Fix lint errors

Support SHA-256 Git object hashes in git-utils and tests
Agent-Logs-Url: https://github.com/github/codeql-action/sessions/e39d1fb6-4ce3-47c3-9113-e41b111fc8fb Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>
2026-05-09 07:10:22 +00:00 · 2026-05-06 17:30:02 +02:00 · 2026-05-04 15:53:11 +00:00 · 2026-05-04 15:43:19 +00:00
43 changed files with 290977 additions and 5710 deletions
@@ -59,7 +59,7 @@ jobs:
          use-all-platform-bundle: 'false'
          setup-kotlin: 'true'
      - name: Set up Ruby
-        uses: ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f # v1.306.0
+        uses: ruby/setup-ruby@0cb964fd540e0a24c900370abf38a33466142735 # v1.305.0
        with:
          ruby-version: 2.6
      - name: Install Code Scanning integration
@@ -19,7 +19,7 @@
    "scope": "javascript, typescript",
    "prefix": "testMacro",
    "body": [
-      "const ${1:nameMacro} = makeMacro({",
+      "const ${1:nameMacro} = test.macro({",
      "  exec: async (t: ExecutionContext<unknown>) => {},",
      "",
      "  title: (providedTitle = \"\") => `${2:common title} - \\${providedTitle}`,",
@@ -6,10 +6,6 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th

 No user facing changes.

-## 4.35.4 - 07 May 2026
-
- Update default CodeQL bundle version to [2.25.4](https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4). [#3881](https://github.com/github/codeql-action/pull/3881)
-
 ## 4.35.3 - 01 May 2026

