Add threat-models as a property to config file and inputs

There's a lot of changes here, but it's pretty formulaic. It follows the approach used by the `queries` input and config property. `threat-models` can appear as an input or in the config file. If it appears in the input, then we need to either merge it with the threat-models in the config (if prefixed with `+`) or overwrite it. There's no danger if someone uses `threat-models` with an older CLI since the CLI can handle configs with extra properties.
Merge pull request #1649 from github/cklin/codeql-cli-2.13.0
2026-05-12 00:30:10 +00:00 · 2023-04-20 11:59:55 -07:00 · 2023-04-20 07:39:38 -07:00 · 2023-04-20 11:23:25 +01:00 · 2023-04-20 11:22:32 +01:00 · 2023-04-19 15:56:42 +01:00
292 changed files with 1455 additions and 30594 deletions
@@ -1,18 +1,18 @@
 name: "Set up Swift"
-description: Performs necessary steps to set up appropriate Swift version.
+description: Sets up an appropriate Swift version if Swift is enabled via CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT.
 inputs:
  codeql-path:
+    description: Path to the CodeQL CLI executable.
    required: true
 runs:
  using: "composite"
  steps:
    - name: Get Swift version
      id: get_swift_version
-      # We don't support Swift on Windows or prior versions of CLI.
-      if: "(runner.os != 'Windows') && (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')"
+      if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true'
      shell: bash
      env: 
-        CODEQL_PATH: ${{inputs.codeql-path}}
+        CODEQL_PATH: ${{ inputs.codeql-path }}
      run: |
        if [ $RUNNER_OS = "macOS" ]; then
          PLATFORM="osx64"
@@ -26,7 +26,7 @@ runs:
          VERSION="5.7.0"
        fi
        echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
-    - uses: swift-actions/setup-swift@da0e3e04b5e3e15dbc3861bd835ad9f0afe56296 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
-      if: "(runner.os != 'Windows') && (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version == 'nightly-latest')"
+    - uses: swift-actions/setup-swift@65540b95f51493d65f5e59e97dcef9629ddf11bf # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
+      if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true'
      with:
-        swift-version: "${{steps.get_swift_version.outputs.version}}"
+        swift-version: "${{ steps.get_swift_version.outputs.version }}"
@@ -13,57 +13,55 @@ interface Defaults {
  priorCliVersion: string;
 }

-const CODEQL_BUNDLE_PREFIX = 'codeql-bundle-';
-
 function getCodeQLCliVersionForRelease(release): string {
  // We do not currently tag CodeQL bundles based on the CLI version they contain.
  // Instead, we use a marker file `cli-version-<version>.txt` to record the CLI version.
  // This marker file is uploaded as a release asset for all new CodeQL bundles.
  const cliVersionsFromMarkerFiles = release.assets
-  .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
-  .filter((v) => v)
-  .map((v) => v as string);
+    .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
+    .filter((v) => v)
+    .map((v) => v as string);
  if (cliVersionsFromMarkerFiles.length > 1) {
    throw new Error(
      `Release ${release.tag_name} has multiple CLI version marker files.`
-      );
-    } else if (cliVersionsFromMarkerFiles.length === 0) {
-      throw new Error(
-        `Failed to find the CodeQL CLI version for release ${release.tag_name}.`
-        );
-      }
-      return cliVersionsFromMarkerFiles[0];
-    }
+    );
+  } else if (cliVersionsFromMarkerFiles.length === 0) {
+    throw new Error(
+      `Failed to find the CodeQL CLI version for release ${release.tag_name}.`
+    );
+  }
+  return cliVersionsFromMarkerFiles[0];
+}

-    async function getBundleInfoFromRelease(release): Promise<BundleInfo> {
-      return {
-        bundleVersion: release.tag_name.substring(CODEQL_BUNDLE_PREFIX.length),
-        cliVersion: getCodeQLCliVersionForRelease(release)
-      };
-    }
+async function getBundleInfoFromRelease(release): Promise<BundleInfo> {
+  return {
+    bundleVersion: release.tag_name,
+    cliVersion: getCodeQLCliVersionForRelease(release)
+  };
+}

-    async function getNewDefaults(currentDefaults: Defaults): Promise<Defaults> {
-      const release = github.context.payload.release;
-      console.log('Updating default bundle as a result of the following release: ' +
-      `${JSON.stringify(release)}.`)
+async function getNewDefaults(currentDefaults: Defaults): Promise<Defaults> {
+  const release = github.context.payload.release;
+  console.log('Updating default bundle as a result of the following release: ' +
+    `${JSON.stringify(release)}.`)

-      const bundleInfo = await getBundleInfoFromRelease(release);
-      return {
-        bundleVersion: bundleInfo.bundleVersion,
-        cliVersion: bundleInfo.cliVersion,
-        priorBundleVersion: currentDefaults.bundleVersion,
-        priorCliVersion: currentDefaults.cliVersion
-      };
-    }
+  const bundleInfo = await getBundleInfoFromRelease(release);
+  return {
+    bundleVersion: bundleInfo.bundleVersion,
+    cliVersion: bundleInfo.cliVersion,
+    priorBundleVersion: currentDefaults.bundleVersion,
+    priorCliVersion: currentDefaults.cliVersion
+  };
+}

-    async function main() {
-      const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8'));
-      const newDefaults = await getNewDefaults(previousDefaults);
-      // Update the source file in the repository. Calling workflows should subsequently rebuild
-      // the Action to update `lib/defaults.json`.
-      fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n");
-    }
+async function main() {
+  const previousDefaults: Defaults = JSON.parse(fs.readFileSync('../../../src/defaults.json', 'utf8'));
+  const newDefaults = await getNewDefaults(previousDefaults);
+  // Update the source file in the repository. Calling workflows should subsequently rebuild
+  // the Action to update `lib/defaults.json`.
+  fs.writeFileSync('../../../src/defaults.json', JSON.stringify(newDefaults, null, 2) + "\n");
+}

-    // Ideally, we'd await main() here, but that doesn't work well with `ts-node`.
-    // So instead we rely on the fact that Node won't exit until the event loop is empty.
-    main();
+// Ideally, we'd await main() here, but that doesn't work well with `ts-node`.
+// So instead we rely on the fact that Node won't exit until the event loop is empty.
+main();
@@ -25,24 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
        - os: windows-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -72,11 +78,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -42,6 +42,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: csharp
@@ -48,6 +48,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: javascript
@@ -54,6 +54,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
@@ -42,6 +42,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
@@ -70,7 +81,10 @@ jobs:
      shell: bash
      run: |
        cd "$RUNNER_TEMP/results"
-        expected_baseline_languages="cpp cs go java js py rb swift"
+        expected_baseline_languages="cpp cs go java js py rb"
+        if [[ $RUNNER_OS != "Windows" ]]; then
+          expected_baseline_languages+=" swift"
+        fi

        for lang in ${expected_baseline_languages}; do
          rule_name="${lang}/baseline/expected-extracted-files"
@@ -84,5 +98,4 @@ jobs:
          fi
        done
    env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: true # Remove when Swift is GA.
      CODEQL_ACTION_TEST_MODE: true
@@ -38,6 +38,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: java
@@ -25,24 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
        - os: windows-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -72,11 +78,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: go
@@ -25,18 +25,22 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -60,11 +64,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: go
@@ -25,18 +25,22 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -60,11 +64,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: go
@@ -25,18 +25,22 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -60,11 +64,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: go
@@ -54,6 +54,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Init with registries
      uses: ./../action/init
      with:
@@ -42,6 +42,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Move codeql-action
      shell: bash
      run: |
@@ -25,12 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20220120
+        - os: ubuntu-latest
+          version: stable-20220401
        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
+          version: stable-20220401
+        - os: windows-latest
+          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -60,11 +78,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: javascript
@@ -87,7 +111,7 @@ jobs:
    - name: Check sarif
      uses: ./../action/.github/actions/check-sarif
    # Running on Windows requires CodeQL CLI 2.9.0+.
-      if: "!(matrix.version == 'stable-20220120' && runner.os == 'Windows')"
+      if: "!(matrix.version == 'stable-20220401' && runner.os == 'Windows')"
      with:
        sarif-file: ${{ runner.temp }}/results/javascript.sarif
        queries-run: js/ml-powered/nosql-injection,js/ml-powered/path-injection,js/ml-powered/sql-injection,js/ml-powered/xss
@@ -96,7 +120,7 @@ jobs:
    - name: Check results
      env:
      # Running on Windows requires CodeQL CLI 2.9.0+.
-        SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220120' &&
+        SHOULD_RUN_ML_POWERED_QUERIES: ${{ !(matrix.version == 'stable-20220401' &&
          runner.os == 'Windows') }}
      shell: bash
      run: |
@@ -25,18 +25,22 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -60,11 +64,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
@@ -73,7 +83,7 @@ jobs:

    - uses: ./../action/.github/actions/setup-swift
      with:
-        codeql-path: ${{steps.init.outputs.codeql-path}}
+        codeql-path: ${{ steps.init.outputs.codeql-path }}

    - name: Build code
      shell: bash
@@ -119,8 +129,7 @@ jobs:
        fi

    - name: Check language autodetect for Ruby
-      if: (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version
-        == 'nightly-latest')
+      if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true'
      shell: bash
      run: |
        RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }}
@@ -130,8 +139,7 @@ jobs:
        fi

    - name: Check language autodetect for Swift
-      if: (matrix.version == 'cached' || matrix.version == 'latest' || matrix.version
-        == 'nightly-latest')
+      if: env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true'
      shell: bash
      run: |
        SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}
@@ -140,5 +148,4 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
      CODEQL_ACTION_TEST_MODE: true
@@ -54,6 +54,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
@@ -54,6 +54,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
@@ -54,6 +54,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging.yml
@@ -54,6 +54,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging2.yml
@@ -25,24 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
        - os: windows-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -72,11 +78,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -38,6 +38,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Set up Ruby
      uses: ruby/setup-ruby@v1
      with:
@@ -48,6 +48,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: ruby
@@ -48,6 +48,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        config-file: .github/codeql/codeql-config-packaging3.yml
@@ -42,6 +42,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: actions/checkout@v3
    - uses: ./init
      with:
@@ -48,6 +48,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      id: init
      with:
@@ -75,6 +86,5 @@ jobs:
          exit 1
        fi
    env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
      CODEQL_ACTION_TEST_MODE: true
@@ -38,6 +38,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Test setup
      shell: bash
      run: |
@@ -38,15 +38,30 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - name: Fetch a CodeQL bundle
      shell: bash
      env:
        CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }}
      run: |
        wget "$CODEQL_URL"
-    - uses: ./../action/init
+    - id: init
+      uses: ./../action/init
      with:
        tools: ./codeql-bundle.tar.gz
+    - uses: ./../action/.github/actions/setup-swift
+      with:
+        codeql-path: ${{ steps.init.outputs.codeql-path }}
    - name: Build code
      shell: bash
      run: ./build.sh
@@ -38,6 +38,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        languages: javascript
@@ -25,12 +25,14 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: ubuntu-latest
@@ -48,15 +50,25 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
+      id: init
      with:
        db-location: ${{ runner.temp }}/customDbLocation
        tools: ${{ steps.prepare-test.outputs.tools-url }}
+    - uses: ./../action/.github/actions/setup-swift
+      with:
+        codeql-path: ${{ steps.init.outputs.codeql-path }}
    - name: Build code
      shell: bash
    # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a
@@ -25,24 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
        - os: windows-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -72,11 +78,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: ./../action/init
      with:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -25,24 +25,30 @@ jobs:
    strategy:
      matrix:
        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: windows-2019
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: windows-2019
-          version: stable-20220120
        - os: ubuntu-latest
          version: stable-20220401
        - os: macos-latest
          version: stable-20220401
        - os: windows-latest
          version: stable-20220401
+        - os: ubuntu-latest
+          version: stable-20220615
+        - os: macos-latest
+          version: stable-20220615
+        - os: windows-latest
+          version: stable-20220615
+        - os: ubuntu-latest
+          version: stable-20220908
+        - os: macos-latest
+          version: stable-20220908
+        - os: windows-latest
+          version: stable-20220908
+        - os: ubuntu-latest
+          version: stable-20221211
+        - os: macos-latest
+          version: stable-20221211
+        - os: windows-latest
+          version: stable-20221211
        - os: ubuntu-latest
          version: cached
        - os: macos-latest
@@ -72,11 +78,17 @@ jobs:
      uses: ./.github/actions/prepare-test
      with:
        version: ${{ matrix.version }}
-    - name: Set up Go
-      if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v4
-      with:
-        go-version: ^1.13.1
+    - name: Set environment variable for Swift enablement
+      if: >-
+        runner.os != 'Windows' && (
+            matrix.version == '20220908' ||
+            matrix.version == '20221211' ||
+            matrix.version == 'cached' ||
+            matrix.version == 'latest' ||
+            matrix.version == 'nightly-latest'
+        )
+      shell: bash
+      run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
    - uses: actions/checkout@v3
      with:
        ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
@@ -21,31 +21,17 @@ jobs:
  upload-artifacts:
    strategy:
      matrix:
-        include:
-        - os: ubuntu-20.04
-          version: stable-20211005
-        - os: macos-latest
-          version: stable-20211005
-        - os: ubuntu-20.04
-          version: stable-20220120
-        - os: macos-latest
-          version: stable-20220120
-        - os: ubuntu-latest
-          version: stable-20220401
-        - os: macos-latest
-          version: stable-20220401
-        - os: ubuntu-latest
-          version: cached
-        - os: macos-latest
-          version: cached
-        - os: ubuntu-latest
-          version: latest
-        - os: macos-latest
-          version: latest
-        - os: ubuntu-latest
-          version: nightly-latest
-        - os: macos-latest
-          version: nightly-latest
+        os:
+        - ubuntu-latest
+        - macos-latest
+        version:
+        - stable-20220401
+        - stable-20220615
+        - stable-20220908
+        - stable-20221211
+        - cached
+        - latest
+        - nightly-latest
    name: Upload debug artifacts
    env:
      CODEQL_ACTION_TEST_MODE: true
@@ -84,17 +70,10 @@ jobs:
      - name: Check expected artifacts exist
        shell: bash
        run: |
-          VERSIONS="stable-20211005 stable-20220120 stable-20220401 cached latest nightly-latest"
+          VERSIONS="stable-20220401 stable-20220615 stable-20220908 stable-20221211 cached latest nightly-latest"
          LANGUAGES="cpp csharp go java javascript python"
          for version in $VERSIONS; do
-            if [[ "$version" =~ stable-(20211005|20220120|20210809) ]]; then
-              # Note the absence of the period in "ubuntu-2004": this is present in the image name
-              # but not the artifact name
-              OPERATING_SYSTEMS="ubuntu-2004 macos-latest"
-            else
-              OPERATING_SYSTEMS="ubuntu-latest macos-latest"
-            fi
-            for os in $OPERATING_SYSTEMS; do
+            for os in ubuntu-latest macos-latest; do
              pushd "./my-debug-artifacts-$os-$version"
              echo "Artifacts from version $version on $os:"
              for language in $LANGUAGES; do
@@ -2,11 +2,20 @@ name: Update default CodeQL bundle

 on:
  release:
-    types: [prereleased]
+    # From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release
+    # Note: The prereleased type will not trigger for pre-releases published
+    # from draft releases, but the published type will trigger. If you want a
+    # workflow to run when stable and pre-releases publish, subscribe to
+    # published instead of released and prereleased.
+    #
+    # From https://github.com/orgs/community/discussions/26281
+    # As a work around, in published type workflow,  you could add if condition
+    # to filter pre-release attribute.
+    types: [published]

 jobs:
  update-bundle:
-    if: startsWith(github.event.release.tag_name, 'codeql-bundle-')
+    if: github.event.release.prerelease && startsWith(github.event.release.tag_name, 'codeql-bundle-')
    runs-on: ubuntu-latest
    steps:
      - name: Dump environment
@@ -36,7 +36,7 @@ jobs:
        env:
          ENTERPRISE_RELEASES_PATH: ${{ github.workspace }}/enterprise-releases/
      - name: Commit Changes
-        uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4
+        uses: peter-evans/create-pull-request@5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5 # v5.0.0
        with:
          commit-message: Update supported GitHub Enterprise Server versions.
          title: Update supported GitHub Enterprise Server versions.
@@ -2,7 +2,13 @@

 ## [UNRELEASED]

-No user facing changes.
+- Update default CodeQL bundle version to 2.13.0. [#1649](https://github.com/github/codeql-action/pull/1649)
+- Bump the minimum CodeQL bundle version to 2.8.5. [#1618](https://github.com/github/codeql-action/pull/1618)
+
+## 2.2.12 - 13 Apr 2023
+
+- Include the value of the `GITHUB_RUN_ATTEMPT` environment variable in the telemetry sent to GitHub. [#1640](https://github.com/github/codeql-action/pull/1640)
+- Improve the ease of debugging failed runs configured using [default setup](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically). The CodeQL Action will now upload diagnostic information to Code Scanning from failed runs configured using default setup. You can view this diagnostic information on the [tool status page](https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page). [#1619](https://github.com/github/codeql-action/pull/1619)

 ## 2.2.11 - 06 Apr 2023

@@ -45,17 +45,22 @@ inputs:
    description: Path where CodeQL databases should be created. If not specified, a temporary directory will be used.
    required: false
  queries:
-    description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
+    description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to combine both sets of queries.
    required: false
  packs:
    description: >-
      [Experimental] Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not
      specified, then the latest version of the pack is used. By default, this overrides the same setting in a
-      configuration file; prefix with "+" to use both sets of packs.
+      configuration file; prefix with "+" to combine both sets of packs.

