This thorough testing approach will help ensure the diff-informed analysis works correctly across different scenarios.

CHANGELOG.md (1)

7-20: Overall Changelog Entry Quality – Lines 7-20
The new changelog entries are comprehensive and detail a diverse range of updates—from version bumps and bug fixes to feature deprecations. Please ensure that similar clarity is maintained throughout the file and that any automated formatting (if applicable) adheres to the style guidelines for typographical elements.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.10 - 21 Feb 2025 - U...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

.github/workflows/__ruby.yml (3)

31-32: Matrix Version Update – Lines 31-32
The job matrix now uses version: linked for both ubuntu-latest and macos-latest configurations. This appears to be a deliberate move to standardize the CodeQL tool version selection across platforms. Please verify that this update aligns with the intended dependency management strategy.

44-46: Updated Job Permissions – Lines 44-46
The change from more permissive settings to security-events: read reflects a tighter security posture. Ensure that this updated permission level is sufficient for all diagnostic and reporting functionality required by the Ruby analysis workflow.

57-57: Explicit Kotlin Setup Parameter – Line 57
Introducing the setup-kotlin: 'true' parameter in the “Prepare test” step is a clear and beneficial change. This explicit configuration should help streamline Kotlin setup across workflows.

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml (3)

31-32: Matrix Version Revision – Lines 31-32
The matrix now specifies version: default (instead of a value like stable-v2.14.6). This adjustment seems to simplify the configuration and should be verified against the overall versioning strategy.

34-35: Updated Security Permissions – Lines 34-35
Changing security-events permission from write to read reflects a move toward a more secure, least-privilege approach. Confirm that no required functionality is impaired by this permission reduction.

47-47: Addition of Kotlin Setup Flag – Line 47
The inclusion of setup-kotlin: 'true' in the Prepare test step clarifies the intent to perform Kotlin setup. This consistency across workflows is beneficial.

.github/workflows/codeql.yml (3)

26-28: Revised Permissions in Version Check Job – Lines 26-28
The permissions for the check-codeql-versions job now set contents: read. This more restrictive permission model is appropriate for a job that only needs to inspect the repository contents and should be consistent with your evolving security standards.

78-79: Expanded OS Matrix in Analyze-JavaScript – Lines 78-79
The update to the OS matrix (including entries such as macos-13 and macos-14) suggests enhanced platform coverage. Please verify that all selected operating systems and their associated tool configurations have been validated.

105-115: Introduction of the Analyze-Actions Job – Lines 105-115
Adding a new job (analyze-actions) dedicated to analyzing GitHub Actions (using a custom configuration file) is a positive move toward modularizing your workflows. Ensure that this new job is thoroughly tested and that its permissions (contents: read, security-events: write) are adequate for its tasks.

.github/workflows/__unset-environment.yml (4)

30-33: Matrix Configuration Refined – Lines 30-33
The matrix in this workflow now focuses on Ubuntu configurations with versions linked and nightly-latest, shifting away from multiple macOS configurations. This simplification should streamline test execution; please confirm that it meets your cross-platform testing requirements.

36-37: Tighter Security Permissions – Lines 36-37
Reducing security-events permissions from write to read helps to enforce a least-privilege model. Verify that proper access is maintained for all diagnostic features within this workflow.

49-49: New Kotlin Setup Parameter – Line 49
The addition of setup-kotlin: 'true' in the “Prepare test” step is consistent with changes in other workflows and explicitly enables Kotlin configuration. This addition is clear and seems beneficial.

61-63: Build Command Environment Isolation – Lines 61-63
The modified build command using env -i PATH="$PATH" HOME="$HOME" ./build.sh effectively clears the environment to prevent leakage of unintended variables. Please double-check that no necessary environment variable is omitted and that the build process remains robust in Ubuntu.

.github/workflows/__cpp-deptrace-enabled.yml (3)

31-31: Verify that the new version reference is valid.

Changing version to "linked" may require verification that this version label is supported by the environment or tooling.

39-39: Reduced permission is a positive security measure.

Switching security-events to read eliminates write privileges and lowers potential risk.

51-51: Ensure Kotlin setup is needed for C/C++ workflow.

Confirm that Kotlin is required here, as enabling Kotlin support in a C/C++ dependency workflow might introduce unnecessary overhead if it's not being utilized.

lib/caching-utils.js (1)

28-28: Ignore suggestion to use optional chain here.

The static analysis tool suggests changing this line to use an optional chain, but this appears to be standard TypeScript transpiled boilerplate. Adjusting this manually could break the generated runtime helpers.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

.github/workflows/__swift-custom-build.yml (3)

31-31: Verify correctness of 'linked' version usage.

Ensure that the linked label aligns with your intended Swift version or build environment.

39-39: Reducing permission is good security practice.

Switching security-events to read decreases the workflow's authorization scope.

51-51: Confirm Kotlin setup in Swift workflow.

Verify that Kotlin is actually needed in this Swift workflow. If not, it might be more efficient to omit the Kotlin setup step.

lib/database-upload.test.js (2)

47-47: Added new import for git utilities

This import supports the refactoring that moves Git-related functionality to a dedicated module.

89-89: Git functionality moved to a dedicated module

The function isAnalyzingDefaultBranch has been consistently moved from actionsUtil to gitUtils across all usages, which is a good refactoring that centralizes Git-related utilities in a dedicated module.

Also applies to: 104-104, 121-121, 135-135, 156-156, 176-176
.github/workflows/__packaging-codescanning-config-inputs-js.yml (3)

63-63: Added Kotlin setup support

A new parameter setup-kotlin: 'true' has been added, indicating that Kotlin setup is now explicitly required for this workflow.

31-31:
✅ Verification successful

Matrix version updated from 'latest' to 'linked'

The matrix version has been changed from "latest" to "linked" for all operating systems, which may affect which version of dependencies or tools are used in the workflow.

Also applies to: 33-33, 35-35

🏁 Script executed:
#!/bin/bash
# Look for any documentation or code that explains the 'linked' version type
grep -r "version: linked" --include="*.yml" .github/
grep -r "linked" --include="*.md" .
Length of output: 8986
Matrix version update confirmed and documented

The change from "latest" to "linked" has been verified across our GitHub workflow files (e.g., in __packaging-codescanning-config-inputs-js.yml) and aligns with our documented update in the CHANGELOG. This update is intentional to ensure that the workflows use the tools distributed with the action release, which may alter dependency resolutions. No further modifications are required for this update.

Verified usage in multiple workflow files confirms consistency.

Refer to the changelog (commit [Add option tools: linked for tools input of init action. github/codeql-action#2281]) for the rationale behind the renaming.

51-51:
✅ Verification successful

Security permission reduced from write to read

The permission for security-events has been changed from "write" to "read", making the workflow more restrictive following the principle of least privilege.

🏁 Script executed:
#!/bin/bash
# Check if this workflow really needs write permissions by looking for operations that might require it
grep -r "security-events: read" --include="*.yml" .github/workflows/
grep -r "upload-sarif" --include="*.yml" .github/workflows/__packaging-codescanning-config-inputs-js.yml
Length of output: 4162
Security permissions update verified: "read" is appropriate

The change in permission from "write" to "read" for security-events in the __packaging-codescanning-config-inputs-js.yml file now aligns with our least-privilege policy. The repository-wide search confirms that all workflows, including this one, uniformly apply security-events: read. Additionally, the absence of any upload-sarif (or similar write-dependent operations) in this file supports that no write access is needed.

Verified that the configuration uses "read" across similar workflows.

Confirmed no instances of write-dependent operations (e.g., upload-sarif) exist in __packaging-codescanning-config-inputs-js.yml.
.github/workflows/__go-indirect-tracing-workaround.yml (3)

35-35: Security permission reduced from write to read

The permission for security-events has been changed from "write" to "read", making the workflow more restrictive.

47-47: Added Kotlin setup support

A new parameter setup-kotlin: 'true' has been added, indicating that Kotlin setup is now explicitly required for this workflow.

31-31:
❓ Verification inconclusive

Matrix version changed from specific version to 'default'

The version has been updated from a specific version string "stable-v2.14.6" to the generic "default", which may simplify maintenance but could also change the behavior of the tests.

🏁 Script executed:
#!/bin/bash
# Check how 'default' is defined and if there are any references to it elsewhere
grep -r "version: default" --include="*.yml" .github/
grep -r "prepare-test" --include="*.yml" .github/ | grep -A 5 "version:"
Length of output: 3863
I've confirmed that the change to using "default" for the version is consistent across the repository’s GitHub workflows. In multiple files—including .github/workflows/__go-indirect-tracing-workaround.yml (line 31)—the "version: default" setting is used. However, the change from the explicit version "stable-v2.14.6" to "default" could potentially alter test behavior if the definition of "default" evolves over time. Please verify that the intended and expected configuration is still active and that the tests remain valid.

Key File: .github/workflows/__go-indirect-tracing-workaround.yml (line 31)

Observation: The specific version string was replaced with a generic "default" that is also used in other workflow files.
.github/workflows/__diagnostics-export.yml (6)

31-31: Matrix version updated to 'linked'

The matrix version has been changed to "linked" for all operating systems, which is consistent with changes in other workflow files.

Also applies to: 33-33, 35-35

45-45: Security permission reduced from write to read

The permission for security-events has been changed from "write" to "read", making the workflow more restrictive.

57-57: Added Kotlin setup support

A new parameter setup-kotlin: 'true' has been added, consistent with other workflow files, indicating a broader focus on Kotlin integration.

68-74: Simplified diagnostic addition logic

The diagnostic addition code has been simplified to add a single diagnostic entry instead of using a loop for multiple diagnostics, making the code clearer and more maintainable.

80-80: Updated upload-artifact action to v4

The actions/upload-artifact action has been updated from v3 to v4, which is a good practice to keep dependencies updated.

94-94: Simplified expected message check

The expected message has been simplified to match the changes in the diagnostic addition logic, ensuring consistent testing.

.github/workflows/__packaging-config-inputs-js.yml (3)

31-35: Matrix version standardization

The matrix version has been changed from 'latest' to 'linked' for all operating systems. This provides more consistent behavior by linking the versions across different environments.

51-51: Security permission scope narrowed

The workflow permissions for security-events have been reduced from write to read, following the principle of least privilege. This is a good security practice.

63-63: Kotlin support enabled

Added explicit Kotlin setup which aligns with the removal of the CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN environment variable mentioned in the summary.

.github/workflows/__rubocop-multi-language.yml (3)

35-35: Security permission scope narrowed

The workflow permissions for security-events have been reduced from write to read, following the principle of least privilege. This is a good security practice.

47-47: Kotlin support enabled

Added explicit Kotlin setup which aligns with the removal of the CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN environment variable mentioned in the summary.

49-49: Ruby setup action pinned to specific commit

The Ruby setup action has been pinned to a specific commit hash rather than using a version tag, providing better stability and reproducibility.

.github/workflows/__javascript-source-root.yml (3)

31-31: Matrix version standardization

The matrix version has been changed from 'latest' to 'linked', providing more consistent behavior by linking the versions across different environments.

39-39: Security permission scope narrowed

The workflow permissions for security-events have been reduced from write to read, following the principle of least privilege. This is a good security practice.

51-51: Kotlin support enabled

Added explicit Kotlin setup which aligns with the removal of the CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN environment variable mentioned in the summary.

.github/workflows/post-release-mergeback.yml (4)

24-24: Environment specification added

Added 'Automation' environment which helps manage environment-specific secrets and variables.

30-33: Explicit permissions added

Explicit write permissions for contents and pull-requests have been added, which are required for creating tags, pushing commits, and managing PRs. This adheres to GitHub's recommended practice of declaring minimal required permissions.

116-125: Changelog preparation automation added

Added a step to automatically prepare a partial changelog based on the current version, improving the release process automation.

🧰 Tools

🪛 actionlint (1.7.4)

120-120: shellcheck reported issue in this script: SC2086:info:1:80: Double quote to prevent globbing and word splitting

(shellcheck)

120-120: shellcheck reported issue in this script: SC2086:info:4:5: Double quote to prevent globbing and word splitting

(shellcheck)

170-188: GitHub release automation added

Added steps to generate a GitHub App token and create a GitHub release, which streamlines the release process. The release is explicitly set not to be marked as latest, which is important for maintaining the correct latest release.

lib/config-utils.test.js (5)

18-34: Improved module import handling

The __importStar function has been refactored to use a more robust method for retrieving property names from modules. This includes fallback logic when Object.getOwnPropertyNames is not available.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

46-46: New caching utilities imported

Added import for caching utilities, which is used for new dependency caching functionality.