 - _Upcoming breaking change_: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. [#3837](https://github.com/github/codeql-action/pull/3837)
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.25.4",
-  "cliVersion": "2.25.4",
-  "priorBundleVersion": "codeql-bundle-v2.25.3",
-  "priorCliVersion": "2.25.3"
+  "bundleVersion": "codeql-bundle-v2.25.3",
+  "cliVersion": "2.25.3",
+  "priorBundleVersion": "codeql-bundle-v2.25.2",
+  "priorCliVersion": "2.25.2"
 }
@@ -1,12 +1,12 @@
 {
  "name": "codeql",
-  "version": "4.35.5",
+  "version": "4.35.4",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "codeql",
-      "version": "4.35.5",
+      "version": "4.35.4",
      "license": "MIT",
      "workspaces": [
        "pr-checks"
@@ -43,14 +43,14 @@
        "@types/archiver": "^7.0.0",
        "@types/follow-redirects": "^1.14.4",
        "@types/js-yaml": "^4.0.9",
-        "@types/node": "^20.19.39",
+        "@types/node": "^20.19.9",
        "@types/node-forge": "^1.3.14",
        "@types/sarif": "^2.1.7",
        "@types/semver": "^7.7.1",
        "@types/sinon": "^21.0.1",
        "ava": "^7.0.0",
        "esbuild": "^0.28.0",
-        "eslint": "^9.39.4",
+        "eslint": "^9.39.2",
        "eslint-import-resolver-typescript": "^4.4.4",
        "eslint-plugin-github": "^6.0.0",
        "eslint-plugin-import-x": "^4.16.2",
@@ -60,8 +60,8 @@
        "globals": "^17.5.0",
        "nock": "^14.0.12",
        "sinon": "^21.1.2",
-        "typescript": "^6.0.3",
-        "typescript-eslint": "^8.59.1"
+        "typescript": "^6.0.2",
+        "typescript-eslint": "^8.58.2"
      }
    },
    "node_modules/@aashutoshrathi/word-wrap": {
@@ -410,6 +410,15 @@
        "undici": "^6.23.0"
      }
    },
+    "node_modules/@actions/github/node_modules/undici": {
+      "version": "6.23.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
+      "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=18.17"
+      }
+    },
    "node_modules/@actions/glob": {
      "version": "0.5.1",
      "resolved": "https://registry.npmjs.org/@actions/glob/-/glob-0.5.1.tgz",
@@ -430,6 +439,15 @@
        "undici": "^6.23.0"
      }
    },
+    "node_modules/@actions/http-client/node_modules/undici": {
+      "version": "6.23.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-6.23.0.tgz",
+      "integrity": "sha512-VfQPToRA5FZs/qJxLIinmU59u0r7LXqoJkCzinq3ckNJp3vKEh7jTWN589YQ5+aoAC/TGRLyJLCPKcLQbM8r9g==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=18.17"
+      }
+    },
    "node_modules/@actions/io": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/@actions/io/-/io-2.0.0.tgz",
@@ -1337,15 +1355,15 @@
      }
    },
    "node_modules/@eslint/config-array": {
-      "version": "0.21.2",
-      "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.2.tgz",
-      "integrity": "sha512-nJl2KGTlrf9GjLimgIru+V/mzgSK0ABCDQRvxw5BjURL7WfH5uoWmizbH7QB6MmnMBd8cIC9uceWnezL1VZWWw==",
+      "version": "0.21.1",
+      "resolved": "https://registry.npmjs.org/@eslint/config-array/-/config-array-0.21.1.tgz",
+      "integrity": "sha512-aw1gNayWpdI/jSYVgzN5pL0cfzU02GT3NBpeT/DXbx1/1x7ZKxFPd9bwrzygx/qiwIQiJ1sw/zD8qY/kRvlGHA==",
      "dev": true,
      "license": "Apache-2.0",
      "dependencies": {
        "@eslint/object-schema": "^2.1.7",
        "debug": "^4.3.1",
-        "minimatch": "^3.1.5"
+        "minimatch": "^3.1.2"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -1391,20 +1409,20 @@
      }
    },
    "node_modules/@eslint/eslintrc": {
-      "version": "3.3.5",
-      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.5.tgz",
-      "integrity": "sha512-4IlJx0X0qftVsN5E+/vGujTRIFtwuLbNsVUe7TO6zYPDR1O6nFwvwhIKEKSrl6dZchmYBITazxKoUYOjdtjlRg==",
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-3.3.3.tgz",
+      "integrity": "sha512-Kr+LPIUVKz2qkx1HAMH8q1q6azbqBAsXJUxBl/ODDuVPX45Z9DfwB8tPjTi6nNZ8BuM3nbJxC5zCAg5elnBUTQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "ajv": "^6.14.0",
+        "ajv": "^6.12.4",
        "debug": "^4.3.2",
        "espree": "^10.0.1",
        "globals": "^14.0.0",
        "ignore": "^5.2.0",
        "import-fresh": "^3.2.1",
        "js-yaml": "^4.1.1",
-        "minimatch": "^3.1.5",
+        "minimatch": "^3.1.2",
        "strip-json-comments": "^3.1.1"
      },
      "engines": {
@@ -1427,9 +1445,9 @@
      }
    },
    "node_modules/@eslint/js": {
-      "version": "9.39.4",
-      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.39.4.tgz",
-      "integrity": "sha512-nE7DEIchvtiFTwBw4Lfbu59PG+kCofhjsKaCWzxTpt4lfRjRMqG6uMBzKXuEcyXhOHoUp9riAm7/aWYGhXZ9cw==",
+      "version": "9.39.2",
+      "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.39.2.tgz",
+      "integrity": "sha512-q1mjIoW1VX4IvSocvM/vbTiveKC4k9eLrajNEuSsmjymSDEbpGddtpfOoN7YGAqBK3NG+uqo8ia4PDTt8buCYA==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -1476,6 +1494,14 @@
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
      }
    },
+    "node_modules/@fastify/busboy": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
+      "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
+      "engines": {
+        "node": ">=14"
+      }
+    },
    "node_modules/@github/browserslist-config": {
      "version": "1.0.0",
      "dev": true,
@@ -2469,9 +2495,9 @@
      "license": "MIT"
    },
    "node_modules/@types/node": {
-      "version": "20.19.39",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.39.tgz",
-      "integrity": "sha512-orrrD74MBUyK8jOAD/r0+lfa1I2MO6I+vAkmAWzMYbCcgrN4lCrmK52gRFQq/JRxfYPfonkr4b0jcY7Olqdqbw==",
+      "version": "20.19.9",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.9.tgz",
+      "integrity": "sha512-cuVNgarYWZqxRJDQHEB58GEONhOK79QVR/qYx4S7kcUObQvUwvFnYxJuuHUKm2aieN9X3yZB4LZsuYNU1Qphsw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -2528,17 +2554,17 @@
      "license": "MIT"
    },
    "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.59.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.1.tgz",
-      "integrity": "sha512-BOziFIfE+6osHO9FoJG4zjoHUcvI7fTNBSpdAwrNH0/TLvzjsk2oo8XSSOT2HhqUyhZPfHv4UOffoJ9oEEQ7Ag==",
+      "version": "8.58.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.58.2.tgz",
+      "integrity": "sha512-aC2qc5thQahutKjP+cl8cgN9DWe3ZUqVko30CMSZHnFEHyhOYoZSzkGtAI2mcwZ38xeImDucI4dnqsHiOYuuCw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/regexpp": "^4.12.2",
-        "@typescript-eslint/scope-manager": "8.59.1",
-        "@typescript-eslint/type-utils": "8.59.1",
-        "@typescript-eslint/utils": "8.59.1",
-        "@typescript-eslint/visitor-keys": "8.59.1",
+        "@typescript-eslint/scope-manager": "8.58.2",
+        "@typescript-eslint/type-utils": "8.58.2",
+        "@typescript-eslint/utils": "8.58.2",
+        "@typescript-eslint/visitor-keys": "8.58.2",
        "ignore": "^7.0.5",
        "natural-compare": "^1.4.0",
        "ts-api-utils": "^2.5.0"
@@ -2551,7 +2577,7 @@
        "url": "https://opencollective.com/typescript-eslint"
      },
      "peerDependencies": {
-        "@typescript-eslint/parser": "^8.59.1",
+        "@typescript-eslint/parser": "^8.58.2",
        "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
        "typescript": ">=4.8.4 <6.1.0"
      }
@@ -2567,16 +2593,16 @@
      }
    },
    "node_modules/@typescript-eslint/parser": {
-      "version": "8.59.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.1.tgz",
-      "integrity": "sha512-HDQH9O/47Dxi1ceDhBXdaldtf/WV9yRYMjbjCuNk3qnaTD564qwv61Y7+gTxwxRKzSrgO5uhtw584igXVuuZkA==",
+      "version": "8.58.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.58.2.tgz",
+      "integrity": "sha512-/Zb/xaIDfxeJnvishjGdcR4jmr7S+bda8PKNhRGdljDM+elXhlvN0FyPSsMnLmJUrVG9aPO6dof80wjMawsASg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/scope-manager": "8.59.1",
-        "@typescript-eslint/types": "8.59.1",
-        "@typescript-eslint/typescript-estree": "8.59.1",
-        "@typescript-eslint/visitor-keys": "8.59.1",
+        "@typescript-eslint/scope-manager": "8.58.2",
+        "@typescript-eslint/types": "8.58.2",
+        "@typescript-eslint/typescript-estree": "8.58.2",
+        "@typescript-eslint/visitor-keys": "8.58.2",
        "debug": "^4.4.3"
      },
      "engines": {
@@ -2610,14 +2636,14 @@
      }
    },
    "node_modules/@typescript-eslint/project-service": {
-      "version": "8.59.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.1.tgz",
-      "integrity": "sha512-+MuHQlHiEr00Of/IQbE/MmEoi44znZHbR/Pz7Opq4HryUOlRi+/44dro9Ycy8Fyo+/024IWtw8m4JUMCGTYxDg==",
+      "version": "8.58.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.58.2.tgz",
+      "integrity": "sha512-Cq6UfpZZk15+r87BkIh5rDpi38W4b+Sjnb8wQCPPDDweS/LRCFjCyViEbzHk5Ck3f2QDfgmlxqSa7S7clDtlfg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.59.1",
-        "@typescript-eslint/types": "^8.59.1",
+        "@typescript-eslint/tsconfig-utils": "^8.58.2",
+        "@typescript-eslint/types": "^8.58.2",
        "debug": "^4.4.3"
      },
      "engines": {
@@ -2650,14 +2676,14 @@
      }
    },
    "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.59.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.1.tgz",
-      "integrity": "sha512-LwuHQI4pDOYVKvmH2dkaJo6YZCSgouVgnS/z7yBPKBMvgtBvyLqiLy9Z6b7+m/TRcX1NFYUqZetI5Y+aT4GEfg==",
+      "version": "8.58.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.58.2.tgz",
+      "integrity": "sha512-SgmyvDPexWETQek+qzZnrG6844IaO02UVyOLhI4wpo82dpZJY9+6YZCKAMFzXb7qhx37mFK1QcPQ18tud+vo6Q==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.59.1",
-        "@typescript-eslint/visitor-keys": "8.59.1"
+        "@typescript-eslint/types": "8.58.2",
+        "@typescript-eslint/visitor-keys": "8.58.2"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2668,9 +2694,9 @@
      }
    },
    "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.59.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.1.tgz",
-      "integrity": "sha512-/0nEyPbX7gRsk0Uwfe4ALwwgxuA66d/l2mhRDNlAvaj4U3juhUtJNq0DsY8M2AYwwb9rEq2hrC3IcIcEt++iJA==",
+      "version": "8.58.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.58.2.tgz",
+      "integrity": "sha512-3SR+RukipDvkkKp/d0jP0dyzuls3DbGmwDpVEc5wqk5f38KFThakqAAO0XMirWAE+kT00oTauTbzMFGPoAzB0A==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -2685,15 +2711,15 @@
      }
    },
    "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.59.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.1.tgz",