      This input is only available in single-language analyses. To use packs in multi-language
      analyses, you must specify packs in the codeql-config.yml file.
    required: false
+  threat-models:
+    description: >-
+      [Experimental] Comma-separated list of threat models to include in this analysis. By default, this overrides the same setting in a
+      configuration file; prefix with "+" to combine both sets of threat-models.
+    required: false
  external-repository-token:
    description: A token for fetching external config files and queries if they reside in a private repository in the same GitHub instance that is running this action.
    required: false
@@ -163,7 +163,7 @@ async function getAnalysisKey() {
    if (analysisKey !== undefined) {
        return analysisKey;
    }
-    const workflowPath = await (0, workflow_1.getWorkflowPath)();
+    const workflowPath = await (0, workflow_1.getWorkflowRelativePath)();
    const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
    analysisKey = `${workflowPath}:${jobName}`;
    core.exportVariable(analysisKeyEnvVar, analysisKey);
@@ -295,6 +295,11 @@ async function createStatusReportBase(actionName, status, actionStartedAt, cause
    if (workflowRunIDStr) {
        workflowRunID = parseInt(workflowRunIDStr, 10);
    }
+    const workflowRunAttemptStr = process.env["GITHUB_RUN_ATTEMPT"];
+    let workflowRunAttempt = -1;
+    if (workflowRunAttemptStr) {
+        workflowRunAttempt = parseInt(workflowRunAttemptStr, 10);
+    }
    const workflowName = process.env["GITHUB_WORKFLOW"] || "";
    const jobName = process.env["GITHUB_JOB"] || "";
    const analysis_key = await getAnalysisKey();
@@ -314,6 +319,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, cause
    }
    const statusReport = {
        workflow_run_id: workflowRunID,
+        workflow_run_attempt: workflowRunAttempt,
        workflow_name: workflowName,
        job_name: jobName,
        analysis_key,
@@ -29,6 +29,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
 const analysisPaths = __importStar(require("./analysis-paths"));
+const config_utils_1 = require("./config-utils");
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
 (0, testing_utils_1.setupTests)(ava_1.default);
@@ -48,11 +49,7 @@ const util = __importStar(require("./util"));
            debugMode: false,
            debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
            debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-            augmentationProperties: {
-                injectedMlQueries: false,
-                packsInputCombines: false,
-                queriesInputCombines: false,
-            },
+            augmentationProperties: config_utils_1.defaultAugmentationProperties,
            trapCaches: {},
            trapCacheDownloadTime: 0,
        };
@@ -78,11 +75,7 @@ const util = __importStar(require("./util"));
            debugMode: false,
            debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
            debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-            augmentationProperties: {
-                injectedMlQueries: false,
-                packsInputCombines: false,
-                queriesInputCombines: false,
-            },
+            augmentationProperties: config_utils_1.defaultAugmentationProperties,
            trapCaches: {},
            trapCacheDownloadTime: 0,
        };
@@ -108,11 +101,7 @@ const util = __importStar(require("./util"));
        debugMode: false,
        debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
        debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-        augmentationProperties: {
-            injectedMlQueries: false,
-            packsInputCombines: false,
-            queriesInputCombines: false,
-        },
+        augmentationProperties: config_utils_1.defaultAugmentationProperties,
        trapCaches: {},
        trapCacheDownloadTime: 0,
    };
@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,sBAAsB,EAAE;gBACtB,iBAAiB,EAAE,KAAK;gBACxB,kBAAkB,EAAE,KAAK;gBACzB,oBAAoB,EAAE,KAAK;aAC5B;YACD,UAAU,EAAE,EAAE;YACd,qBAAqB,EAAE,CAAC;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,sBAAsB,EAAE;gBACtB,iBAAiB,EAAE,KAAK;gBACxB,kBAAkB,EAAE,KAAK;gBACzB,oBAAoB,EAAE,KAAK;aAC5B;YACD,UAAU,EAAE,EAAE;YACd,qBAAqB,EAAE,CAAC;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CACF,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACjC,gGAAgG,CACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;IAC/D,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,EAAE;QACb,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,EAAE;QACf,KAAK,EAAE,EAAE;QACT,iBAAiB,EAAE,EAAE;QACrB,OAAO;QACP,SAAS,EAAE,EAAE;QACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;QACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;QACrD,KAAK,EAAE,EAAE;QACT,SAAS,EAAE,KAAK;QAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;QACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;QACnD,sBAAsB,EAAE;YACtB,iBAAiB,EAAE,KAAK;YACxB,kBAAkB,EAAE,KAAK;YACzB,oBAAoB,EAAE,KAAK;SAC5B;QACD,UAAU,EAAE,EAAE;QACd,qBAAqB,EAAE,CAAC;KACzB,CAAC;IACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;IACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC,CAAC;IAC9D,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAE7B,8CAAuB;AAEvB,gEAAkD;AAClD,iDAA+D;AAC/D,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,sBAAsB,EAAE,4CAA6B;YACrD,UAAU,EAAE,EAAE;YACd,qBAAqB,EAAE,CAAC;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,SAAS,EAAE,EAAE;YACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;YACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,kBAAkB,CAAC;YACpD,KAAK,EAAE,EAAE;YACT,SAAS,EAAE,KAAK;YAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;YACnD,sBAAsB,EAAE,4CAA6B;YACrD,UAAU,EAAE,EAAE;YACd,qBAAqB,EAAE,CAAC;SACzB,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CACF,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACjC,gGAAgG,CACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnC,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,oBAAoB,CAAC,CAAC;IAC/D,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,EAAE;QACb,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,EAAE;QACf,KAAK,EAAE,EAAE;QACT,iBAAiB,EAAE,EAAE;QACrB,OAAO;QACP,SAAS,EAAE,EAAE;QACb,aAAa,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM,EAAwB;QACxE,UAAU,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,kBAAkB,CAAC;QACrD,KAAK,EAAE,EAAE;QACT,SAAS,EAAE,KAAK;QAChB,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;QACnD,iBAAiB,EAAE,IAAI,CAAC,2BAA2B;QACnD,sBAAsB,EAAE,4CAA6B;QACrD,UAAU,EAAE,EAAE;QACd,qBAAqB,EAAE,CAAC;KACzB,CAAC;IACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;IACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,oBAAoB,CAAC,CAAC;IAC9D,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC,CAAC,CAAC"}
@@ -155,7 +155,6 @@ async function run() {
        if (hasBadExpectErrorInput()) {
            throw new Error("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
        }
-        await (0, codeql_1.enrichEnvironment)(await (0, codeql_1.getCodeQL)(config.codeQLCmd));
        const apiDetails = (0, api_client_1.getApiDetails)();
        const outputDir = actionsUtil.getRequiredInput("output");
        const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
@@ -37,7 +37,6 @@ const analysisPaths = __importStar(require("./analysis-paths"));
 const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const languages_1 = require("./languages");
-const sharedEnv = __importStar(require("./shared-environment"));
 const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
 class CodeQLAnalysisError extends Error {
@@ -283,20 +282,13 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger) {
    }
    await fs.promises.mkdir(outputDir, { recursive: true });
    const timings = await finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger);
-    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
    // WARNING: This does not _really_ end tracing, as the tracer will restore its
    // critical environment variables and it'll still be active for all processes
    // launched from this build step.
    // However, it will stop tracing for all steps past the codeql-action/analyze
    // step.
-    if (await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-        // Delete variables as specified by the end-tracing script
-        await (0, tracer_config_1.endTracingForCluster)(config);
-    }
-    else {
-        // Delete the tracer config env var to avoid tracing ourselves
-        delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
-    }
+    // Delete variables as specified by the end-tracing script
+    await (0, tracer_config_1.endTracingForCluster)(config);
    return timings;
 }
 exports.runFinalize = runFinalize;
@@ -33,6 +33,7 @@ const yaml = __importStar(require("js-yaml"));
 const sinon = __importStar(require("sinon"));
 const analyze_1 = require("./analyze");
 const codeql_1 = require("./codeql");
+const config_utils_1 = require("./config-utils");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
@@ -115,11 +116,7 @@ const util = __importStar(require("./util"));
                debugMode: false,
                debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
                debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-                augmentationProperties: {
-                    injectedMlQueries: false,
-                    packsInputCombines: false,
-                    queriesInputCombines: false,
-                },
+                augmentationProperties: config_utils_1.defaultAugmentationProperties,
                trapCaches: {},
                trapCacheDownloadTime: 0,
            };
@@ -215,11 +212,7 @@ function createBaseConfig(tmpDir) {
        debugMode: false,
        debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
        debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-        augmentationProperties: {
-            injectedMlQueries: false,
-            packsInputCombines: false,
-            queriesInputCombines: false,
-        },
+        augmentationProperties: config_utils_1.defaultAugmentationProperties,
        trapCaches: {},
        trapCacheDownloadTime: 0,
    };
@@ -23,10 +23,9 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.enrichEnvironment = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
+exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const yaml = __importStar(require("js-yaml"));
 const actions_util_1 = require("./actions-util");
@@ -35,7 +34,6 @@ const error_matcher_1 = require("./error-matcher");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const setupCodeql = __importStar(require("./setup-codeql"));
-const shared_environment_1 = require("./shared-environment");
 const toolrunner_error_catcher_1 = require("./toolrunner-error-catcher");
 const trap_caching_1 = require("./trap-caching");
 const util = __importStar(require("./util"));
@@ -62,7 +60,7 @@ let cachedCodeQL = undefined;
 * The version flags below can be used to conditionally enable certain features
 * on versions newer than this.
 */
-const CODEQL_MINIMUM_VERSION = "2.6.3";
+const CODEQL_MINIMUM_VERSION = "2.8.5";
 /**
 * Versions of CodeQL that version-flag certain functionality in the Action.
 * For convenience, please keep these in descending order. Once a version
@@ -73,21 +71,6 @@ const CODEQL_VERSION_LUA_TRACER_CONFIG = "2.10.0";
 const CODEQL_VERSION_LUA_TRACING_GO_WINDOWS_FIXED = "2.10.4";
 exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = "2.10.4";
 const CODEQL_VERSION_FILE_BASELINE_INFORMATION = "2.11.3";
-/**
- * This variable controls using the new style of tracing from the CodeQL
- * CLI. In particular, with versions above this we will use both indirect
- * tracing, and multi-language tracing together with database clusters.
- *
- * Note that there were bugs in both of these features that were fixed in
- * release 2.7.0 of the CodeQL CLI, therefore this flag is only enabled for
- * versions above that.
- */
-exports.CODEQL_VERSION_NEW_TRACING = "2.7.0";
-/**
- * Versions 2.7.3+ of the CodeQL CLI support build tracing with glibc 2.34 on Linux. Versions before
- * this cannot perform build tracing when running on the Actions `ubuntu-22.04` runner image.
- */
-exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = "2.7.3";
 /**
 * Versions 2.9.0+ of the CodeQL CLI run machine learning models from a temporary directory, which
 * resolves an issue on Windows where TensorFlow models are not correctly loaded due to the path of
@@ -177,8 +160,6 @@ function setCodeQL(partialCodeql) {
        getPath: resolveFunction(partialCodeql, "getPath", () => "/tmp/dummy-path"),
        getVersion: resolveFunction(partialCodeql, "getVersion", () => new Promise((resolve) => resolve("1.0.0"))),
        printVersion: resolveFunction(partialCodeql, "printVersion"),
-        getTracerEnv: resolveFunction(partialCodeql, "getTracerEnv"),
-        databaseInit: resolveFunction(partialCodeql, "databaseInit"),
        databaseInitCluster: resolveFunction(partialCodeql, "databaseInitCluster"),
        runAutobuild: resolveFunction(partialCodeql, "runAutobuild"),
        extractScannedLanguage: resolveFunction(partialCodeql, "extractScannedLanguage"),
@@ -245,73 +226,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
        async printVersion() {
            await runTool(cmd, ["version", "--format=json"]);
        },
-        async getTracerEnv(databasePath) {
-            // Write tracer-env.js to a temp location.
-            // BEWARE: The name and location of this file is recognized by `codeql database
-            // trace-command` in order to enable special support for concatenable tracer
-            // configurations. Consequently the name must not be changed.
-            // (This warning can be removed once a different way to recognize the
-            // action/runner has been implemented in `codeql database trace-command`
-            // _and_ is present in the latest supported CLI release.)
-            const tracerEnvJs = path.resolve(databasePath, "working", "tracer-env.js");
-            fs.mkdirSync(path.dirname(tracerEnvJs), { recursive: true });
-            fs.writeFileSync(tracerEnvJs, `
-        const fs = require('fs');
-        const env = {};
-        for (let entry of Object.entries(process.env)) {
-          const key = entry[0];
-          const value = entry[1];
-          if (typeof value !== 'undefined' && key !== '_' && !key.startsWith('JAVA_MAIN_CLASS_')) {
-            env[key] = value;
-          }
-        }
-        process.stdout.write(process.argv[2]);
-        fs.writeFileSync(process.argv[2], JSON.stringify(env), 'utf-8');`);
-            // BEWARE: The name and location of this file is recognized by `codeql database
-            // trace-command` in order to enable special support for concatenable tracer
-            // configurations. Consequently the name must not be changed.
-            // (This warning can be removed once a different way to recognize the
-            // action/runner has been implemented in `codeql database trace-command`
-            // _and_ is present in the latest supported CLI release.)
-            const envFile = path.resolve(databasePath, "working", "env.tmp");
-            try {
-                await runTool(cmd, [
-                    "database",
-                    "trace-command",
-                    databasePath,
-                    ...getExtraOptionsFromEnv(["database", "trace-command"]),
-                    process.execPath,
-                    tracerEnvJs,
-                    envFile,
-                ]);
-            }
-            catch (e) {
-                if (e instanceof CommandInvocationError &&
-                    e.output.includes("undefined symbol: __libc_dlopen_mode, version GLIBC_PRIVATE") &&
-                    process.platform === "linux" &&
-                    !(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_TRACING_GLIBC_2_34))) {
-                    throw new util.UserError("The CodeQL CLI is incompatible with the version of glibc on your system. " +
-                        `Please upgrade to CodeQL CLI version ${exports.CODEQL_VERSION_TRACING_GLIBC_2_34} or ` +
-                        "later. If you cannot upgrade to a newer version of the CodeQL CLI, you can " +
-                        `alternatively run your workflow on another runner image such as "ubuntu-20.04" ` +
-                        "that has glibc 2.33 or earlier installed.");
-                }
-                else {
-                    throw e;
-                }
-            }
-            return JSON.parse(fs.readFileSync(envFile, "utf-8"));
-        },
-        async databaseInit(databasePath, language, sourceRoot) {
-            await runTool(cmd, [
-                "database",
-                "init",
-                databasePath,
-                `--language=${language}`,
-                `--source-root=${sourceRoot}`,
-                ...getExtraOptionsFromEnv(["database", "init"]),
-            ]);
-        },
        async databaseInitCluster(config, sourceRoot, processName, features, qlconfigFile, logger) {
            const extraArgs = config.languages.map((language) => `--language=${language}`);
            if (config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l)).length > 0) {
@@ -829,6 +743,23 @@ async function generateCodeScanningConfig(codeql, config, features, logger) {
            augmentedConfig.packs["javascript"].push(packString);
        }
    }
+    // Inject the threat-models from the input
+    if (config.augmentationProperties.threatModelsInput) {
+        if (config.augmentationProperties.threatModelsInputCombines) {
+            // threat-models input combines with threat-models from the config file
+            // (if any were defined).
+            augmentedConfig["threat-models"] = (augmentedConfig["threat-models"] || []).concat(config.augmentationProperties.threatModelsInput);
+        }
+        else {
+            // threat-models input overrides threat-models from the config file
+            augmentedConfig["threat-models"] =
+                config.augmentationProperties.threatModelsInput;
+        }
+    }
+    if (Array.isArray(augmentedConfig["threat-models"]) &&
+        !augmentedConfig["threat-models"].length) {
+        delete augmentedConfig["threat-models"];
+    }
    logger.info(`Writing augmented user configuration file to ${codeScanningConfigFile}`);
    logger.startGroup("Augmented user configuration file contents");
    logger.info(yaml.dump(augmentedConfig));
@@ -853,19 +784,4 @@ async function getCodeScanningConfigExportArguments(config, codeql, features) {
    }
    return [];
 }
-/**
- * Enrich the environment variables with further flags that we cannot
- * know the value of until we know what version of CodeQL we're running.
- */
-async function enrichEnvironment(codeql) {
-    if (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_NEW_TRACING)) {
-        core.exportVariable(shared_environment_1.EnvVar.FEATURE_MULTI_LANGUAGE, "false");
-        core.exportVariable(shared_environment_1.EnvVar.FEATURE_SANDWICH, "false");
-    }
-    else {
-        core.exportVariable(shared_environment_1.EnvVar.FEATURE_MULTI_LANGUAGE, "true");
-        core.exportVariable(shared_environment_1.EnvVar.FEATURE_SANDWICH, "true");
-    }
-}
-exports.enrichEnvironment = enrichEnvironment;
 //# sourceMappingURL=codeql.js.map
@@ -83,6 +83,7 @@ ava_1.default.beforeEach(() => {
        debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
        debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
        augmentationProperties: {
+            threatModelsInputCombines: false,
            injectedMlQueries: false,
            packsInputCombines: false,
            queriesInputCombines: false,
@@ -447,6 +448,7 @@ for (const isBundleVersionInUrl of [true, false]) {
            ...stubConfig,
            tempDir,
            augmentationProperties: {
+                threatModelsInputCombines: false,
                injectedMlQueries: false,
                queriesInputCombines: false,
                packsInputCombines: false,
@@ -491,11 +493,13 @@ const injectedConfigMacro = ava_1.default.macro({
    injectedMlQueries: false,
    queriesInputCombines: false,
    packsInputCombines: false,
+    threatModelsInputCombines: false,
 }, {}, {});
 (0, ava_1.default)("injected ML queries", injectedConfigMacro, {
    injectedMlQueries: true,
    queriesInputCombines: false,
    packsInputCombines: false,
+    threatModelsInputCombines: false,
 }, {}, {
    packs: ["codeql/javascript-experimental-atm-queries@~0.4.0"],
 });
@@ -503,6 +507,7 @@ const injectedConfigMacro = ava_1.default.macro({
    injectedMlQueries: true,
    queriesInputCombines: false,
    packsInputCombines: false,
+    threatModelsInputCombines: false,
 }, {
    originalUserInput: {
        packs: { javascript: ["codeql/something-else"] },
@@ -519,6 +524,7 @@ const injectedConfigMacro = ava_1.default.macro({
    injectedMlQueries: true,
    queriesInputCombines: false,
    packsInputCombines: false,
+    threatModelsInputCombines: false,
 }, {
    originalUserInput: {
        packs: { cpp: ["codeql/something-else"] },
@@ -534,6 +540,7 @@ const injectedConfigMacro = ava_1.default.macro({
    queriesInputCombines: false,
    packsInputCombines: false,
    packsInput: ["xxx", "yyy"],
+    threatModelsInputCombines: false,
 }, {}, {
    packs: ["xxx", "yyy"],
 });
@@ -542,6 +549,7 @@ const injectedConfigMacro = ava_1.default.macro({
    queriesInputCombines: false,
    packsInputCombines: true,
    packsInput: ["xxx", "yyy"],
+    threatModelsInputCombines: false,
 }, {
    originalUserInput: {
        packs: {
@@ -558,6 +566,7 @@ const injectedConfigMacro = ava_1.default.macro({
    queriesInputCombines: false,
    packsInputCombines: false,
    packsInput: ["xxx", "yyy"],
+    threatModelsInputCombines: false,
 }, {
    originalUserInput: {
        packs: {
@@ -572,6 +581,7 @@ const injectedConfigMacro = ava_1.default.macro({
    queriesInputCombines: false,
    packsInputCombines: false,
    packsInput: ["xxx", "yyy"],
+    threatModelsInputCombines: false,
 }, {
    originalUserInput: {
        packs: {
@@ -586,6 +596,7 @@ const injectedConfigMacro = ava_1.default.macro({
    injectedMlQueries: false,
    queriesInputCombines: false,
    packsInputCombines: false,
+    threatModelsInputCombines: false,
    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {}, {
    queries: [
@@ -601,6 +612,7 @@ const injectedConfigMacro = ava_1.default.macro({
    injectedMlQueries: false,
    queriesInputCombines: false,
    packsInputCombines: false,
+    threatModelsInputCombines: false,
    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {
    originalUserInput: {
@@ -620,6 +632,7 @@ const injectedConfigMacro = ava_1.default.macro({
    injectedMlQueries: false,
    queriesInputCombines: true,
    packsInputCombines: false,
+    threatModelsInputCombines: false,
    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {
    originalUserInput: {
@@ -642,6 +655,7 @@ const injectedConfigMacro = ava_1.default.macro({
    injectedMlQueries: false,
    queriesInputCombines: true,
    packsInputCombines: true,
+    threatModelsInputCombines: false,
    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
 }, {}, {
    queries: [
@@ -657,6 +671,7 @@ const injectedConfigMacro = ava_1.default.macro({
    injectedMlQueries: false,
    queriesInputCombines: true,
    packsInputCombines: true,
+    threatModelsInputCombines: false,
    queriesInput: [],
    packsInput: [],
 }, {
@@ -665,6 +680,50 @@ const injectedConfigMacro = ava_1.default.macro({
        queries: [],
    },
 }, {});
+(0, ava_1.default)("threat model from config", injectedConfigMacro, {
+    injectedMlQueries: false,
+    queriesInputCombines: true,
+    packsInputCombines: true,
+    threatModelsInputCombines: false,
+    queriesInput: [],
+    packsInput: [],
+}, {
+    originalUserInput: {
+        "threat-models": ["a", "b"],
+    },
+}, {
+    "threat-models": ["a", "b"],
+});
+(0, ava_1.default)("threat model from input overrides config", injectedConfigMacro, {
+    injectedMlQueries: false,
+    queriesInputCombines: true,
+    packsInputCombines: true,
+    threatModelsInputCombines: false,
+    threatModelsInput: ["a", "b"],
+    queriesInput: [],
+    packsInput: [],
+}, {
+    originalUserInput: {
+        "threat-models": ["c", "d"],
+    },
+}, {
+    "threat-models": ["a", "b"],
+});
+(0, ava_1.default)("threat model from input combines with config", injectedConfigMacro, {
+    injectedMlQueries: false,
+    queriesInputCombines: true,
+    packsInputCombines: true,
+    threatModelsInputCombines: true,
+    threatModelsInput: ["a", "b"],
+    queriesInput: [],
+    packsInput: [],
+}, {
+    originalUserInput: {
+        "threat-models": ["c", "d"],
+    },
+}, {
+    "threat-models": ["c", "d", "a", "b"],
+});
 (0, ava_1.default)("does not pass a code scanning config or qlconfig file to the CLI when CLI config passing is disabled", async (t) => {
    await util.withTmpDir(async (tempDir) => {
        const runnerConstructorStub = stubToolRunnerConstructor();
@@ -51,9 +51,11 @@ const PACKS_PROPERTY = "packs";
 exports.defaultAugmentationProperties = {
    queriesInputCombines: false,
    packsInputCombines: false,
+    threatModelsInputCombines: false,
    injectedMlQueries: false,
    packsInput: undefined,
    queriesInput: undefined,
+    threatModelsInput: undefined,
 };
 /**
 * A list of queries from https://github.com/github/codeql that
@@ -527,7 +529,7 @@ function shouldAddConfigFileQueries(queriesInput) {
 /**
 * Get the default config for when the user has not supplied one.
 */
-async function getDefaultConfig(languagesInput, rawQueriesInput, rawPacksInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
+async function getDefaultConfig(languagesInput, rawQueriesInput, rawPacksInput, rawThreatModelsInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
    const languages = await getLanguages(codeQL, languagesInput, repository, logger);
    const queries = {};
    for (const language of languages) {
@@ -537,7 +539,7 @@ async function getDefaultConfig(languagesInput, rawQueriesInput, rawPacksInput,