67-67: Dependency caching configuration added

Added new property for dependency caching configuration, which enhances the build pipeline efficiency.

301-301: Test expectation updated for dependency caching

Updated test expectation to include the new dependency caching property, ensuring tests remain in sync with implementation changes.

780-815: Test refactoring for better maintainability

Individual test cases for Java and C# have been refactored into a parameterized loop that tests feature flags for disabling buildless analysis. This improves code maintainability by reducing duplication and makes it easier to add similar tests for other languages in the future.

README.md (2)

42-59: Clear explanation of build modes

The new "Build Modes" section effectively explains the different build modes available and their implications. The addition of "Which build mode should I use?" subsection provides valuable guidance to users based on their language and project needs.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~46-~46: Loose punctuation mark.
Context: ...The available build modes are: - none: The database will be created without bu...

(UNLIKELY_OPENING_PUNCTUATION)

[uncategorized] ~47-~47: Loose punctuation mark.
Context: ...d some compiled languages. - autobuild: The database will be created by attempt...

(UNLIKELY_OPENING_PUNCTUATION)

[style] ~47-~47: Style-wise, it’s not ideal to insert an adverb (‘automatically’) in the middle of an infinitive construction (‘to build’). Try moving the adverb to avoid split infinitives.
Context: ...build`: The database will be created by attempting to automatically build the source code. Available for all compiled languages. ...

(SPLIT_INFINITIVE)

[uncategorized] ~48-~48: Loose punctuation mark.
Context: ...e for all compiled languages. - manual: The database will be created by buildin...

(UNLIKELY_OPENING_PUNCTUATION)

71-76: Helpful version compatibility table

The added table of minimum CodeQL Action and Bundle versions provides clear guidance on compatibility requirements, which is valuable for users on different GitHub Enterprise Server versions.

lib/fingerprints.js (3)

18-34: Enhanced module import implementation

The updated __importStar implementation adds a more robust way of retrieving property names from module objects with the ownKeys helper function. This ensures all enumerable properties are properly bound to the result object.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

39-41: Export statement style improvement

The export statements have been rearranged to directly export each function after its definition, which is a more maintainable approach.

252-252: Improved documentation reference

Replacing the hardcoded documentation URL with a reference from the doc_url_1 module improves maintainability by centralizing documentation references.
.github/workflows/__go-tracing-autobuilder.yml (5)

38-49: Updated matrix with newer Go versions

Good update replacing older Go versions with newer ones (stable-v2.17.6, stable-v2.18.4, stable-v2.19.4), keeping the workflow current with the latest supported versions.

55-57: Version reference change from "latest" to "linked"

The version reference has been changed from "latest" to "linked", which likely affects how the latest version is resolved.

Please verify that this change is intentional and that any code depending on the "latest" version reference has been updated to work with "linked" instead.

77-77: Added Kotlin setup

The addition of Kotlin setup is consistent with the removal of the CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN environment variable mentioned in the AI summary, suggesting improved Kotlin support.

80-80: Updated Go version

Good update from Go 1.22.0 to 1.24.0, keeping the workflow current with the latest Go version.

65-65:
❓ Verification inconclusive

Security events permission change from write to read

The permissions for security-events have been downgraded from write to read.

This change could potentially impact functionality if the workflow needs to write security events. Please verify this doesn't break any required functionality.

🏁 Script executed:
#!/bin/bash
# Check if any actions in the workflow need write access to security-events
rg -i "security-events.*write" .github/
# Check if the analyze action documentation mentions write permissions
rg -i "security-events.*permission" action/analyze/
Length of output: 470
Attention: Inconsistent Security Events Permission Configuration

In .github/workflows/__go-tracing-autobuilder.yml (line 65), the permission for security-events has been downgraded from write to read. However, searches reveal that other workflows—such as those in __submit-sarif-failure.yml, codeql.yml, and pr-checks.yml—still specify security-events: write (e.g., needed to upload SARIF files or ESLint results). This inconsistency could lead to functionality issues if the tracing autobuilder workflow actually requires write access.

Action Required: Please verify that the tracers in __go-tracing-autobuilder.yml do not rely on write access for security events. If this permission change is intentional, consider adding a code comment to clarify the difference. Otherwise, update the permissions for consistency.
.github/workflows/__test-local-codeql.yml (3)

35-35: Security events permission change from write to read

The permissions for security-events have been downgraded from write to read, similar to other workflow files.

This permission change could potentially impact functionality if the workflow needs to write security events. Please verify this is intentional and doesn't break any required functionality.

47-47: Added Kotlin setup

The addition of Kotlin setup is consistent with other workflow changes in this PR, suggesting improved Kotlin support across the codebase.

58-59: Clarified Swift support and updated tools format

The added comment about Swift not being supported on Ubuntu is helpful for clarity. The tools path has been updated to use the .tar.zst format instead of .tar.gz.

Please verify that all related scripts and documentation have been updated to handle the new .tar.zst format instead of .tar.gz.

lib/debug-artifacts.test.js (6)

18-34: Consider ignoring or refactoring auto-generated code.
The changes to __importStar within these lines appear to be compiler-generated. Modifying them may introduce merge conflicts or be overwritten in future builds.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

41-47: Good test coverage for sanitizeArtifactName.
The assertions effectively validate sanitization. No concerns identified.

49-63: Checks for empty artifacts list are well-handled.
The test correctly verifies the "no-artifacts-to-upload" scenario without raising errors.

64-73: Validation of artifact upload behavior with no CodeQL version.
This scenario ensures fallback logic is tested. Looks consistent.

74-83: Sufficient coverage for newer CodeQL versions.
Properly tests the upload path for “new” CodeQL versions.

84-91: Correct avoidance of uploads for older CodeQL versions.
The test accurately checks the “upload-not-supported” outcome.

.github/workflows/__multi-language-autodetect.yml (6)

32-61: Expanded matrix entries for multiple versions and OSes.
Ensures broader test coverage across macOS/Ubuntu with stable and nightly CodeQL versions.

65-65: Reduced permissions are a good security practice.
Switching security-events to read follows principle of least privilege.

77-77: Kotlin setup parameter added.
This flag likely helps test Kotlin projects consistently. Looks good.

86-87: Conditionally specifying languages for Linux.
Empty string for non-Linux runners is intentional. No issues noted.

91-91: Swift setup restricted to macOS.
Matches the platform constraints.

143-144: Swift-specific check only on macOS.
Appropriately verifies Swift DB creation in the correct environment.

lib/init-action-post-helper.test.js (6)

18-34: Auto-generated import code.
These changes to __importStar are typically generated by the TypeScript compiler. Manual edits risk being lost.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

66-69: Debug mode off test.
Correctly verifies that uploadAllAvailableDebugArtifacts is not invoked.

77-78: Debug mode on test.
Ensures the debug artifact upload path is triggered.

324-324: Updated CodeQL test version.
Raising the test version to “2.17.6” aligns with newer CodeQL releases.

329-329: Stubbing artifact upload.
This approach helps isolate and confirm behavior without networking.

346-358: Validation of export calls and upload flows.
The assertions accurately verify that diagnostics exports are called as expected, and SARIF uploads are conditionally handled.

lib/analyze-action-post.js (2)

18-34: Compiler-generated import helpers.
Edits here risk being overwritten on rebuilds if this is TypeScript transpiled code.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

42-68: Post-action logic handles optional SARIF uploads.
By restoring inputs and checking INIT_ACTION_HAS_RUN, the code selectively uploads SARIF for first-party runs. Error handling with getErrorMessage is also clear.

lib/autobuild.js (7)

18-34: No changes needed to the standard import polyfill.
This appears to be a typical helper snippet, and the static analysis suggestion to use optional chaining is likely a false positive.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

36-38: Exports look good.
These exports are straightforward and consistent with the rest of the code.

43-43: Import statement is fine.
No issues noted with introducing doc_url_1.

54-55: Logging message update is clear.
No concerns with these lines referencing the documentation URL.

118-118: Reference to manual build steps URL is appropriate.
No issues with the documentation link usage.

147-147: New runAutobuild function is consistent.
The function signature and usage fit well with the existing build logic.

154-154: Feature-based condition appears correct.
No concerns—feature detection is consistent with the rest of the code.

lib/actions-util.js (11)

18-34: No changes needed to the standard import polyfill.
The suggestion to use optional chaining here is likely a false positive.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

36-37: Export statement reordering is fine.
Everything looks aligned with the codebase’s export usage.

56-56: @actions/io import is correct.
No issues found with bringing in this module.

58-58: ESLint directive is acceptable.
No concerns—this comment clarifies lint exceptions.

222-222: Use of io.which for locating 'file' command is good.
Error handling in the surrounding code is sufficient.

250-252: isSelfHostedRunner check appears correct.
This logic succinctly detects self-hosted runners.

253-256: isDefaultSetup is straightforward.
Cleanly checks the event name.

257-259: prettyPrintInvocation utility is well-implemented.
Handles spaces in arguments effectively.

260-280: CommandInvocationError class offers clear errors.
Captures the last line from stderr and exit code for better diagnostics.

297-328: runTool executes commands with buffering logic.
Stderr is capped, and non-zero exit codes are suitably handled.

332-354: Persisting and restoring inputs is implemented cleanly.
The mechanism for saving/restoring environment variables is straightforward.

lib/debug-artifacts.js (11)

18-34: No changes needed to the standard import polyfill.
Likely a standard helper.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

39-39: Export for sanitizeArtifactName is fine.
No concerns with exporting this function.

47-47: Import of artifact-legacy is acceptable.
No issues noted here.

54-56: Multiple imports introduced.
No concerns—this appears consistent with newly added functionality.

62-64: Documentation comment is straightforward.
No issues with the clarifying remarks.

65-66: uploadCombinedSarifArtifacts looks cohesive.
Implementation logic seems consistent with the rest of the module.

98-117: tryPrepareSarifDebugArtifact function is clear.
Properly checks for presence of SARIF and copies it if found.

118-139: Comment block for bundling logic is fine.
No concerns noted with these lines describing the approach.

146-191: tryUploadAllAvailableDebugArtifacts covers multiple artifact types well.
Logic is well-structured and consistent with DB bundling.

192-225: uploadDebugArtifacts function is thorough.
Correctly handles an empty artifact list, safe upload check, and final naming.

226-239: getArtifactUploaderClient properly distinguishes GHES vs. dotcom.
No concerns with creating either client.

lib/init-action.js (4)

18-34: Consider ignoring the optional chain suggestion.
Static analysis suggests an optional chain for this TS helper code; however, this is a standard TypeScript runtime helper. It's usually best to leave it unmodified, as generated or boilerplate code does not benefit significantly from such manual changes.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

144-145: Persisting inputs looks good.
Storing user inputs for usage in subsequent steps is a valid approach and appears properly implemented.

164-168: Verify that no sensitive data is being leaked.
Exporting the job run UUID as an environment variable is convenient, but please double-check whether any sensitive or PII data might be exposed if extended to other variables.

232-248: Ensure collected bundle download telemetry is anonymized.
The new logic for recording CodeQL bundle download telemetry and Zstandard availability is useful for diagnostic purposes. Confirm that the diagnostic data doesn’t unintentionally expose confidential project details.

lib/cli-errors.js (1)

139-141: Use regular expression literal (duplicate of prior comment).
You've already received feedback on using a literal instead of a RegExp constructor for the string "We were unable to automatically build your code".

🧰 Tools

🪛 Biome (1.9.4)

[error] 140-140: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

.github/workflows/pr-checks.yml (4)

16-35: Minimal permissions and SARIF upload logic look good.
Granting only the necessary read access to contents and adding write access to security events for ESLint SARIF upload is a security best practice. The additional SARIF upload step further improves code scanning visibility. Nicely done.

41-56: Conditional checks for push vs. main branch.
These conditions prevent unnecessary workflow runs on irrelevant pushes. This helps optimize resource usage.