-      "integrity": "sha512-klWPBR2ciQHS3f++ug/mVnWKPjBUo7icEL3FAO1lhAR1Z1i5NQYZ1EannMSRYcq5qCv5wNALlXr6fksRHyYl7w==",
+      "version": "8.58.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.58.2.tgz",
+      "integrity": "sha512-Z7EloNR/B389FvabdGeTo2XMs4W9TjtPiO9DAsmT0yom0bwlPyRjkJ1uCdW1DvrrrYP50AJZ9Xc3sByZA9+dcg==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.59.1",
-        "@typescript-eslint/typescript-estree": "8.59.1",
-        "@typescript-eslint/utils": "8.59.1",
+        "@typescript-eslint/types": "8.58.2",
+        "@typescript-eslint/typescript-estree": "8.58.2",
+        "@typescript-eslint/utils": "8.58.2",
        "debug": "^4.4.3",
        "ts-api-utils": "^2.5.0"
      },
@@ -2728,9 +2754,9 @@
      }
    },
    "node_modules/@typescript-eslint/types": {
-      "version": "8.59.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.1.tgz",
-      "integrity": "sha512-ZDCjgccSdYPw5Bxh+my4Z0lJU96ZDN7jbBzvmEn0FZx3RtU1C7VWl6NbDx94bwY3V5YsgwRzJPOgeY2Q/nLG8A==",
+      "version": "8.58.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.58.2.tgz",
+      "integrity": "sha512-9TukXyATBQf/Jq9AMQXfvurk+G5R2MwfqQGDR2GzGz28HvY/lXNKGhkY+6IOubwcquikWk5cjlgPvD2uAA7htQ==",
      "dev": true,
      "license": "MIT",
      "engines": {
@@ -2742,16 +2768,16 @@
      }
    },
    "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.59.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.1.tgz",
-      "integrity": "sha512-OUd+vJS05sSkOip+BkZ/2NS8RMxrAAJemsC6vU3kmfLyeaJT0TftHkV9mcx2107MmsBVXXexhVu4F0TZXyMl4g==",
+      "version": "8.58.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.58.2.tgz",
+      "integrity": "sha512-ELGuoofuhhoCvNbQjFFiobFcGgcDCEm0ThWdmO4Z0UzLqPXS3KFvnEZ+SHewwOYHjM09tkzOWXNTv9u6Gqtyuw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/project-service": "8.59.1",
-        "@typescript-eslint/tsconfig-utils": "8.59.1",
-        "@typescript-eslint/types": "8.59.1",
-        "@typescript-eslint/visitor-keys": "8.59.1",
+        "@typescript-eslint/project-service": "8.58.2",
+        "@typescript-eslint/tsconfig-utils": "8.58.2",
+        "@typescript-eslint/types": "8.58.2",
+        "@typescript-eslint/visitor-keys": "8.58.2",
        "debug": "^4.4.3",
        "minimatch": "^10.2.2",
        "semver": "^7.7.3",
@@ -2827,16 +2853,16 @@
      }
    },
    "node_modules/@typescript-eslint/utils": {
-      "version": "8.59.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.1.tgz",
-      "integrity": "sha512-3pIeoXhCeYH9FSCBI8P3iNwJlGuzPlYKkTlen2O9T1DSeeg8UG8jstq6BLk+Mda0qup7mgk4z4XL4OzRaxZ8LA==",
+      "version": "8.58.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.58.2.tgz",
+      "integrity": "sha512-QZfjHNEzPY8+l0+fIXMvuQ2sJlplB4zgDZvA+NmvZsZv3EQwOcc1DuIU1VJUTWZ/RKouBMhDyNaBMx4sWvrzRA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/scope-manager": "8.59.1",
-        "@typescript-eslint/types": "8.59.1",
-        "@typescript-eslint/typescript-estree": "8.59.1"
+        "@typescript-eslint/scope-manager": "8.58.2",
+        "@typescript-eslint/types": "8.58.2",
+        "@typescript-eslint/typescript-estree": "8.58.2"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2851,13 +2877,13 @@
      }
    },
    "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.59.1",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.1.tgz",
-      "integrity": "sha512-LdDNl6C5iJExcM0Yh0PwAIBb9PrSiCsWamF/JyEZawm3kFDnRoaq3LGE4bpyRao/fWeGKKyw7icx0YxrLFC5Cg==",
+      "version": "8.58.2",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.58.2.tgz",
+      "integrity": "sha512-f1WO2Lx8a9t8DARmcWAUPJbu0G20bJlj8L4z72K00TMeJAoyLr/tHhI/pzYBLrR4dXWkcxO1cWYZEOX8DKHTqA==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/types": "8.59.1",
+        "@typescript-eslint/types": "8.58.2",
        "eslint-visitor-keys": "^5.0.0"
      },
      "engines": {
@@ -3271,9 +3297,7 @@
      }
    },
    "node_modules/ajv": {
-      "version": "6.15.0",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.15.0.tgz",
-      "integrity": "sha512-fgFx7Hfoq60ytK2c7DhnF8jIvzYgOMxfugjLOSMHjLIPgenqa7S7oaagATUq99mV6IYvN2tRmC0wnTYX6iPbMw==",
+      "version": "6.12.6",
      "dev": true,
      "license": "MIT",
      "dependencies": {
@@ -4727,25 +4751,25 @@
      }
    },
    "node_modules/eslint": {
-      "version": "9.39.4",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.4.tgz",
-      "integrity": "sha512-XoMjdBOwe/esVgEvLmNsD3IRHkm7fbKIUGvrleloJXUZgDHig2IPWNniv+GwjyJXzuNqVjlr5+4yVUZjycJwfQ==",
+      "version": "9.39.2",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.2.tgz",
+      "integrity": "sha512-LEyamqS7W5HB3ujJyvi0HQK/dtVINZvd5mAAp9eT5S/ujByGjiZLCzPcHVzuXbpJDJF/cxwHlfceVUDZ2lnSTw==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
        "@eslint-community/eslint-utils": "^4.8.0",
        "@eslint-community/regexpp": "^4.12.1",
-        "@eslint/config-array": "^0.21.2",
+        "@eslint/config-array": "^0.21.1",
        "@eslint/config-helpers": "^0.4.2",
        "@eslint/core": "^0.17.0",
-        "@eslint/eslintrc": "^3.3.5",
-        "@eslint/js": "9.39.4",
+        "@eslint/eslintrc": "^3.3.1",
+        "@eslint/js": "9.39.2",
        "@eslint/plugin-kit": "^0.4.1",
        "@humanfs/node": "^0.16.6",
        "@humanwhocodes/module-importer": "^1.0.1",
        "@humanwhocodes/retry": "^0.4.2",
        "@types/estree": "^1.0.6",
-        "ajv": "^6.14.0",
+        "ajv": "^6.12.4",
        "chalk": "^4.0.0",
        "cross-spawn": "^7.0.6",
        "debug": "^4.3.2",
@@ -4764,7 +4788,7 @@
        "is-glob": "^4.0.0",
        "json-stable-stringify-without-jsonify": "^1.0.1",
        "lodash.merge": "^4.6.2",
-        "minimatch": "^3.1.5",
+        "minimatch": "^3.1.2",
        "natural-compare": "^1.4.0",
        "optionator": "^0.9.3"
      },
@@ -9773,9 +9797,9 @@
      }
    },
    "node_modules/typescript": {
-      "version": "6.0.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz",
-      "integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==",
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.2.tgz",
+      "integrity": "sha512-bGdAIrZ0wiGDo5l8c++HWtbaNCWTS4UTv7RaTH/ThVIgjkveJt83m74bBHMJkuCbslY8ixgLBVZJIOiQlQTjfQ==",
      "dev": true,
      "license": "Apache-2.0",
      "bin": {
@@ -9787,16 +9811,16 @@
      }
    },
    "node_modules/typescript-eslint": {
-      "version": "8.59.1",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.59.1.tgz",
-      "integrity": "sha512-xqDcFVBmlrltH64lklOVp1wYxgJr6LVdg3NamBgH2OOQDLFdTKfIZXF5PfghrnXQKXZGTQs8tr1vL7fJvq8CTQ==",
+      "version": "8.58.2",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.58.2.tgz",
+      "integrity": "sha512-V8iSng9mRbdZjl54VJ9NKr6ZB+dW0J3TzRXRGcSbLIej9jV86ZRtlYeTKDR/QLxXykocJ5icNzbsl2+5TzIvcQ==",
      "dev": true,
      "license": "MIT",
      "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.59.1",
-        "@typescript-eslint/parser": "8.59.1",
-        "@typescript-eslint/typescript-estree": "8.59.1",
-        "@typescript-eslint/utils": "8.59.1"
+        "@typescript-eslint/eslint-plugin": "8.58.2",
+        "@typescript-eslint/parser": "8.58.2",
+        "@typescript-eslint/typescript-estree": "8.58.2",
+        "@typescript-eslint/utils": "8.58.2"
      },
      "engines": {
        "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -9830,12 +9854,14 @@
      }
    },
    "node_modules/undici": {
-      "version": "6.24.1",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-6.24.1.tgz",
-      "integrity": "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA==",
-      "license": "MIT",
+      "version": "5.29.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
+      "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
+      "dependencies": {
+        "@fastify/busboy": "^2.0.0"
+      },
      "engines": {
-        "node": ">=18.17"
+        "node": ">=14.0"
      }
    },
    "node_modules/undici-types": {
@@ -10390,7 +10416,7 @@
        "yaml": "^2.8.3"
      },
      "devDependencies": {
-        "@types/node": "^20.19.39",
+        "@types/node": "^20.19.9",
        "tsx": "^4.21.0"
      }
    }
@@ -1,11 +1,11 @@
 {
  "name": "codeql",
-  "version": "4.35.5",
+  "version": "4.35.4",
  "private": true,
  "description": "CodeQL action",
  "scripts": {
    "_build_comment": "echo 'Run the full build so we typecheck the project and can reuse the transpiled files in npm test'",
-    "build": "./scripts/check-node-modules.sh && npm run transpile && node build.mjs",
+    "build": "./scripts/check-node-modules.sh && npm run transpile && node build.mjs && npx tsx ./pr-checks/bundle-metadata.ts",
    "lint": "eslint --report-unused-disable-directives --max-warnings=0 .",
    "lint-ci": "SARIF_ESLINT_IGNORE_SUPPRESSED=true eslint --report-unused-disable-directives --max-warnings=0 . --format @microsoft/eslint-formatter-sarif --output-file=eslint.sarif",
    "lint-fix": "eslint --report-unused-disable-directives --max-warnings=0 . --fix",
@@ -50,14 +50,14 @@
    "@types/archiver": "^7.0.0",
    "@types/follow-redirects": "^1.14.4",
    "@types/js-yaml": "^4.0.9",
-    "@types/node": "^20.19.39",
+    "@types/node": "^20.19.9",
    "@types/node-forge": "^1.3.14",
    "@types/sarif": "^2.1.7",
    "@types/semver": "^7.7.1",
    "@types/sinon": "^21.0.1",
    "ava": "^7.0.0",
    "esbuild": "^0.28.0",
-    "eslint": "^9.39.4",
+    "eslint": "^9.39.2",
    "eslint-import-resolver-typescript": "^4.4.4",
    "eslint-plugin-github": "^6.0.0",
    "eslint-plugin-import-x": "^4.16.2",
@@ -67,8 +67,8 @@
    "globals": "^17.5.0",
    "nock": "^14.0.12",
    "sinon": "^21.1.2",
-    "typescript": "^6.0.3",
-    "typescript-eslint": "^8.59.1"
+    "typescript": "^6.0.2",
+    "typescript-eslint": "^8.58.2"
  },
  "overrides": {
    "@actions/tool-cache": {
@@ -90,7 +90,6 @@
      "semver": ">=6.3.1"
    },
    "brace-expansion@2.0.1": "2.0.2",
-    "glob": "^11.1.0",
-    "undici": "^6.24.0"
+    "glob": "^11.1.0"
  }
 }
@@ -5,7 +5,7 @@ versions:
  - default
 steps:
  - name: Set up Ruby
-    uses: ruby/setup-ruby@c4e5b1316158f92e3d49443a9d58b31d25ac0f8f # v1.306.0
+    uses: ruby/setup-ruby@0cb964fd540e0a24c900370abf38a33466142735 # v1.305.0
    with:
      ruby-version: 2.6
  - name: Install Code Scanning integration
@@ -10,7 +10,7 @@
    "yaml": "^2.8.3"
  },
  "devDependencies": {
-    "@types/node": "^20.19.39",
+    "@types/node": "^20.19.9",
    "tsx": "^4.21.0"
  }
 }
@@ -128,8 +128,6 @@ export async function getGitHubVersionFromApi(