        };
    }
    await addDefaultQueries(codeQL, languages, queries);
-    const augmentationProperties = calculateAugmentation(rawPacksInput, rawQueriesInput, languages);
+    const augmentationProperties = calculateAugmentation(rawPacksInput, rawQueriesInput, rawThreatModelsInput, languages);
    const packs = augmentationProperties.packsInput
        ? {
            [languages[0]]: augmentationProperties.packsInput,
@@ -581,7 +583,7 @@ async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logg
 /**
 * Load the config from the given file.
 */
-async function loadConfig(languagesInput, rawQueriesInput, rawPacksInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
+async function loadConfig(languagesInput, rawQueriesInput, rawPacksInput, rawThreatModelsInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
    let parsedYAML;
    if (isLocal(configFile)) {
        // Treat the config file as relative to the workspace
@@ -621,7 +623,7 @@ async function loadConfig(languagesInput, rawQueriesInput, rawPacksInput, config
    if (!disableDefaultQueries) {
        await addDefaultQueries(codeQL, languages, queries);
    }
-    const augmentationProperties = calculateAugmentation(rawPacksInput, rawQueriesInput, languages);
+    const augmentationProperties = calculateAugmentation(rawPacksInput, rawQueriesInput, rawThreatModelsInput, languages);
    const packs = parsePacks(parsedYAML[PACKS_PROPERTY] ?? {}, rawPacksInput, augmentationProperties.packsInputCombines, languages, configFile, logger);
    // If queries were provided using `with` in the action configuration,
    // they should take precedence over the queries in the config file
@@ -705,17 +707,21 @@ async function loadConfig(languagesInput, rawQueriesInput, rawPacksInput, config
 *     not have exactly one language.
 */
 // exported for testing.
-function calculateAugmentation(rawPacksInput, rawQueriesInput, languages) {
+function calculateAugmentation(rawPacksInput, rawQueriesInput, rawThreatModelsInput, languages) {
    const packsInputCombines = shouldCombine(rawPacksInput);
    const packsInput = parsePacksFromInput(rawPacksInput, languages, packsInputCombines);
    const queriesInputCombines = shouldCombine(rawQueriesInput);
    const queriesInput = parseQueriesFromInput(rawQueriesInput, queriesInputCombines);
+    const threatModelsInputCombines = shouldCombine(rawThreatModelsInput);
+    const threatModelsInput = parseThreatModelsFromInput(rawThreatModelsInput, threatModelsInputCombines);
    return {
        injectedMlQueries: false,
        packsInputCombines,
        packsInput: packsInput?.[languages[0]],
        queriesInput,
        queriesInputCombines,
+        threatModelsInputCombines,
+        threatModelsInput,
    };
 }
 exports.calculateAugmentation = calculateAugmentation;
@@ -801,6 +807,19 @@ function parsePacksFromInput(rawPacksInput, languages, packsInputCombines) {
        }, []),
    };
 }
+function parseThreatModelsFromInput(rawThreatModelsInput, threatModelsInputCombines) {
+    if (!rawThreatModelsInput?.trim()) {
+        return undefined;
+    }
+    rawThreatModelsInput = rawThreatModelsInput.trim();
+    if (threatModelsInputCombines) {
+        rawThreatModelsInput = rawThreatModelsInput.trim().substring(1).trim();
+        if (!rawThreatModelsInput) {
+            throw new Error(getConfigFilePropertyError(undefined, "threat-models", "A '+' was used in the 'threat-models' input to specify that you wished to add some packs to your CodeQL analysis. However, no threat models were specified. Please either remove the '+' or specify some threat models."));
+        }
+    }
+    return rawThreatModelsInput.split(",").map((t) => t.trim());
+}
 /**
 * Validates that this package specification is syntactically correct.
 * It may not point to any real package, but after this function returns
@@ -932,15 +951,15 @@ function dbLocationOrDefault(dbLocation, tempDir) {
 * This will parse the config from the user input if present, or generate
 * a default config. The parsed config is then stored to a known location.
 */
-async function initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
+async function initConfig(languagesInput, queriesInput, packsInput, threatModelsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
    let config;
    // If no config file was provided create an empty one
    if (!configFile) {
        logger.debug("No configuration file was provided");
-        config = await getDefaultConfig(languagesInput, queriesInput, packsInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger);
+        config = await getDefaultConfig(languagesInput, queriesInput, packsInput, threatModelsInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger);
    }
    else {
-        config = await loadConfig(languagesInput, queriesInput, packsInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger);
+        config = await loadConfig(languagesInput, queriesInput, packsInput, threatModelsInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger);
    }
    // When using the codescanning config in the CLI, pack downloads
    // happen in the CLI during the `database init` command, so no need
@@ -102,8 +102,8 @@ function mockListLanguages(languages) {
                return { packs: [] };
            },
        });
-        const config = await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), logger);
-        t.deepEqual(config, await configUtils.getDefaultConfig(languages, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), logger));
+        const config = await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), logger);
+        t.deepEqual(config, await configUtils.getDefaultConfig(languages, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), logger));
    });
 });
 (0, ava_1.default)("loading config saves config", async (t) => {
@@ -128,7 +128,7 @@ function mockListLanguages(languages) {
        t.false(fs.existsSync(configUtils.getPathToParsedConfigFile(tmpDir)));
        // Sanity check that getConfig returns undefined before we have called initConfig
        t.deepEqual(await configUtils.getConfig(tmpDir, logger), undefined);
-        const config1 = await configUtils.initConfig("javascript,python", undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), logger);
+        const config1 = await configUtils.initConfig("javascript,python", undefined, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), logger);
        // The saved config file should now exist
        t.true(fs.existsSync(configUtils.getPathToParsedConfigFile(tmpDir)));
        // And that same newly-initialised config should now be returned by getConfig
@@ -144,7 +144,7 @@ function mockListLanguages(languages) {
 (0, ava_1.default)("load input outside of workspace", async (t) => {
    return await util.withTmpDir(async (tmpDir) => {
        try {
-            await configUtils.initConfig(undefined, undefined, undefined, undefined, "../input", undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, undefined, undefined, "../input", undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
            throw new Error("initConfig did not throw error");
        }
        catch (err) {
@@ -157,7 +157,7 @@ function mockListLanguages(languages) {
        // no filename given, just a repo
        const configFile = "octo-org/codeql-config@main";
        try {
-            await configUtils.initConfig(undefined, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
            throw new Error("initConfig did not throw error");
        }
        catch (err) {
@@ -171,7 +171,7 @@ function mockListLanguages(languages) {
        const configFile = "input";
        t.false(fs.existsSync(path.join(tmpDir, configFile)));
        try {
-            await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
            throw new Error("initConfig did not throw error");
        }
        catch (err) {
@@ -247,7 +247,7 @@ function mockListLanguages(languages) {
        };
        const languages = "javascript";
        const configFilePath = createConfigFile(inputFileContents, tmpDir);
-        const actualConfig = await configUtils.initConfig(languages, undefined, undefined, undefined, configFilePath, undefined, false, false, "my-artifact", "my-db", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const actualConfig = await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, configFilePath, undefined, false, false, "my-artifact", "my-db", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        // Should exactly equal the object we constructed earlier
        t.deepEqual(actualConfig, expectedConfig);
    });
@@ -286,7 +286,7 @@ function mockListLanguages(languages) {
        fs.mkdirSync(path.join(tmpDir, "foo"));
        const languages = "javascript";
        const configFilePath = createConfigFile(inputFileContents, tmpDir);
-        await configUtils.initConfig(languages, undefined, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        // Check resolve queries was called correctly
        t.deepEqual(resolveQueriesArgs.length, 1);
        t.deepEqual(resolveQueriesArgs[0].queries, [
@@ -332,7 +332,7 @@ function queriesToResolvedQueryForm(queries) {
            },
        });
        const languages = "javascript";
-        const config = await configUtils.initConfig(languages, undefined, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        // Check resolveQueries was called correctly
        // It'll be called once for the default queries
        // and once for `./foo` from the config file.
@@ -368,7 +368,7 @@ function queriesToResolvedQueryForm(queries) {
            },
        });
        const languages = "javascript";
-        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        // Check resolveQueries was called correctly
        // It'll be called once for the default queries and once for `./override`,
        // but won't be called for './foo' from the config file.
@@ -403,7 +403,7 @@ function queriesToResolvedQueryForm(queries) {
            },
        });
        const languages = "javascript";
-        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        // Check resolveQueries was called correctly
        // It'll be called once for `./workflow-query`,
        // but won't be called for the default one since that was disabled
@@ -432,7 +432,7 @@ function queriesToResolvedQueryForm(queries) {
            },
        });
        const languages = "javascript";
-        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        // Check resolveQueries was called correctly:
        // It'll be called once for the default queries,
        // and then once for each of the two queries from the workflow
@@ -474,7 +474,7 @@ function queriesToResolvedQueryForm(queries) {
            },
        });
        const languages = "javascript";
-        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const config = await configUtils.initConfig(languages, testQueries, undefined, undefined, undefined, configFilePath, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        // Check resolveQueries was called correctly
        // It'll be called once for the default queries,
        // once for each of additional1 and additional2,
@@ -516,7 +516,7 @@ function queriesToResolvedQueryForm(queries) {
            },
        });
        try {
-            await configUtils.initConfig(languages, queries, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(languages, queries, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
            t.fail("initConfig did not throw error");
        }
        catch (err) {
@@ -562,7 +562,7 @@ function queriesToResolvedQueryForm(queries) {
        fs.mkdirSync(path.join(tmpDir, "foo/bar/dev"), { recursive: true });
        const configFile = "octo-org/codeql-config/config.yaml@main";
        const languages = "javascript";
-        await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        t.assert(spyGetContents.called);
    });
 });
@@ -572,7 +572,7 @@ function queriesToResolvedQueryForm(queries) {
        mockGetContents(dummyResponse);
        const repoReference = "octo-org/codeql-config/config.yaml@main";
        try {
-            await configUtils.initConfig(undefined, undefined, undefined, undefined, repoReference, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, undefined, undefined, repoReference, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
            throw new Error("initConfig did not throw error");
        }
        catch (err) {
@@ -588,7 +588,7 @@ function queriesToResolvedQueryForm(queries) {
        mockGetContents(dummyResponse);
        const repoReference = "octo-org/codeql-config/config.yaml@main";
        try {
-            await configUtils.initConfig(undefined, undefined, undefined, undefined, repoReference, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, undefined, undefined, repoReference, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
            throw new Error("initConfig did not throw error");
        }
        catch (err) {
@@ -608,7 +608,7 @@ function queriesToResolvedQueryForm(queries) {
            },
        });
        try {
-            await configUtils.initConfig(undefined, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(undefined, undefined, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
            throw new Error("initConfig did not throw error");
        }
        catch (err) {
@@ -620,7 +620,7 @@ function queriesToResolvedQueryForm(queries) {
    return await util.withTmpDir(async (tmpDir) => {
        const languages = "rubbish,english";
        try {
-            await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+            await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, (0, codeql_1.getCachedCodeQL)(), tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
            throw new Error("initConfig did not throw error");
        }
        catch (err) {
@@ -651,7 +651,7 @@ function queriesToResolvedQueryForm(queries) {
        const configFile = path.join(tmpDir, "codeql-config.yaml");
        fs.writeFileSync(configFile, inputFileContents);
        const languages = "javascript";
-        const { packs } = await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const { packs } = await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        t.deepEqual(packs, {
            [languages_1.Language.javascript]: ["a/b@1.2.3"],
        });
@@ -688,7 +688,7 @@ function queriesToResolvedQueryForm(queries) {
        fs.writeFileSync(configFile, inputFileContents);
        fs.mkdirSync(path.join(tmpDir, "foo"));
        const languages = "javascript,python,cpp";
-        const { packs, queries } = await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+        const { packs, queries } = await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example" }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
        t.deepEqual(packs, {
            [languages_1.Language.javascript]: ["a/b@1.2.3"],
            [languages_1.Language.python]: ["c/d@1.2.3"],
@@ -734,7 +734,7 @@ function doInvalidInputTest(testName, inputFileContents, expectedErrorMessageGen
            const inputFile = path.join(tmpDir, configFile);
            fs.writeFileSync(inputFile, inputFileContents, "utf8");
            try {
-                await configUtils.initConfig(languages, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
+                await configUtils.initConfig(languages, undefined, undefined, undefined, undefined, configFile, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
                throw new Error("initConfig did not throw error");
            }
            catch (err) {
@@ -991,7 +991,7 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
                    return { packs: [] };
                },
            });
-            const { packs } = await configUtils.initConfig("javascript", queriesInput, packsInput, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)(isMlPoweredQueriesEnabled ? [feature_flags_1.Feature.MlPoweredQueriesEnabled] : []), (0, logging_1.getRunnerLogger)(true));
+            const { packs } = await configUtils.initConfig("javascript", queriesInput, packsInput, undefined, undefined, undefined, undefined, false, false, "", "", { owner: "github", repo: "example " }, tmpDir, codeQL, tmpDir, gitHubVersion, sampleApiDetails, (0, testing_utils_1.createFeatures)(isMlPoweredQueriesEnabled ? [feature_flags_1.Feature.MlPoweredQueriesEnabled] : []), (0, logging_1.getRunnerLogger)(true));
            if (expectedVersionString !== undefined) {
                t.deepEqual(packs, {
                    [languages_1.Language.javascript]: [
@@ -1046,58 +1046,87 @@ const mlPoweredQueriesMacro = ava_1.default.macro({
 // CLI 2.12.1+.
 (0, ava_1.default)(mlPoweredQueriesMacro, "2.12.1", true, undefined, "security-experimental", "~0.4.0");
 const calculateAugmentationMacro = ava_1.default.macro({
-    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedAugmentationProperties) => {
-        const actualAugmentationProperties = configUtils.calculateAugmentation(rawPacksInput, rawQueriesInput, languages);
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, rawThreatModelsInput, languages, expectedAugmentationProperties) => {
+        const actualAugmentationProperties = configUtils.calculateAugmentation(rawPacksInput, rawQueriesInput, rawThreatModelsInput, languages);
        t.deepEqual(actualAugmentationProperties, expectedAugmentationProperties);
    },
    title: (_, title) => `Calculate Augmentation: ${title}`,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "All empty", undefined, undefined, [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "All empty", undefined, undefined, undefined, [languages_1.Language.javascript], {
    queriesInputCombines: false,
    queriesInput: undefined,
    packsInputCombines: false,
    packsInput: undefined,
+    threatModelsInputCombines: false,
+    threatModelsInput: undefined,
    injectedMlQueries: false,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "With queries", undefined, " a, b , c, d", undefined, [languages_1.Language.javascript], {
    queriesInputCombines: false,
    queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
    packsInputCombines: false,
    packsInput: undefined,
+    threatModelsInputCombines: false,
+    threatModelsInput: undefined,
    injectedMlQueries: false,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, "   +   a, b , c, d ", [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "With queries combining", undefined, "   +   a, b , c, d ", undefined, [languages_1.Language.javascript], {
    queriesInputCombines: true,
    queriesInput: [{ uses: "a" }, { uses: "b" }, { uses: "c" }, { uses: "d" }],
    packsInputCombines: false,
    packsInput: undefined,
+    threatModelsInputCombines: false,
+    threatModelsInput: undefined,
    injectedMlQueries: false,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With packs", "   codeql/a , codeql/b   , codeql/c  , codeql/d  ", undefined, [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "With packs", "   codeql/a , codeql/b   , codeql/c  , codeql/d  ", undefined, undefined, [languages_1.Language.javascript], {
    queriesInputCombines: false,
    queriesInput: undefined,
    packsInputCombines: false,
    packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
+    threatModelsInputCombines: false,
+    threatModelsInput: undefined,
    injectedMlQueries: false,
 });
-(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", "   +   codeql/a, codeql/b, codeql/c, codeql/d", undefined, [languages_1.Language.javascript], {
+(0, ava_1.default)(calculateAugmentationMacro, "With packs combining", "   +   codeql/a, codeql/b, codeql/c, codeql/d", undefined, undefined, [languages_1.Language.javascript], {
    queriesInputCombines: false,
    queriesInput: undefined,
    packsInputCombines: true,
    packsInput: ["codeql/a", "codeql/b", "codeql/c", "codeql/d"],
+    threatModelsInputCombines: false,
+    threatModelsInput: undefined,
+    injectedMlQueries: false,
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With threat model", undefined, undefined, "   a , b   , c  , d  ", [languages_1.Language.javascript], {
+    queriesInputCombines: false,
+    queriesInput: undefined,
+    packsInput: undefined,
+    packsInputCombines: false,
+    threatModelsInput: ["a", "b", "c", "d"],
+    threatModelsInputCombines: false,
+    injectedMlQueries: false,
+});
+(0, ava_1.default)(calculateAugmentationMacro, "With threat model combining", undefined, undefined, " +  a , b   , c  , d  ", [languages_1.Language.javascript], {
+    queriesInput: undefined,
+    queriesInputCombines: false,
+    packsInput: undefined,
+    packsInputCombines: false,
+    threatModelsInput: ["a", "b", "c", "d"],
+    threatModelsInputCombines: true,
    injectedMlQueries: false,
 });
 const calculateAugmentationErrorMacro = ava_1.default.macro({
-    exec: async (t, _title, rawPacksInput, rawQueriesInput, languages, expectedError) => {
-        t.throws(() => configUtils.calculateAugmentation(rawPacksInput, rawQueriesInput, languages), { message: expectedError });
+    exec: async (t, _title, rawPacksInput, rawQueriesInput, rawThreatModelsInput, languages, expectedError) => {
+        t.throws(() => configUtils.calculateAugmentation(rawPacksInput, rawQueriesInput, rawThreatModelsInput, languages), { message: expectedError });
    },
    title: (_, title) => `Calculate Augmentation Error: ${title}`,
 });
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (queries)", undefined, "   +   ", [languages_1.Language.javascript], /The workflow property "queries" is invalid/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (packs)", "   +   ", undefined, [languages_1.Language.javascript], /The workflow property "packs" is invalid/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with multiple languages", "   +  a/b, c/d ", undefined, [languages_1.Language.javascript, languages_1.Language.java], /Cannot specify a 'packs' input in a multi-language analysis/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with no languages", "   +  a/b, c/d ", undefined, [], /No languages specified/);
-(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid packs", " a-pack-without-a-scope ", undefined, [languages_1.Language.javascript], /"a-pack-without-a-scope" is not a valid pack/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (queries)", undefined, "   +   ", undefined, [languages_1.Language.javascript], /The workflow property "queries" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Plus (+) with nothing else (packs)", "   +   ", undefined, undefined, [languages_1.Language.javascript], /The workflow property "packs" is invalid/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with multiple languages", "   +  a/b, c/d ", undefined, undefined, [languages_1.Language.javascript, languages_1.Language.java], /Cannot specify a 'packs' input in a multi-language analysis/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Packs input with no languages", "   +  a/b, c/d ", undefined, undefined, [], /No languages specified/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid packs", " a-pack-without-a-scope ", undefined, undefined, [languages_1.Language.javascript], /"a-pack-without-a-scope" is not a valid pack/);
+(0, ava_1.default)(calculateAugmentationErrorMacro, "Invalid threat-models", undefined, undefined, "   + ", [languages_1.Language.javascript], /A '\+' was used in the 'threat-models'/);
 (0, ava_1.default)("downloadPacks-no-registries", async (t) => {
    return await util.withTmpDir(async (tmpDir) => {
        const packDownloadStub = sinon.stub();
@@ -74,7 +74,6 @@ async function uploadSarifDebugArtifact(config, outputDir) {
 }
 exports.uploadSarifDebugArtifact = uploadSarifDebugArtifact;
 async function uploadLogsDebugArtifact(config) {
-    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
    let toUpload = [];
    for (const language of config.languages) {
        const databaseDirectory = (0, util_1.getCodeQLDatabasePath)(config, language);
@@ -83,21 +82,12 @@ async function uploadLogsDebugArtifact(config) {
            toUpload = toUpload.concat((0, util_1.listFolder)(logsDirectory));
        }
    }
-    if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-        // Multilanguage tracing: there are additional logs in the root of the cluster
-        const multiLanguageTracingLogsDirectory = path.resolve(config.dbLocation, "log");
-        if ((0, util_1.doesDirectoryExist)(multiLanguageTracingLogsDirectory)) {
-            toUpload = toUpload.concat((0, util_1.listFolder)(multiLanguageTracingLogsDirectory));
-        }
+    // Multilanguage tracing: there are additional logs in the root of the cluster
+    const multiLanguageTracingLogsDirectory = path.resolve(config.dbLocation, "log");
+    if ((0, util_1.doesDirectoryExist)(multiLanguageTracingLogsDirectory)) {
+        toUpload = toUpload.concat((0, util_1.listFolder)(multiLanguageTracingLogsDirectory));
    }
    await uploadDebugArtifacts(toUpload, config.dbLocation, config.debugArtifactName);
-    // Before multi-language tracing, we wrote a compound-build-tracer.log in the temp dir
-    if (!(await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING))) {
-        const compoundBuildTracerLogDirectory = path.resolve(config.tempDir, "compound-build-tracer.log");
-        if ((0, util_1.doesDirectoryExist)(compoundBuildTracerLogDirectory)) {
-            await uploadDebugArtifacts([compoundBuildTracerLogDirectory], config.tempDir, config.debugArtifactName);
-        }
-    }
 }
 exports.uploadLogsDebugArtifact = uploadLogsDebugArtifact;
 /**
@@ -1 +1 @@