81-88: Permissions restricted to read-only for the unit test job.
Limiting the permissions scope for a test job is a good principle of least privilege measure.

103-111: Conditionally verifying node versions on pull requests.
Using the if: github.event.pull_request ensures this check only runs when relevant. The added read-only permission is consistent with best practices.

lib/api-client.js (1)

39-51: Export structure updates look good.

Making the exports explicit fosters clarity in maintainability and sets a clear point of reference for future contributors. The approach is straightforward and easy to follow.

lib/git-utils.js (11)

44-72: Robust error handling during Git commands.

Your runGitCommand function demonstrates helpful logging and graceful fallback when a directory is not a valid Git repository. This helps with debugging and is a good practice in CI/automation scripts.

76-91: Graceful fallback for commit SHA retrieval.

Falling back to environment variables if Git fails is a sensible approach. This ensures that the workflow does not break unexpectedly when the repository state is unusual.

99-134: Function flow for base branch detection seems solid.

The logic to parse and confirm a valid merge commit, then extract base and head shas is straightforward. Error handling with catch returning undefined provides a safe fallback.

142-156: Controlled shallow history extension.

Deepening the repository history by one commit is a reasonable approach when the repository is shallow, and the existing logging covers failure scenarios. No issues found here.

164-171: Selective fetch usage.

Fetching only the branch in question reduces unnecessary data transfers. Error handling is similarly consistent with the rest of the script.

179-186: Repacking the repository for efficiency.

Repacking can be beneficial for repository performance. The error logging pattern is consistent, providing a clear message if something goes wrong.

195-203: Merging multiple bases gracefully.

Returning an empty array for no merge base is sensible. The command usage is appropriate, and fallback logic matches the overall style.

215-241: Comprehensive diff header extraction.

Filtering out the relevant diff lines (---, +++, @@) is a concise way to get hunk headers. The function returns undefined on failure to suit multiple usage scenarios.

250-286: Accurate file path decoding.

Handling special character encodings is necessary for many languages. This approach correctly follows core.quotePath=false semantics to avoid partial Unicode issues.

308-356: Flexible ref detection logic.

This function elegantly handles both user-provided refs and the typical Action environment. The fallback to environment variables is robust, including the scenario of analyzing the PR head commit rather than the merge commit.

367-380: Effective default-branch detection.

Checking for the environment variable override and falling back to checking the actual repository default branch is practical. No concerns found.

.github/workflows/__resolve-environment-action.yml (5)

37-41: Switch to 'linked' versions.

Changing from latest to linked can help pin a more specific environment reference. This may improve reproducibility, but ensure these linked versions are consistently maintained or updated as needed.

51-51: Reducing permissions is recommended.

Switching security-events from write to read is a good security practice following the principle of least privilege, provided the workflow does not need write-level permission here.

63-63: Kotlin setup enabled.

Enabling Kotlin in the test preparation step can broaden language coverage. Verify that subsequent steps handle Kotlin-based code correctly.

66-66: Languages pinned to Go and JavaScript/TypeScript.

Hardcoding go,javascript-typescript is simpler than conditional logic. Confirm that no other languages are impacted by removing the script-based condition.

86-86: Check if skipping JavaScript/TypeScript config is intentional.

The step fails if any JavaScript/TypeScript configuration is found. Validate that your pipeline expects no JS/TS config in this environment.

lib/analyze-action.js (13)

18-34: No issues in the polyfill logic.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

44-44: New import for GitHub context.

49-49: Added caching-utils import.

53-53: Added dependency-caching import.

66-66: No additional concerns.

78-78: Adding trap cache size to status report looks good.

151-151: Autobuild invocation appears correct.

201-202: Logic appears correct.

204-204: Query execution is well integrated.

217-217: Uploading results if 'always' is set.

232-234: Conditional dependency caching integration.

255-257: Conditional error details look coherent.

279-279: Enhanced error message construction.

lib/init-action-post-helper.js (7)

18-34: Polyfill adjustments look fine.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

36-38: Explicit export statements help clarity.

87-87: Diagnostics export call looks valid.

90-90: Uploading SARIF on failure is consistent with naming conventions.

119-119: New signature for the run function is straightforward.

145-147: Retrieving CodeQL version for subsequent operations.

150-166: Self-hosted runner cleanup code.
Removal of the database cluster directory is handled with a try/catch, which is good for resilience.

lib/config-utils.js (11)

18-34: Polyfill changes are consistent with the rest of the codebase.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

36-37: Export definitions are neatly organized.

66-66: Added import for caching utilities.

227-228: New defaultConfig function.
Implementation logic to set languages and build mode is clear.

246-246: Dependency caching setting is integrated into config.

262-262: loadConfig function addition.
Logic for remote/local config handling looks solid.

296-296: Dependency caching setting also applied in loadConfig.

425-425: Syntactically empty catch is acceptable here.

513-518: parseRegistriesWithoutCredentials function introduction.
Clean extraction of relevant fields.

686-689: Fallback to autobuild for C# is clearly communicated with a warning.

692-692: Logic for Java fallback matches pattern used for C#.

.github/workflows/__go-tracing-custom-build-steps.yml (5)

38-49: Add stable Go versions for the job matrix
Adding new stable releases like stable-v2.17.6, stable-v2.18.4, and stable-v2.19.4 expands coverage and ensures the workflow tests the latest supported lines.

55-57: Use of 'linked' instead of 'latest'
Locking to 'linked' mitigates unexpected breakages from major updates, improving build stability.

65-65: Reduced security-events permission
Transitioning from 'write' to 'read' follows the principle of least privilege, minimizing potential security risks.

77-77: Added 'setup-kotlin: true'
This ensures Kotlin components are set up early, likely to enable advanced analysis. No issues found.

80-80: Go version upgrade
Moving from ~1.22.0 to ~1.24.0 may introduce useful new features but warrants checking for potential build or dependency conflicts.

.github/workflows/__go-tracing-legacy-workflow.yml (5)

38-49: Inclusion of newer stable Go versions
Broadening test coverage with stable-v2.17.6, stable-v2.18.4, and stable-v2.19.4 keeps the legacy workflow up-to-date.

55-57: Swapped 'latest' for 'linked'
Using linked ensures a more predictable environment and prevents sudden version shifts.

65-65: Reduced security permission
Switching security-events permission to 'read' follows best practices for minimal required access.

77-77: Added Kotlin setup
Enabling Kotlin might unlock additional scanning or build tasks. Looks good.

80-80: Upgraded Go version
Bumping to ~1.24.0 can introduce performance improvements and new language features. Validate against your current codebase.

lib/codeql.js (54)

36-45: Enhanced exports
Exposing setupCodeQL and related functions supports more flexible module usage and clearer structure.

53-53: Introduced doc-url import
Referencing documentation URLs from a dedicated module can improve maintainability.

56-57: Added git-utils and languages imports
Centralizing git interactions and language definitions promotes modular design.

76-76: Increased CODEQL_MINIMUM_VERSION
Requiring at least 2.15.5 ensures users benefit from recent features. Verify older environments won't break.

80-80: Established CODEQL_NEXT_MINIMUM_VERSION
Setting this threshold signals upcoming deprecations clearly to users.

84-84: Marking GHES 3.11 as most recently deprecated
Clarifies which GHES version is past official support.

88-88: Extended GHES deprecation date
Updates the timeline to December 19, 2024, for GHES 3.11.

100-101: New cache cleanup version constant
Declaring "2.17.1" clarifies the version threshold for --cache-cleanup.

115-115: setupCodeQL now accepts 'features'
Ensure all callers provide the new parameter to avoid missing feature toggles.

117-118: Capturing download status
Storing toolsDownloadStatusReport improves troubleshooting and auditing of CLI setup.

129-129: Returning toolsDownloadStatusReport
Surfacing additional info to the caller fosters better diagnostics.

132-132: Added toolsSource
No issues; helps identify where the tools originated.

133-133: zstdAvailability
Flagging if Zstandard compression is available can optimize performance under certain conditions.

136-139: Improved error classification
Treating ENOSPC as a configuration error is user-friendly and clarifies the root cause.

185-185: betterResolveLanguages introduced
Provides a more detailed language resolution approach with --format=betterjson.

238-240: JSON version parsing
Turning off stdout streaming ensures reliable JSON processing.

253-253: Alternative version output
Same stable approach as above for consistent version checks.

257-258: databaseInitCluster
Adds robust logic for cluster-based database initialization. Looks correct.

259-260: Conditional tracing
Enabling indirect tracing only when necessary is a good performance tradeoff.

264-275: Embedded Actions extractor
Supports older CodeQL versions (<2.20.6) by bundling the extractor, ensuring compatibility.

277-279: Generate code scanning config
Programmatically building a config helps standardize scanning across environments.

284-284: Support build-mode
Conditionally adding --build-mode fosters flexible and explicit build processes.

290-293: Selective overwrite flag
Graceful fallback to --overwrite if --force-overwrite isn't supported by older CLI versions.

296-296: Annotating overwrite behavior
Ensures the correct overwrite option is passed to CodeQL on initialization.

300-303: Expanded coverage features
Using --calculate-language-specific-baseline, --extractor-include-aliases, and --sublanguage-file-coverage yields more detailed analysis.

331-331: Autobuild command
Invoking runCli(autobuildCmd) centralizes logging, error handling, and environment variables.

333-334: Trace command for scanning
Ensures indexing is captured fully for scanned languages.

338-338: Applying trap-caching
Adopting trap caching can improve performance through incremental builds.

347-349: Use of build-mode with trace-command
Respects user-specified build strategies while collecting required instrumentation.

352-353: Explicit working directory
Helps commands locate necessary build artifacts correctly.

364-366: Improved error messaging
Providing doc links aids troubleshooting when the autobuild process fails.

419-422: Query resolution
Collecting queries in a structured manner, with minimal overhead. Looks solid.

428-428: Running queries with runCli
Ensures consistent CLI invocation strategy.

441-441: Resolve build environment
Key step to confirm correct compile and link settings for the selected language.

442-442: Extractor alias includes
Covers alternative naming for languages, preventing missed files.

463-463: Added intra-layer-parallelism
Potentially reduces query run time through parallel execution layers.

469-469: Executing run-queries
Adheres to newly introduced parallel flags for performance gains.

471-471: databaseInterpretResults expansion
Accepts extra parameters to fine-tune SARIF output, benefiting advanced analysis.

473-473: Feature-flagged diagnostics export
Allows toggling diagnostics per environment or user preference.

479-480: Explicit SARIF filepath
Providing an absolute file location for scanning results is clear and consistent.

486-488: SARIF enhancements
Exporting query help and sublanguage coverage can clarify issues for developers.

489-489: Attaching job run UUID
Associating results with a specific job run aids traceability and debugging.

491-493: Optional SARIF property
Supports custom labeling or metadata injection if needed.

503-503: Preserve older summaries
Backward compatibility remains by only adding --new-analysis-summary if needed.

505-505: Closing interpret-results
No further changes here.

569-572: Dynamic cleanup mode
Enables --cache-cleanup for recent CLI versions, falling back to --mode otherwise.

577-577: Setting cache level
Makes the cleanup depth configurable, aligning with user or environment constraints.

580-580: Cleanup execution
Ensures the final command is triggered gracefully.

593-593: databaseExportDiagnostics
Exports extra diagnostic info for deeper post-analysis insights.

600-600: SARIF export path
Keeping outputs explicit helps devs locate diagnostic data faster.

742-745: runCli wrapper
Centralizing CLI calls fosters uniform logging and error handling.

747-750: Refined error propagation
Wrapping the CLI invocation error clarifies misconfigurations vs. unknown failures.

757-757: No additional context
No apparent issues in this single-line change.

819-824: Conditional TRAP cache writing
Ensures caching is only performed on default branches, optimizing resource usage in less-critical branches.

lib/analyze.js (10)

39-46: Export statements look good.

Explicitly exporting the identified functions and classes here improves clarity, making them easy to discover and maintain.

50-62: Imports are well-organized.

Importing additional modules for I/O, utilities, logging, and diff filtering is clear and consistent with the rest of the codebase.

69-75: Extending CodeQLAnalysisError to store the original error is beneficial.

Storing the underlying error object helps diagnose root causes and capture detailed error information.