  // Doesn't strictly have to be the meta endpoint as we're only
  // using the response headers which are available on every request.
-  //
-  // See https://docs.github.com/en/rest/meta/meta#get-github-meta-information.
  // eslint-disable-next-line @typescript-eslint/no-unsafe-call
  const response = await apiClient.rest.meta.get();

@@ -166,9 +164,6 @@ export async function getGitHubVersion(): Promise<GitHubVersion> {

 /**
 * Get the path of the currently executing workflow relative to the repository root.
- *
- * See https://docs.github.com/en/rest/actions/workflow-runs#get-a-workflow-run
- * and https://docs.github.com/en/rest/actions/workflows#get-a-workflow.
 */
 export async function getWorkflowRelativePath(): Promise<string> {
  const repo_nwo = getRepositoryNwo();
@@ -257,13 +252,9 @@ export interface ActionsCacheItem {
  size_in_bytes?: number;
 }

-/**
- * List all Actions cache entries starting with the provided key prefix and matching the provided ref.
- *
- * See https://docs.github.com/en/rest/actions/cache#list-github-actions-caches-for-a-repository.
- */
+/** List all Actions cache entries matching the provided key and ref. */
 export async function listActionsCaches(
-  keyPrefix: string,
+  key: string,
  ref?: string,
 ): Promise<ActionsCacheItem[]> {
  const repositoryNwo = getRepositoryNwo();
@@ -273,17 +264,13 @@ export async function listActionsCaches(
    {
      owner: repositoryNwo.owner,
      repo: repositoryNwo.repo,
-      key: keyPrefix,
+      key,
      ref,
    },
  );
 }

-/**
- * Delete an Actions cache item by its ID.
- *
- * See https://docs.github.com/en/rest/actions/cache#delete-a-github-actions-cache-for-a-repository-using-a-cache-id.
- */
+/** Delete an Actions cache item by its ID. */
 export async function deleteActionsCache(id: number) {
  const repositoryNwo = getRepositoryNwo();

@@ -294,11 +281,7 @@ export async function deleteActionsCache(id: number) {
  });
 }

-/**
- * Retrieve all custom repository properties.
- *
- * See https://docs.github.com/en/rest/repos/custom-properties#get-all-custom-property-values-for-a-repository.
- */
+/** Retrieve all custom repository properties. */
 export async function getRepositoryProperties(repositoryNwo: RepositoryNwo) {
  return getApiClient().request("GET /repos/:owner/:repo/properties/values", {
    owner: repositoryNwo.owner,
@@ -141,12 +141,7 @@ test("scanArtifactsForTokens handles files without tokens", async (t) => {
  }
 });