-{"version":3,"file":"debug-artifacts.js","sourceRoot":"","sources":["../src/debug-artifacts.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oDAAsC;AACtC,sDAA6B;AAC7B,8CAAsB;AAEtB,iDAAkD;AAClD,uCAA0C;AAC1C,qCAAiE;AAIjE,iCAMgB;AAEhB,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC;AAFD,kDAEC;AAEM,KAAK,UAAU,oBAAoB,CACxC,QAAkB,EAClB,OAAe,EACf,YAAoB;IAEpB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO;KACR;IACD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE;QACV,IAAI;YACF,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CACxC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAY,CAC9B,CAAC,IAAI,EAAE;gBACN,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;SAC7B;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,IAAI,CACP,+HAA+H,CAChI,CAAC;SACH;KACF;IACD,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,cAAc,CACpC,mBAAmB,CAAC,GAAG,YAAY,GAAG,MAAM,EAAE,CAAC,EAC/C,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAC5C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CACxB,CAAC;AACJ,CAAC;AA3BD,oDA2BC;AAEM,KAAK,UAAU,wBAAwB,CAC5C,MAAc,EACd,SAAiB;IAEjB,IAAI,CAAC,IAAA,yBAAkB,EAAC,SAAS,CAAC,EAAE;QAClC,OAAO;KACR;IAED,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;YAC5B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;SACvC;KACF;IACD,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC5E,CAAC;AAhBD,4DAgBC;AAEM,KAAK,UAAU,uBAAuB,CAAC,MAAc;IAC1D,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,MAAM,iBAAiB,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;QAC7D,IAAI,IAAA,yBAAkB,EAAC,aAAa,CAAC,EAAE;YACrC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAC,CAAC;SACvD;KACF;IAED,IAAI,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,EAAE;QAChE,8EAA8E;QAC9E,MAAM,iCAAiC,GAAG,IAAI,CAAC,OAAO,CACpD,MAAM,CAAC,UAAU,EACjB,KAAK,CACN,CAAC;QACF,IAAI,IAAA,yBAAkB,EAAC,iCAAiC,CAAC,EAAE;YACzD,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,iCAAiC,CAAC,CAAC,CAAC;SAC3E;KACF;IACD,MAAM,oBAAoB,CACxB,QAAQ,EACR,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;IAEF,sFAAsF;IACtF,IAAI,CAAC,CAAC,MAAM,IAAA,yBAAkB,EAAC,MAAM,EAAE,mCAA0B,CAAC,CAAC,EAAE;QACnE,MAAM,+BAA+B,GAAG,IAAI,CAAC,OAAO,CAClD,MAAM,CAAC,OAAO,EACd,2BAA2B,CAC5B,CAAC;QACF,IAAI,IAAA,yBAAkB,EAAC,+BAA+B,CAAC,EAAE;YACvD,MAAM,oBAAoB,CACxB,CAAC,+BAA+B,CAAC,EACjC,MAAM,CAAC,OAAO,EACd,MAAM,CAAC,iBAAiB,CACzB,CAAC;SACH;KACF;AACH,CAAC;AA1CD,0DA0CC;AAED;;;;GAIG;AACH,KAAK,UAAU,2BAA2B,CACxC,MAAc,EACd,QAAkB;IAElB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CACrC,MAAM,CAAC,UAAU,EACjB,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,cAAc,CACtD,CAAC;IACF,IAAI,CAAC,IAAI,CACP,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,2DAA2D,kBAAkB,KAAK,CAC1H,CAAC;IACF,qEAAqE;IACrE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;QACrC,MAAM,IAAA,aAAG,EAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;KAChD;IACD,MAAM,GAAG,GAAG,IAAI,iBAAM,EAAE,CAAC;IACzB,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjC,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,MAAc,EACd,QAAkB;IAElB,kDAAkD;IAClD,MAAM,kBAAkB,GAAG,MAAM,IAAA,eAAQ,EACvC,MAAM,EACN,QAAQ,EACR,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,EACjC,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,EAAE,CAC1C,CAAC;IACF,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,MAAc;IAEd,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI;YACF,IAAI,kBAA0B,CAAC;YAC/B,IAAI,CAAC,IAAA,uBAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE;gBAC5C,kBAAkB,GAAG,MAAM,2BAA2B,CACpD,MAAM,EACN,QAAQ,CACT,CAAC;aACH;iBAAM;gBACL,kBAAkB,GAAG,MAAM,uBAAuB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACtE;YACD,MAAM,oBAAoB,CACxB,CAAC,kBAAkB,CAAC,EACpB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,CAAC,IAAI,CACP,8CAA8C,MAAM,CAAC,iBAAiB,IAAI,QAAQ,KAAK,KAAK,EAAE,CAC/F,CAAC;SACH;KACF;AACH,CAAC;AA1BD,8EA0BC"}
+{"version":3,"file":"debug-artifacts.js","sourceRoot":"","sources":["../src/debug-artifacts.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oDAAsC;AACtC,sDAA6B;AAC7B,8CAAsB;AAEtB,iDAAkD;AAClD,uCAA0C;AAC1C,qCAAqC;AAIrC,iCAKgB;AAEhB,SAAgB,mBAAmB,CAAC,IAAY;IAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC;AAChD,CAAC;AAFD,kDAEC;AAEM,KAAK,UAAU,oBAAoB,CACxC,QAAkB,EAClB,OAAe,EACf,YAAoB;IAEpB,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO;KACR;IACD,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAC1C,IAAI,MAAM,EAAE;QACV,IAAI;YACF,KAAK,MAAM,CAAC,EAAE,SAAS,CAAC,IAAI,MAAM,CAAC,OAAO,CACxC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAY,CAC9B,CAAC,IAAI,EAAE;gBACN,MAAM,IAAI,IAAI,SAAS,EAAE,CAAC;SAC7B;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,IAAI,CACP,+HAA+H,CAChI,CAAC;SACH;KACF;IACD,MAAM,QAAQ,CAAC,MAAM,EAAE,CAAC,cAAc,CACpC,mBAAmB,CAAC,GAAG,YAAY,GAAG,MAAM,EAAE,CAAC,EAC/C,QAAQ,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,EAC5C,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CACxB,CAAC;AACJ,CAAC;AA3BD,oDA2BC;AAEM,KAAK,UAAU,wBAAwB,CAC5C,MAAc,EACd,SAAiB;IAEjB,IAAI,CAAC,IAAA,yBAAkB,EAAC,SAAS,CAAC,EAAE;QAClC,OAAO;KACR;IAED,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,SAAS,EAAE;QACnC,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,IAAI,QAAQ,CAAC,CAAC;QAC3D,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;YAC5B,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;SACvC;KACF;IACD,MAAM,oBAAoB,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC5E,CAAC;AAhBD,4DAgBC;AAEM,KAAK,UAAU,uBAAuB,CAAC,MAAc;IAC1D,IAAI,QAAQ,GAAa,EAAE,CAAC;IAC5B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,MAAM,iBAAiB,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAClE,MAAM,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAC;QAC7D,IAAI,IAAA,yBAAkB,EAAC,aAAa,CAAC,EAAE;YACrC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,aAAa,CAAC,CAAC,CAAC;SACvD;KACF;IAED,8EAA8E;IAC9E,MAAM,iCAAiC,GAAG,IAAI,CAAC,OAAO,CACpD,MAAM,CAAC,UAAU,EACjB,KAAK,CACN,CAAC;IACF,IAAI,IAAA,yBAAkB,EAAC,iCAAiC,CAAC,EAAE;QACzD,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,IAAA,iBAAU,EAAC,iCAAiC,CAAC,CAAC,CAAC;KAC3E;IAED,MAAM,oBAAoB,CACxB,QAAQ,EACR,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;AACJ,CAAC;AAxBD,0DAwBC;AAED;;;;GAIG;AACH,KAAK,UAAU,2BAA2B,CACxC,MAAc,EACd,QAAkB;IAElB,MAAM,YAAY,GAAG,IAAA,4BAAqB,EAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CACrC,MAAM,CAAC,UAAU,EACjB,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,cAAc,CACtD,CAAC;IACF,IAAI,CAAC,IAAI,CACP,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,2DAA2D,kBAAkB,KAAK,CAC1H,CAAC;IACF,qEAAqE;IACrE,IAAI,EAAE,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;QACrC,MAAM,IAAA,aAAG,EAAC,kBAAkB,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;KAChD;IACD,MAAM,GAAG,GAAG,IAAI,iBAAM,EAAE,CAAC;IACzB,GAAG,CAAC,cAAc,CAAC,YAAY,CAAC,CAAC;IACjC,GAAG,CAAC,QAAQ,CAAC,kBAAkB,CAAC,CAAC;IACjC,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,uBAAuB,CACpC,MAAc,EACd,QAAkB;IAElB,kDAAkD;IAClD,MAAM,kBAAkB,GAAG,MAAM,IAAA,eAAQ,EACvC,MAAM,EACN,QAAQ,EACR,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,EACjC,GAAG,MAAM,CAAC,iBAAiB,IAAI,QAAQ,EAAE,CAC1C,CAAC;IACF,OAAO,kBAAkB,CAAC;AAC5B,CAAC;AAEM,KAAK,UAAU,iCAAiC,CACrD,MAAc,EACd,MAAc;IAEd,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI;YACF,IAAI,kBAA0B,CAAC;YAC/B,IAAI,CAAC,IAAA,uBAAa,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE;gBAC5C,kBAAkB,GAAG,MAAM,2BAA2B,CACpD,MAAM,EACN,QAAQ,CACT,CAAC;aACH;iBAAM;gBACL,kBAAkB,GAAG,MAAM,uBAAuB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;aACtE;YACD,MAAM,oBAAoB,CACxB,CAAC,kBAAkB,CAAC,EACpB,MAAM,CAAC,UAAU,EACjB,MAAM,CAAC,iBAAiB,CACzB,CAAC;SACH;QAAC,OAAO,KAAK,EAAE;YACd,IAAI,CAAC,IAAI,CACP,8CAA8C,MAAM,CAAC,iBAAiB,IAAI,QAAQ,KAAK,KAAK,EAAE,CAC/F,CAAC;SACH;KACF;AACH,CAAC;AA1BD,8EA0BC"}
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-20230403",
-    "cliVersion": "2.12.6",
-    "priorBundleVersion": "codeql-bundle-20230317",
-    "priorCliVersion": "2.12.5"
+    "bundleVersion": "codeql-bundle-20230414",
+    "cliVersion": "2.13.0",
+    "priorBundleVersion": "codeql-bundle-20230403",
+    "priorCliVersion": "2.12.6"
 }
@@ -52,7 +52,7 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
    if (!(await features.getValue(feature_flags_1.Feature.UploadFailedSarifEnabled, codeql))) {
        return { upload_failed_run_skipped_because: "Feature disabled" };
    }
-    const workflow = await (0, workflow_1.getWorkflow)();
+    const workflow = await (0, workflow_1.getWorkflow)(logger);
    const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
    const matrix = (0, util_1.parseMatrixInput)(actionsUtil.getRequiredInput("matrix"));
    const shouldUpload = (0, workflow_1.getUploadInputOrThrow)(workflow, jobName, matrix);
@@ -1 +1 @@
-{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAKgB;AAChB,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,MAAM,YAAY,GAAG,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC;IACtC,OAAO;QACL,uBAAuB,EAAE,YAAY,CAAC,OAAO;QAC7C,6BAA6B,EAAE,YAAY,CAAC,KAAK;KAClD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,GAAE,CAAC;IACrC,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACtE,IACE,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,QAAQ,CAClC,WAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CACzC;QACD,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC;IAEvC,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAE/C,kFAAkF;IAClF,IACE,YAAY,KAAK,SAAS;QAC1B,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EACpE;QACA,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;KACvE;SAAM;QACL,8EAA8E;QAC9E,MAAM,MAAM,CAAC,yBAAyB,CACpC,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;KACH;IAED,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IAEF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,uBAAuB,GAAG,CAC3D,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AArDD,kBAqDC"}
+{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAKgB;AAChB,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,MAAM,YAAY,GAAG,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC;IACtC,OAAO;QACL,uBAAuB,EAAE,YAAY,CAAC,OAAO;QAC7C,6BAA6B,EAAE,YAAY,CAAC,KAAK;KAClD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,EAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACtE,IACE,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,QAAQ,CAClC,WAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CACzC;QACD,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC;IAEvC,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAE/C,kFAAkF;IAClF,IACE,YAAY,KAAK,SAAS;QAC1B,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EACpE;QACA,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;KACvE;SAAM;QACL,8EAA8E;QAC9E,MAAM,MAAM,CAAC,yBAAyB,CACpC,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;KACH;IAED,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IAEF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,uBAAuB,GAAG,CAC3D,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AArDD,kBAqDC"}
@@ -27,7 +27,6 @@ const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
 const actions_util_1 = require("./actions-util");
 const api_client_1 = require("./api-client");
-const codeql_1 = require("./codeql");
 const feature_flags_1 = require("./feature-flags");
 const init_1 = require("./init");
 const languages_1 = require("./languages");
@@ -116,7 +115,7 @@ async function run() {
    const registriesInput = (0, actions_util_1.getOptionalInput)("registries");
    const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
    try {
-        const workflowErrors = await (0, workflow_1.validateWorkflow)();
+        const workflowErrors = await (0, workflow_1.validateWorkflow)(logger);
        if (!(await (0, actions_util_1.sendStatusReport)(await (0, actions_util_1.createStatusReportBase)("init", "starting", startedAt, workflowErrors)))) {
            return;
        }
@@ -129,8 +128,7 @@ async function run() {
        toolsDownloadDurationMs = initCodeQLResult.toolsDownloadDurationMs;
        toolsVersion = initCodeQLResult.toolsVersion;
        toolsSource = initCodeQLResult.toolsSource;
-        await (0, codeql_1.enrichEnvironment)(codeql);
-        config = await (0, init_1.initConfig)((0, actions_util_1.getOptionalInput)("languages"), (0, actions_util_1.getOptionalInput)("queries"), (0, actions_util_1.getOptionalInput)("packs"), registriesInput, (0, actions_util_1.getOptionalInput)("config-file"), (0, actions_util_1.getOptionalInput)("db-location"), getTrapCachingEnabled(), 
+        config = await (0, init_1.initConfig)((0, actions_util_1.getOptionalInput)("languages"), (0, actions_util_1.getOptionalInput)("queries"), (0, actions_util_1.getOptionalInput)("packs"), (0, actions_util_1.getOptionalInput)("threat-models"), registriesInput, (0, actions_util_1.getOptionalInput)("config-file"), (0, actions_util_1.getOptionalInput)("db-location"), getTrapCachingEnabled(), 
        // Debug mode is enabled if:
        // - The `init` Action is passed `debug: true`.
        // - Actions step debugging is enabled (e.g. by [enabling debug logging for a rerun](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow),
@@ -178,10 +176,6 @@ async function run() {
            for (const [key, value] of Object.entries(tracerConfig.env)) {
                core.exportVariable(key, value);
            }
-            if (process.platform === "win32" &&
-                !(await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING))) {
-                await (0, init_1.injectWindowsTracer)("Runner.Worker.exe", undefined, config, codeql, tracerConfig);
-            }
        }
        core.setOutput("codeql-path", config.codeQLCmd);
    }
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.installPythonDeps = exports.injectWindowsTracer = exports.runInit = exports.initConfig = exports.initCodeQL = exports.ToolsSource = void 0;
+exports.installPythonDeps = exports.runInit = exports.initConfig = exports.initCodeQL = exports.ToolsSource = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
@@ -33,7 +33,6 @@ const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const tracer_config_1 = require("./tracer-config");
 const util = __importStar(require("./util"));
-const util_1 = require("./util");
 var ToolsSource;
 (function (ToolsSource) {
    ToolsSource["Unknown"] = "UNKNOWN";
@@ -49,9 +48,9 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
    return { codeql, toolsDownloadDurationMs, toolsSource, toolsVersion };
 }
 exports.initCodeQL = initCodeQL;
-async function initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
+async function initConfig(languagesInput, queriesInput, packsInput, threatModelsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
    logger.startGroup("Load language configuration");
-    const config = await configUtils.initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger);
+    const config = await configUtils.initConfig(languagesInput, queriesInput, packsInput, threatModelsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger);
    analysisPaths.printPathFiltersWarning(config, logger);
    logger.endGroup();
    return config;
@@ -60,35 +59,27 @@ exports.initConfig = initConfig;
 async function runInit(codeql, config, sourceRoot, processName, registriesInput, features, apiDetails, logger) {
    fs.mkdirSync(config.dbLocation, { recursive: true });
    try {
-        if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-            // When parsing the codeql config in the CLI, we have not yet created the qlconfig file.
-            // So, create it now.
-            // If we are parsing the config file in the Action, then the qlconfig file was already created
-            // before the `pack download` command was invoked. It is not required for the init command.
-            let registriesAuthTokens;
-            let qlconfigFile;
-            if (await util.useCodeScanningConfigInCli(codeql, features)) {
-                ({ registriesAuthTokens, qlconfigFile } =
-                    await configUtils.generateRegistries(registriesInput, codeql, config.tempDir, logger));
-            }
-            await configUtils.wrapEnvironment({
-                GITHUB_TOKEN: apiDetails.auth,
-                CODEQL_REGISTRIES_AUTH: registriesAuthTokens,
-            }, 
-            // Init a database cluster
-            async () => await codeql.databaseInitCluster(config, sourceRoot, processName, features, qlconfigFile, logger));
-        }
-        else {
-            for (const language of config.languages) {
-                // Init language database
-                await codeql.databaseInit(util.getCodeQLDatabasePath(config, language), language, sourceRoot);
-            }
+        // When parsing the codeql config in the CLI, we have not yet created the qlconfig file.
+        // So, create it now.
+        // If we are parsing the config file in the Action, then the qlconfig file was already created
+        // before the `pack download` command was invoked. It is not required for the init command.
+        let registriesAuthTokens;
+        let qlconfigFile;
+        if (await util.useCodeScanningConfigInCli(codeql, features)) {
+            ({ registriesAuthTokens, qlconfigFile } =
+                await configUtils.generateRegistries(registriesInput, codeql, config.tempDir, logger));
        }
+        await configUtils.wrapEnvironment({
+            GITHUB_TOKEN: apiDetails.auth,
+            CODEQL_REGISTRIES_AUTH: registriesAuthTokens,
+        }, 
+        // Init a database cluster
+        async () => await codeql.databaseInitCluster(config, sourceRoot, processName, features, qlconfigFile, logger));
    }
    catch (e) {
        throw processError(e);
    }
-    return await (0, tracer_config_1.getCombinedTracerConfig)(config, codeql);
+    return await (0, tracer_config_1.getCombinedTracerConfig)(config);
 }
 exports.runInit = runInit;
 /**
@@ -119,89 +110,6 @@ function processError(e) {
    }
    return e;
 }
-// Runs a powershell script to inject the tracer into a parent process
-// so it can tracer future processes, hopefully including the build process.
-// If processName is given then injects into the nearest parent process with
-// this name, otherwise uses the processLevel-th parent if defined, otherwise
-// defaults to the 3rd parent as a rough guess.
-async function injectWindowsTracer(processName, processLevel, config, codeql, tracerConfig) {
-    let script;
-    if (processName !== undefined) {
-        script = `
-      Param(
-          [Parameter(Position=0)]
-          [String]
-          $tracer
-      )
-
-      $id = $PID
-      while ($true) {
-        $p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
-        Write-Host "Found process: $p"
-        if ($p -eq $null) {
-          throw "Could not determine ${processName} process"
-        }
-        if ($p[0].Name -eq "${processName}") {
-          Break
-        } else {
-          $id = $p[0].ParentProcessId
-        }
-      }
-      Write-Host "Final process: $p"
-
-      Invoke-Expression "&$tracer --inject=$id"`;
-    }
-    else {
-        // If the level is not defined then guess at the 3rd parent process.
-        // This won't be correct in every setting but it should be enough in most settings,
-        // and overestimating is likely better in this situation so we definitely trace
-        // what we want, though this does run the risk of interfering with future CI jobs.
-        // Note that the default of 3 doesn't work on github actions, so we include a
-        // special case in the script that checks for Runner.Worker.exe so we can still work
-        // on actions if the runner is invoked there.
-        processLevel = processLevel || 3;
-        script = `
-      Param(
-          [Parameter(Position=0)]
-          [String]
-          $tracer
-      )
-
-      $id = $PID
-      for ($i = 0; $i -le ${processLevel}; $i++) {
-        $p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
-        Write-Host "Parent process \${i}: $p"
-        if ($p -eq $null) {
-          throw "Process tree ended before reaching required level"
-        }
-        # Special case just in case the runner is used on actions
-        if ($p[0].Name -eq "Runner.Worker.exe") {
-          Write-Host "Found Runner.Worker.exe process which means we are running on GitHub Actions"
-          Write-Host "Aborting search early and using process: $p"
-          Break
-        } elseif ($p[0].Name -eq "Agent.Worker.exe") {
-          Write-Host "Found Agent.Worker.exe process which means we are running on Azure Pipelines"
-          Write-Host "Aborting search early and using process: $p"
-          Break
-        } else {
-          $id = $p[0].ParentProcessId
-        }
-      }
-      Write-Host "Final process: $p"
-
-      Invoke-Expression "&$tracer --inject=$id"`;
-    }
-    const injectTracerPath = path.join(config.tempDir, "inject-tracer.ps1");
-    fs.writeFileSync(injectTracerPath, script);
-    await new toolrunner.ToolRunner(await safeWhich.safeWhich("powershell"), [
-        "-ExecutionPolicy",
-        "Bypass",
-        "-file",
-        injectTracerPath,
-        path.resolve(path.dirname(codeql.getPath()), "tools", "win64", "tracer.exe"),
-    ], { env: { ODASA_TRACER_CONFIGURATION: tracerConfig.spec } }).exec();
-}
-exports.injectWindowsTracer = injectWindowsTracer;
 async function installPythonDeps(codeql, logger) {
    logger.startGroup("Setup Python dependencies");
    const scriptsFolder = path.resolve(__dirname, "../python-setup");
@@ -23,20 +23,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCombinedTracerConfig = exports.concatTracerConfigs = exports.getTracerConfigForLanguage = exports.getTracerConfigForCluster = exports.endTracingForCluster = void 0;
+exports.getCombinedTracerConfig = exports.getTracerConfigForCluster = exports.endTracingForCluster = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const codeql_1 = require("./codeql");
 const languages_1 = require("./languages");
-const util = __importStar(require("./util"));
-const util_1 = require("./util");
-const CRITICAL_TRACER_VARS = new Set([
-    "SEMMLE_PRELOAD_libtrace",
-    "SEMMLE_RUNNER",
-    "SEMMLE_COPY_EXECUTABLES_ROOT",
-    "SEMMLE_DEPTRACE_SOCKET",
-    "SEMMLE_JAVA_TOOL_OPTIONS",
-]);
 async function endTracingForCluster(config) {
    // If there are no traced languages, we don't need to do anything.
    if (!config.languages.some((l) => (0, languages_1.isTracedLanguage)(l)))
@@ -64,162 +54,17 @@ exports.endTracingForCluster = endTracingForCluster;
 async function getTracerConfigForCluster(config) {
    const tracingEnvVariables = JSON.parse(fs.readFileSync(path.resolve(config.dbLocation, "temp/tracingEnvironment/start-tracing.json"), "utf8"));
    return {
-        spec: tracingEnvVariables["ODASA_TRACER_CONFIGURATION"],
        env: tracingEnvVariables,
    };
 }
 exports.getTracerConfigForCluster = getTracerConfigForCluster;
-async function getTracerConfigForLanguage(codeql, config, language) {
-    const env = await codeql.getTracerEnv(util.getCodeQLDatabasePath(config, language));
-    const spec = env["ODASA_TRACER_CONFIGURATION"];
-    const info = { spec, env: {} };
-    // Extract critical tracer variables from the environment
-    for (const entry of Object.entries(env)) {
-        const key = entry[0];
-        const value = entry[1];
-        // skip ODASA_TRACER_CONFIGURATION as it is handled separately
-        if (key === "ODASA_TRACER_CONFIGURATION") {
-            continue;
-        }
-        // skip undefined values
-        if (typeof value === "undefined") {
-            continue;
-        }
-        // Keep variables that do not exist in current environment. In addition always keep
-        // critical and CODEQL_ variables
-        if (typeof process.env[key] === "undefined" ||
-            CRITICAL_TRACER_VARS.has(key) ||
-            key.startsWith("CODEQL_")) {
-            info.env[key] = value;
-        }
-    }
-    return info;
-}
-exports.getTracerConfigForLanguage = getTracerConfigForLanguage;
-function concatTracerConfigs(tracerConfigs, config, writeBothEnvironments = false) {
-    // A tracer config is a map containing additional environment variables and a tracer 'spec' file.
-    // A tracer 'spec' file has the following format [log_file, number_of_blocks, blocks_text]
-    // Merge the environments
-    const env = {};
-    let copyExecutables = false;
-    let envSize = 0;
-    for (const v of Object.values(tracerConfigs)) {
-        for (const e of Object.entries(v.env)) {
-            const name = e[0];
-            const value = e[1];
-            // skip SEMMLE_COPY_EXECUTABLES_ROOT as it is handled separately
-            if (name === "SEMMLE_COPY_EXECUTABLES_ROOT") {
-                copyExecutables = true;
-            }
-            else if (name in env) {
-                if (env[name] !== value) {
-                    throw Error(`Incompatible values in environment parameter ${name}: ${env[name]} and ${value}`);
-                }
-            }
-            else {
-                env[name] = value;
-                envSize += 1;
-            }
-        }
-    }
-    // Concatenate spec files into a new spec file
-    const languages = Object.keys(tracerConfigs);
-    const cppIndex = languages.indexOf("cpp");
-    // Make sure cpp is the last language, if it's present since it must be concatenated last
-    if (cppIndex !== -1) {
-        const lastLang = languages[languages.length - 1];
-        languages[languages.length - 1] = languages[cppIndex];
-        languages[cppIndex] = lastLang;
-    }
-    const totalLines = [];
-    let totalCount = 0;
-    for (const lang of languages) {
-        const lines = fs
-            .readFileSync(tracerConfigs[lang].spec, "utf8")
-            .split(/\r?\n/);
-        const count = parseInt(lines[1], 10);
-        totalCount += count;
-        totalLines.push(...lines.slice(2));
-    }
-    const newLogFilePath = path.resolve(config.tempDir, "compound-build-tracer.log");
-    const spec = path.resolve(config.tempDir, "compound-spec");
-    const compoundTempFolder = path.resolve(config.tempDir, "compound-temp");
-    const newSpecContent = [
-        newLogFilePath,
-        totalCount.toString(10),
-        ...totalLines,
-    ];
-    if (copyExecutables) {
-        env["SEMMLE_COPY_EXECUTABLES_ROOT"] = compoundTempFolder;
-        envSize += 1;
-    }
-    fs.writeFileSync(spec, newSpecContent.join("\n"));
-    if (writeBothEnvironments || process.platform !== "win32") {
-        // Prepare the content of the compound environment file on Unix
-        let buffer = Buffer.alloc(4);
-        buffer.writeInt32LE(envSize, 0);
-        for (const e of Object.entries(env)) {
-            const key = e[0];
-            const value = e[1];
-            const lineBuffer = Buffer.from(`${key}=${value}\0`, "utf8");