152-180: New diff-informed analysis setup is clear and well-factored.

This function neatly encapsulates the logic for enabling the diff-informed queries feature and handling fallbacks when disabled.

193-216: Retrieving changed diff ranges is straightforward.

Your approach to return undefined when the limit is exceeded or an error occurs conveys a clear fallback strategy. The logic looks correct and handles edge cases gracefully.

217-245: Verify the “compareCommitsWithBasehead” pagination.

Using per_page: 1 may not retrieve all changed files if pagination is enforced. Please confirm whether GitHub returns the entire file diff in one response or if additional requests are required for complete results.

323-376: Diff range extension pack writer is well-implemented.

This function is thorough in creating the extension pack and providing fallback behaviors for edge cases (e.g., empty diffs). Nice work.

378-443: runQueries function enhancements are cohesive.

Utilizing the analysis_is_diff_informed flag, data extension flags, and throwing a specialized error on failure provides clear control flow and troubleshooting insights.

478-505: Finalizing cluster tracing conditionally is appropriate.

Ending tracing only if necessary aligns with the intended workflow. No issues found here.

516-518: Exporting internal methods for testing is a good practice.

Making getDiffRanges available for targeted unit testing improves testability and maintainability.

coderabbitai · 2025-03-06T11:11:47Z

.github/workflows/script/prepare_changelog.py

+    output = EMPTY_CHANGELOG
+
+  else:
+    with open('CHANGELOG.md', 'r') as f:


⚠️ Potential issue

Use the provided file path parameter.

The function takes changelog_file as a parameter but then opens the hardcoded 'CHANGELOG.md' instead of using the provided parameter.

- with open('CHANGELOG.md', 'r') as f: + with open(changelog_file, 'r') as f:

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

with open('CHANGELOG.md', 'r') as f:

with open(changelog_file, 'r') as f:

coderabbitai · 2025-03-06T11:11:47Z

.github/workflows/publish-immutable-action.yml

+        run: |
+          echo "Release name: ${{ github.event.release.name }}"
+          if [[ $RELEASE_NAME == v* ]]; then
+            echo "This is a CodeQL Action release. Create an Immutable Action"
+            echo "is-action-release=true" >> $GITHUB_OUTPUT
+          else
+            echo "This is a CodeQL Bundle release. Do not create an Immutable Action"
+            echo "is-action-release=false" >> $GITHUB_OUTPUT
+          fi


💡 Verification agent

🧩 Analysis chain

Fix potential shell script issues.

Static analysis hints suggest possible issues with unquoted variables in the shell script.

🏁 Script executed:

#!/bin/bash # Check for potential shellcheck issues in the script cat .github/workflows/publish-immutable-action.yml | grep -A10 ' run: |' | tail -n +2 | shellcheck -

Length of output: 1537

Attention: Address ShellCheck warnings in GitHub Actions workflow

Please update the shell script in .github/workflows/publish-immutable-action.yml to resolve the following issues:

Specify the target shell:
Add a shebang (e.g., #!/usr/bin/env bash) at the top of the script block or use a shell directive to inform ShellCheck of the intended shell. This will resolve the SC2148 warning.

Handle GitHub expression syntax:
The GitHub Actions expression ${{ github.event.release.name }} triggers SC2296. Either disable this specific warning using a ShellCheck disable comment (e.g., # shellcheck disable=SC2296) or acknowledge that this syntax is intentional for GitHub Actions.

Quote file path variables:
Update the redirect commands to quote $GITHUB_OUTPUT to prevent word splitting. For example:

echo "is-action-release=true" >> "$GITHUB_OUTPUT"

and

echo "is-action-release=false" >> "$GITHUB_OUTPUT"

Consistent variable quoting:
Consider quoting $RELEASE_NAME in the conditional check (i.e., if [[ "$RELEASE_NAME" == v* ]]) for consistency and to avoid potential issues.

These adjustments will resolve the static analysis hints regarding unquoted variables and ensure the script behaves as intended within the GitHub Actions environment.

🧰 Tools

🪛 actionlint (1.7.4)

20-20: shellcheck reported issue in this script: SC2086:info:4:36: Double quote to prevent globbing and word splitting

(shellcheck)

20-20: shellcheck reported issue in this script: SC2086:info:7:37: Double quote to prevent globbing and word splitting

(shellcheck)

coderabbitai · 2025-03-06T11:11:48Z

.github/workflows/debug-artifacts-failure-safe.yml

+          LANGUAGES="cpp csharp go java javascript python"
+          for version in $VERSIONS; do


⚠️ Potential issue

Missing definition for the $VERSIONS variable

The script uses a $VERSIONS variable in the for loop, but this variable isn't defined anywhere in the workflow file. This will likely cause the loop to not execute properly.

LANGUAGES="cpp csharp go java javascript python" +VERSIONS="stable-v2.20.3 default linked nightly-latest" for version in $VERSIONS; do

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

LANGUAGES="cpp csharp go java javascript python"

for version in $VERSIONS; do

LANGUAGES="cpp csharp go java javascript python"

VERSIONS="stable-v2.20.3 default linked nightly-latest"

for version in $VERSIONS; do

Update default bundle to 2.20.6

coderabbitai

Actionable comments posted: 0

🧹 Nitpick comments (1)

CHANGELOG.md (1)

7-914: Typographical and Formatting Consistency:
Throughout the expanded changelog, many entries describe version updates, bug fixes, feature additions, and deprecation notices. Static analysis hints recommend using en dashes (–) instead of hyphens (-) for numerical ranges (e.g. in version numbers and dates) and ensuring compound adjectives are properly hyphenated. Please review entries such as those on lines 7, 14, 18, 26, 30, etc., and consider updating the dashes to improve typographical consistency and readability.

🧰 Tools

🪛 LanguageTool

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

[typographical] ~22-~22: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~24-~24: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~26-~26: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

[typographical] ~30-~30: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~34-~34: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~36-~36: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~38-~38: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~46-~46: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~60-~60: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

[style] ~64-~64: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~77-~77: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~81-~81: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~83-~83: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~85-~85: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~87-~87: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

[style] ~89-~89: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

[typographical] ~91-~91: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

[typographical] ~102-~102: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~104-~104: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~106-~106: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

[typographical] ~114-~114: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

[typographical] ~123-~123: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

[style] ~125-~125: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

[typographical] ~127-~127: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~129-~129: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~131-~131: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~135-~135: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~139-~139: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~143-~143: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

[typographical] ~147-~147: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~160-~160: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~162-~162: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~164-~164: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~169-~169: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~177-~177: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~184-~184: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~189-~189: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~194-~194: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~198-~198: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~203-~203: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~207-~207: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

[typographical] ~211-~211: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2306) ## 3.25.6 - 20 May 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~215-~215: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2295) ## 3.25.5 - 13 May 2024 - Add a compatibility matri...

(DASH_RULE)

[typographical] ~221-~221: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2281) ## 3.25.4 - 08 May 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~225-~225: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2270) ## 3.25.3 - 25 Apr 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~230-~230: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2261) ## 3.25.2 - 22 Apr 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~232-~232: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2261) ## 3.25.2 - 22 Apr 2024 No user facing changes. ## 3.25.1 - 17 Apr 2024 - We...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~234-~234: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.25.1 - 17 Apr 2024 - We are rolling out a feat...

(DASH_RULE)

[typographical] ~239-~239: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2245) ## 3.25.0 - 15 Apr 2024 - The deprecated feature fo...

(DASH_RULE)

[typographical] ~253-~253: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2234) ## 3.24.10 - 05 Apr 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~260-~260: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...version of the CodeQL Action. ## 3.24.9 - 22 Mar 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~264-~264: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2203) ## 3.24.8 - 18 Mar 2024 - Improve the ease of debug...

(DASH_RULE)

[typographical] ~268-~268: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2195) ## 3.24.7 - 12 Mar 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~272-~272: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2185) ## 3.24.6 - 29 Feb 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~274-~274: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2185) ## 3.24.6 - 29 Feb 2024 No user facing changes. ## 3.24.5 - 23 Feb 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~276-~276: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.24.5 - 23 Feb 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~280-~280: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2156) ## 3.24.4 - 21 Feb 2024 - Fix an issue where an exi...

(DASH_RULE)

[typographical] ~284-~284: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2151) ## 3.24.3 - 15 Feb 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~288-~288: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2147) ## 3.24.2 - 15 Feb 2024 - Enable improved multi-thr...

(DASH_RULE)

[misspelling] ~290-~290: This word is normally spelled as one.
Context: ...3.24.2 - 15 Feb 2024 - Enable improved multi-threaded performance on larger runners for GitHu...

(EN_COMPOUNDS_MULTI_THREADED)

[typographical] ~292-~292: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2141) ## 3.24.1 - 13 Feb 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~297-~297: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2121) ## 3.24.0 - 02 Feb 2024 - CodeQL Python analysis wi...

(DASH_RULE)

[typographical] ~301-~301: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2106) ## 3.23.2 - 26 Jan 2024 - On Linux, the maximum pos...

(DASH_RULE)

[typographical] ~306-~306: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2096) ## 3.23.1 - 17 Jan 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~311-~311: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2079) ## 3.23.0 - 08 Jan 2024 - We are rolling out a feat...

(DASH_RULE)

[typographical] ~313-~313: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...NCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in futur...

(HOWEVER_SENTENCE)

[typographical] ~316-~316: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2009) ## 3.22.12 - 22 Dec 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~320-~320: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2047) ## 3.22.11 - 13 Dec 2023 - [v3+ only] The CodeQL Act...

(DASH_RULE)

[typographical] ~324-~324: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2006) ## 2.22.10 - 12 Dec 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~328-~328: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2016) ## 2.22.9 - 07 Dec 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~330-~330: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2016) ## 2.22.9 - 07 Dec 2023 No user facing changes. ## 2.22.8 - 23 Nov 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~332-~332: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.22.8 - 23 Nov 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~336-~336: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2001) ## 2.22.7 - 16 Nov 2023 - Add a deprecation warning...

(DASH_RULE)

[typographical] ~342-~342: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...version of the CodeQL Action. ## 2.22.6 - 14 Nov 2023 - Customers running Python ...

(DASH_RULE)

[typographical] ~347-~347: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1978) ## 2.22.5 - 27 Oct 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~349-~349: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1978) ## 2.22.5 - 27 Oct 2023 No user facing changes. ## 2.22.4 - 20 Oct 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~351-~351: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.22.4 - 20 Oct 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~359-~359: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...b/codeql-action/issues/1959). ## 2.22.3 - 13 Oct 2023 - Provide an authentication...

(DASH_RULE)

[typographical] ~363-~363: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1945) ## 2.22.2 - 12 Oct 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~368-~368: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1927) ## 2.22.1 - 09 Oct 2023 - Add a workaround for Pyth...

(DASH_RULE)

[typographical] ~372-~372: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1928) ## 2.22.0 - 06 Oct 2023 - The CodeQL Action now req...

(DASH_RULE)

[typographical] ~378-~378: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1909) ## 2.21.9 - 27 Sep 2023 - Update default CodeQL bun...

(DASH_RULE)

[uncategorized] ~382-~382: A comma may be missing after the conjunctive/linking adverb ‘Currently’.
Context: ... Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of t...

(SENT_START_CONJUNCTIVE_LINKING_ADVERB_COMMA)

[typographical] ~385-~385: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1901) ## 2.21.8 - 19 Sep 2023 - Add a deprecation warning...

(DASH_RULE)

[typographical] ~392-~392: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1883) ## 2.21.7 - 14 Sep 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~396-~396: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1882) ## 2.21.6 - 13 Sep 2023 - Better error message when...

(DASH_RULE)

[style] ~399-~399: ‘in proportion to’ might be wordy. Consider a shorter alternative.
Context: ...Hub Enterprise Server. This now reduces in proportion to the runner's total memory to better acc...

(EN_WORDINESS_PREMIUM_IN_PROPORTION_TO)

[typographical] ~403-~403: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1873) ## 2.21.5 - 28 Aug 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~409-~409: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1853) ## 2.21.4 - 14 Aug 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~417-~417: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1835) ## 2.21.3 - 08 Aug 2023 - We are rolling out a feat...

(DASH_RULE)

[misspelling] ~419-~419: This word is normally spelled as one.
Context: ...eature in August 2023 that will improve multi-threaded performance on larger runners. [github#1817](...