-// This test is slow (extracts and scans a zip artifact), so by default we only run it in CI. Set
-// RUN_SLOW_TESTS=1 to run it locally.
-if (
-  os.platform() !== "win32" &&
-  (process.env.CI === "true" || process.env.RUN_SLOW_TESTS === "1")
-) {
+if (os.platform() !== "win32") {
  test("scanArtifactsForTokens finds token in debug artifacts", async (t) => {
    t.timeout(15000); // 15 seconds
    const messages: LoggedMessage[] = [];
@@ -156,10 +156,6 @@ async function scanArchiveFile(
    );
  }

-  if (process.platform === "win32") {
-    throw new Error("Scanning archives is not supported on Windows.");
-  }
-
  const result: ScanResult = {
    scannedFiles: 0,
    findings: [],
@@ -33,7 +33,6 @@ import {
  mockBundleDownloadApi,
  makeVersionInfo,
  createTestConfig,
-  makeMacro,
 } from "./testing-utils";
 import { ToolsDownloadStatusReport } from "./tools-download";
 import * as util from "./util";
@@ -541,7 +540,7 @@ test.serial("getExtraOptions throws for bad content", (t) => {
 });

 // Test macro for ensuring different variants of injected augmented configurations
-const injectedConfigMacro = makeMacro({
+const injectedConfigMacro = test.macro({
  exec: async (
    t: ExecutionContext<unknown>,
    augmentationProperties: AugmentationProperties,
@@ -591,8 +590,9 @@ const injectedConfigMacro = makeMacro({
    `databaseInitCluster() injected config: ${providedTitle}`,
 });

-injectedConfigMacro.serial(
+test.serial(
  "basic",
+  injectedConfigMacro,
  {
    ...defaultAugmentationProperties,
  },
@@ -600,8 +600,9 @@ injectedConfigMacro.serial(
  {},
 );

-injectedConfigMacro.serial(
+test.serial(
  "injected packs from input",
+  injectedConfigMacro,
  {
    ...defaultAugmentationProperties,
    packsInput: ["xxx", "yyy"],
@@ -612,8 +613,9 @@ injectedConfigMacro.serial(
  },
 );

-injectedConfigMacro.serial(
+test.serial(
  "injected packs from input with existing packs combines",
+  injectedConfigMacro,
  {
    ...defaultAugmentationProperties,
    packsInputCombines: true,
@@ -633,8 +635,9 @@ injectedConfigMacro.serial(
  },
 );

-injectedConfigMacro.serial(
+test.serial(
  "injected packs from input with existing packs overrides",
+  injectedConfigMacro,
  {
    ...defaultAugmentationProperties,
    packsInput: ["xxx", "yyy"],
@@ -652,8 +655,9 @@ injectedConfigMacro.serial(
 );

 // similar, but with queries
-injectedConfigMacro.serial(
+test.serial(
  "injected queries from input",
+  injectedConfigMacro,
  {
    ...defaultAugmentationProperties,
    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@@ -671,8 +675,9 @@ injectedConfigMacro.serial(
  },
 );

-injectedConfigMacro.serial(
+test.serial(
  "injected queries from input overrides",
+  injectedConfigMacro,
  {
    ...defaultAugmentationProperties,
    queriesInput: [{ uses: "xxx" }, { uses: "yyy" }],
@@ -694,8 +699,9 @@ injectedConfigMacro.serial(
  },
 );

-injectedConfigMacro.serial(
+test.serial(
  "injected queries from input combines",
+  injectedConfigMacro,
  {
    ...defaultAugmentationProperties,
    queriesInputCombines: true,
@@ -721,8 +727,9 @@ injectedConfigMacro.serial(
  },
 );

-injectedConfigMacro.serial(
+test.serial(
  "injected queries from input combines 2",
+  injectedConfigMacro,
  {
    ...defaultAugmentationProperties,
    queriesInputCombines: true,
@@ -742,8 +749,9 @@ injectedConfigMacro.serial(
  },
 );

-injectedConfigMacro.serial(
+test.serial(
  "injected queries and packs, but empty",
+  injectedConfigMacro,
  {
    ...defaultAugmentationProperties,
    queriesInputCombines: true,
@@ -760,8 +768,9 @@ injectedConfigMacro.serial(
  {},
 );

-injectedConfigMacro.serial(
+test.serial(
  "repo property queries have the highest precedence",
+  injectedConfigMacro,
  {
    ...defaultAugmentationProperties,
    queriesInputCombines: true,
@@ -781,8 +790,9 @@ injectedConfigMacro.serial(
  },
 );

-injectedConfigMacro.serial(
+test.serial(
  "repo property queries combines with queries input",
+  injectedConfigMacro,
  {
    ...defaultAugmentationProperties,
    queriesInputCombines: false,
@@ -807,8 +817,9 @@ injectedConfigMacro.serial(
  },
 );

-injectedConfigMacro.serial(
+test.serial(
  "repo property queries combines everything else",
+  injectedConfigMacro,
  {
    ...defaultAugmentationProperties,
    queriesInputCombines: true,
@@ -34,7 +34,6 @@ import {
  LoggedMessage,
  mockCodeQLVersion,
  createTestConfig,
-  makeMacro,
 } from "./testing-utils";
 import {
  GitHubVariant,
@@ -1035,9 +1034,10 @@ const defaultOverlayDatabaseModeTestSetup: OverlayDatabaseModeTestSetup = {
  repositoryProperties: {},
 };

-const checkOverlayEnablementMacro = makeMacro({
+const checkOverlayEnablementMacro = test.macro({
  exec: async (
    t: ExecutionContext,
+    _title: string,
    setupOverrides: Partial<OverlayDatabaseModeTestSetup>,
    expected:
      | {
@@ -1131,10 +1131,11 @@ const checkOverlayEnablementMacro = makeMacro({
      }
    });
  },
-  title: (title) => `checkOverlayEnablement: ${title}`,
+  title: (_, title) => `checkOverlayEnablement: ${title}`,
 });