-            const sizeBuffer = Buffer.alloc(4);
-            sizeBuffer.writeInt32LE(lineBuffer.length, 0);
-            buffer = Buffer.concat([buffer, sizeBuffer, lineBuffer]);
-        }
-        // Write the compound environment for Unix
-        const envPath = `${spec}.environment`;
-        fs.writeFileSync(envPath, buffer);
-    }
-    if (writeBothEnvironments || process.platform === "win32") {
-        // Prepare the content of the compound environment file on Windows
-        let bufferWindows = Buffer.alloc(0);
-        let length = 0;
-        for (const e of Object.entries(env)) {
-            const key = e[0];
-            const value = e[1];
-            const string = `${key}=${value}\0`;
-            length += string.length;
-            const lineBuffer = Buffer.from(string, "utf16le");
-            bufferWindows = Buffer.concat([bufferWindows, lineBuffer]);
-        }
-        const sizeBuffer = Buffer.alloc(4);
-        sizeBuffer.writeInt32LE(length + 1, 0); // Add one for trailing null character marking end
-        const trailingNull = Buffer.from(`\0`, "utf16le");
-        bufferWindows = Buffer.concat([sizeBuffer, bufferWindows, trailingNull]);
-        // Write the compound environment for Windows
-        const envPathWindows = `${spec}.win32env`;
-        fs.writeFileSync(envPathWindows, bufferWindows);
-    }
-    return { env, spec };
-}
-exports.concatTracerConfigs = concatTracerConfigs;
-async function getCombinedTracerConfig(config, codeql) {
+async function getCombinedTracerConfig(config) {
    // Abort if there are no traced languages as there's nothing to do
    const tracedLanguages = config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l));
    if (tracedLanguages.length === 0) {
        return undefined;
    }
-    let mainTracerConfig;
-    if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-        mainTracerConfig = await getTracerConfigForCluster(config);
-    }
-    else {
-        // Get all the tracer configs and combine them together
-        const tracedLanguageConfigs = {};
-        for (const language of tracedLanguages) {
-            tracedLanguageConfigs[language] = await getTracerConfigForLanguage(codeql, config, language);
-        }
-        mainTracerConfig = concatTracerConfigs(tracedLanguageConfigs, config);
-        // Add a couple more variables
-        mainTracerConfig.env["ODASA_TRACER_CONFIGURATION"] = mainTracerConfig.spec;
-        const codeQLDir = path.dirname(codeql.getPath());
-        if (process.platform === "darwin") {
-            mainTracerConfig.env["DYLD_INSERT_LIBRARIES"] = path.join(codeQLDir, "tools", "osx64", "libtrace.dylib");
-        }
-        else if (process.platform !== "win32") {
-            mainTracerConfig.env["LD_PRELOAD"] = path.join(codeQLDir, "tools", "linux64", "${LIB}trace.so");
-        }
-    }
+    const mainTracerConfig = await getTracerConfigForCluster(config);
    // On macos it's necessary to prefix the build command with the runner executable
    // on order to trace when System Integrity Protection is enabled.
    // The executable also exists and works for other platforms so we output this env
@@ -29,7 +29,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
-const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const languages_1 = require("./languages");
 const testing_utils_1 = require("./testing-utils");
@@ -56,267 +55,35 @@ function getTestConfig(tmpDir) {
        trapCacheDownloadTime: 0,
    };
 }
-// A very minimal setup
-(0, ava_1.default)("getTracerConfigForLanguage - minimal setup", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const codeQL = (0, codeql_1.setCodeQL)({
-            async getTracerEnv() {
-                return {
-                    ODASA_TRACER_CONFIGURATION: "abc",
-                    foo: "bar",
-                };
-            },
-        });
-        const result = await (0, tracer_config_1.getTracerConfigForLanguage)(codeQL, config, languages_1.Language.javascript);
-        t.deepEqual(result, { spec: "abc", env: { foo: "bar" } });
-    });
-});
-// Existing vars should not be overwritten, unless they are critical or prefixed with CODEQL_
-(0, ava_1.default)("getTracerConfigForLanguage - existing / critical vars", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        // Set up some variables in the environment
-        process.env["foo"] = "abc";
-        process.env["SEMMLE_PRELOAD_libtrace"] = "abc";
-        process.env["SEMMLE_RUNNER"] = "abc";
-        process.env["SEMMLE_COPY_EXECUTABLES_ROOT"] = "abc";
-        process.env["SEMMLE_DEPTRACE_SOCKET"] = "abc";
-        process.env["SEMMLE_JAVA_TOOL_OPTIONS"] = "abc";
-        process.env["CODEQL_VAR"] = "abc";
-        // Now CodeQL returns all these variables, and one more, with different values
-        const codeQL = (0, codeql_1.setCodeQL)({
-            async getTracerEnv() {
-                return {
-                    ODASA_TRACER_CONFIGURATION: "abc",
-                    foo: "bar",
-                    baz: "qux",
-                    SEMMLE_PRELOAD_libtrace: "SEMMLE_PRELOAD_libtrace",
-                    SEMMLE_RUNNER: "SEMMLE_RUNNER",
-                    SEMMLE_COPY_EXECUTABLES_ROOT: "SEMMLE_COPY_EXECUTABLES_ROOT",
-                    SEMMLE_DEPTRACE_SOCKET: "SEMMLE_DEPTRACE_SOCKET",
-                    SEMMLE_JAVA_TOOL_OPTIONS: "SEMMLE_JAVA_TOOL_OPTIONS",
-                    CODEQL_VAR: "CODEQL_VAR",
-                };
-            },
-        });
-        const result = await (0, tracer_config_1.getTracerConfigForLanguage)(codeQL, config, languages_1.Language.javascript);
-        t.deepEqual(result, {
-            spec: "abc",
-            env: {
-                // Should contain all variables except 'foo', because that already existed in the
-                // environment with a different value, and is not deemed a "critical" variable.
-                baz: "qux",
-                SEMMLE_PRELOAD_libtrace: "SEMMLE_PRELOAD_libtrace",
-                SEMMLE_RUNNER: "SEMMLE_RUNNER",
-                SEMMLE_COPY_EXECUTABLES_ROOT: "SEMMLE_COPY_EXECUTABLES_ROOT",
-                SEMMLE_DEPTRACE_SOCKET: "SEMMLE_DEPTRACE_SOCKET",
-                SEMMLE_JAVA_TOOL_OPTIONS: "SEMMLE_JAVA_TOOL_OPTIONS",
-                CODEQL_VAR: "CODEQL_VAR",
-            },
-        });
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - minimal configs correctly combined", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec1 = path.join(tmpDir, "spec1");
-        fs.writeFileSync(spec1, "foo.log\n2\nabc\ndef");
-        const tc1 = {
-            spec: spec1,
-            env: {
-                a: "a",
-                b: "b",
-            },
-        };
-        const spec2 = path.join(tmpDir, "spec2");
-        fs.writeFileSync(spec2, "foo.log\n1\nghi");
-        const tc2 = {
-            spec: spec2,
-            env: {
-                c: "c",
-            },
-        };
-        const result = (0, tracer_config_1.concatTracerConfigs)({ javascript: tc1, python: tc2 }, config);
-        t.deepEqual(result, {
-            spec: path.join(tmpDir, "compound-spec"),
-            env: {
-                a: "a",
-                b: "b",
-                c: "c",
-            },
-        });
-        t.true(fs.existsSync(result.spec));
-        t.deepEqual(fs.readFileSync(result.spec, "utf8"), `${path.join(tmpDir, "compound-build-tracer.log")}\n3\nabc\ndef\nghi`);
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - conflicting env vars", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec = path.join(tmpDir, "spec");
-        fs.writeFileSync(spec, "foo.log\n0");
-        // Ok if env vars have the same name and the same value
-        t.deepEqual((0, tracer_config_1.concatTracerConfigs)({
-            javascript: { spec, env: { a: "a", b: "b" } },
-            python: { spec, env: { b: "b", c: "c" } },
-        }, config).env, {
-            a: "a",
-            b: "b",
-            c: "c",
-        });
-        // Throws if env vars have same name but different values
-        const e = t.throws(() => (0, tracer_config_1.concatTracerConfigs)({
-            javascript: { spec, env: { a: "a", b: "b" } },
-            python: { spec, env: { b: "c" } },
-        }, config));
-        // If e is undefined, then the previous assertion will fail.
-        if (e !== undefined) {
-            t.deepEqual(e.message, "Incompatible values in environment parameter b: b and c");
-        }
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - cpp spec lines come last if present", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec1 = path.join(tmpDir, "spec1");
-        fs.writeFileSync(spec1, "foo.log\n2\nabc\ndef");
-        const tc1 = {
-            spec: spec1,
-            env: {
-                a: "a",
-                b: "b",
-            },
-        };
-        const spec2 = path.join(tmpDir, "spec2");
-        fs.writeFileSync(spec2, "foo.log\n1\nghi");
-        const tc2 = {
-            spec: spec2,
-            env: {
-                c: "c",
-            },
-        };
-        const result = (0, tracer_config_1.concatTracerConfigs)({ cpp: tc1, python: tc2 }, config);
-        t.deepEqual(result, {
-            spec: path.join(tmpDir, "compound-spec"),
-            env: {
-                a: "a",
-                b: "b",
-                c: "c",
-            },
-        });
-        t.true(fs.existsSync(result.spec));
-        t.deepEqual(fs.readFileSync(result.spec, "utf8"), `${path.join(tmpDir, "compound-build-tracer.log")}\n3\nghi\nabc\ndef`);
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - SEMMLE_COPY_EXECUTABLES_ROOT is updated to point to compound spec", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec = path.join(tmpDir, "spec");
-        fs.writeFileSync(spec, "foo.log\n0");
-        const result = (0, tracer_config_1.concatTracerConfigs)({
-            javascript: { spec, env: { a: "a", b: "b" } },
-            python: { spec, env: { SEMMLE_COPY_EXECUTABLES_ROOT: "foo" } },
-        }, config);
-        t.deepEqual(result.env, {
-            a: "a",
-            b: "b",
-            SEMMLE_COPY_EXECUTABLES_ROOT: path.join(tmpDir, "compound-temp"),
-        });
-    });
-});
-(0, ava_1.default)("concatTracerConfigs - compound environment file is created correctly", async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        const config = getTestConfig(tmpDir);
-        const spec1 = path.join(tmpDir, "spec1");
-        fs.writeFileSync(spec1, "foo.log\n2\nabc\ndef");
-        const tc1 = {
-            spec: spec1,
-            env: {
-                a: "a",
-            },
-        };
-        const spec2 = path.join(tmpDir, "spec2");
-        fs.writeFileSync(spec2, "foo.log\n1\nghi");
-        const tc2 = {
-            spec: spec2,
-            env: {
-                foo: "bar_baz",
-            },
-        };
-        const result = (0, tracer_config_1.concatTracerConfigs)({ javascript: tc1, python: tc2 }, config, true);
-        // Check binary contents for the Unix file
-        const envPath = `${result.spec}.environment`;
-        t.true(fs.existsSync(envPath));
-        const buffer = fs.readFileSync(envPath);
-        t.deepEqual(buffer.length, 28);
-        t.deepEqual(buffer.readInt32LE(0), 2); // number of env vars
-        t.deepEqual(buffer.readInt32LE(4), 4); // length of env var definition
-        t.deepEqual(buffer.toString("utf8", 8, 12), "a=a\0"); // [key]=[value]\0
-        t.deepEqual(buffer.readInt32LE(12), 12); // length of env var definition
-        t.deepEqual(buffer.toString("utf8", 16, 28), "foo=bar_baz\0"); // [key]=[value]\0
-        // Check binary contents for the Windows file
-        const envPathWindows = `${result.spec}.win32env`;
-        t.true(fs.existsSync(envPathWindows));
-        const bufferWindows = fs.readFileSync(envPathWindows);
-        t.deepEqual(bufferWindows.length, 38);
-        t.deepEqual(bufferWindows.readInt32LE(0), 4 + 12 + 1); // number of tchars to represent the environment
-        t.deepEqual(bufferWindows.toString("utf16le", 4, 12), "a=a\0"); // [key]=[value]\0
-        t.deepEqual(bufferWindows.toString("utf16le", 12, 36), "foo=bar_baz\0"); // [key]=[value]\0
-        t.deepEqual(bufferWindows.toString("utf16le", 36, 38), "\0"); // trailing null character
-    });
-});
 (0, ava_1.default)("getCombinedTracerConfig - return undefined when no languages are traced languages", async (t) => {
    await util.withTmpDir(async (tmpDir) => {
        const config = getTestConfig(tmpDir);
        // No traced languages
        config.languages = [languages_1.Language.javascript, languages_1.Language.python];
-        const codeQL = (0, codeql_1.setCodeQL)({
-            async getTracerEnv() {
-                return {
-                    ODASA_TRACER_CONFIGURATION: "abc",
-                    CODEQL_DIST: "/",
-                    foo: "bar",
-                };
-            },
-        });
-        t.deepEqual(await (0, tracer_config_1.getCombinedTracerConfig)(config, codeQL), undefined);
+        t.deepEqual(await (0, tracer_config_1.getCombinedTracerConfig)(config), undefined);
    });
 });
-(0, ava_1.default)("getCombinedTracerConfig - valid spec file", async (t) => {
+(0, ava_1.default)("getCombinedTracerConfig - with start-tracing.json environment file", async (t) => {
    await util.withTmpDir(async (tmpDir) => {
        const config = getTestConfig(tmpDir);
-        const spec = path.join(tmpDir, "spec");
-        fs.writeFileSync(spec, "foo.log\n2\nabc\ndef");
        const bundlePath = path.join(tmpDir, "bundle");
        const codeqlPlatform = process.platform === "win32"
            ? "win64"
            : process.platform === "darwin"
                ? "osx64"
                : "linux64";
-        const codeQL = (0, codeql_1.setCodeQL)({
-            async getTracerEnv() {
-                return {
-                    ODASA_TRACER_CONFIGURATION: spec,
-                    CODEQL_DIST: bundlePath,
-                    CODEQL_PLATFORM: codeqlPlatform,
-                    foo: "bar",
-                };
-            },
-        });
-        const result = await (0, tracer_config_1.getCombinedTracerConfig)(config, codeQL);
-        t.notDeepEqual(result, undefined);
-        const expectedEnv = {
+        const startTracingEnv = {
            foo: "bar",
            CODEQL_DIST: bundlePath,
            CODEQL_PLATFORM: codeqlPlatform,
-            ODASA_TRACER_CONFIGURATION: result.spec,
        };
-        if (process.platform === "darwin") {
-            expectedEnv["DYLD_INSERT_LIBRARIES"] = path.join(path.dirname(codeQL.getPath()), "tools", "osx64", "libtrace.dylib");
-        }
-        else if (process.platform !== "win32") {
-            expectedEnv["LD_PRELOAD"] = path.join(path.dirname(codeQL.getPath()), "tools", "linux64", "${LIB}trace.so");
-        }
+        const tracingEnvironmentDir = path.join(config.dbLocation, "temp", "tracingEnvironment");
+        fs.mkdirSync(tracingEnvironmentDir, { recursive: true });
+        const startTracingJson = path.join(tracingEnvironmentDir, "start-tracing.json");
+        fs.writeFileSync(startTracingJson, JSON.stringify(startTracingEnv));
+        const result = await (0, tracer_config_1.getCombinedTracerConfig)(config);
+        t.notDeepEqual(result, undefined);
+        const expectedEnv = startTracingEnv;
        if (process.platform === "win32") {
            expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/win64/runner.exe");
        }
@@ -327,7 +94,6 @@ function getTestConfig(tmpDir) {
            expectedEnv["CODEQL_RUNNER"] = path.join(bundlePath, "tools/linux64/runner");
        }
        t.deepEqual(result, {
-            spec: path.join(tmpDir, "compound-spec"),
            env: expectedEnv,
        });
    });
@@ -33,6 +33,7 @@ const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
 const actionsUtil = __importStar(require("./actions-util"));
 const codeql_1 = require("./codeql");
+const configUtils = __importStar(require("./config-utils"));
 const languages_1 = require("./languages");
 const testing_utils_1 = require("./testing-utils");
 const trap_caching_1 = require("./trap-caching");
@@ -94,11 +95,7 @@ const testConfigWithoutTmpDir = {
    debugMode: false,
    debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
    debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-    augmentationProperties: {
-        injectedMlQueries: false,
-        packsInputCombines: false,
-        queriesInputCombines: false,
-    },
+    augmentationProperties: configUtils.defaultAugmentationProperties,
    trapCaches: {
        javascript: "/some/cache/dir",
    },
@@ -119,11 +116,7 @@ function getTestConfigWithTempDir(tmpDir) {
        debugMode: false,
        debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
        debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-        augmentationProperties: {
-            injectedMlQueries: false,
-            packsInputCombines: false,
-            queriesInputCombines: false,
-        },
+        augmentationProperties: configUtils.defaultAugmentationProperties,
        trapCaches: {
            javascript: path.resolve(tmpDir, "jsCache"),
            ruby: path.resolve(tmpDir, "rubyCache"),
@@ -337,9 +337,11 @@ exports.assertNever = assertNever;
 * knowing what version of CodeQL we're running.
 */
 function initializeEnvironment(version) {
-    core.exportVariable(shared_environment_1.EnvVar.VERSION, version);
-    core.exportVariable(shared_environment_1.EnvVar.FEATURE_SARIF_COMBINE, "true");
-    core.exportVariable(shared_environment_1.EnvVar.FEATURE_WILL_UPLOAD, "true");
+    core.exportVariable(String(shared_environment_1.EnvVar.FEATURE_MULTI_LANGUAGE), "false");
+    core.exportVariable(String(shared_environment_1.EnvVar.FEATURE_SANDWICH), "false");
+    core.exportVariable(String(shared_environment_1.EnvVar.FEATURE_SARIF_COMBINE), "true");
+    core.exportVariable(String(shared_environment_1.EnvVar.FEATURE_WILL_UPLOAD), "true");
+    core.exportVariable(String(shared_environment_1.EnvVar.VERSION), version);
 }
 exports.initializeEnvironment = initializeEnvironment;
 /**
@@ -33,6 +33,7 @@ const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
 const api = __importStar(require("./api-client"));
+const config_utils_1 = require("./config-utils");
 const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
@@ -241,11 +242,7 @@ for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
                debugMode: false,
                debugArtifactName: util.DEFAULT_DEBUG_ARTIFACT_NAME,
                debugDatabaseName: util.DEFAULT_DEBUG_DATABASE_NAME,
-                augmentationProperties: {
-                    injectedMlQueries: false,
-                    packsInputCombines: false,
-                    queriesInputCombines: false,
-                },
+                augmentationProperties: config_utils_1.defaultAugmentationProperties,
                trapCaches: {},
                trapCacheDownloadTime: 0,
            };
@@ -22,10 +22,14 @@ var __importStar = (this && this.__importStar) || function (mod) {
    __setModuleDefault(result, mod);
    return result;
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCheckoutPathInputOrThrow = exports.getUploadInputOrThrow = exports.getCategoryInputOrThrow = exports.getWorkflowRunID = exports.getWorkflowPath = exports.getWorkflow = exports.formatWorkflowCause = exports.formatWorkflowErrors = exports.validateWorkflow = exports.getWorkflowErrors = exports.WorkflowErrors = exports.patternIsSuperset = void 0;
+exports.getCheckoutPathInputOrThrow = exports.getUploadInputOrThrow = exports.getCategoryInputOrThrow = exports.getWorkflowRunID = exports.getWorkflowRelativePath = exports.getWorkflow = exports.formatWorkflowCause = exports.formatWorkflowErrors = exports.validateWorkflow = exports.getWorkflowErrors = exports.WorkflowErrors = exports.patternIsSuperset = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const zlib_1 = __importDefault(require("zlib"));
 const core = __importStar(require("@actions/core"));
 const yaml = __importStar(require("js-yaml"));
 const api = __importStar(require("./api-client"));
@@ -157,10 +161,10 @@ function getWorkflowErrors(doc) {
    return errors;
 }
 exports.getWorkflowErrors = getWorkflowErrors;
-async function validateWorkflow() {
+async function validateWorkflow(logger) {
    let workflow;
    try {
-        workflow = await getWorkflow();
+        workflow = await getWorkflow(logger);
    }
    catch (e) {
        return `error: getWorkflow() failed: ${String(e)}`;
@@ -198,25 +202,37 @@ function formatWorkflowCause(errors) {
    return errors.map((e) => e.code).join(",");
 }
 exports.formatWorkflowCause = formatWorkflowCause;
-async function getWorkflow() {
-    const relativePath = await getWorkflowPath();
-    const absolutePath = path.join((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), relativePath);
-    try {
-        return yaml.load(fs.readFileSync(absolutePath, "utf-8"));
-    }
-    catch (e) {
-        if (e instanceof Error && e["code"] === "ENOENT") {
-            throw new Error(`Unable to load code scanning workflow from ${absolutePath}. This can happen if the currently ` +
-                "running workflow checks out a branch that doesn't contain the corresponding workflow file.");
-        }
-        throw e;
+async function getWorkflow(logger) {
+    // In default setup, the currently executing workflow is not checked into the repository.
+    // Instead, a gzipped then base64 encoded version of the workflow file is provided via the
+    // `CODE_SCANNING_WORKFLOW_FILE` environment variable.
+    const maybeWorkflow = process.env["CODE_SCANNING_WORKFLOW_FILE"];
+    if (maybeWorkflow) {
+        logger.debug("Using the workflow specified by the CODE_SCANNING_WORKFLOW_FILE environment variable.");
+        return yaml.load(zlib_1.default.gunzipSync(Buffer.from(maybeWorkflow, "base64")).toString());
    }
+    const workflowPath = await getWorkflowAbsolutePath(logger);
+    return yaml.load(fs.readFileSync(workflowPath, "utf-8"));
 }
 exports.getWorkflow = getWorkflow;
 /**
- * Get the path of the currently executing workflow.
+ * Get the absolute path of the currently executing workflow.
 */
-async function getWorkflowPath() {
+async function getWorkflowAbsolutePath(logger) {
+    const relativePath = await getWorkflowRelativePath();
+    const absolutePath = path.join((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), relativePath);
+    if (fs.existsSync(absolutePath)) {
+        logger.debug(`Derived the following absolute path for the currently executing workflow: ${absolutePath}.`);
+        return absolutePath;
+    }
+    throw new Error(`Expected to find a code scanning workflow file at ${absolutePath}, but no such file existed. ` +
+        "This can happen if the currently running workflow checks out a branch that doesn't contain " +
+        "the corresponding workflow file.");
+}
+/**
+ * Get the path of the currently executing workflow relative to the repository root.
+ */
+async function getWorkflowRelativePath() {
    const repo_nwo = (0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY").split("/");
    const owner = repo_nwo[0];
    const repo = repo_nwo[1];
@@ -231,7 +247,7 @@ async function getWorkflowPath() {
    const workflowResponse = await apiClient.request(`GET ${workflowUrl}`);
    return workflowResponse.data.path;
 }
-exports.getWorkflowPath = getWorkflowPath;
+exports.getWorkflowRelativePath = getWorkflowRelativePath;
 /**
 * Get the workflow run ID.
 */
@@ -1,6 +1,6 @@
 {
  "name": "codeql",
-  "version": "2.2.12",
+  "version": "2.3.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
@@ -1772,13 +1772,6 @@
        "url": "https://github.com/chalk/chalk?sponsor=1"
      }
    },
-    "node_modules/charenc": {
-      "version": "0.0.2",
-      "integrity": "sha1-wKHS86cJLgN3S/qD8UwPxXkKhmc=",
-      "engines": {
-        "node": "*"
-      }
-    },
    "node_modules/chokidar": {
      "version": "3.5.3",
      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz",
@@ -1968,14 +1961,6 @@
        "node": ">= 0.8"
      }
    },
-    "node_modules/commander": {
-      "version": "8.1.0",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-8.1.0.tgz",
-      "integrity": "sha512-mf45ldcuHSYShkplHHGKWb4TrmwQadxOn7v4WuhDJy0ZVoY5JFajaRDKD0PNe5qXzBX0rhovjTnP6Kz9LETcuA==",
-      "engines": {
-        "node": ">= 12"
-      }
-    },
    "node_modules/common-path-prefix": {
      "version": "3.0.0",
      "integrity": "sha512-QE33hToZseCH3jS0qN96O/bSh3kaw/h+Tq7ngyY9eWDUnTlTNUyqfqvCXioLe5Na5jFsL78ra/wuBU4iuEgd4w==",
@@ -2031,13 +2016,6 @@
        "node": ">= 8"
      }
    },
-    "node_modules/crypt": {
-      "version": "0.0.2",
-      "integrity": "sha1-iNf/fsDfuG9xPch7u0LQRNPmxBs=",
-      "engines": {
-        "node": "*"
-      }
-    },
    "node_modules/currently-unhandled": {
      "version": "0.4.1",
      "integrity": "sha1-mI3zP+qxke95mmE2nddsF635V+o=",
@@ -3436,23 +3414,6 @@
        "url": "https://github.com/privatenumber/get-tsconfig?sponsor=1"
      }
    },
-    "node_modules/glob": {
-      "version": "9.2.1",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-9.2.1.tgz",
-      "integrity": "sha512-Pxxgq3W0HyA3XUvSXcFhRSs+43Jsx0ddxcFrbjxNGkL2Ak5BAUBxLqI5G6ADDeCHLfzzXFhe0b1yYcctGmytMA==",
-      "dependencies": {
-        "fs.realpath": "^1.0.0",
-        "minimatch": "^7.4.1",
-        "minipass": "^4.2.4",
-        "path-scurry": "^1.6.1"
-      },
-      "engines": {
-        "node": ">=16 || 14 >=14.17"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
    "node_modules/glob-parent": {
      "version": "5.1.2",
      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
@@ -3464,28 +3425,6 @@
        "node": ">= 6"
      }
    },
-    "node_modules/glob/node_modules/brace-expansion": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
-      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
-      "dependencies": {
-        "balanced-match": "^1.0.0"
-      }
-    },
-    "node_modules/glob/node_modules/minimatch": {
-      "version": "7.4.2",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-7.4.2.tgz",
-      "integrity": "sha512-xy4q7wou3vUoC9k1xGTXc+awNdGaGVHtFUaey8tiX4H1QRc04DZ/rmDFwNm2EBsuYEhAZ6SgMmYf3InGY6OauA==",