(EN_COMPOUNDS_MULTI_THREADED)

[typographical] ~423-~423: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1820) ## 2.21.2 - 28 Jul 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~428-~428: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1811) ## 2.21.1 - 26 Jul 2023 - Improve the handling of f...

(DASH_RULE)

[grammar] ~431-~431: The word ‘analyze’ is a verb. Did you mean the noun “analysis”?
Context: ... - Add the sarif-output output to the analyze action that contains the path to the di...

(PREPOSITION_VERB)

[typographical] ~433-~433: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1799) ## 2.21.0 - 19 Jul 2023 - CodeQL Action now require...

(DASH_RULE)

[typographical] ~437-~437: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1724) ## 2.20.4 - 14 Jul 2023 - This is the last release ...

(DASH_RULE)

[style] ~439-~439: Some style guides suggest that commas should set off the year in a month-day-year date.
Context: ... CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 ...

(MISSING_COMMA_AFTER_YEAR)

[style] ~442-~442: ‘in proportion to’ might be wordy. Consider a shorter alternative.
Context: ...amount of RAM used for query execution, in proportion to the runner's total memory. This will he...

(EN_WORDINESS_PREMIUM_IN_PROPORTION_TO)

[typographical] ~445-~445: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1762) ## 2.20.3 - 06 Jul 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~449-~449: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1743) ## 2.20.2 - 03 Jul 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~451-~451: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1743) ## 2.20.2 - 03 Jul 2023 No user facing changes. ## 2.20.1 - 21 Jun 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~453-~453: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.20.1 - 21 Jun 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~458-~458: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ubject to change at any time. ## 2.20.0 - 13 Jun 2023 - Bump the version of the A...

(DASH_RULE)

[typographical] ~462-~462: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1729) ## 2.3.6 - 01 Jun 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~466-~466: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1698) ## 2.3.5 - 25 May 2023 - Allow invalid URIs to be ...

(DASH_RULE)

[typographical] ~471-~471: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1694) ## 2.3.4 - 24 May 2023 - Updated the SARIF 2.1.0 J...

(DASH_RULE)

[typographical] ~481-~481: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1675) ## 2.3.3 - 04 May 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~486-~486: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1590) ## 2.3.2 - 27 Apr 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~488-~488: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1590) ## 2.3.2 - 27 Apr 2023 No user facing changes. ## 2.3.1 - 26 Apr 2023 No us...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~490-~490: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.3.1 - 26 Apr 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~492-~492: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ng changes. ## 2.3.1 - 26 Apr 2023 No user facing changes. ## 2.3.0 - 21 Apr 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~494-~494: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.3.0 - 21 Apr 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~499-~499: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1618) ## 2.2.12 - 13 Apr 2023 - Include the value of the ...

(DASH_RULE)

[typographical] ~504-~504: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1619) ## 2.2.11 - 06 Apr 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~506-~506: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1619) ## 2.2.11 - 06 Apr 2023 No user facing changes. ## 2.2.10 - 05 Apr 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~508-~508: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.2.10 - 05 Apr 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~512-~512: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1629) ## 2.2.9 - 27 Mar 2023 - Customers post-processing...

(DASH_RULE)

[typographical] ~522-~522: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...d failure-only respectively. ## 2.2.8 - 22 Mar 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~526-~526: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1585) ## 2.2.7 - 15 Mar 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~528-~528: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1585) ## 2.2.7 - 15 Mar 2023 No user facing changes. ## 2.2.6 - 10 Mar 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~530-~530: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.6 - 10 Mar 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~534-~534: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1561) ## 2.2.5 - 24 Feb 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~538-~538: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1543) ## 2.2.4 - 10 Feb 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~540-~540: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1543) ## 2.2.4 - 10 Feb 2023 No user facing changes. ## 2.2.3 - 08 Feb 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~542-~542: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.3 - 08 Feb 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~546-~546: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1518) ## 2.2.2 - 06 Feb 2023 - Fix an issue where custom...

(DASH_RULE)

[typographical] ~550-~550: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1517) ## 2.2.1 - 27 Jan 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~552-~552: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1517) ## 2.2.1 - 27 Jan 2023 No user facing changes. ## 2.2.0 - 26 Jan 2023 - Imp...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~554-~554: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.0 - 26 Jan 2023 - Improve stability when ch...

(DASH_RULE)

[typographical] ~573-~573: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1494) ## 2.1.39 - 18 Jan 2023 - CodeQL Action v1 is now d...

(DASH_RULE)

[uncategorized] ~578-~578: Use a comma before ‘and’ if it connects two independent clauses (unless they are closely connected and short).
Context: ... will happen in several non-error states and so we now avoid cluttering the log wi...

(COMMA_COMPOUND_SENTENCE)

[typographical] ~581-~581: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1485) ## 2.1.38 - 12 Jan 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~585-~585: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1466) ## 2.1.37 - 14 Dec 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~589-~589: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1433) ## 2.1.36 - 08 Dec 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~595-~595: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1419) ## 2.1.35 - 01 Dec 2022 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~597-~597: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1419) ## 2.1.35 - 01 Dec 2022 No user facing changes. ## 2.1.34 - 25 Nov 2022 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~599-~599: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.34 - 25 Nov 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~604-~604: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1384) ## 2.1.33 - 16 Nov 2022 - Go is now analyzed in the...

(DASH_RULE)

[typographical] ~609-~609: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1358) ## 2.1.32 - 14 Nov 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~614-~614: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1351) ## 2.1.31 - 04 Nov 2022 - The `rb/weak-cryptographi...

(DASH_RULE)

[style] ~616-~616: Consider replacing ‘often’ with a more meaningful word.
Context: ...ak. These hash algorithms are used very often in non-sensitive contexts, making the q...

(VERY_RB_STYLE)

[typographical] ~618-~618: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1344) ## 2.1.30 - 02 Nov 2022 - Improve the error message...

(DASH_RULE)

[typographical] ~622-~622: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1334) ## 2.1.29 - 26 Oct 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~626-~626: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1320) ## 2.1.28 - 18 Oct 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~631-~631: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1301) ## 2.1.27 - 06 Oct 2022 - We are rolling out a feat...

(DASH_RULE)

[typographical] ~635-~635: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...an escalation to engineering. ## 2.1.26 - 29 Sep 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~639-~639: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1267) ## 2.1.25 - 21 Sep 2022 - We will soon be rolling o...

(DASH_RULE)

[typographical] ~644-~644: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1258) ## 2.1.24 - 16 Sep 2022 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~646-~646: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1258) ## 2.1.24 - 16 Sep 2022 No user facing changes. ## 2.1.23 - 14 Sep 2022 - Al...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~648-~648: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.23 - 14 Sep 2022 - Allow CodeQL packs to be ...

(DASH_RULE)

[typographical] ~653-~653: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1240) ## 2.1.22 - 01 Sep 2022 - Downloading CodeQL packs ...

(DASH_RULE)

[typographical] ~659-~659: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ry 1.1 is installed yourself. ## 2.1.21 - 25 Aug 2022 - Improve error messages wh...

(DASH_RULE)

[typographical] ~664-~664: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1209) ## 2.1.20 - 22 Aug 2022 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~666-~666: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1209) ## 2.1.20 - 22 Aug 2022 No user facing changes. ## 2.1.19 - 17 Aug 2022 - Ad...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~668-~668: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.19 - 17 Aug 2022 - Add the ability to filter...

(DASH_RULE)

[typographical] ~675-~675: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1181) ## 2.1.18 - 03 Aug 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~679-~679: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1156) ## 2.1.17 - 28 Jul 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~683-~683: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1143) ## 2.1.16 - 13 Jul 2022 - You can now quickly debug...

(DASH_RULE)

[typographical] ~688-~688: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1133) ## 2.1.15 - 28 Jun 2022 - CodeQL query packs listed...

(DASH_RULE)

[typographical] ~694-~694: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1123) ## 2.1.14 - 22 Jun 2022 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~696-~696: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1123) ## 2.1.14 - 22 Jun 2022 No user facing changes. ## 2.1.13 - 21 Jun 2022 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~698-~698: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.13 - 21 Jun 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~702-~702: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1100) ## 2.1.12 - 01 Jun 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~706-~706: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1084) ## 2.1.11 - 17 May 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~710-~710: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1074) ## 2.1.10 - 10 May 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~715-~715: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ssing of the analysis results. ## 2.1.9 - 27 Apr 2022 - Add working-directory i...

(DASH_RULE)

[typographical] ~722-~722: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1042) ## 2.1.8 - 08 Apr 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~727-~727: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1025) ## 2.1.7 - 05 Apr 2022 - A bug where additional qu...

(DASH_RULE)

[typographical] ~731-~731: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1018) ## 2.1.6 - 30 Mar 2022 - [v2+ only] The CodeQL Act...

(DASH_RULE)

[typographical] ~737-~737: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/956) ## 1.1.5 - 15 Mar 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~745-~745: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...rrors with GHES 3.3 or earlier ## 1.1.4 - 07 Mar 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~750-~750: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/955) ## 1.1.3 - 23 Feb 2022 - Fix a bug where the CLR t...

(DASH_RULE)

[typographical] ~754-~754: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/938) ## 1.1.2 - 17 Feb 2022 - Due to potential issues f...

(DASH_RULE)

[typographical] ~758-~758: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/937) ## 1.1.1 - 17 Feb 2022 - The CodeQL CLI versions u...

(DASH_RULE)

[style] ~760-~760: Consider using “incompatible” to avoid wordiness.
Context: ...s up to and including version 2.4.4 are not compatible with the CodeQL Action 1.1.1 and later....

(NOT_ABLE_PREMIUM)

[typographical] ~763-~763: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/925) ## 1.1.0 - 11 Feb 2022 - The CodeQL Action now use...

(DASH_RULE)

[typographical] ~768-~768: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...e fixes this incompatibility. ## 1.0.32 - 07 Feb 2022 - Add sarif-id as an outp...

(DASH_RULE)

[typographical] ~774-~774: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/911) ## 1.0.31 - 31 Jan 2022 - Remove experimental mes...

(DASH_RULE)

[typographical] ~779-~779: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/882) ## 1.0.30 - 24 Jan 2022 - Display a better error me...

(DASH_RULE)

[typographical] ~784-~784: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/877) ## 1.0.29 - 21 Jan 2022 - The feature to wait for S...

(DASH_RULE)

[typographical] ~788-~788: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ith pull requests from forks. ## 1.0.28 - 18 Jan 2022 - Update default CodeQL bun...

(DASH_RULE)

[grammar] ~791-~791: The word ‘upload’ is not correct in this context. Consider using the plural form, adding a determiner like ‘the’ or ‘a’, or adding a preposition like ‘at’ or ‘in’.
Context: ...ix a bug where SARIF files were failing upload due to an invalid test for unique categ...

(BE_VBG_NN)

[typographical] ~793-~793: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/872) ## 1.0.27 - 11 Jan 2022 - The analyze and `upload...

(DASH_RULE)

[typographical] ~797-~797: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/855) ## 1.0.26 - 10 Dec 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~801-~801: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/842) ## 1.0.25 - 06 Dec 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~803-~803: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/842) ## 1.0.25 - 06 Dec 2021 No user facing changes. ## 1.0.24 - 23 Nov 2021 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~805-~805: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.24 - 23 Nov 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~809-~809: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/827) ## 1.0.23 - 16 Nov 2021 - The upload-sarif action...

(DASH_RULE)

[typographical] ~814-~814: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/816) ## 1.0.22 - 04 Nov 2021 - The init step of the Ac...

(DASH_RULE)

[typographical] ~819-~819: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/804) ## 1.0.21 - 28 Oct 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~823-~823: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/795) ## 1.0.20 - 25 Oct 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~825-~825: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/795) ## 1.0.20 - 25 Oct 2021 No user facing changes. ## 1.0.19 - 18 Oct 2021 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~827-~827: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.19 - 18 Oct 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~829-~829: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 1.0.19 - 18 Oct 2021 No user facing changes. ## 1.0.18 - 08 Oct 2021 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~831-~831: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.18 - 08 Oct 2021 - Fixed a bug where some bu...