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Environment variable override - Overlay",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1145,7 +1146,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Environment variable override - OverlayBase",
  {
    overlayDatabaseEnvVar: "overlay-base",
@@ -1156,7 +1158,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Environment variable override - None",
  {
    overlayDatabaseEnvVar: "none",
@@ -1166,7 +1169,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Ignore invalid environment variable",
  {
    overlayDatabaseEnvVar: "invalid-mode",
@@ -1176,7 +1180,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Ignore feature flag when analyzing non-default branch",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1187,7 +1192,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch when feature enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1200,14 +1206,15 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch when feature enabled with custom analysis",
  {
    languages: [BuiltInLanguage.javascript],
    features: [Feature.OverlayAnalysis, Feature.OverlayAnalysisJavascript],
    codeScanningConfig: {
      packs: ["some-custom-pack@1.0.0"],
-    },
+    } as UserConfig,
    isDefaultBranch: true,
  },
  {
@@ -1216,7 +1223,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch when code-scanning feature enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1232,7 +1240,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch if runner disk space is too low",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1251,7 +1260,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch if we can't determine runner disk space",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1267,7 +1277,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch if runner disk space is too low and skip resource checks flag is enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1288,7 +1299,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch if runner disk space is below v2 limit and v2 resource checks enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1308,7 +1320,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch if runner disk space is between v2 and v1 limits and v2 resource checks enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1329,7 +1342,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch if runner disk space is between v2 and v1 limits and v2 resource checks not enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1348,7 +1362,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch if memory flag is too low",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1364,7 +1379,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch if memory flag is too low but CodeQL >= 2.24.3",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1382,7 +1398,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay-base database on default branch if memory flag is too low and skip resource checks flag is enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1400,7 +1417,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when cached status indicates previous failure",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1417,7 +1435,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when cached status indicates previous failure",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1434,7 +1453,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when code-scanning feature enabled with disable-default-queries",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1444,7 +1464,7 @@ checkOverlayEnablementMacro.serial(
    ],
    codeScanningConfig: {
      "disable-default-queries": true,
-    },
+    } as UserConfig,
    isDefaultBranch: true,
  },
  {
@@ -1452,7 +1472,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when code-scanning feature enabled with packs",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1462,7 +1483,7 @@ checkOverlayEnablementMacro.serial(
    ],
    codeScanningConfig: {
      packs: ["some-custom-pack@1.0.0"],
-    },
+    } as UserConfig,
    isDefaultBranch: true,
  },
  {
@@ -1470,7 +1491,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when code-scanning feature enabled with queries",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1480,7 +1502,7 @@ checkOverlayEnablementMacro.serial(
    ],
    codeScanningConfig: {
      queries: [{ uses: "some-query.ql" }],
-    },
+    } as UserConfig,
    isDefaultBranch: true,
  },
  {
@@ -1488,7 +1510,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when code-scanning feature enabled with query-filters",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1498,7 +1521,7 @@ checkOverlayEnablementMacro.serial(
    ],
    codeScanningConfig: {
      "query-filters": [{ include: { "security-severity": "high" } }],
-    },
+    } as UserConfig,
    isDefaultBranch: true,
  },
  {
@@ -1506,7 +1529,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when only language-specific feature enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1518,7 +1542,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when only code-scanning feature enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1530,7 +1555,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay-base database on default branch when language-specific feature disabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1542,7 +1568,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay analysis on PR when feature enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1555,14 +1582,15 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay analysis on PR when feature enabled with custom analysis",
  {
    languages: [BuiltInLanguage.javascript],
    features: [Feature.OverlayAnalysis, Feature.OverlayAnalysisJavascript],
    codeScanningConfig: {
      packs: ["some-custom-pack@1.0.0"],
-    },
+    } as UserConfig,
    isPullRequest: true,
  },
  {
@@ -1571,7 +1599,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay analysis on PR when code-scanning feature enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1587,7 +1616,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR if runner disk space is too low",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1606,7 +1636,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay analysis on PR if runner disk space is too low and skip resource checks flag is enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1627,7 +1658,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR if we can't determine runner disk space",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1643,7 +1675,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR if memory flag is too low",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1659,7 +1692,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay analysis on PR if memory flag is too low but CodeQL >= 2.24.3",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1677,7 +1711,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay analysis on PR if memory flag is too low and skip resource checks flag is enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1695,7 +1730,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when code-scanning feature enabled with disable-default-queries",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1705,7 +1741,7 @@ checkOverlayEnablementMacro.serial(
    ],
    codeScanningConfig: {
      "disable-default-queries": true,
-    },
+    } as UserConfig,
    isPullRequest: true,
  },
  {
@@ -1713,7 +1749,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when code-scanning feature enabled with packs",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1723,7 +1760,7 @@ checkOverlayEnablementMacro.serial(
    ],
    codeScanningConfig: {
      packs: ["some-custom-pack@1.0.0"],
-    },
+    } as UserConfig,
    isPullRequest: true,
  },
  {
@@ -1731,7 +1768,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when code-scanning feature enabled with queries",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1741,7 +1779,7 @@ checkOverlayEnablementMacro.serial(
    ],
    codeScanningConfig: {
      queries: [{ uses: "some-query.ql" }],
-    },
+    } as UserConfig,
    isPullRequest: true,
  },
  {
@@ -1749,7 +1787,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when code-scanning feature enabled with query-filters",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1759,7 +1798,7 @@ checkOverlayEnablementMacro.serial(
    ],
    codeScanningConfig: {
      "query-filters": [{ include: { "security-severity": "high" } }],
-    },
+    } as UserConfig,
    isPullRequest: true,
  },
  {
@@ -1767,7 +1806,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when only language-specific feature enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1779,7 +1819,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when only code-scanning feature enabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1791,7 +1832,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay analysis on PR when language-specific feature disabled",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1803,7 +1845,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay PR analysis by env",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1814,7 +1857,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay PR analysis by env on a runner with low disk space",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1826,7 +1870,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay PR analysis by feature flag",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1839,7 +1884,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Fallback due to autobuild with traced language",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1851,7 +1897,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Fallback due to no build mode with traced language",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1863,7 +1910,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Fallback due to old CodeQL version",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1874,7 +1922,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Fallback due to missing git root",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1885,7 +1934,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Fallback due to old git version with submodules",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1897,7 +1947,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Fallback when git version cannot be determined and repo has submodules",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1909,7 +1960,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay enabled when git version cannot be determined and repo has no submodules",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1922,7 +1974,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay when disabled via repository property",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1937,7 +1990,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Overlay not disabled when repository property is false",
  {
    languages: [BuiltInLanguage.javascript],
@@ -1953,7 +2007,8 @@ checkOverlayEnablementMacro.serial(
  },
 );

-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "Environment variable override takes precedence over repository property",
  {
    overlayDatabaseEnvVar: "overlay",
@@ -1969,7 +2024,8 @@ checkOverlayEnablementMacro.serial(

 // Exercise language-specific overlay analysis features code paths
 for (const language in BuiltInLanguage) {
-  checkOverlayEnablementMacro.serial(
+  test.serial(
+    checkOverlayEnablementMacro,
    `Check default overlay analysis feature for ${language}`,
    {
      languages: [language],
@@ -1986,7 +2042,8 @@ for (const language in BuiltInLanguage) {
 // overlay analysis enabled, even when the base overlay feature flag is on.
 // Using swift here as it doesn't currently have overlay support — update this if
 // swift gains overlay support.
-checkOverlayEnablementMacro.serial(
+test.serial(
+  checkOverlayEnablementMacro,
  "No overlay analysis for language without per-language overlay feature flag",
  {
    languages: [BuiltInLanguage.swift],
@@ -7,7 +7,6 @@ import {
  checkExpectedLogMessages,
  getRecordingLogger,
  LoggedMessage,
-  makeMacro,
 } from "../testing-utils";
 import { ConfigurationError, prettyPrintPack } from "../util";

@@ -16,7 +15,7 @@ import * as dbConfig from "./db-config";
 /**
 * Test macro for ensuring the packs block is valid
 */
-const parsePacksMacro = makeMacro({
+const parsePacksMacro = test.macro({
  exec: (
    t: ExecutionContext<unknown>,
    packsInput: string,
@@ -34,7 +33,7 @@ const parsePacksMacro = makeMacro({
 /**
 * Test macro for testing when the packs block is invalid
 */
-const parsePacksErrorMacro = makeMacro({
+const parsePacksErrorMacro = test.macro({
  exec: (
    t: ExecutionContext<unknown>,
    packsInput: string,
@@ -50,32 +49,34 @@ const parsePacksErrorMacro = makeMacro({
 /**
 * Test macro for testing when the packs block is invalid
 */
-const invalidPackNameMacro = makeMacro({
-  exec: (t: ExecutionContext, arg: string) =>
-    parsePacksErrorMacro.fn(
+const invalidPackNameMacro = test.macro({
+  exec: (t: ExecutionContext, name: string) =>
+    parsePacksErrorMacro.exec(
      t,
-      arg,
+      name,
      [BuiltInLanguage.cpp],
-      new RegExp(`^"${arg}" is not a valid pack$`),
+      new RegExp(`^"${name}" is not a valid pack$`),
    ),
  title: (_providedTitle: string | undefined, arg: string | undefined) =>
    `Invalid pack string: ${arg}`,
 });