-      "dependencies": {
-        "brace-expansion": "^2.0.1"
-      },
-      "engines": {
-        "node": ">=10"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
    "node_modules/globals": {
      "version": "13.19.0",
      "resolved": "https://registry.npmjs.org/globals/-/globals-13.19.0.tgz",
@@ -3821,10 +3760,6 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
-    "node_modules/is-buffer": {
-      "version": "1.1.6",
-      "integrity": "sha512-NcdALwpXkTm5Zvvbk7owOUSvVvBKDgKP5/ewfXEznmQFfs4ZRmanOeKBTjRVjka3QFoN6XJ+9F3USqfHqTaU5w=="
-    },
    "node_modules/is-callable": {
      "version": "1.2.7",
      "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.2.7.tgz",
@@ -4387,16 +4322,6 @@
        "url": "https://github.com/sponsors/sindresorhus"
      }
    },
-    "node_modules/md5": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/md5/-/md5-2.3.0.tgz",
-      "integrity": "sha512-T1GITYmFaKuO91vxyoQMFETst+O71VUPEU3ze5GNzDm0OWdP8v1ziTaAEPUr/3kLsY3Sftgz242A1SetQiDL7g==",
-      "dependencies": {
-        "charenc": "0.0.2",
-        "crypt": "0.0.2",
-        "is-buffer": "~1.1.6"
-      }
-    },
    "node_modules/md5-hex": {
      "version": "3.0.1",
      "integrity": "sha512-BUiRtTtV39LIJwinWBjqVsU9xhdnz7/i889V859IBFpuqGAj6LuOvHv5XLbgZ2R7ptJoJaEcxkv88/h25T7Ciw==",
@@ -4501,14 +4426,6 @@
        "url": "https://github.com/sponsors/ljharb"
      }
    },
-    "node_modules/minipass": {
-      "version": "4.2.4",
-      "resolved": "https://registry.npmjs.org/minipass/-/minipass-4.2.4.tgz",
-      "integrity": "sha512-lwycX3cBMTvcejsHITUgYj6Gy6A7Nh4Q6h9NP4sTHY1ccJlC7yKzDmiShEHsJ16Jf1nKGDEaiHxiltsJEvk0nQ==",
-      "engines": {
-        "node": ">=8"
-      }
-    },
    "node_modules/ms": {
      "version": "2.1.2",
      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
@@ -4938,29 +4855,6 @@
      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
      "dev": true
    },
-    "node_modules/path-scurry": {
-      "version": "1.6.1",
-      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.6.1.tgz",
-      "integrity": "sha512-OW+5s+7cw6253Q4E+8qQ/u1fVvcJQCJo/VFD8pje+dbJCF1n5ZRMV2AEHbGp+5Q7jxQIYJxkHopnj6nzdGeZLA==",
-      "dependencies": {
-        "lru-cache": "^7.14.1",
-        "minipass": "^4.0.2"
-      },
-      "engines": {
-        "node": ">=14"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
-    "node_modules/path-scurry/node_modules/lru-cache": {
-      "version": "7.18.3",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.18.3.tgz",
-      "integrity": "sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA==",
-      "engines": {
-        "node": ">=12"
-      }
-    },
    "node_modules/path-to-regexp": {
      "version": "1.8.0",
      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz",
@@ -6151,9 +6045,9 @@
      }
    },
    "node_modules/xml2js": {
-      "version": "0.4.23",
-      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz",
-      "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==",
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.5.0.tgz",
+      "integrity": "sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA==",
      "dependencies": {
        "sax": ">=0.6.0",
        "xmlbuilder": "~11.0.0"
@@ -1,27 +0,0 @@
-Copyright © 2011, Paul Vorbach. All rights reserved.
-Copyright © 2009, Jeff Mott. All rights reserved.
-
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-* Redistributions in binary form must reproduce the above copyright notice, this
-  list of conditions and the following disclaimer in the documentation and/or
-  other materials provided with the distribution.
-* Neither the name Crypto-JS nor the names of its contributors may be used to
-  endorse or promote products derived from this software without specific prior
-  written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
@@ -1 +0,0 @@
-**enc** provides crypto character encoding utilities.
@@ -1,33 +0,0 @@
-var charenc = {
-  // UTF-8 encoding
-  utf8: {
-    // Convert a string to a byte array
-    stringToBytes: function(str) {
-      return charenc.bin.stringToBytes(unescape(encodeURIComponent(str)));
-    },
-
-    // Convert a byte array to a string
-    bytesToString: function(bytes) {
-      return decodeURIComponent(escape(charenc.bin.bytesToString(bytes)));
-    }
-  },
-
-  // Binary encoding
-  bin: {
-    // Convert a string to a byte array
-    stringToBytes: function(str) {
-      for (var bytes = [], i = 0; i < str.length; i++)
-        bytes.push(str.charCodeAt(i) & 0xFF);
-      return bytes;
-    },
-
-    // Convert a byte array to a string
-    bytesToString: function(bytes) {
-      for (var str = [], i = 0; i < bytes.length; i++)
-        str.push(String.fromCharCode(bytes[i]));
-      return str.join('');
-    }
-  }
-};
-
-module.exports = charenc;
@@ -1,24 +0,0 @@
-{
-  "author": "Paul Vorbach <paul@vorb.de> (http://vorb.de)",
-  "name": "charenc",
-  "description": "character encoding utilities",
-  "tags": [
-    "utf8",
-    "binary",
-    "byte",
-    "string"
-  ],
-  "version": "0.0.2",
-  "license": "BSD-3-Clause",
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/pvorb/node-charenc.git"
-  },
-  "bugs": {
-    "url": "https://github.com/pvorb/node-charenc/issues"
-  },
-  "main": "charenc.js",
-  "engines": {
-    "node": "*"
-  }
-}
@@ -1,22 +0,0 @@
-(The MIT License)
-
-Copyright (c) 2011 TJ Holowaychuk <tj@vision-media.ca>
-
-Permission is hereby granted, free of charge, to any person obtaining
-a copy of this software and associated documentation files (the
-'Software'), to deal in the Software without restriction, including
-without limitation the rights to use, copy, modify, merge, publish,
-distribute, sublicense, and/or sell copies of the Software, and to
-permit persons to whom the Software is furnished to do so, subject to
-the following conditions:
-
-The above copyright notice and this permission notice shall be
-included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
-TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -1,15 +0,0 @@
-import commander from './index.js';
-
-// wrapper to provide named exports for ESM.
-export const {
-  program,
-  createCommand,
-  createArgument,
-  createOption,
-  CommanderError,
-  InvalidArgumentError,
-  Command,
-  Argument,
-  Option,
-  Help
-} = commander;
@@ -1,27 +0,0 @@
-const { Argument } = require('./lib/argument.js');
-const { Command } = require('./lib/command.js');
-const { CommanderError, InvalidArgumentError } = require('./lib/error.js');
-const { Help } = require('./lib/help.js');
-const { Option } = require('./lib/option.js');
-
-// @ts-check
-
-/**
- * Expose the root command.
- */
-
-exports = module.exports = new Command();
-exports.program = exports; // More explicit access to global command.
-// Implicit export of createArgument, createCommand, and createOption.
-
-/**
- * Expose classes
- */
-
-exports.Argument = Argument;
-exports.Command = Command;
-exports.CommanderError = CommanderError;
-exports.Help = Help;
-exports.InvalidArgumentError = InvalidArgumentError;
-exports.InvalidOptionArgumentError = InvalidArgumentError; // Deprecated
-exports.Option = Option;
@@ -1,147 +0,0 @@
-const { InvalidArgumentError } = require('./error.js');
-
-// @ts-check
-
-class Argument {
-  /**
-   * Initialize a new command argument with the given name and description.
-   * The default is that the argument is required, and you can explicitly
-   * indicate this with <> around the name. Put [] around the name for an optional argument.
-   *
-   * @param {string} name
-   * @param {string} [description]
-   */
-
-  constructor(name, description) {
-    this.description = description || '';
-    this.variadic = false;
-    this.parseArg = undefined;
-    this.defaultValue = undefined;
-    this.defaultValueDescription = undefined;
-    this.argChoices = undefined;
-
-    switch (name[0]) {
-      case '<': // e.g. <required>
-        this.required = true;
-        this._name = name.slice(1, -1);
-        break;
-      case '[': // e.g. [optional]
-        this.required = false;
-        this._name = name.slice(1, -1);
-        break;
-      default:
-        this.required = true;
-        this._name = name;
-        break;
-    }
-
-    if (this._name.length > 3 && this._name.slice(-3) === '...') {
-      this.variadic = true;
-      this._name = this._name.slice(0, -3);
-    }
-  }
-
-  /**
-   * Return argument name.
-   *
-   * @return {string}
-   */
-
-  name() {
-    return this._name;
-  };
-
-  /**
-   * @api private
-   */
-
-  _concatValue(value, previous) {
-    if (previous === this.defaultValue || !Array.isArray(previous)) {
-      return [value];
-    }
-
-    return previous.concat(value);
-  }
-
-  /**
-   * Set the default value, and optionally supply the description to be displayed in the help.
-   *
-   * @param {any} value
-   * @param {string} [description]
-   * @return {Argument}
-   */
-
-  default(value, description) {
-    this.defaultValue = value;
-    this.defaultValueDescription = description;
-    return this;
-  };
-
-  /**
-   * Set the custom handler for processing CLI command arguments into argument values.
-   *
-   * @param {Function} [fn]
-   * @return {Argument}
-   */
-
-  argParser(fn) {
-    this.parseArg = fn;
-    return this;
-  };
-
-  /**
-   * Only allow option value to be one of choices.
-   *
-   * @param {string[]} values
-   * @return {Argument}
-   */
-
-  choices(values) {
-    this.argChoices = values;
-    this.parseArg = (arg, previous) => {
-      if (!values.includes(arg)) {
-        throw new InvalidArgumentError(`Allowed choices are ${values.join(', ')}.`);
-      }
-      if (this.variadic) {
-        return this._concatValue(arg, previous);
-      }
-      return arg;
-    };
-    return this;
-  };
-
-  /**
-   * Make option-argument required.
-   */
-  argRequired() {
-    this.required = true;
-    return this;
-  }
-
-  /**
-   * Make option-argument optional.
-   */
-  argOptional() {
-    this.required = false;
-    return this;
-  }
-}
-
-/**
- * Takes an argument and returns its human readable equivalent for help usage.
- *
- * @param {Argument} arg
- * @return {string}
- * @api private
- */
-
-function humanReadableArgName(arg) {
-  const nameOutput = arg.name() + (arg.variadic === true ? '...' : '');
-
-  return arg.required
-    ? '<' + nameOutput + '>'
-    : '[' + nameOutput + ']';
-}
-
-exports.Argument = Argument;
-exports.humanReadableArgName = humanReadableArgName;
@@ -1,45 +0,0 @@
-// @ts-check
-
-/**
- * CommanderError class
- * @class
- */
-class CommanderError extends Error {
-  /**
-   * Constructs the CommanderError class
-   * @param {number} exitCode suggested exit code which could be used with process.exit
-   * @param {string} code an id string representing the error
-   * @param {string} message human-readable description of the error
-   * @constructor
-   */
-  constructor(exitCode, code, message) {
-    super(message);
-    // properly capture stack trace in Node.js
-    Error.captureStackTrace(this, this.constructor);
-    this.name = this.constructor.name;
-    this.code = code;
-    this.exitCode = exitCode;
-    this.nestedError = undefined;
-  }
-}
-
-/**
- * InvalidArgumentError class
- * @class
- */
-class InvalidArgumentError extends CommanderError {
-  /**
-   * Constructs the InvalidArgumentError class
-   * @param {string} [message] explanation of why argument is invalid
-   * @constructor
-   */
-  constructor(message) {
-    super(1, 'commander.invalidArgument', message);
-    // properly capture stack trace in Node.js
-    Error.captureStackTrace(this, this.constructor);
-    this.name = this.constructor.name;
-  }
-}
-
-exports.CommanderError = CommanderError;
-exports.InvalidArgumentError = InvalidArgumentError;
@@ -1,393 +0,0 @@
-const { humanReadableArgName } = require('./argument.js');
-
-/**
- * TypeScript import types for JSDoc, used by Visual Studio Code IntelliSense and `npm run typescript-checkJS`
- * https://www.typescriptlang.org/docs/handbook/jsdoc-supported-types.html#import-types
- * @typedef { import("./argument.js").Argument } Argument
- * @typedef { import("./command.js").Command } Command
- * @typedef { import("./option.js").Option } Option
- */
-
-// @ts-check
-
-// Although this is a class, methods are static in style to allow override using subclass or just functions.
-class Help {
-  constructor() {
-    this.helpWidth = undefined;
-    this.sortSubcommands = false;
-    this.sortOptions = false;
-  }
-
-  /**
-   * Get an array of the visible subcommands. Includes a placeholder for the implicit help command, if there is one.
-   *
-   * @param {Command} cmd
-   * @returns {Command[]}
-   */
-
-  visibleCommands(cmd) {
-    const visibleCommands = cmd.commands.filter(cmd => !cmd._hidden);
-    if (cmd._hasImplicitHelpCommand()) {
-      // Create a command matching the implicit help command.
-      const [, helpName, helpArgs] = cmd._helpCommandnameAndArgs.match(/([^ ]+) *(.*)/);
-      const helpCommand = cmd.createCommand(helpName)
-        .helpOption(false);
-      helpCommand.description(cmd._helpCommandDescription);
-      if (helpArgs) helpCommand.arguments(helpArgs);
-      visibleCommands.push(helpCommand);
-    }
-    if (this.sortSubcommands) {
-      visibleCommands.sort((a, b) => {
-        // @ts-ignore: overloaded return type
-        return a.name().localeCompare(b.name());
-      });
-    }
-    return visibleCommands;
-  }
-
-  /**
-   * Get an array of the visible options. Includes a placeholder for the implicit help option, if there is one.
-   *
-   * @param {Command} cmd
-   * @returns {Option[]}
-   */
-
-  visibleOptions(cmd) {
-    const visibleOptions = cmd.options.filter((option) => !option.hidden);
-    // Implicit help
-    const showShortHelpFlag = cmd._hasHelpOption && cmd._helpShortFlag && !cmd._findOption(cmd._helpShortFlag);
-    const showLongHelpFlag = cmd._hasHelpOption && !cmd._findOption(cmd._helpLongFlag);
-    if (showShortHelpFlag || showLongHelpFlag) {
-      let helpOption;
-      if (!showShortHelpFlag) {
-        helpOption = cmd.createOption(cmd._helpLongFlag, cmd._helpDescription);
-      } else if (!showLongHelpFlag) {
-        helpOption = cmd.createOption(cmd._helpShortFlag, cmd._helpDescription);
-      } else {
-        helpOption = cmd.createOption(cmd._helpFlags, cmd._helpDescription);
-      }
-      visibleOptions.push(helpOption);
-    }
-    if (this.sortOptions) {
-      const getSortKey = (option) => {
-        // WYSIWYG for order displayed in help with short before long, no special handling for negated.
-        return option.short ? option.short.replace(/^-/, '') : option.long.replace(/^--/, '');
-      };
-      visibleOptions.sort((a, b) => {
-        return getSortKey(a).localeCompare(getSortKey(b));
-      });
-    }
-    return visibleOptions;
-  }
-
-  /**
-   * Get an array of the arguments if any have a description.
-   *
-   * @param {Command} cmd
-   * @returns {Argument[]}
-   */
-
-  visibleArguments(cmd) {
-    // Side effect! Apply the legacy descriptions before the arguments are displayed.
-    if (cmd._argsDescription) {
-      cmd._args.forEach(argument => {
-        argument.description = argument.description || cmd._argsDescription[argument.name()] || '';
-      });
-    }
-
-    // If there are any arguments with a description then return all the arguments.
-    if (cmd._args.find(argument => argument.description)) {
-      return cmd._args;
-    };
-    return [];
-  }
-
-  /**
-   * Get the command term to show in the list of subcommands.
-   *
-   * @param {Command} cmd
-   * @returns {string}
-   */
-
-  subcommandTerm(cmd) {
-    // Legacy. Ignores custom usage string, and nested commands.
-    const args = cmd._args.map(arg => humanReadableArgName(arg)).join(' ');
-    return cmd._name +
-      (cmd._aliases[0] ? '|' + cmd._aliases[0] : '') +
-      (cmd.options.length ? ' [options]' : '') + // simplistic check for non-help option
-      (args ? ' ' + args : '');
-  }
-
-  /**
-   * Get the option term to show in the list of options.
-   *
-   * @param {Option} option
-   * @returns {string}
-   */
-
-  optionTerm(option) {
-    return option.flags;
-  }
-
-  /**
-   * Get the argument term to show in the list of arguments.
-   *
-   * @param {Argument} argument
-   * @returns {string}
-   */
-
-  argumentTerm(argument) {
-    return argument.name();
-  }
-
-  /**
-   * Get the longest command term length.
-   *
-   * @param {Command} cmd
-   * @param {Help} helper
-   * @returns {number}
-   */
-
-  longestSubcommandTermLength(cmd, helper) {
-    return helper.visibleCommands(cmd).reduce((max, command) => {
-      return Math.max(max, helper.subcommandTerm(command).length);
-    }, 0);
-  };
-
-  /**
-   * Get the longest option term length.
-   *
-   * @param {Command} cmd
-   * @param {Help} helper
-   * @returns {number}
-   */
-
-  longestOptionTermLength(cmd, helper) {
-    return helper.visibleOptions(cmd).reduce((max, option) => {
-      return Math.max(max, helper.optionTerm(option).length);
-    }, 0);
-  };
-
-  /**
-   * Get the longest argument term length.
-   *
-   * @param {Command} cmd
-   * @param {Help} helper
-   * @returns {number}
-   */
-
-  longestArgumentTermLength(cmd, helper) {
-    return helper.visibleArguments(cmd).reduce((max, argument) => {
-      return Math.max(max, helper.argumentTerm(argument).length);
-    }, 0);
-  };
-
-  /**
-   * Get the command usage to be displayed at the top of the built-in help.
-   *
-   * @param {Command} cmd
-   * @returns {string}
-   */
-
-  commandUsage(cmd) {
-    // Usage
-    let cmdName = cmd._name;
-    if (cmd._aliases[0]) {
-      cmdName = cmdName + '|' + cmd._aliases[0];
-    }
-    let parentCmdNames = '';
-    for (let parentCmd = cmd.parent; parentCmd; parentCmd = parentCmd.parent) {
-      parentCmdNames = parentCmd.name() + ' ' + parentCmdNames;
-    }
-    return parentCmdNames + cmdName + ' ' + cmd.usage();
-  }
-
-  /**
-   * Get the description for the command.
-   *
-   * @param {Command} cmd
-   * @returns {string}
-   */
-
-  commandDescription(cmd) {
-    // @ts-ignore: overloaded return type
-    return cmd.description();
-  }
-
-  /**
-   * Get the command description to show in the list of subcommands.
-   *
-   * @param {Command} cmd
-   * @returns {string}
-   */
-
-  subcommandDescription(cmd) {
-    // @ts-ignore: overloaded return type
-    return cmd.description();
-  }
-
-  /**
-   * Get the option description to show in the list of options.
-   *
-   * @param {Option} option
-   * @return {string}
-   */
-
-  optionDescription(option) {
-    if (option.negate) {
-      return option.description;
-    }
-    const extraInfo = [];
-    if (option.argChoices) {
-      extraInfo.push(
-        // use stringify to match the display of the default value
-        `choices: ${option.argChoices.map((choice) => JSON.stringify(choice)).join(', ')}`);
-    }
-    if (option.defaultValue !== undefined) {
-      extraInfo.push(`default: ${option.defaultValueDescription || JSON.stringify(option.defaultValue)}`);
-    }
-    if (extraInfo.length > 0) {
-      return `${option.description} (${extraInfo.join(', ')})`;
-    }
-    return option.description;
-  };
-
-  /**
-   * Get the argument description to show in the list of arguments.
-   *
-   * @param {Argument} argument
-   * @return {string}
-   */
-
-  argumentDescription(argument) {
-    const extraInfo = [];
-    if (argument.argChoices) {
-      extraInfo.push(
-        // use stringify to match the display of the default value
-        `choices: ${argument.argChoices.map((choice) => JSON.stringify(choice)).join(', ')}`);
-    }
-    if (argument.defaultValue !== undefined) {
-      extraInfo.push(`default: ${argument.defaultValueDescription || JSON.stringify(argument.defaultValue)}`);
-    }
-    if (extraInfo.length > 0) {
-      const extraDescripton = `(${extraInfo.join(', ')})`;
-      if (argument.description) {
-        return `${argument.description} ${extraDescripton}`;
-      }
-      return extraDescripton;
-    }
-    return argument.description;
-  }
-
-  /**
-   * Generate the built-in help text.
-   *
-   * @param {Command} cmd
-   * @param {Help} helper
-   * @returns {string}
-   */
-
-  formatHelp(cmd, helper) {
-    const termWidth = helper.padWidth(cmd, helper);
-    const helpWidth = helper.helpWidth || 80;
-    const itemIndentWidth = 2;
-    const itemSeparatorWidth = 2; // between term and description
-    function formatItem(term, description) {
-      if (description) {
-        const fullText = `${term.padEnd(termWidth + itemSeparatorWidth)}${description}`;
-        return helper.wrap(fullText, helpWidth - itemIndentWidth, termWidth + itemSeparatorWidth);
-      }
-      return term;
-    };
-    function formatList(textArray) {
-      return textArray.join('\n').replace(/^/gm, ' '.repeat(itemIndentWidth));
-    }
-
-    // Usage
-    let output = [`Usage: ${helper.commandUsage(cmd)}`, ''];
-
-    // Description
-    const commandDescription = helper.commandDescription(cmd);
-    if (commandDescription.length > 0) {
-      output = output.concat([commandDescription, '']);
-    }
-
-    // Arguments
-    const argumentList = helper.visibleArguments(cmd).map((argument) => {
-      return formatItem(helper.argumentTerm(argument), helper.argumentDescription(argument));
-    });
-    if (argumentList.length > 0) {
-      output = output.concat(['Arguments:', formatList(argumentList), '']);
-    }
-
-    // Options
-    const optionList = helper.visibleOptions(cmd).map((option) => {
-      return formatItem(helper.optionTerm(option), helper.optionDescription(option));
-    });
-    if (optionList.length > 0) {
-      output = output.concat(['Options:', formatList(optionList), '']);
-    }
-
-    // Commands
-    const commandList = helper.visibleCommands(cmd).map((cmd) => {
-      return formatItem(helper.subcommandTerm(cmd), helper.subcommandDescription(cmd));
-    });
-    if (commandList.length > 0) {
-      output = output.concat(['Commands:', formatList(commandList), '']);
-    }
-
-    return output.join('\n');
-  }
-
-  /**
-   * Calculate the pad width from the maximum term length.
-   *
-   * @param {Command} cmd
-   * @param {Help} helper
-   * @returns {number}
-   */
-
-  padWidth(cmd, helper) {
-    return Math.max(
-      helper.longestOptionTermLength(cmd, helper),
-      helper.longestSubcommandTermLength(cmd, helper),
-      helper.longestArgumentTermLength(cmd, helper)
-    );
-  };
-
-  /**
-   * Wrap the given string to width characters per line, with lines after the first indented.
-   * Do not wrap if insufficient room for wrapping (minColumnWidth), or string is manually formatted.
-   *
-   * @param {string} str
-   * @param {number} width
-   * @param {number} indent
-   * @param {number} [minColumnWidth=40]
-   * @return {string}
-   *
-   */
-
-  wrap(str, width, indent, minColumnWidth = 40) {
-    // Detect manually wrapped and indented strings by searching for line breaks
-    // followed by multiple spaces/tabs.
-    if (str.match(/[\n]\s+/)) return str;
-    // Do not wrap if not enough room for a wrapped column of text (as could end up with a word per line).
-    const columnWidth = width - indent;
-    if (columnWidth < minColumnWidth) return str;
-
-    const leadingStr = str.substr(0, indent);
-    const columnText = str.substr(indent);
-
-    const indentString = ' '.repeat(indent);
-    const regex = new RegExp('.{1,' + (columnWidth - 1) + '}([\\s\u200B]|$)|[^\\s\u200B]+?([\\s\u200B]|$)', 'g');
-    const lines = columnText.match(regex) || [];
-    return leadingStr + lines.map((line, i) => {
-      if (line.slice(-1) === '\n') {
-        line = line.slice(0, line.length - 1);
-      }
-      return ((i > 0) ? indentString : '') + line.trimRight();
-    }).join('\n');
-  }
-}
-
-exports.Help = Help;
@@ -1,194 +0,0 @@
-const { InvalidArgumentError } = require('./error.js');
-
-// @ts-check
-
-class Option {
-  /**
-   * Initialize a new `Option` with the given `flags` and `description`.
-   *
-   * @param {string} flags
-   * @param {string} [description]
-   */
-
-  constructor(flags, description) {
-    this.flags = flags;
-    this.description = description || '';
-
-    this.required = flags.includes('<'); // A value must be supplied when the option is specified.
-    this.optional = flags.includes('['); // A value is optional when the option is specified.
-    // variadic test ignores <value,...> et al which might be used to describe custom splitting of single argument
-    this.variadic = /\w\.\.\.[>\]]$/.test(flags); // The option can take multiple values.
-    this.mandatory = false; // The option must have a value after parsing, which usually means it must be specified on command line.
-    const optionFlags = splitOptionFlags(flags);
-    this.short = optionFlags.shortFlag;
-    this.long = optionFlags.longFlag;
-    this.negate = false;
-    if (this.long) {
-      this.negate = this.long.startsWith('--no-');
-    }
-    this.defaultValue = undefined;
-    this.defaultValueDescription = undefined;
-    this.parseArg = undefined;
-    this.hidden = false;
-    this.argChoices = undefined;
-  }
-
-  /**
-   * Set the default value, and optionally supply the description to be displayed in the help.
-   *
-   * @param {any} value
-   * @param {string} [description]
-   * @return {Option}
-   */
-
-  default(value, description) {
-    this.defaultValue = value;
-    this.defaultValueDescription = description;
-    return this;
-  };
-
-  /**
-   * Set the custom handler for processing CLI option arguments into option values.
-   *
-   * @param {Function} [fn]
-   * @return {Option}
-   */
-
-  argParser(fn) {
-    this.parseArg = fn;
-    return this;
-  };
-
-  /**
-   * Whether the option is mandatory and must have a value after parsing.
-   *
-   * @param {boolean} [mandatory=true]
-   * @return {Option}
-   */
-
-  makeOptionMandatory(mandatory = true) {
-    this.mandatory = !!mandatory;
-    return this;
-  };
-
-  /**
-   * Hide option in help.
-   *
-   * @param {boolean} [hide=true]
-   * @return {Option}
-   */
-
-  hideHelp(hide = true) {