(DASH_RULE)

[typographical] ~835-~835: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/766) ## 1.0.17 - 07 Oct 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~839-~839: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/761) ## 1.0.16 - 05 Oct 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~841-~841: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/761) ## 1.0.16 - 05 Oct 2021 No user facing changes. ## 1.0.15 - 22 Sep 2021 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~843-~843: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.15 - 22 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~847-~847: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/746) ## 1.0.14 - 09 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~851-~851: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/733) ## 1.0.13 - 06 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~857-~857: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/715) ## 1.0.12 - 16 Aug 2021 - Update README to include ...

(DASH_RULE)

[typographical] ~861-~861: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/689) ## 1.0.11 - 09 Aug 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~865-~865: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/687) ## 1.0.10 - 03 Aug 2021 - Fix an issue where a summ...

(DASH_RULE)

[typographical] ~869-~869: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/672) ## 1.0.9 - 02 Aug 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~871-~871: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/672) ## 1.0.9 - 02 Aug 2021 No user facing changes. ## 1.0.8 - 26 Jul 2021 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~873-~873: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.8 - 26 Jul 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~877-~877: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/631) ## 1.0.7 - 21 Jul 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~879-~879: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/631) ## 1.0.7 - 21 Jul 2021 No user facing changes. ## 1.0.6 - 19 Jul 2021 - The...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~881-~881: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.6 - 19 Jul 2021 - The init step of the Ac...

(DASH_RULE)

[typographical] ~886-~886: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/616) ## 1.0.5 - 12 Jul 2021 - The analyze step of the...

(DASH_RULE)

[typographical] ~891-~891: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/608) ## 1.0.4 - 28 Jun 2021 - Fix `RUNNER_TEMP environm...

(DASH_RULE)

[typographical] ~896-~896: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/586) ## 1.0.3 - 23 Jun 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~898-~898: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/586) ## 1.0.3 - 23 Jun 2021 No user facing changes. ## 1.0.2 - 17 Jun 2021 - Fix...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~900-~900: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.2 - 17 Jun 2021 - Fix out of memory in hash...

(DASH_RULE)

[typographical] ~906-~906: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/558) ## 1.0.1 - 07 Jun 2021 - Pass the `--sarif-group-r...

(DASH_RULE)

[grammar] ~909-~909: The word ‘analyze’ is a verb. Did you mean the noun “analysis”?
Context: ...tion of CodeQL databases created in the analyze step. [github#543](https://github.com/github/...

(PREPOSITION_VERB)

[typographical] ~911-~911: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/543) ## 1.0.0 - 31 May 2021 - Add this changelog file. ...

(DASH_RULE)

🪛 markdownlint-cli2 (0.17.2)

441-441: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

441-441: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 911d845 and 56b25d5.

📒 Files selected for processing (2)

CHANGELOG.md (2 hunks)
lib/defaults.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

lib/defaults.json

🧰 Additional context used

🪛 LanguageTool

CHANGELOG.md

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

[typographical] ~22-~22: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~24-~24: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~26-~26: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

[typographical] ~30-~30: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~34-~34: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~36-~36: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~38-~38: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~46-~46: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~60-~60: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

[style] ~64-~64: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~77-~77: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~81-~81: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~83-~83: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~85-~85: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~87-~87: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

[style] ~89-~89: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

[typographical] ~91-~91: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

[typographical] ~102-~102: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~104-~104: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~106-~106: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

[typographical] ~114-~114: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

[typographical] ~123-~123: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

[style] ~125-~125: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

[typographical] ~127-~127: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~129-~129: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~131-~131: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~135-~135: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~139-~139: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~143-~143: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

[typographical] ~147-~147: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~160-~160: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~162-~162: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~164-~164: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~169-~169: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~177-~177: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~184-~184: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~189-~189: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~194-~194: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~198-~198: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~203-~203: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~207-~207: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

🔇 Additional comments (5)

CHANGELOG.md (5)

1-8: Comprehensive "UNRELEASED" Section Update:
The unreleased section now clearly documents upcoming changes (e.g. “Update default CodeQL bundle version to 2.20.6” on line 7) with proper PR references. This provides helpful context for users tracking imminent modifications.

9-13: Version 3.28.10 Details Check:
The entry for version 3.28.10 (lines 9–13) correctly documents both the version update (to 2.20.5) and a bug fix (decompression on macOS). Please verify that the dates and version numbers match the official release notes.

🧰 Tools

🪛 LanguageTool

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

18-21: Kotlin Support Addition Verification:
The update in version 3.28.8 (lines 18–21) that enables support for Kotlin 2.1.10 with CodeQL CLI v2.20.3 is clearly noted. Ensure that the linked PR #2744 is up to date and that the documentation elsewhere has been updated accordingly.

🧰 Tools

🪛 LanguageTool

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

26-32: Re-enable & Update Bundle Version Entries:
Entries for versions 3.28.6 and 3.28.5 (lines 26–32) document the re-enabling of debug artifact uploads and the subsequent bundle version update. The information is concise and uniformly formatted. A final check on the validity of the PR links (e.g. #2726 and #2717) is recommended.

🧰 Tools

🪛 LanguageTool

[typographical] ~26-~26: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

[typographical] ~30-~30: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

7-914: Reference and Consistency Verification:
The changelog is very detailed and methodically documents updates from version 3.28.10 down to version 1.0.0. It is important to double-check that all PR links are correct and that version numbers, dates, and descriptive texts are consistent across the file. This will further enhance reliability for users referencing the changelog for release history.

🧰 Tools

🪛 LanguageTool

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

[typographical] ~22-~22: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~24-~24: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~26-~26: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

[typographical] ~30-~30: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~34-~34: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~36-~36: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~38-~38: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~46-~46: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~60-~60: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

[style] ~64-~64: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~77-~77: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~81-~81: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~83-~83: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~85-~85: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~87-~87: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

[style] ~89-~89: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

[typographical] ~91-~91: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

[typographical] ~102-~102: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~104-~104: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~106-~106: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

[typographical] ~114-~114: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

[typographical] ~123-~123: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

[style] ~125-~125: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

[typographical] ~127-~127: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~129-~129: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~131-~131: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~135-~135: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~139-~139: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~143-~143: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

[typographical] ~147-~147: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~160-~160: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~162-~162: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~164-~164: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

[typographical] ~169-~169: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

[typographical] ~177-~177: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

[typographical] ~184-~184: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

[typographical] ~189-~189: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

[typographical] ~194-~194: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~198-~198: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

[typographical] ~203-~203: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~207-~207: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

[typographical] ~211-~211: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2306) ## 3.25.6 - 20 May 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~215-~215: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2295) ## 3.25.5 - 13 May 2024 - Add a compatibility matri...

(DASH_RULE)

[typographical] ~221-~221: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2281) ## 3.25.4 - 08 May 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~225-~225: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2270) ## 3.25.3 - 25 Apr 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~230-~230: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2261) ## 3.25.2 - 22 Apr 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~232-~232: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2261) ## 3.25.2 - 22 Apr 2024 No user facing changes. ## 3.25.1 - 17 Apr 2024 - We...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~234-~234: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.25.1 - 17 Apr 2024 - We are rolling out a feat...

(DASH_RULE)

[typographical] ~239-~239: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2245) ## 3.25.0 - 15 Apr 2024 - The deprecated feature fo...

(DASH_RULE)

[typographical] ~253-~253: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2234) ## 3.24.10 - 05 Apr 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~260-~260: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...version of the CodeQL Action. ## 3.24.9 - 22 Mar 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~264-~264: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2203) ## 3.24.8 - 18 Mar 2024 - Improve the ease of debug...

(DASH_RULE)

[typographical] ~268-~268: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2195) ## 3.24.7 - 12 Mar 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~272-~272: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2185) ## 3.24.6 - 29 Feb 2024 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~274-~274: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2185) ## 3.24.6 - 29 Feb 2024 No user facing changes. ## 3.24.5 - 23 Feb 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~276-~276: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.24.5 - 23 Feb 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~280-~280: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2156) ## 3.24.4 - 21 Feb 2024 - Fix an issue where an exi...

(DASH_RULE)

[typographical] ~284-~284: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2151) ## 3.24.3 - 15 Feb 2024 - Fix an issue where the Co...

(DASH_RULE)

[typographical] ~288-~288: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2147) ## 3.24.2 - 15 Feb 2024 - Enable improved multi-thr...

(DASH_RULE)

[misspelling] ~290-~290: This word is normally spelled as one.
Context: ...3.24.2 - 15 Feb 2024 - Enable improved multi-threaded performance on larger runners for GitHu...

(EN_COMPOUNDS_MULTI_THREADED)

[typographical] ~292-~292: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2141) ## 3.24.1 - 13 Feb 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~297-~297: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2121) ## 3.24.0 - 02 Feb 2024 - CodeQL Python analysis wi...

(DASH_RULE)

[typographical] ~301-~301: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2106) ## 3.23.2 - 26 Jan 2024 - On Linux, the maximum pos...

(DASH_RULE)

[typographical] ~306-~306: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2096) ## 3.23.1 - 17 Jan 2024 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~311-~311: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2079) ## 3.23.0 - 08 Jan 2024 - We are rolling out a feat...

(DASH_RULE)

[typographical] ~313-~313: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...NCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in futur...

(HOWEVER_SENTENCE)

[typographical] ~316-~316: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2009) ## 3.22.12 - 22 Dec 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~320-~320: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2047) ## 3.22.11 - 13 Dec 2023 - [v3+ only] The CodeQL Act...

(DASH_RULE)

[typographical] ~324-~324: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2006) ## 2.22.10 - 12 Dec 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~328-~328: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2016) ## 2.22.9 - 07 Dec 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~330-~330: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2016) ## 2.22.9 - 07 Dec 2023 No user facing changes. ## 2.22.8 - 23 Nov 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~332-~332: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.22.8 - 23 Nov 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~336-~336: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2001) ## 2.22.7 - 16 Nov 2023 - Add a deprecation warning...

(DASH_RULE)

[typographical] ~342-~342: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...version of the CodeQL Action. ## 2.22.6 - 14 Nov 2023 - Customers running Python ...

(DASH_RULE)

[typographical] ~347-~347: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1978) ## 2.22.5 - 27 Oct 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~349-~349: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1978) ## 2.22.5 - 27 Oct 2023 No user facing changes. ## 2.22.4 - 20 Oct 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~351-~351: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.22.4 - 20 Oct 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~359-~359: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...b/codeql-action/issues/1959). ## 2.22.3 - 13 Oct 2023 - Provide an authentication...

(DASH_RULE)

[typographical] ~363-~363: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1945) ## 2.22.2 - 12 Oct 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~368-~368: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1927) ## 2.22.1 - 09 Oct 2023 - Add a workaround for Pyth...

(DASH_RULE)

[typographical] ~372-~372: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1928) ## 2.22.0 - 06 Oct 2023 - The CodeQL Action now req...

(DASH_RULE)

[typographical] ~378-~378: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1909) ## 2.21.9 - 27 Sep 2023 - Update default CodeQL bun...

(DASH_RULE)

[uncategorized] ~382-~382: A comma may be missing after the conjunctive/linking adverb ‘Currently’.
Context: ... Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of t...

(SENT_START_CONJUNCTIVE_LINKING_ADVERB_COMMA)

[typographical] ~385-~385: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1901) ## 2.21.8 - 19 Sep 2023 - Add a deprecation warning...

(DASH_RULE)

[typographical] ~392-~392: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1883) ## 2.21.7 - 14 Sep 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~396-~396: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1882) ## 2.21.6 - 13 Sep 2023 - Better error message when...

(DASH_RULE)

[style] ~399-~399: ‘in proportion to’ might be wordy. Consider a shorter alternative.
Context: ...Hub Enterprise Server. This now reduces in proportion to the runner's total memory to better acc...

(EN_WORDINESS_PREMIUM_IN_PROPORTION_TO)

[typographical] ~403-~403: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1873) ## 2.21.5 - 28 Aug 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~409-~409: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1853) ## 2.21.4 - 14 Aug 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~417-~417: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1835) ## 2.21.3 - 08 Aug 2023 - We are rolling out a feat...

(DASH_RULE)

[misspelling] ~419-~419: This word is normally spelled as one.
Context: ...eature in August 2023 that will improve multi-threaded performance on larger runners. [github#1817](...