-parsePacksMacro("no packs", "", [], undefined);
-parsePacksMacro("two packs", "a/b,c/d@1.2.3", [BuiltInLanguage.cpp], {
+test("no packs", parsePacksMacro, "", [], undefined);
+test("two packs", parsePacksMacro, "a/b,c/d@1.2.3", [BuiltInLanguage.cpp], {
  [BuiltInLanguage.cpp]: ["a/b", "c/d@1.2.3"],
 });
-parsePacksMacro(
+test(
  "two packs with spaces",
+  parsePacksMacro,
  " a/b , c/d@1.2.3 ",
  [BuiltInLanguage.cpp],
  {
    [BuiltInLanguage.cpp]: ["a/b", "c/d@1.2.3"],
  },
 );
-parsePacksErrorMacro(
+test(
  "two packs with language",
+  parsePacksErrorMacro,
  "a/b,c/d@1.2.3",
  [BuiltInLanguage.cpp, BuiltInLanguage.java],
  new RegExp(
@@ -84,8 +85,9 @@ parsePacksErrorMacro(
  ),
 );

-parsePacksMacro(
+test(
  "packs with other valid names",
+  parsePacksMacro,
  [
    // ranges are ok
    "c/d@1.0",
@@ -121,23 +123,23 @@ parsePacksMacro(
  },
 );

-invalidPackNameMacro.test("c"); // all packs require at least a scope and a name
-invalidPackNameMacro.test("c-/d");
-invalidPackNameMacro.test("-c/d");
-invalidPackNameMacro.test("c/d_d");
-invalidPackNameMacro.test("c/d@@");
-invalidPackNameMacro.test("c/d@1.0.0:");
-invalidPackNameMacro.test("c/d:");
-invalidPackNameMacro.test("c/d:/a");
-invalidPackNameMacro.test("@1.0.0:a");
-invalidPackNameMacro.test("c/d@../a");
-invalidPackNameMacro.test("c/d@b/../a");
-invalidPackNameMacro.test("c/d:z@1");
+test(invalidPackNameMacro, "c"); // all packs require at least a scope and a name
+test(invalidPackNameMacro, "c-/d");
+test(invalidPackNameMacro, "-c/d");
+test(invalidPackNameMacro, "c/d_d");
+test(invalidPackNameMacro, "c/d@@");
+test(invalidPackNameMacro, "c/d@1.0.0:");
+test(invalidPackNameMacro, "c/d:");
+test(invalidPackNameMacro, "c/d:/a");
+test(invalidPackNameMacro, "@1.0.0:a");
+test(invalidPackNameMacro, "c/d@../a");
+test(invalidPackNameMacro, "c/d@b/../a");
+test(invalidPackNameMacro, "c/d:z@1");

 /**
 * Test macro for pretty printing pack specs
 */
-const packSpecPrettyPrintingMacro = makeMacro({
+const packSpecPrettyPrintingMacro = test.macro({
  exec: (t: ExecutionContext, packStr: string, packObj: dbConfig.Pack) => {
    const parsed = dbConfig.parsePacksSpecification(packStr);
    t.deepEqual(parsed, packObj, "parsed pack spec is correct");
@@ -161,35 +163,36 @@ const packSpecPrettyPrintingMacro = makeMacro({
  ) => `Prettyprint pack spec: '${packStr}'`,
 });

-packSpecPrettyPrintingMacro.test("a/b", {
+test(packSpecPrettyPrintingMacro, "a/b", {
  name: "a/b",
  version: undefined,
  path: undefined,
 });
-packSpecPrettyPrintingMacro.test("a/b@~1.2.3", {
+test(packSpecPrettyPrintingMacro, "a/b@~1.2.3", {
  name: "a/b",
  version: "~1.2.3",
  path: undefined,
 });
-packSpecPrettyPrintingMacro.test("a/b@~1.2.3:abc/def", {
+test(packSpecPrettyPrintingMacro, "a/b@~1.2.3:abc/def", {
  name: "a/b",
  version: "~1.2.3",
  path: "abc/def",
 });
-packSpecPrettyPrintingMacro.test("a/b:abc/def", {
+test(packSpecPrettyPrintingMacro, "a/b:abc/def", {
  name: "a/b",
  version: undefined,
  path: "abc/def",
 });
-packSpecPrettyPrintingMacro.test("    a/b:abc/def    ", {
+test(packSpecPrettyPrintingMacro, "    a/b:abc/def    ", {
  name: "a/b",
  version: undefined,
  path: "abc/def",
 });

-const calculateAugmentationMacro = makeMacro({
+const calculateAugmentationMacro = test.macro({
  exec: async (
    t: ExecutionContext,
+    _title: string,
    rawPacksInput: string | undefined,
    rawQueriesInput: string | undefined,
    languages: Language[],
@@ -204,10 +207,11 @@ const calculateAugmentationMacro = makeMacro({
    );
    t.deepEqual(actualAugmentationProperties, expectedAugmentationProperties);
  },
-  title: (title) => `Calculate Augmentation: ${title}`,
+  title: (_, title) => `Calculate Augmentation: ${title}`,
 });

-calculateAugmentationMacro(
+test(
+  calculateAugmentationMacro,
  "All empty",
  undefined,
  undefined,
@@ -218,7 +222,8 @@ calculateAugmentationMacro(
  },
 );

-calculateAugmentationMacro(
+test(
+  calculateAugmentationMacro,
  "With queries",
  undefined,
  " a, b , c, d",
@@ -230,7 +235,8 @@ calculateAugmentationMacro(
  },
 );

-calculateAugmentationMacro(
+test(
+  calculateAugmentationMacro,
  "With queries combining",
  undefined,
  "   +   a, b , c, d ",
@@ -243,7 +249,8 @@ calculateAugmentationMacro(
  },
 );

-calculateAugmentationMacro(
+test(
+  calculateAugmentationMacro,
  "With packs",
  "   codeql/a , codeql/b   , codeql/c  , codeql/d  ",
  undefined,
@@ -255,7 +262,8 @@ calculateAugmentationMacro(
  },
 );

-calculateAugmentationMacro(
+test(
+  calculateAugmentationMacro,
  "With packs combining",
  "   +   codeql/a, codeql/b, codeql/c, codeql/d",
  undefined,
@@ -268,7 +276,8 @@ calculateAugmentationMacro(
  },
 );

-calculateAugmentationMacro(
+test(
+  calculateAugmentationMacro,
  "With repo property queries",
  undefined,
  undefined,
@@ -285,7 +294,8 @@ calculateAugmentationMacro(
  },
 );

-calculateAugmentationMacro(
+test(
+  calculateAugmentationMacro,
  "With repo property queries combining",
  undefined,
  undefined,
@@ -302,9 +312,10 @@ calculateAugmentationMacro(
  },
 );