-    this.hidden = !!hide;
-    return this;
-  };
-
-  /**
-   * @api private
-   */
-
-  _concatValue(value, previous) {
-    if (previous === this.defaultValue || !Array.isArray(previous)) {
-      return [value];
-    }
-
-    return previous.concat(value);
-  }
-
-  /**
-   * Only allow option value to be one of choices.
-   *
-   * @param {string[]} values
-   * @return {Option}
-   */
-
-  choices(values) {
-    this.argChoices = values;
-    this.parseArg = (arg, previous) => {
-      if (!values.includes(arg)) {
-        throw new InvalidArgumentError(`Allowed choices are ${values.join(', ')}.`);
-      }
-      if (this.variadic) {
-        return this._concatValue(arg, previous);
-      }
-      return arg;
-    };
-    return this;
-  };
-
-  /**
-   * Return option name.
-   *
-   * @return {string}
-   */
-
-  name() {
-    if (this.long) {
-      return this.long.replace(/^--/, '');
-    }
-    return this.short.replace(/^-/, '');
-  };
-
-  /**
-   * Return option name, in a camelcase format that can be used
-   * as a object attribute key.
-   *
-   * @return {string}
-   * @api private
-   */
-
-  attributeName() {
-    return camelcase(this.name().replace(/^no-/, ''));
-  };
-
-  /**
-   * Check if `arg` matches the short or long flag.
-   *
-   * @param {string} arg
-   * @return {boolean}
-   * @api private
-   */
-
-  is(arg) {
-    return this.short === arg || this.long === arg;
-  };
-}
-
-/**
- * Convert string from kebab-case to camelCase.
- *
- * @param {string} str
- * @return {string}
- * @api private
- */
-
-function camelcase(str) {
-  return str.split('-').reduce((str, word) => {
-    return str + word[0].toUpperCase() + word.slice(1);
-  });
-}
-
-/**
- * Split the short and long flag out of something like '-m,--mixed <value>'
- *
- * @api private
- */
-
-function splitOptionFlags(flags) {
-  let shortFlag;
-  let longFlag;
-  // Use original very loose parsing to maintain backwards compatibility for now,
-  // which allowed for example unintended `-sw, --short-word` [sic].
-  const flagParts = flags.split(/[ |,]+/);
-  if (flagParts.length > 1 && !/^[[<]/.test(flagParts[1])) shortFlag = flagParts.shift();
-  longFlag = flagParts.shift();
-  // Add support for lone short flag without significantly changing parsing!
-  if (!shortFlag && /^-[^-]$/.test(longFlag)) {
-    shortFlag = longFlag;
-    longFlag = undefined;
-  }
-  return { shortFlag, longFlag };
-}
-
-exports.Option = Option;
-exports.splitOptionFlags = splitOptionFlags;
@@ -1,16 +0,0 @@
-{
-  "versions": [
-    {
-      "version": "*",
-      "target": {
-        "node": "supported"
-      },
-      "response": {
-        "type": "time-permitting"
-      },
-      "backing": {
-        "npm-funding": true
-      }
-    }
-  ]
-}
@@ -1,69 +0,0 @@
-{
-  "name": "commander",
-  "version": "8.1.0",
-  "description": "the complete solution for node.js command-line programs",
-  "keywords": [
-    "commander",
-    "command",
-    "option",
-    "parser",
-    "cli",
-    "argument",
-    "args",
-    "argv"
-  ],
-  "author": "TJ Holowaychuk <tj@vision-media.ca>",
-  "license": "MIT",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/tj/commander.js.git"
-  },
-  "scripts": {
-    "lint": "eslint index.js esm.mjs \"lib/*.js\" \"tests/**/*.js\"",
-    "typescript-lint": "eslint typings/*.ts tests/*.ts",
-    "test": "jest && npm run test-typings",
-    "test-esm": "node --experimental-modules ./tests/esm-imports-test.mjs",
-    "test-typings": "tsd",
-    "typescript-checkJS": "tsc --allowJS --checkJS index.js lib/*.js --noEmit",
-    "test-all": "npm run test && npm run lint && npm run typescript-lint && npm run typescript-checkJS && npm run test-esm"
-  },
-  "main": "./index.js",
-  "files": [
-    "index.js",
-    "lib/*.js",
-    "esm.mjs",
-    "typings/index.d.ts",
-    "package-support.json"
-  ],
-  "type": "commonjs",
-  "dependencies": {},
-  "devDependencies": {
-    "@types/jest": "^26.0.23",
-    "@types/node": "^14.17.3",
-    "@typescript-eslint/eslint-plugin": "^4.27.0",
-    "@typescript-eslint/parser": "^4.27.0",
-    "eslint": "^7.29.0",
-    "eslint-config-standard": "^16.0.3",
-    "eslint-plugin-jest": "^24.3.6",
-    "jest": "^27.0.4",
-    "standard": "^16.0.3",
-    "ts-jest": "^27.0.3",
-    "tsd": "^0.17.0",
-    "typescript": "^4.3.4"
-  },
-  "types": "typings/index.d.ts",
-  "jest": {
-    "testEnvironment": "node",
-    "collectCoverage": true,
-    "transform": {
-      "^.+\\.tsx?$": "ts-jest"
-    },
-    "testPathIgnorePatterns": [
-      "/node_modules/"
-    ]
-  },
-  "engines": {
-    "node": ">= 12"
-  },
-  "support": true
-}
@@ -1,758 +0,0 @@
-// Type definitions for commander
-// Original definitions by: Alan Agius <https://github.com/alan-agius4>, Marcelo Dezem <https://github.com/mdezem>, vvakame <https://github.com/vvakame>, Jules Randolph <https://github.com/sveinburne>
-
-// Using method rather than property for method-signature-style, to document method overloads separately. Allow either.
-/* eslint-disable @typescript-eslint/method-signature-style */
-/* eslint-disable @typescript-eslint/no-explicit-any */
-
-export class CommanderError extends Error {
-  code: string;
-  exitCode: number;
-  message: string;
-  nestedError?: string;
-
-  /**
-   * Constructs the CommanderError class
-   * @param exitCode - suggested exit code which could be used with process.exit
-   * @param code - an id string representing the error
-   * @param message - human-readable description of the error
-   * @constructor
-   */
-  constructor(exitCode: number, code: string, message: string);
-}
-
-export class InvalidArgumentError extends CommanderError {
-  /**
-   * Constructs the InvalidArgumentError class
-   * @param message - explanation of why argument is invalid
-   * @constructor
-   */
-  constructor(message: string);
-}
-export { InvalidArgumentError as InvalidOptionArgumentError }; // deprecated old name
-
-export class Argument {
-  description: string;
-  required: boolean;
-  variadic: boolean;
-
-  /**
-   * Initialize a new command argument with the given name and description.
-   * The default is that the argument is required, and you can explicitly
-   * indicate this with <> around the name. Put [] around the name for an optional argument.
-   */
-  constructor(arg: string, description?: string);
-
-  /**
-  * Return argument name.
-  */
-  name(): string;
-
-  /**
-   * Set the default value, and optionally supply the description to be displayed in the help.
-   */
-   default(value: unknown, description?: string): this;
-
-  /**
-   * Set the custom handler for processing CLI command arguments into argument values.
-   */
-   argParser<T>(fn: (value: string, previous: T) => T): this;
-
-  /**
-   * Only allow argument value to be one of choices.
-   */
-   choices(values: string[]): this;
-
-  /**
-   * Make option-argument required.
-   */
-   argRequired(): this;
-
-  /**
-   * Make option-argument optional.
-   */
-  argOptional(): this;
-  }
-
-export class Option {
-  flags: string;
-  description: string;
-
-  required: boolean; // A value must be supplied when the option is specified.
-  optional: boolean; // A value is optional when the option is specified.
-  variadic: boolean;
-  mandatory: boolean; // The option must have a value after parsing, which usually means it must be specified on command line.
-  optionFlags: string;
-  short?: string;
-  long?: string;
-  negate: boolean;
-  defaultValue?: any;
-  defaultValueDescription?: string;
-  parseArg?: <T>(value: string, previous: T) => T;
-  hidden: boolean;
-  argChoices?: string[];
-
-  constructor(flags: string, description?: string);
-
-  /**
-   * Set the default value, and optionally supply the description to be displayed in the help.
-   */
-  default(value: unknown, description?: string): this;
-
-  /**
-   * Calculate the full description, including defaultValue etc.
-   */
-  fullDescription(): string;
-
-  /**
-   * Set the custom handler for processing CLI option arguments into option values.
-   */
-  argParser<T>(fn: (value: string, previous: T) => T): this;
-
-  /**
-   * Whether the option is mandatory and must have a value after parsing.
-   */
-  makeOptionMandatory(mandatory?: boolean): this;
-
-  /**
-   * Hide option in help.
-   */
-  hideHelp(hide?: boolean): this;
-
-  /**
-   * Validation of option argument failed.
-   * Intended for use from custom argument processing functions.
-   */
-  argumentRejected(messsage: string): never;
-
-  /**
-   * Only allow option value to be one of choices.
-   */
-  choices(values: string[]): this;
-
-  /**
-   * Return option name.
-   */
-  name(): string;
-
-  /**
-   * Return option name, in a camelcase format that can be used
-   * as a object attribute key.
-   */
-  attributeName(): string;
-}
-
-export class Help {
-  /** output helpWidth, long lines are wrapped to fit */
-  helpWidth?: number;
-  sortSubcommands: boolean;
-  sortOptions: boolean;
-
-  constructor();
-
-  /** Get the command term to show in the list of subcommands. */
-  subcommandTerm(cmd: Command): string;
-  /** Get the command description to show in the list of subcommands. */
-  subcommandDescription(cmd: Command): string;
-  /** Get the option term to show in the list of options. */
-  optionTerm(option: Option): string;
-  /** Get the option description to show in the list of options. */
-  optionDescription(option: Option): string;
-  /** Get the argument term to show in the list of arguments. */
-  argumentTerm(argument: Argument): string;
-  /** Get the argument description to show in the list of arguments. */
-  argumentDescription(argument: Argument): string;
-
-  /** Get the command usage to be displayed at the top of the built-in help. */
-  commandUsage(cmd: Command): string;
-  /** Get the description for the command. */
-  commandDescription(cmd: Command): string;
-
-  /** Get an array of the visible subcommands. Includes a placeholder for the implicit help command, if there is one. */
-  visibleCommands(cmd: Command): Command[];
-  /** Get an array of the visible options. Includes a placeholder for the implicit help option, if there is one. */
-  visibleOptions(cmd: Command): Option[];
-  /** Get an array of the arguments which have descriptions. */
-  visibleArguments(cmd: Command): Argument[];
-
-  /** Get the longest command term length. */
-  longestSubcommandTermLength(cmd: Command, helper: Help): number;
-  /** Get the longest option term length. */
-  longestOptionTermLength(cmd: Command, helper: Help): number;
-  /** Get the longest argument term length. */
-  longestArgumentTermLength(cmd: Command, helper: Help): number;
-  /** Calculate the pad width from the maximum term length. */
-  padWidth(cmd: Command, helper: Help): number;
-
-  /**
-   * Wrap the given string to width characters per line, with lines after the first indented.
-   * Do not wrap if insufficient room for wrapping (minColumnWidth), or string is manually formatted.
-   */
-  wrap(str: string, width: number, indent: number, minColumnWidth?: number): string;
-
-  /** Generate the built-in help text. */
-  formatHelp(cmd: Command, helper: Help): string;
-}
-export type HelpConfiguration = Partial<Help>;
-
-export interface ParseOptions {
-  from: 'node' | 'electron' | 'user';
-}
-export interface HelpContext { // optional parameter for .help() and .outputHelp()
-  error: boolean;
-}
-export interface AddHelpTextContext { // passed to text function used with .addHelpText()
-  error: boolean;
-  command: Command;
-}
-export interface OutputConfiguration {
-  writeOut?(str: string): void;
-  writeErr?(str: string): void;
-  getOutHelpWidth?(): number;
-  getErrHelpWidth?(): number;
-  outputError?(str: string, write: (str: string) => void): void;
-
-}
-
-type AddHelpTextPosition = 'beforeAll' | 'before' | 'after' | 'afterAll';
-type HookEvent = 'preAction' | 'postAction';
-
-export interface OptionValues {
-  [key: string]: any;
-}
-
-export class Command {
-  args: string[];
-  processedArgs: any[];
-  commands: Command[];
-  parent: Command | null;
-
-  constructor(name?: string);
-
-  /**
-   * Set the program version to `str`.
-   *
-   * This method auto-registers the "-V, --version" flag
-   * which will print the version number when passed.
-   *
-   * You can optionally supply the  flags and description to override the defaults.
-   */
-  version(str: string, flags?: string, description?: string): this;
-
-  /**
-   * Define a command, implemented using an action handler.
-   *
-   * @remarks
-   * The command description is supplied using `.description`, not as a parameter to `.command`.
-   *
-   * @example
-   * ```ts
-   * program
-   *   .command('clone <source> [destination]')
-   *   .description('clone a repository into a newly created directory')
-   *   .action((source, destination) => {
-   *     console.log('clone command called');
-   *   });
-   * ```
-   *
-   * @param nameAndArgs - command name and arguments, args are  `<required>` or `[optional]` and last may also be `variadic...`
-   * @param opts - configuration options
-   * @returns new command
-   */
-  command(nameAndArgs: string, opts?: CommandOptions): ReturnType<this['createCommand']>;
-  /**
-   * Define a command, implemented in a separate executable file.
-   *
-   * @remarks
-   * The command description is supplied as the second parameter to `.command`.
-   *
-   * @example
-   * ```ts
-   *  program
-   *    .command('start <service>', 'start named service')
-   *    .command('stop [service]', 'stop named service, or all if no name supplied');
-   * ```
-   *
-   * @param nameAndArgs - command name and arguments, args are  `<required>` or `[optional]` and last may also be `variadic...`
-   * @param description - description of executable command
-   * @param opts - configuration options
-   * @returns `this` command for chaining
-   */
-  command(nameAndArgs: string, description: string, opts?: ExecutableCommandOptions): this;
-
-  /**
-   * Factory routine to create a new unattached command.
-   *
-   * See .command() for creating an attached subcommand, which uses this routine to
-   * create the command. You can override createCommand to customise subcommands.
-   */
-  createCommand(name?: string): Command;
-
-  /**
-   * Add a prepared subcommand.
-   *
-   * See .command() for creating an attached subcommand which inherits settings from its parent.
-   *
-   * @returns `this` command for chaining
-   */
-  addCommand(cmd: Command, opts?: CommandOptions): this;
-
-  /**
-   * Factory routine to create a new unattached argument.
-   *
-   * See .argument() for creating an attached argument, which uses this routine to
-   * create the argument. You can override createArgument to return a custom argument.
-   */
-  createArgument(name: string, description?: string): Argument;
-
-  /**
-   * Define argument syntax for command.
-   *
-   * The default is that the argument is required, and you can explicitly
-   * indicate this with <> around the name. Put [] around the name for an optional argument.
-   *
-   * @example
-   * ```
-   * program.argument('<input-file>');
-   * program.argument('[output-file]');
-   * ```
-   *
-   * @returns `this` command for chaining
-   */
-    argument<T>(flags: string, description: string, fn: (value: string, previous: T) => T, defaultValue?: T): this;
-    argument(name: string, description?: string, defaultValue?: unknown): this;
-
-  /**
-   * Define argument syntax for command, adding a prepared argument.
-   *
-   * @returns `this` command for chaining
-   */
-  addArgument(arg: Argument): this;
-
-  /**
-   * Define argument syntax for command, adding multiple at once (without descriptions).
-   *
-   * See also .argument().
-   *
-   * @example
-   * ```
-   * program.arguments('<cmd> [env]');
-   * ```
-   *
-   * @returns `this` command for chaining
-   */
-  arguments(names: string): this;
-
-  /**
-   * Override default decision whether to add implicit help command.
-   *
-   * @example
-   * ```
-   * addHelpCommand() // force on
-   * addHelpCommand(false); // force off
-   * addHelpCommand('help [cmd]', 'display help for [cmd]'); // force on with custom details
-   * ```
-   *
-   * @returns `this` command for chaining
-   */
-  addHelpCommand(enableOrNameAndArgs?: string | boolean, description?: string): this;
-
-  /**
-   * Add hook for life cycle event.
-   */
-  hook(event: HookEvent, listener: (thisCommand: Command, actionCommand: Command) => void | Promise<void>): this;
-
-  /**
-   * Register callback to use as replacement for calling process.exit.
-   */
-  exitOverride(callback?: (err: CommanderError) => never|void): this;
-
-  /**
-   * You can customise the help with a subclass of Help by overriding createHelp,
-   * or by overriding Help properties using configureHelp().
-   */
-  createHelp(): Help;
-
-  /**
-   * You can customise the help by overriding Help properties using configureHelp(),
-   * or with a subclass of Help by overriding createHelp().
-   */
-  configureHelp(configuration: HelpConfiguration): this;
-  /** Get configuration */
-  configureHelp(): HelpConfiguration;
-
-  /**
-   * The default output goes to stdout and stderr. You can customise this for special
-   * applications. You can also customise the display of errors by overriding outputError.
-   *
-   * The configuration properties are all functions:
-   * ```
-   * // functions to change where being written, stdout and stderr
-   * writeOut(str)
-   * writeErr(str)
-   * // matching functions to specify width for wrapping help
-   * getOutHelpWidth()
-   * getErrHelpWidth()
-   * // functions based on what is being written out
-   * outputError(str, write) // used for displaying errors, and not used for displaying help
-   * ```
-   */
-  configureOutput(configuration: OutputConfiguration): this;
-  /** Get configuration */
-  configureOutput(): OutputConfiguration;
-
-  /**
-   * Copy settings that are useful to have in common across root command and subcommands.
-   *
-   * (Used internally when adding a command using `.command()` so subcommands inherit parent settings.)
-   */
-   copyInheritedSettings(sourceCommand: Command): this;
-
-  /**
-   * Display the help or a custom message after an error occurs.
-   */
-  showHelpAfterError(displayHelp?: boolean | string): this;
-
-  /**
-   * Register callback `fn` for the command.
-   *
-   * @example
-   * ```
-   * program
-   *   .command('help')
-   *   .description('display verbose help')
-   *   .action(function() {
-   *     // output help here
-   *   });
-   * ```
-   *
-   * @returns `this` command for chaining
-   */
-  action(fn: (...args: any[]) => void | Promise<void>): this;
-
-  /**
-   * Define option with `flags`, `description` and optional
-   * coercion `fn`.
-   *
-   * The `flags` string contains the short and/or long flags,
-   * separated by comma, a pipe or space. The following are all valid
-   * all will output this way when `--help` is used.
-   *
-   *     "-p, --pepper"
-   *     "-p|--pepper"
-   *     "-p --pepper"
-   *
-   * @example
-   * ```
-   * // simple boolean defaulting to false
-   *  program.option('-p, --pepper', 'add pepper');
-   *
-   *  --pepper
-   *  program.pepper
-   *  // => Boolean
-   *
-   *  // simple boolean defaulting to true
-   *  program.option('-C, --no-cheese', 'remove cheese');
-   *
-   *  program.cheese
-   *  // => true
-   *
-   *  --no-cheese
-   *  program.cheese
-   *  // => false
-   *
-   *  // required argument
-   *  program.option('-C, --chdir <path>', 'change the working directory');
-   *
-   *  --chdir /tmp
-   *  program.chdir
-   *  // => "/tmp"
-   *
-   *  // optional argument
-   *  program.option('-c, --cheese [type]', 'add cheese [marble]');
-   * ```
-   *
-   * @returns `this` command for chaining
-   */
-  option(flags: string, description?: string, defaultValue?: string | boolean): this;
-  option<T>(flags: string, description: string, fn: (value: string, previous: T) => T, defaultValue?: T): this;
-  /** @deprecated since v7, instead use choices or a custom function */
-  option(flags: string, description: string, regexp: RegExp, defaultValue?: string | boolean): this;
-
-  /**
-   * Define a required option, which must have a value after parsing. This usually means
-   * the option must be specified on the command line. (Otherwise the same as .option().)
-   *
-   * The `flags` string contains the short and/or long flags, separated by comma, a pipe or space.
-   */
-  requiredOption(flags: string, description?: string, defaultValue?: string | boolean): this;
-  requiredOption<T>(flags: string, description: string, fn: (value: string, previous: T) => T, defaultValue?: T): this;
-  /** @deprecated since v7, instead use choices or a custom function */
-  requiredOption(flags: string, description: string, regexp: RegExp, defaultValue?: string | boolean): this;
-
-  /**
-   * Factory routine to create a new unattached option.
-   *
-   * See .option() for creating an attached option, which uses this routine to
-   * create the option. You can override createOption to return a custom option.
-   */
-
-  createOption(flags: string, description?: string): Option;
-
-  /**
-   * Add a prepared Option.
-   *
-   * See .option() and .requiredOption() for creating and attaching an option in a single call.
-   */
-  addOption(option: Option): this;
-
-  /**
-   * Whether to store option values as properties on command object,
-   * or store separately (specify false). In both cases the option values can be accessed using .opts().
-   *
-   * @returns `this` command for chaining
-   */
-  storeOptionsAsProperties<T extends OptionValues>(): this & T;
-  storeOptionsAsProperties<T extends OptionValues>(storeAsProperties: true): this & T;
-  storeOptionsAsProperties(storeAsProperties?: boolean): this;
-
-  /**
-   * Retrieve option value.
-   */
-  getOptionValue(key: string): any;
-
-   /**
-   * Store option value.
-   */
-  setOptionValue(key: string, value: unknown): this;
-
-  /**
-   * Alter parsing of short flags with optional values.
-   *
-   * @example
-   * ```
-   * // for `.option('-f,--flag [value]'):
-   * .combineFlagAndOptionalValue(true)  // `-f80` is treated like `--flag=80`, this is the default behaviour
-   * .combineFlagAndOptionalValue(false) // `-fb` is treated like `-f -b`
-   * ```
-   *
-   * @returns `this` command for chaining
-   */
-  combineFlagAndOptionalValue(combine?: boolean): this;
-
-  /**
-   * Allow unknown options on the command line.
-   *
-   * @returns `this` command for chaining
-   */
-  allowUnknownOption(allowUnknown?: boolean): this;
-
-  /**
-   * Allow excess command-arguments on the command line. Pass false to make excess arguments an error.
-   *
-   * @returns `this` command for chaining
-   */
-  allowExcessArguments(allowExcess?: boolean): this;
-
-  /**
-   * Enable positional options. Positional means global options are specified before subcommands which lets
-   * subcommands reuse the same option names, and also enables subcommands to turn on passThroughOptions.
-   *
-   * The default behaviour is non-positional and global options may appear anywhere on the command line.
-   *
-   * @returns `this` command for chaining
-   */
-  enablePositionalOptions(positional?: boolean): this;
-
-  /**
-   * Pass through options that come after command-arguments rather than treat them as command-options,
-   * so actual command-options come before command-arguments. Turning this on for a subcommand requires
-   * positional options to have been enabled on the program (parent commands).
-   *
-   * The default behaviour is non-positional and options may appear before or after command-arguments.
-   *
-   * @returns `this` command for chaining
-   */
-  passThroughOptions(passThrough?: boolean): this;
-
-  /**
-   * Parse `argv`, setting options and invoking commands when defined.
-   *
-   * The default expectation is that the arguments are from node and have the application as argv[0]
-   * and the script being run in argv[1], with user parameters after that.
-   *
-   * @example
-   * ```
-   * program.parse(process.argv);
-   * program.parse(); // implicitly use process.argv and auto-detect node vs electron conventions
-   * program.parse(my-args, { from: 'user' }); // just user supplied arguments, nothing special about argv[0]
-   * ```
-   *
-   * @returns `this` command for chaining
-   */
-  parse(argv?: string[], options?: ParseOptions): this;
-
-  /**
-   * Parse `argv`, setting options and invoking commands when defined.
-   *
-   * Use parseAsync instead of parse if any of your action handlers are async. Returns a Promise.
-   *
-   * The default expectation is that the arguments are from node and have the application as argv[0]
-   * and the script being run in argv[1], with user parameters after that.
-   *
-   * @example
-   * ```
-   * program.parseAsync(process.argv);
-   * program.parseAsync(); // implicitly use process.argv and auto-detect node vs electron conventions
-   * program.parseAsync(my-args, { from: 'user' }); // just user supplied arguments, nothing special about argv[0]
-   * ```
-   *
-   * @returns Promise
-   */
-  parseAsync(argv?: string[], options?: ParseOptions): Promise<this>;
-
-  /**
-   * Parse options from `argv` removing known options,
-   * and return argv split into operands and unknown arguments.
-   *
-   *     argv => operands, unknown
-   *     --known kkk op => [op], []
-   *     op --known kkk => [op], []
-   *     sub --unknown uuu op => [sub], [--unknown uuu op]
-   *     sub -- --unknown uuu op => [sub --unknown uuu op], []
-   */
-  parseOptions(argv: string[]): ParseOptionsResult;
-
-  /**
-   * Return an object containing options as key-value pairs
-   */
-  opts<T extends OptionValues>(): T;
-
-  /**
-   * Set the description.
-   *
-   * @returns `this` command for chaining
-   */
-
-  description(str: string): this;
-  /** @deprecated since v8, instead use .argument to add command argument with description */
-  description(str: string, argsDescription: {[argName: string]: string}): this;
-  /**
-   * Get the description.
-   */
-  description(): string;
-
-  /**
-   * Set an alias for the command.
-   *