(EN_COMPOUNDS_MULTI_THREADED)

[typographical] ~423-~423: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1820) ## 2.21.2 - 28 Jul 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~428-~428: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1811) ## 2.21.1 - 26 Jul 2023 - Improve the handling of f...

(DASH_RULE)

[grammar] ~431-~431: The word ‘analyze’ is a verb. Did you mean the noun “analysis”?
Context: ... - Add the sarif-output output to the analyze action that contains the path to the di...

(PREPOSITION_VERB)

[typographical] ~433-~433: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1799) ## 2.21.0 - 19 Jul 2023 - CodeQL Action now require...

(DASH_RULE)

[typographical] ~437-~437: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1724) ## 2.20.4 - 14 Jul 2023 - This is the last release ...

(DASH_RULE)

[style] ~439-~439: Some style guides suggest that commas should set off the year in a month-day-year date.
Context: ... CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 ...

(MISSING_COMMA_AFTER_YEAR)

[style] ~442-~442: ‘in proportion to’ might be wordy. Consider a shorter alternative.
Context: ...amount of RAM used for query execution, in proportion to the runner's total memory. This will he...

(EN_WORDINESS_PREMIUM_IN_PROPORTION_TO)

[typographical] ~445-~445: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1762) ## 2.20.3 - 06 Jul 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~449-~449: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1743) ## 2.20.2 - 03 Jul 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~451-~451: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1743) ## 2.20.2 - 03 Jul 2023 No user facing changes. ## 2.20.1 - 21 Jun 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~453-~453: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.20.1 - 21 Jun 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~458-~458: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ubject to change at any time. ## 2.20.0 - 13 Jun 2023 - Bump the version of the A...

(DASH_RULE)

[typographical] ~462-~462: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1729) ## 2.3.6 - 01 Jun 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~466-~466: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1698) ## 2.3.5 - 25 May 2023 - Allow invalid URIs to be ...

(DASH_RULE)

[typographical] ~471-~471: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1694) ## 2.3.4 - 24 May 2023 - Updated the SARIF 2.1.0 J...

(DASH_RULE)

[typographical] ~481-~481: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1675) ## 2.3.3 - 04 May 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~486-~486: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1590) ## 2.3.2 - 27 Apr 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~488-~488: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1590) ## 2.3.2 - 27 Apr 2023 No user facing changes. ## 2.3.1 - 26 Apr 2023 No us...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~490-~490: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.3.1 - 26 Apr 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~492-~492: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ng changes. ## 2.3.1 - 26 Apr 2023 No user facing changes. ## 2.3.0 - 21 Apr 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~494-~494: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.3.0 - 21 Apr 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~499-~499: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1618) ## 2.2.12 - 13 Apr 2023 - Include the value of the ...

(DASH_RULE)

[typographical] ~504-~504: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1619) ## 2.2.11 - 06 Apr 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~506-~506: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1619) ## 2.2.11 - 06 Apr 2023 No user facing changes. ## 2.2.10 - 05 Apr 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~508-~508: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.2.10 - 05 Apr 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~512-~512: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1629) ## 2.2.9 - 27 Mar 2023 - Customers post-processing...

(DASH_RULE)

[typographical] ~522-~522: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...d failure-only respectively. ## 2.2.8 - 22 Mar 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~526-~526: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1585) ## 2.2.7 - 15 Mar 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~528-~528: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1585) ## 2.2.7 - 15 Mar 2023 No user facing changes. ## 2.2.6 - 10 Mar 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~530-~530: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.6 - 10 Mar 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~534-~534: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1561) ## 2.2.5 - 24 Feb 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~538-~538: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1543) ## 2.2.4 - 10 Feb 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~540-~540: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1543) ## 2.2.4 - 10 Feb 2023 No user facing changes. ## 2.2.3 - 08 Feb 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~542-~542: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.3 - 08 Feb 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~546-~546: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1518) ## 2.2.2 - 06 Feb 2023 - Fix an issue where custom...

(DASH_RULE)

[typographical] ~550-~550: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1517) ## 2.2.1 - 27 Jan 2023 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~552-~552: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1517) ## 2.2.1 - 27 Jan 2023 No user facing changes. ## 2.2.0 - 26 Jan 2023 - Imp...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~554-~554: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.0 - 26 Jan 2023 - Improve stability when ch...

(DASH_RULE)

[typographical] ~573-~573: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1494) ## 2.1.39 - 18 Jan 2023 - CodeQL Action v1 is now d...

(DASH_RULE)

[uncategorized] ~578-~578: Use a comma before ‘and’ if it connects two independent clauses (unless they are closely connected and short).
Context: ... will happen in several non-error states and so we now avoid cluttering the log wi...

(COMMA_COMPOUND_SENTENCE)

[typographical] ~581-~581: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1485) ## 2.1.38 - 12 Jan 2023 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~585-~585: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1466) ## 2.1.37 - 14 Dec 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~589-~589: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1433) ## 2.1.36 - 08 Dec 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~595-~595: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1419) ## 2.1.35 - 01 Dec 2022 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~597-~597: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1419) ## 2.1.35 - 01 Dec 2022 No user facing changes. ## 2.1.34 - 25 Nov 2022 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~599-~599: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.34 - 25 Nov 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~604-~604: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1384) ## 2.1.33 - 16 Nov 2022 - Go is now analyzed in the...

(DASH_RULE)

[typographical] ~609-~609: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1358) ## 2.1.32 - 14 Nov 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~614-~614: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1351) ## 2.1.31 - 04 Nov 2022 - The `rb/weak-cryptographi...

(DASH_RULE)

[style] ~616-~616: Consider replacing ‘often’ with a more meaningful word.
Context: ...ak. These hash algorithms are used very often in non-sensitive contexts, making the q...

(VERY_RB_STYLE)

[typographical] ~618-~618: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1344) ## 2.1.30 - 02 Nov 2022 - Improve the error message...

(DASH_RULE)

[typographical] ~622-~622: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1334) ## 2.1.29 - 26 Oct 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~626-~626: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1320) ## 2.1.28 - 18 Oct 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~631-~631: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1301) ## 2.1.27 - 06 Oct 2022 - We are rolling out a feat...

(DASH_RULE)

[typographical] ~635-~635: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...an escalation to engineering. ## 2.1.26 - 29 Sep 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~639-~639: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1267) ## 2.1.25 - 21 Sep 2022 - We will soon be rolling o...

(DASH_RULE)

[typographical] ~644-~644: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1258) ## 2.1.24 - 16 Sep 2022 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~646-~646: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1258) ## 2.1.24 - 16 Sep 2022 No user facing changes. ## 2.1.23 - 14 Sep 2022 - Al...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~648-~648: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.23 - 14 Sep 2022 - Allow CodeQL packs to be ...

(DASH_RULE)

[typographical] ~653-~653: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1240) ## 2.1.22 - 01 Sep 2022 - Downloading CodeQL packs ...

(DASH_RULE)

[typographical] ~659-~659: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ry 1.1 is installed yourself. ## 2.1.21 - 25 Aug 2022 - Improve error messages wh...

(DASH_RULE)

[typographical] ~664-~664: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1209) ## 2.1.20 - 22 Aug 2022 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~666-~666: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1209) ## 2.1.20 - 22 Aug 2022 No user facing changes. ## 2.1.19 - 17 Aug 2022 - Ad...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~668-~668: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.19 - 17 Aug 2022 - Add the ability to filter...

(DASH_RULE)

[typographical] ~675-~675: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1181) ## 2.1.18 - 03 Aug 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~679-~679: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1156) ## 2.1.17 - 28 Jul 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~683-~683: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1143) ## 2.1.16 - 13 Jul 2022 - You can now quickly debug...

(DASH_RULE)

[typographical] ~688-~688: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1133) ## 2.1.15 - 28 Jun 2022 - CodeQL query packs listed...

(DASH_RULE)

[typographical] ~694-~694: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1123) ## 2.1.14 - 22 Jun 2022 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~696-~696: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1123) ## 2.1.14 - 22 Jun 2022 No user facing changes. ## 2.1.13 - 21 Jun 2022 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~698-~698: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.13 - 21 Jun 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~702-~702: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1100) ## 2.1.12 - 01 Jun 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~706-~706: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1084) ## 2.1.11 - 17 May 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~710-~710: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1074) ## 2.1.10 - 10 May 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~715-~715: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ssing of the analysis results. ## 2.1.9 - 27 Apr 2022 - Add working-directory i...

(DASH_RULE)

[typographical] ~722-~722: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1042) ## 2.1.8 - 08 Apr 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~727-~727: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1025) ## 2.1.7 - 05 Apr 2022 - A bug where additional qu...

(DASH_RULE)

[typographical] ~731-~731: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1018) ## 2.1.6 - 30 Mar 2022 - [v2+ only] The CodeQL Act...

(DASH_RULE)

[typographical] ~737-~737: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/956) ## 1.1.5 - 15 Mar 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~745-~745: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...rrors with GHES 3.3 or earlier ## 1.1.4 - 07 Mar 2022 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~750-~750: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/955) ## 1.1.3 - 23 Feb 2022 - Fix a bug where the CLR t...

(DASH_RULE)

[typographical] ~754-~754: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/938) ## 1.1.2 - 17 Feb 2022 - Due to potential issues f...

(DASH_RULE)

[typographical] ~758-~758: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/937) ## 1.1.1 - 17 Feb 2022 - The CodeQL CLI versions u...

(DASH_RULE)

[style] ~760-~760: Consider using “incompatible” to avoid wordiness.
Context: ...s up to and including version 2.4.4 are not compatible with the CodeQL Action 1.1.1 and later....

(NOT_ABLE_PREMIUM)

[typographical] ~763-~763: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/925) ## 1.1.0 - 11 Feb 2022 - The CodeQL Action now use...

(DASH_RULE)

[typographical] ~768-~768: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...e fixes this incompatibility. ## 1.0.32 - 07 Feb 2022 - Add sarif-id as an outp...

(DASH_RULE)

[typographical] ~774-~774: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/911) ## 1.0.31 - 31 Jan 2022 - Remove experimental mes...

(DASH_RULE)

[typographical] ~779-~779: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/882) ## 1.0.30 - 24 Jan 2022 - Display a better error me...

(DASH_RULE)

[typographical] ~784-~784: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/877) ## 1.0.29 - 21 Jan 2022 - The feature to wait for S...

(DASH_RULE)

[typographical] ~788-~788: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ith pull requests from forks. ## 1.0.28 - 18 Jan 2022 - Update default CodeQL bun...

(DASH_RULE)

[grammar] ~791-~791: The word ‘upload’ is not correct in this context. Consider using the plural form, adding a determiner like ‘the’ or ‘a’, or adding a preposition like ‘at’ or ‘in’.
Context: ...ix a bug where SARIF files were failing upload due to an invalid test for unique categ...

(BE_VBG_NN)

[typographical] ~793-~793: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/872) ## 1.0.27 - 11 Jan 2022 - The analyze and `upload...

(DASH_RULE)

[typographical] ~797-~797: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/855) ## 1.0.26 - 10 Dec 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~801-~801: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/842) ## 1.0.25 - 06 Dec 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~803-~803: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/842) ## 1.0.25 - 06 Dec 2021 No user facing changes. ## 1.0.24 - 23 Nov 2021 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~805-~805: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.24 - 23 Nov 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~809-~809: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/827) ## 1.0.23 - 16 Nov 2021 - The upload-sarif action...

(DASH_RULE)

[typographical] ~814-~814: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/816) ## 1.0.22 - 04 Nov 2021 - The init step of the Ac...

(DASH_RULE)

[typographical] ~819-~819: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/804) ## 1.0.21 - 28 Oct 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~823-~823: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/795) ## 1.0.20 - 25 Oct 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~825-~825: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/795) ## 1.0.20 - 25 Oct 2021 No user facing changes. ## 1.0.19 - 18 Oct 2021 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~827-~827: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.19 - 18 Oct 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~829-~829: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 1.0.19 - 18 Oct 2021 No user facing changes. ## 1.0.18 - 08 Oct 2021 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~831-~831: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.18 - 08 Oct 2021 - Fixed a bug where some bu...