-   * You may call more than once to add multiple aliases. Only the first alias is shown in the auto-generated help.
-   *
-   * @returns `this` command for chaining
-   */
-  alias(alias: string): this;
-  /**
-   * Get alias for the command.
-   */
-  alias(): string;
-
-  /**
-   * Set aliases for the command.
-   *
-   * Only the first alias is shown in the auto-generated help.
-   *
-   * @returns `this` command for chaining
-   */
-  aliases(aliases: string[]): this;
-  /**
-   * Get aliases for the command.
-   */
-  aliases(): string[];
-
-  /**
-   * Set the command usage.
-   *
-   * @returns `this` command for chaining
-   */
-  usage(str: string): this;
-  /**
-   * Get the command usage.
-   */
-  usage(): string;
-
-  /**
-   * Set the name of the command.
-   *
-   * @returns `this` command for chaining
-   */
-  name(str: string): this;
-  /**
-   * Get the name of the command.
-   */
-  name(): string;
-
-  /**
-   * Output help information for this command.
-   *
-   * Outputs built-in help, and custom text added using `.addHelpText()`.
-   *
-   */
-  outputHelp(context?: HelpContext): void;
-  /** @deprecated since v7 */
-  outputHelp(cb?: (str: string) => string): void;
-
-  /**
-   * Return command help documentation.
-   */
-  helpInformation(context?: HelpContext): string;
-
-  /**
-   * You can pass in flags and a description to override the help
-   * flags and help description for your command. Pass in false
-   * to disable the built-in help option.
-   */
-  helpOption(flags?: string | boolean, description?: string): this;
-
-  /**
-   * Output help information and exit.
-   *
-   * Outputs built-in help, and custom text added using `.addHelpText()`.
-   */
-  help(context?: HelpContext): never;
-  /** @deprecated since v7 */
-  help(cb?: (str: string) => string): never;
-
-  /**
-   * Add additional text to be displayed with the built-in help.
-   *
-   * Position is 'before' or 'after' to affect just this command,
-   * and 'beforeAll' or 'afterAll' to affect this command and all its subcommands.
-   */
-  addHelpText(position: AddHelpTextPosition, text: string): this;
-  addHelpText(position: AddHelpTextPosition, text: (context: AddHelpTextContext) => string): this;
-
-  /**
-   * Add a listener (callback) for when events occur. (Implemented using EventEmitter.)
-   */
-  on(event: string | symbol, listener: (...args: any[]) => void): this;
-}
-
-export interface CommandOptions {
-  hidden?: boolean;
-  isDefault?: boolean;
-  /** @deprecated since v7, replaced by hidden */
-  noHelp?: boolean;
-}
-export interface ExecutableCommandOptions extends CommandOptions {
-  executableFile?: string;
-}
-
-export interface ParseOptionsResult {
-  operands: string[];
-  unknown: string[];
-}
-
-export function createCommand(name?: string): Command;
-export function createOption(flags: string, description?: string): Option;
-export function createArgument(name: string, description?: string): Argument;
-
-export const program: Command;
@@ -1,27 +0,0 @@
-Copyright © 2011, Paul Vorbach. All rights reserved.
-Copyright © 2009, Jeff Mott. All rights reserved.
-
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without modification,
-are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
-  list of conditions and the following disclaimer.
-* Redistributions in binary form must reproduce the above copyright notice, this
-  list of conditions and the following disclaimer in the documentation and/or
-  other materials provided with the distribution.
-* Neither the name Crypto-JS nor the names of its contributors may be used to
-  endorse or promote products derived from this software without specific prior
-  written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR
-ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
-ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
@@ -1 +0,0 @@
-**crypt** provides utilities for encryption and hashing
@@ -1,96 +0,0 @@
-(function() {
-  var base64map
-      = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/',
-
-  crypt = {
-    // Bit-wise rotation left
-    rotl: function(n, b) {
-      return (n << b) | (n >>> (32 - b));
-    },
-
-    // Bit-wise rotation right
-    rotr: function(n, b) {
-      return (n << (32 - b)) | (n >>> b);
-    },
-
-    // Swap big-endian to little-endian and vice versa
-    endian: function(n) {
-      // If number given, swap endian
-      if (n.constructor == Number) {
-        return crypt.rotl(n, 8) & 0x00FF00FF | crypt.rotl(n, 24) & 0xFF00FF00;
-      }
-
-      // Else, assume array and swap all items
-      for (var i = 0; i < n.length; i++)
-        n[i] = crypt.endian(n[i]);
-      return n;
-    },
-
-    // Generate an array of any length of random bytes
-    randomBytes: function(n) {
-      for (var bytes = []; n > 0; n--)
-        bytes.push(Math.floor(Math.random() * 256));
-      return bytes;
-    },
-
-    // Convert a byte array to big-endian 32-bit words
-    bytesToWords: function(bytes) {
-      for (var words = [], i = 0, b = 0; i < bytes.length; i++, b += 8)
-        words[b >>> 5] |= bytes[i] << (24 - b % 32);
-      return words;
-    },
-
-    // Convert big-endian 32-bit words to a byte array
-    wordsToBytes: function(words) {
-      for (var bytes = [], b = 0; b < words.length * 32; b += 8)
-        bytes.push((words[b >>> 5] >>> (24 - b % 32)) & 0xFF);
-      return bytes;
-    },
-
-    // Convert a byte array to a hex string
-    bytesToHex: function(bytes) {
-      for (var hex = [], i = 0; i < bytes.length; i++) {
-        hex.push((bytes[i] >>> 4).toString(16));
-        hex.push((bytes[i] & 0xF).toString(16));
-      }
-      return hex.join('');
-    },
-
-    // Convert a hex string to a byte array
-    hexToBytes: function(hex) {
-      for (var bytes = [], c = 0; c < hex.length; c += 2)
-        bytes.push(parseInt(hex.substr(c, 2), 16));
-      return bytes;
-    },
-
-    // Convert a byte array to a base-64 string
-    bytesToBase64: function(bytes) {
-      for (var base64 = [], i = 0; i < bytes.length; i += 3) {
-        var triplet = (bytes[i] << 16) | (bytes[i + 1] << 8) | bytes[i + 2];
-        for (var j = 0; j < 4; j++)
-          if (i * 8 + j * 6 <= bytes.length * 8)
-            base64.push(base64map.charAt((triplet >>> 6 * (3 - j)) & 0x3F));
-          else
-            base64.push('=');
-      }
-      return base64.join('');
-    },
-
-    // Convert a base-64 string to a byte array
-    base64ToBytes: function(base64) {
-      // Remove non-base-64 characters
-      base64 = base64.replace(/[^A-Z0-9+\/]/ig, '');
-
-      for (var bytes = [], i = 0, imod4 = 0; i < base64.length;
-          imod4 = ++i % 4) {
-        if (imod4 == 0) continue;
-        bytes.push(((base64map.indexOf(base64.charAt(i - 1))
-            & (Math.pow(2, -2 * imod4 + 8) - 1)) << (imod4 * 2))
-            | (base64map.indexOf(base64.charAt(i)) >>> (6 - imod4 * 2)));
-      }
-      return bytes;
-    }
-  };
-
-  module.exports = crypt;
-})();
@@ -1,22 +0,0 @@
-{
-  "author": "Paul Vorbach <paul@vorb.de> (http://vorb.de)",
-  "name": "crypt",
-  "description": "utilities for encryption and hashing",
-  "tags": [
-    "hash",
-    "security"
-  ],
-  "version": "0.0.2",
-  "license": "BSD-3-Clause",
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/pvorb/node-crypt.git"
-  },
-  "bugs": {
-    "url": "https://github.com/pvorb/node-crypt/issues"
-  },
-  "main": "crypt.js",
-  "engines": {
-    "node": "*"
-  }
-}
@@ -1,15 +0,0 @@
-The ISC License
-
-Copyright (c) 2009-2023 Isaac Z. Schlueter and Contributors
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
@@ -1,328 +0,0 @@
-/// <reference types="node" />
-import { Minimatch } from 'minimatch';
-import Minipass from 'minipass';
-import { FSOption, Path, PathScurry } from 'path-scurry';
-import { IgnoreLike } from './ignore.js';
-import { Pattern } from './pattern.js';
-export type MatchSet = Minimatch['set'];
-export type GlobParts = Exclude<Minimatch['globParts'], undefined>;
-/**
- * A `GlobOptions` object may be provided to any of the exported methods, and
- * must be provided to the `Glob` constructor.
- *
- * All options are optional, boolean, and false by default, unless otherwise
- * noted.
- *
- * All resolved options are added to the Glob object as properties.
- *
- * If you are running many `glob` operations, you can pass a Glob object as the
- * `options` argument to a subsequent operation to share the previously loaded
- * cache.
- */
-export interface GlobOptions {
-    /**
-     * Set to `true` to always receive absolute paths for
-     * matched files. Set to `false` to always return relative paths.
-     *
-     * When this option is not set, absolute paths are returned for patterns
-     * that are absolute, and otherwise paths are returned that are relative
-     * to the `cwd` setting.
-     *
-     * This does _not_ make an extra system call to get
-     * the realpath, it only does string path resolution.
-     *
-     * Conflicts with {@link withFileTypes}
-     */
-    absolute?: boolean;
-    /**
-     * Set to false to enable {@link windowsPathsNoEscape}
-     *
-     * @deprecated
-     */
-    allowWindowsEscape?: boolean;
-    /**
-     * The current working directory in which to search. Defaults to
-     * `process.cwd()`.
-     *
-     * May be eiher a string path or a `file://` URL object or string.
-     */
-    cwd?: string | URL;
-    /**
-     * Include `.dot` files in normal matches and `globstar`
-     * matches. Note that an explicit dot in a portion of the pattern
-     * will always match dot files.
-     */
-    dot?: boolean;
-    /**
-     * Prepend all relative path strings with `./` (or `.\` on Windows).
-     *
-     * Without this option, returned relative paths are "bare", so instead of
-     * returning `'./foo/bar'`, they are returned as `'foo/bar'`.
-     *
-     * Relative patterns starting with `'../'` are not prepended with `./`, even
-     * if this option is set.
-     */
-    dotRelative?: boolean;
-    /**
-     * Follow symlinked directories when expanding `**`
-     * patterns. This can result in a lot of duplicate references in
-     * the presence of cyclic links, and make performance quite bad.
-     *
-     * By default, a `**` in a pattern will follow 1 symbolic link if
-     * it is not the first item in the pattern, or none if it is the
-     * first item in the pattern, following the same behavior as Bash.
-     */
-    follow?: boolean;
-    /**
-     * string or string[], or an object with `ignore` and `ignoreChildren`
-     * methods.
-     *
-     * If a string or string[] is provided, then this is treated as a glob
-     * pattern or array of glob patterns to exclude from matches. To ignore all
-     * children within a directory, as well as the entry itself, append `'/**'`
-     * to the ignore pattern.
-     *
-     * **Note** `ignore` patterns are _always_ in `dot:true` mode, regardless of
-     * any other settings.
-     *
-     * If an object is provided that has `ignored(path)` and/or
-     * `childrenIgnored(path)` methods, then these methods will be called to
-     * determine whether any Path is a match or if its children should be
-     * traversed, respectively.
-     */
-    ignore?: string | string[] | IgnoreLike;
-    /**
-     * Treat brace expansion like `{a,b}` as a "magic" pattern. Has no
-     * effect if {@link nobrace} is set.
-     *
-     * Only has effect on the {@link hasMagic} function.
-     */
-    magicalBraces?: boolean;
-    /**
-     * Add a `/` character to directory matches. Note that this requires
-     * additional stat calls in some cases.
-     */
-    mark?: boolean;
-    /**
-     * Perform a basename-only match if the pattern does not contain any slash
-     * characters. That is, `*.js` would be treated as equivalent to
-     * `**\/*.js`, matching all js files in all directories.
-     */
-    matchBase?: boolean;
-    /**
-     * Limit the directory traversal to a given depth below the cwd.
-     * Note that this does NOT prevent traversal to sibling folders,
-     * root patterns, and so on. It only limits the maximum folder depth
-     * that the walk will descend, relative to the cwd.
-     */
-    maxDepth?: number;
-    /**
-     * Do not expand `{a,b}` and `{1..3}` brace sets.
-     */
-    nobrace?: boolean;
-    /**
-     * Perform a case-insensitive match. This defaults to `true` on macOS and
-     * Windows systems, and `false` on all others.
-     *
-     * **Note** `nocase` should only be explicitly set when it is
-     * known that the filesystem's case sensitivity differs from the
-     * platform default. If set `true` on case-sensitive file
-     * systems, or `false` on case-insensitive file systems, then the
-     * walk may return more or less results than expected.
-     */
-    nocase?: boolean;
-    /**
-     * Do not match directories, only files. (Note: to match
-     * _only_ directories, put a `/` at the end of the pattern.)
-     */
-    nodir?: boolean;
-    /**
-     * Do not match "extglob" patterns such as `+(a|b)`.
-     */
-    noext?: boolean;
-    /**
-     * Do not match `**` against multiple filenames. (Ie, treat it as a normal
-     * `*` instead.)
-     *
-     * Conflicts with {@link matchBase}
-     */
-    noglobstar?: boolean;
-    /**
-     * Defaults to value of `process.platform` if available, or `'linux'` if
-     * not. Setting `platform:'win32'` on non-Windows systems may cause strange
-     * behavior.
-     */
-    platform?: NodeJS.Platform;
-    /**
-     * Set to true to call `fs.realpath` on all of the
-     * results. In the case of an entry that cannot be resolved, the
-     * entry is omitted. This incurs a slight performance penalty, of
-     * course, because of the added system calls.
-     */
-    realpath?: boolean;
-    /**
-     *
-     * A string path resolved against the `cwd` option, which
-     * is used as the starting point for absolute patterns that start
-     * with `/`, (but not drive letters or UNC paths on Windows).
-     *
-     * Note that this _doesn't_ necessarily limit the walk to the
-     * `root` directory, and doesn't affect the cwd starting point for
-     * non-absolute patterns. A pattern containing `..` will still be
-     * able to traverse out of the root directory, if it is not an
-     * actual root directory on the filesystem, and any non-absolute
-     * patterns will be matched in the `cwd`. For example, the
-     * pattern `/../*` with `{root:'/some/path'}` will return all
-     * files in `/some`, not all files in `/some/path`. The pattern
-     * `*` with `{root:'/some/path'}` will return all the entries in
-     * the cwd, not the entries in `/some/path`.
-     *
-     * To start absolute and non-absolute patterns in the same
-     * path, you can use `{root:''}`. However, be aware that on
-     * Windows systems, a pattern like `x:/*` or `//host/share/*` will
-     * _always_ start in the `x:/` or `//host/share` directory,
-     * regardless of the `root` setting.
-     */
-    root?: string;
-    /**
-     * A [PathScurry](http://npm.im/path-scurry) object used
-     * to traverse the file system. If the `nocase` option is set
-     * explicitly, then any provided `scurry` object must match this
-     * setting.
-     */
-    scurry?: PathScurry;
-    /**
-     * Call `lstat()` on all entries, whether required or not to determine
-     * whether it's a valid match. When used with {@link withFileTypes}, this
-     * means that matches will include data such as modified time, permissions,
-     * and so on.  Note that this will incur a performance cost due to the added
-     * system calls.
-     */
-    stat?: boolean;
-    /**
-     * An AbortSignal which will cancel the Glob walk when
-     * triggered.
-     */
-    signal?: AbortSignal;
-    /**
-     * Use `\\` as a path separator _only_, and
-     *  _never_ as an escape character. If set, all `\\` characters are
-     *  replaced with `/` in the pattern.
-     *
-     *  Note that this makes it **impossible** to match against paths
-     *  containing literal glob pattern characters, but allows matching
-     *  with patterns constructed using `path.join()` and
-     *  `path.resolve()` on Windows platforms, mimicking the (buggy!)
-     *  behavior of Glob v7 and before on Windows. Please use with
-     *  caution, and be mindful of [the caveat below about Windows
-     *  paths](#windows). (For legacy reasons, this is also set if
-     *  `allowWindowsEscape` is set to the exact value `false`.)
-     */
-    windowsPathsNoEscape?: boolean;
-    /**
-     * Return [PathScurry](http://npm.im/path-scurry)
-     * `Path` objects instead of strings. These are similar to a
-     * NodeJS `Dirent` object, but with additional methods and
-     * properties.
-     *
-     * Conflicts with {@link absolute}
-     */
-    withFileTypes?: boolean;
-    /**
-     * An fs implementation to override some or all of the defaults.  See
-     * http://npm.im/path-scurry for details about what can be overridden.
-     */
-    fs?: FSOption;
-}
-export type GlobOptionsWithFileTypesTrue = GlobOptions & {
-    withFileTypes: true;
-    absolute?: undefined;
-};
-export type GlobOptionsWithFileTypesFalse = GlobOptions & {
-    withFileTypes?: false;
-};
-export type GlobOptionsWithFileTypesUnset = GlobOptions & {
-    withFileTypes?: undefined;
-};
-export type Result<Opts> = Opts extends GlobOptionsWithFileTypesTrue ? Path : Opts extends GlobOptionsWithFileTypesFalse ? string : Opts extends GlobOptionsWithFileTypesUnset ? string : string | Path;
-export type Results<Opts> = Result<Opts>[];
-export type FileTypes<Opts> = Opts extends GlobOptionsWithFileTypesTrue ? true : Opts extends GlobOptionsWithFileTypesFalse ? false : Opts extends GlobOptionsWithFileTypesUnset ? false : boolean;
-/**
- * An object that can perform glob pattern traversals.
- */
-export declare class Glob<Opts extends GlobOptions> implements GlobOptions {
-    absolute?: boolean;
-    cwd: string;
-    root?: string;
-    dot: boolean;
-    dotRelative: boolean;
-    follow: boolean;
-    ignore?: string | string[] | IgnoreLike;
-    magicalBraces: boolean;
-    mark?: boolean;
-    matchBase: boolean;
-    maxDepth: number;
-    nobrace: boolean;
-    nocase: boolean;
-    nodir: boolean;
-    noext: boolean;
-    noglobstar: boolean;
-    pattern: string[];
-    platform: NodeJS.Platform;
-    realpath: boolean;
-    scurry: PathScurry;
-    stat: boolean;
-    signal?: AbortSignal;
-    windowsPathsNoEscape: boolean;
-    withFileTypes: FileTypes<Opts>;
-    /**
-     * The options provided to the constructor.
-     */
-    opts: Opts;
-    /**
-     * An array of parsed immutable {@link Pattern} objects.
-     */
-    patterns: Pattern[];
-    /**
-     * All options are stored as properties on the `Glob` object.
-     *
-     * See {@link GlobOptions} for full options descriptions.
-     *
-     * Note that a previous `Glob` object can be passed as the
-     * `GlobOptions` to another `Glob` instantiation to re-use settings
-     * and caches with a new pattern.
-     *
-     * Traversal functions can be called multiple times to run the walk
-     * again.
-     */
-    constructor(pattern: string | string[], opts: Opts);
-    /**
-     * Returns a Promise that resolves to the results array.
-     */
-    walk(): Promise<Results<Opts>>;
-    /**
-     * synchronous {@link Glob.walk}
-     */
-    walkSync(): Results<Opts>;
-    /**
-     * Stream results asynchronously.
-     */
-    stream(): Minipass<Result<Opts>, Result<Opts>>;
-    /**
-     * Stream results synchronously.
-     */
-    streamSync(): Minipass<Result<Opts>, Result<Opts>>;
-    /**
-     * Default sync iteration function. Returns a Generator that
-     * iterates over the results.
-     */
-    iterateSync(): Generator<Result<Opts>, void, void>;
-    [Symbol.iterator](): Generator<Result<Opts>, void, void>;
-    /**
-     * Default async iteration function. Returns an AsyncGenerator that
-     * iterates over the results.
-     */
-    iterate(): AsyncGenerator<Result<Opts>, void, void>;
-    [Symbol.asyncIterator](): AsyncGenerator<Result<Opts>, void, void>;
-}
-//# sourceMappingURL=glob.d.ts.map
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Andrew Eisenberg	7a9b004c1f	Add `threat-models` as a property to config file and inputs There's a lot of changes here, but it's pretty formulaic. It follows the approach used by the `queries` input and config property. `threat-models` can appear as an input or in the config file. If it appears in the input, then we need to either merge it with the threat-models in the config (if prefixed with `+`) or overwrite it. There's no danger if someone uses `threat-models` with an older CLI since the CLI can handle configs with extra properties.	2023-04-20 11:59:55 -07:00
Chuan-kai Lin	a8affb0639	Merge pull request #1649 from github/cklin/codeql-cli-2.13.0 Update default CodeQL bundle version to 2.13.0	2023-04-20 07:39:38 -07:00
Henry Mercer	b8cc643a23	Merge branch 'main' into cklin/codeql-cli-2.13.0	2023-04-20 11:23:25 +01:00
Henry Mercer	7019a9c6fd	Merge pull request #1618 from github/henrymercer/remove-legacy-tracing Remove legacy tracing	2023-04-20 11:22:32 +01:00
Henry Mercer	66f62df188	Merge branch 'main' into henrymercer/remove-legacy-tracing	2023-04-19 15:56:42 +01:00
Henry Mercer	afdf30f311	Merge pull request #1652 from github/henrymercer/fix-bundle-version Fix the `bundleVersion` field set by the automated bundle update PR	2023-04-18 21:04:26 +01:00
Henry Mercer	55a2e70992	Autoformat `index.ts`	2023-04-18 18:59:36 +01:00
Henry Mercer	1c2f282107	Fix bundle version It's the whole tag, we don't want to remove the `codeql-bundle-` prefix.	2023-04-18 18:59:09 +01:00
dependabot[bot]	9a866ed452	Bump swift-actions/setup-swift in /.github/actions/setup-swift (#1650 ) Bumps [swift-actions/setup-swift](https://github.com/swift-actions/setup-swift) from 1.22.0 to 1.23.0. - [Release notes](https://github.com/swift-actions/setup-swift/releases) - [Commits](https://github.com/swift-actions/setup-swift/compare/da0e3e04b5e3e15dbc3861bd835ad9f0afe56296...65540b95f51493d65f5e59e97dcef9629ddf11bf) --- updated-dependencies: - dependency-name: swift-actions/setup-swift dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-17 19:16:10 +00:00
Chuan-kai Lin	7867d03591	Update default CodeQL bundle version to 2.13.0	2023-04-14 15:28:21 -07:00
Chuan-kai Lin	be2b53b5c7	Merge pull request #1648 from github/cklin/update-bundle-trigger Fix pre-release trigger for update-bundle action	2023-04-14 15:11:42 -07:00
Chuan-kai Lin	ae24b75fca	Fix pre-release trigger for update-bundle action This PR switches the update-bundle release trigger from `prereleased` to `published` because the former has been documented not to work. From https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#release: > Note: The prereleased type will not trigger for pre-releases published from draft releases, but the published type will trigger. If you want a workflow to run when stable and pre-releases publish, subscribe to published instead of released and prereleased.	2023-04-14 14:50:37 -07:00
Henry Mercer	dc046388f3	Merge pull request #1647 from github/mergeback/v2.2.12-to-main-7df0ce34 Mergeback v2.2.12 refs/heads/releases/v2 into main	2023-04-13 17:23:16 +01:00
github-actions[bot]	b4fa971e40	Update checked-in dependencies	2023-04-13 15:50:19 +00:00
github-actions[bot]	7879209bb2	Update changelog and version after v2.2.12	2023-04-13 14:03:50 +00:00
Henry Mercer	7df0ce3489	Merge pull request #1646 from github/update-v2.2.12-d944b3423 Merge main into releases/v2	2023-04-13 15:01:19 +01:00
github-actions[bot]	fbedecac34	Update changelog for v2.2.12	2023-04-13 11:35:13 +00:00
Henry Mercer	d944b3423d	Merge pull request #1619 from github/henrymercer/default-setup-workflow Allow workflow to be passed via an environment variable for default setup	2023-04-13 10:17:54 +01:00
Henry Mercer	e3210d8ce3	Add changelog note	2023-04-12 19:18:17 +01:00
Henry Mercer	599f4927f2	Allow passing the workflow via an environment variable	2023-04-12 14:14:43 +01:00
Henry Mercer	ed6c4995fc	Merge pull request #1645 from github/henrymercer/remove-dependencies Remove unused dependencies	2023-04-11 16:27:15 +01:00
Henry Mercer	c2b5d643fd	Require xml2js `>=0.5.0` to address CVE-2023-0842	2023-04-11 13:33:36 +01:00
Henry Mercer	8a093aa1a5	Merge branch 'main' into henrymercer/remove-legacy-tracing	2023-04-11 12:25:45 +01:00
Henry Mercer	9c13316a15	Remove unused dependencies	2023-04-11 12:17:38 +01:00
Angela P Wen	98f7bbd610	Add `workflow_run_attempt` data to status report (#1640 )	2023-04-10 20:02:23 +00:00
dependabot[bot]	d7b9dcdb85	Bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 (#1643 ) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.2.4 to 5.0.0. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/38e0b6e68b4c852a5500a94740f0e535e0d7ba54...5b4a9f6a9e2af26e5f02351490b90d01eb8ec1e5) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-04-10 11:27:05 -07:00
Henry Mercer	2058418de9	Don't expect Swift baseline info on Windows	2023-04-05 20:41:23 +01:00
Henry Mercer	5da64f56c0	Set up Swift in unset environment workflow	2023-04-05 20:27:02 +01:00
Henry Mercer	322cea6439	Set up Swift in local bundle workflow	2023-04-05 19:31:20 +01:00
Henry Mercer	f7a67e4341	Merge branch 'main' into henrymercer/remove-legacy-tracing	2023-04-05 18:39:27 +01:00
Henry Mercer	d838bacfbe	Simplify matrix	2023-03-29 15:48:13 +01:00
Henry Mercer	72d018e267	Improve serialization of Swift environment variable if expression	2023-03-29 13:15:59 +01:00
Henry Mercer	9975b733f4	Fix bundle version comments	2023-03-29 13:03:45 +01:00
Henry Mercer	6cd5121600	Merge branch 'main' into henrymercer/remove-legacy-tracing	2023-03-29 13:03:14 +01:00
Henry Mercer	6ef37003ca	Update CodeQL releases used in PR checks	2023-03-28 20:07:09 +01:00
Henry Mercer	d13d683355	Bump minor version number and add changelog note	2023-03-28 18:53:47 +01:00
Henry Mercer	d8fe76e161	Delete legacy tracing	2023-03-28 18:53:43 +01:00
Henry Mercer	4772c1d99f	Bump minimum version to 2.8.5	2023-03-28 17:24:45 +01:00
				`@@ -1 +0,0 @@`
				`enc provides crypto character encoding utilities.`
				`@@ -1 +0,0 @@`
				`crypt provides utilities for encryption and hashing`