(DASH_RULE)

[typographical] ~835-~835: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/766) ## 1.0.17 - 07 Oct 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~839-~839: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/761) ## 1.0.16 - 05 Oct 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~841-~841: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/761) ## 1.0.16 - 05 Oct 2021 No user facing changes. ## 1.0.15 - 22 Sep 2021 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~843-~843: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.15 - 22 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~847-~847: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/746) ## 1.0.14 - 09 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~851-~851: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/733) ## 1.0.13 - 06 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~857-~857: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/715) ## 1.0.12 - 16 Aug 2021 - Update README to include ...

(DASH_RULE)

[typographical] ~861-~861: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/689) ## 1.0.11 - 09 Aug 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~865-~865: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/687) ## 1.0.10 - 03 Aug 2021 - Fix an issue where a summ...

(DASH_RULE)

[typographical] ~869-~869: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/672) ## 1.0.9 - 02 Aug 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~871-~871: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/672) ## 1.0.9 - 02 Aug 2021 No user facing changes. ## 1.0.8 - 26 Jul 2021 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~873-~873: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.8 - 26 Jul 2021 - Update default CodeQL bun...

(DASH_RULE)

[typographical] ~877-~877: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/631) ## 1.0.7 - 21 Jul 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~879-~879: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/631) ## 1.0.7 - 21 Jul 2021 No user facing changes. ## 1.0.6 - 19 Jul 2021 - The...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~881-~881: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.6 - 19 Jul 2021 - The init step of the Ac...

(DASH_RULE)

[typographical] ~886-~886: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/616) ## 1.0.5 - 12 Jul 2021 - The analyze step of the...

(DASH_RULE)

[typographical] ~891-~891: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/608) ## 1.0.4 - 28 Jun 2021 - Fix `RUNNER_TEMP environm...

(DASH_RULE)

[typographical] ~896-~896: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/586) ## 1.0.3 - 23 Jun 2021 No user facing changes. ##...

(DASH_RULE)

[uncategorized] ~898-~898: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/586) ## 1.0.3 - 23 Jun 2021 No user facing changes. ## 1.0.2 - 17 Jun 2021 - Fix...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

[typographical] ~900-~900: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.2 - 17 Jun 2021 - Fix out of memory in hash...

(DASH_RULE)

[typographical] ~906-~906: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/558) ## 1.0.1 - 07 Jun 2021 - Pass the `--sarif-group-r...

(DASH_RULE)

[grammar] ~909-~909: The word ‘analyze’ is a verb. Did you mean the noun “analysis”?
Context: ...tion of CodeQL databases created in the analyze step. [github#543](https://github.com/github/...

(PREPOSITION_VERB)

[typographical] ~911-~911: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/543) ## 1.0.0 - 31 May 2021 - Add this changelog file. ...

(DASH_RULE)

🪛 markdownlint-cli2 (0.17.2)

441-441: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

441-441: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

Remove bundled copy of `actions` extractor

…6e63b8 build(deps-dev): bump @eslint/js from 9.26.0 to 9.27.0 in the npm group

…s-999e423561 build(deps): bump ruby/setup-ruby from 1.230.0 to 1.242.0 in the actions group

Bumps the actions group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.242.0 to 1.244.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@cb0fda5...13e7a03) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.244.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <[email protected]>

Bumps the npm group with 2 updates in the / directory: [@octokit/types](https://github.com/octokit/types.ts) and [octokit](https://github.com/octokit/octokit.js). Updates `@octokit/types` from 14.0.0 to 14.1.0 - [Release notes](https://github.com/octokit/types.ts/releases) - [Commits](octokit/types.ts@v14.0.0...v14.1.0) Updates `octokit` from 4.1.3 to 5.0.2 - [Release notes](https://github.com/octokit/octokit.js/releases) - [Commits](octokit/octokit.js@v4.1.3...v5.0.2) --- updated-dependencies: - dependency-name: "@octokit/types" dependency-version: 14.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: npm - dependency-name: octokit dependency-version: 5.0.2 dependency-type: direct:production update-type: version-update:semver-major dependency-group: npm ... Signed-off-by: dependabot[bot] <[email protected]>

This field will soon be ignored

…1dd9e3 build(deps): bump the npm group across 1 directory with 2 updates

…s-92be4e1609 build(deps): bump ruby/setup-ruby from 1.242.0 to 1.244.0 in the actions group

Dependabot: Remove deprecated `reviewers` config

…er-versions Update supported GitHub Enterprise Server versions

There are scheduled brownouts for this runner image. Replace it with `windows-2025`, and start running on `macos-15` too.

Stop running CI on `windows-2019`

Update default bundle to 2.21.4

Bumps the npm group with 5 updates: | Package | From | To | | --- | --- | --- | | [octokit](https://github.com/octokit/octokit.js) | `5.0.2` | `5.0.3` | | [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) | `9.27.0` | `9.28.0` | | [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.32.1` | `8.33.1` | | [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.32.1` | `8.33.1` | | [nock](https://github.com/nock/nock) | `14.0.4` | `14.0.5` | Updates `octokit` from 5.0.2 to 5.0.3 - [Release notes](https://github.com/octokit/octokit.js/releases) - [Commits](octokit/octokit.js@v5.0.2...v5.0.3) Updates `@eslint/js` from 9.27.0 to 9.28.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/commits/v9.28.0/packages/js) Updates `@typescript-eslint/eslint-plugin` from 8.32.1 to 8.33.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.1/packages/eslint-plugin) Updates `@typescript-eslint/parser` from 8.32.1 to 8.33.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.33.1/packages/parser) Updates `nock` from 14.0.4 to 14.0.5 - [Release notes](https://github.com/nock/nock/releases) - [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md) - [Commits](nock/nock@v14.0.4...v14.0.5) --- updated-dependencies: - dependency-name: octokit dependency-version: 5.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm - dependency-name: "@eslint/js" dependency-version: 9.28.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/eslint-plugin" dependency-version: 8.33.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: "@typescript-eslint/parser" dependency-version: 8.33.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm - dependency-name: nock dependency-version: 14.0.5 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm ... Signed-off-by: dependabot[bot] <[email protected]>

Merge main into releases/v3

Mergeback v3.28.19 refs/heads/releases/v3 into main

Fix backslashes being accepted by `sanitizeArtifactName`

…cdc43f build(deps): bump the npm group with 5 updates

prmerger-automator bot added the do-not-merge label May 29, 2024

pull bot added ⤵️ pull and removed do-not-merge labels May 29, 2024

coderabbitai bot reviewed Aug 8, 2024

View reviewed changes

coderabbitai bot reviewed Aug 13, 2024

View reviewed changes

coderabbitai bot reviewed Aug 14, 2024

View reviewed changes

coderabbitai bot reviewed Aug 15, 2024

View reviewed changes

coderabbitai bot reviewed Aug 19, 2024

View reviewed changes

coderabbitai bot reviewed Aug 20, 2024

View reviewed changes

coderabbitai bot reviewed Aug 21, 2024

View reviewed changes

coderabbitai bot reviewed Aug 23, 2024

View reviewed changes

coderabbitai bot reviewed Aug 26, 2024

View reviewed changes

coderabbitai bot reviewed Aug 27, 2024

View reviewed changes

coderabbitai bot reviewed Aug 28, 2024

View reviewed changes

coderabbitai bot reviewed Aug 29, 2024

View reviewed changes

coderabbitai bot reviewed Aug 30, 2024

View reviewed changes

henrymercer and others added 3 commits March 5, 2025 14:41

Merge pull request #2794 from github/update-supported-enterprise-serv…

608ccd6

…er-versions Update supported GitHub Enterprise Server versions

adjust string for handling rate limit error

7b7ed63

Merge pull request #2796 from github/nickfyson/adjust-rate-error-string

911d845

adjust string for handling rate limit error

coderabbitai bot reviewed Mar 6, 2025

View reviewed changes

cklin added 2 commits March 6, 2025 06:59

Merge branch 'main' into update-bundle/codeql-bundle-v2.20.6

256aa16

Merge pull request #2793 from github/update-bundle/codeql-bundle-v2.20.6

56b25d5

Update default bundle to 2.20.6

coderabbitai bot reviewed Mar 6, 2025

View reviewed changes

henrymercer and others added 30 commits May 22, 2025 15:37

Update version number in changelog

b63847b

Update generated workflow source to match

bcaa06b

Merge pull request #2787 from github/dbartol/remove-actions-extractor

5239ab1

Remove bundled copy of `actions` extractor

Merge pull request #2898 from github/dependabot/npm_and_yarn/npm-aa8c…

23262ae

…6e63b8 build(deps-dev): bump @eslint/js from 9.26.0 to 9.27.0 in the npm group

Merge pull request #2899 from github/dependabot/github_actions/action…

7b0fb5a

…s-999e423561 build(deps): bump ruby/setup-ruby from 1.230.0 to 1.242.0 in the actions group

Update generated workflow source

0abe43c

Update checked-in dependencies

655a969

Dependabot: Remove deprecated reviewers config

eaed21b

This field will soon be ignored

Merge pull request #2907 from github/dependabot/npm_and_yarn/npm-4187…

97fbf51

…1dd9e3 build(deps): bump the npm group across 1 directory with 2 updates

Merge pull request #2905 from github/dependabot/github_actions/action…

1a67b5d

…s-92be4e1609 build(deps): bump ruby/setup-ruby from 1.242.0 to 1.244.0 in the actions group

Merge pull request #2908 from github/henrymercer/dependabot

bc02a25

Dependabot: Remove deprecated `reviewers` config

Update supported GitHub Enterprise Server versions

31eae5e

Merge pull request #2911 from github/update-supported-enterprise-serv…

7fd6215

…er-versions Update supported GitHub Enterprise Server versions

Stop running CI on windows-2019

3201e46

There are scheduled brownouts for this runner image. Replace it with `windows-2025`, and start running on `macos-15` too.

Merge pull request #2913 from github/henrymercer/win-2019-deprecated

dc138d4

Stop running CI on `windows-2019`

Update default bundle to codeql-bundle-v2.21.4

d621686

Add changelog note

c0a821d

Merge pull request #2910 from github/update-bundle/codeql-bundle-v2.21.4

4a00331

Update default bundle to 2.21.4

Update checked-in dependencies

313daef

Update changelog for v3.28.19

1dcd2be

Merge pull request #2918 from github/update-v3.28.19-4a00331d4

fca7ace

Merge main into releases/v3

Update changelog and version after v3.28.19

a28627a

Update checked-in dependencies

be60d9f

Merge pull request #2919 from github/mergeback/v3.28.19-to-main-fca7ace9

075e08a

Mergeback v3.28.19 refs/heads/releases/v3 into main

Fix backslashes being accepted by sanitizeArtifactName

1eab408

Merge pull request #2922 from github/mbg/fix/sanitizeArtifactName

72be4b6

Fix backslashes being accepted by `sanitizeArtifactName`

Merge pull request #2916 from github/dependabot/npm_and_yarn/npm-5cdc…

b1e4dc3

…cdc43f build(deps): bump the npm group with 5 updates

		exports.ToolsFeature = void 0;
		exports.isSupportedToolsFeature = isSupportedToolsFeature;

	new RegExp("We were unable to automatically build your code"),
	/We were unable to automatically build your code/,

	with open('CHANGELOG.md', 'r') as f:
	with open(changelog_file, 'r') as f:

		LANGUAGES="cpp csharp go java javascript python"
		for version in $VERSIONS; do

[pull] main from github:main #1

Are you sure you want to change the base?

[pull] main from github:main #1

Conversation

pull bot commented May 29, 2024 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Summary by CodeRabbit

Release Notes

Uh oh!

coderabbitai bot commented Jul 17, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Review skipped

Walkthrough

Changes

Sequence Diagram(s)

Poem

Chat

Support

CodeRabbit Commands (Invoked using PR comments)

Other keywords and placeholders

CodeRabbit Configuration File (.coderabbit.yaml)

Documentation and Community

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Aug 8, 2024

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Aug 8, 2024

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Aug 8, 2024

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Aug 8, 2024

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Aug 8, 2024

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Aug 8, 2024

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot Aug 8, 2024

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

pull bot commented May 29, 2024 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Jul 17, 2024 •

edited

Loading

CodeRabbit Configuration File (`.coderabbit.yaml`)