-const calculateAugmentationErrorMacro = makeMacro({
+const calculateAugmentationErrorMacro = test.macro({
  exec: async (
    t: ExecutionContext,
+    _title: string,
    rawPacksInput: string | undefined,
    rawQueriesInput: string | undefined,
    languages: Language[],
@@ -322,10 +333,11 @@ const calculateAugmentationErrorMacro = makeMacro({
      { message: expectedError },
    );
  },
-  title: (title) => `Calculate Augmentation Error: ${title}`,
+  title: (_, title) => `Calculate Augmentation Error: ${title}`,
 });

-calculateAugmentationErrorMacro(
+test(
+  calculateAugmentationErrorMacro,
  "Plus (+) with nothing else (queries)",
  undefined,
  "   +   ",
@@ -334,7 +346,8 @@ calculateAugmentationErrorMacro(
  /The workflow property "queries" is invalid/,
 );

-calculateAugmentationErrorMacro(
+test(
+  calculateAugmentationErrorMacro,
  "Plus (+) with nothing else (packs)",
  "   +   ",
  undefined,
@@ -343,7 +356,8 @@ calculateAugmentationErrorMacro(
  /The workflow property "packs" is invalid/,
 );

-calculateAugmentationErrorMacro(
+test(
+  calculateAugmentationErrorMacro,
  "Plus (+) with nothing else (repo property queries)",
  undefined,
  undefined,
@@ -354,7 +368,8 @@ calculateAugmentationErrorMacro(
  /The repository property "github-codeql-extra-queries" is invalid/,
 );

-calculateAugmentationErrorMacro(
+test(
+  calculateAugmentationErrorMacro,
  "Packs input with multiple languages",
  "   +  a/b, c/d ",
  undefined,
@@ -363,7 +378,8 @@ calculateAugmentationErrorMacro(
  /Cannot specify a 'packs' input in a multi-language analysis/,
 );

-calculateAugmentationErrorMacro(
+test(
+  calculateAugmentationErrorMacro,
  "Packs input with no languages",
  "   +  a/b, c/d ",
  undefined,
@@ -372,7 +388,8 @@ calculateAugmentationErrorMacro(
  /No languages specified/,
 );

-calculateAugmentationErrorMacro(
+test(
+  calculateAugmentationErrorMacro,
  "Invalid packs",
  " a-pack-without-a-scope ",
  undefined,
@@ -263,7 +263,7 @@ export function getArtifactSuffix(matrix: string | undefined): string {
    try {
      const matrixObject = JSON.parse(matrix);
      if (json.isObject(matrixObject)) {
-        for (const matrixKey of Object.keys(matrixObject).sort())
+        for (const matrixKey of Object.keys(matrixObject as object).sort())
          suffix += `-${matrixObject[matrixKey]}`;
      } else {
        core.warning("User-specified `matrix` input is not an object.");
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.25.4",
-  "cliVersion": "2.25.4",
-  "priorBundleVersion": "codeql-bundle-v2.25.3",
-  "priorCliVersion": "2.25.3"
+  "bundleVersion": "codeql-bundle-v2.25.3",
+  "cliVersion": "2.25.3",
+  "priorBundleVersion": "codeql-bundle-v2.25.2",
+  "priorCliVersion": "2.25.2"
 }
@@ -16,7 +16,6 @@ import {
  mockCodeQLVersion,
  mockFeatureFlagApiEndpoint,
  setupActionsVars,
-  makeMacro,
 } from "./testing-utils";
 import { GitHubVariant, withTmpDir } from "./util";
 import type { GitHubVersion } from "./util";
@@ -43,9 +42,10 @@ const defaultTestCase: DiffInformedAnalysisTestCase = {
  codeQLVersion: "2.21.0",
 };

-const testShouldPerformDiffInformedAnalysis = makeMacro({
+const testShouldPerformDiffInformedAnalysis = test.macro({
  exec: async (
    t: ExecutionContext,
+    _title: string,
    partialTestCase: Partial<DiffInformedAnalysisTestCase>,
    expectedResult: boolean,
  ) => {
@@ -94,16 +94,18 @@ const testShouldPerformDiffInformedAnalysis = makeMacro({
      getPullRequestBranchesStub.restore();
    });
  },
-  title: (title) => `shouldPerformDiffInformedAnalysis: ${title}`,
+  title: (_, title) => `shouldPerformDiffInformedAnalysis: ${title}`,
 });

-testShouldPerformDiffInformedAnalysis.serial(
+test.serial(
+  testShouldPerformDiffInformedAnalysis,
  "returns true in the default test case",
  {},
  true,
 );

-testShouldPerformDiffInformedAnalysis.serial(
+test.serial(
+  testShouldPerformDiffInformedAnalysis,
  "returns false when feature flag is disabled from the API",
  {
    featureEnabled: false,
@@ -111,7 +113,8 @@ testShouldPerformDiffInformedAnalysis.serial(
  false,
 );

-testShouldPerformDiffInformedAnalysis.serial(
+test.serial(
+  testShouldPerformDiffInformedAnalysis,
  "returns false when CODEQL_ACTION_DIFF_INFORMED_QUERIES is set to false",
  {
    featureEnabled: true,
@@ -120,7 +123,8 @@ testShouldPerformDiffInformedAnalysis.serial(
  false,
 );

-testShouldPerformDiffInformedAnalysis.serial(
+test.serial(
+  testShouldPerformDiffInformedAnalysis,
  "returns true when CODEQL_ACTION_DIFF_INFORMED_QUERIES is set to true",
  {
    featureEnabled: false,
@@ -129,7 +133,8 @@ testShouldPerformDiffInformedAnalysis.serial(
  true,
 );

-testShouldPerformDiffInformedAnalysis.serial(
+test.serial(
+  testShouldPerformDiffInformedAnalysis,
  "returns false for CodeQL version 2.20.0",
  {
    codeQLVersion: "2.20.0",
@@ -137,7 +142,8 @@ testShouldPerformDiffInformedAnalysis.serial(
  false,
 );

-testShouldPerformDiffInformedAnalysis.serial(
+test.serial(
+  testShouldPerformDiffInformedAnalysis,
  "returns false for invalid GHES version",
  {
    gitHubVersion: {
@@ -148,7 +154,8 @@ testShouldPerformDiffInformedAnalysis.serial(
  false,
 );

-testShouldPerformDiffInformedAnalysis.serial(
+test.serial(
+  testShouldPerformDiffInformedAnalysis,
  "returns false for GHES version 3.18.5",
  {
    gitHubVersion: {
@@ -159,7 +166,8 @@ testShouldPerformDiffInformedAnalysis.serial(
  false,
 );

-testShouldPerformDiffInformedAnalysis.serial(
+test.serial(
+  testShouldPerformDiffInformedAnalysis,
  "returns true for GHES version 3.19.0",
  {
    gitHubVersion: {
@@ -170,7 +178,8 @@ testShouldPerformDiffInformedAnalysis.serial(
  true,
 );

-testShouldPerformDiffInformedAnalysis.serial(
+test.serial(
+  testShouldPerformDiffInformedAnalysis,
  "returns false when not a pull request",
  {
    pullRequestBranches: undefined,
@@ -386,7 +386,7 @@ class OfflineFeatures implements FeatureEnablement {
  getFeatureConfig(feature: Feature): FeatureConfig {
    // Narrow the type to FeatureConfig to avoid type errors. To avoid unsafe use of `as`, we
    // check that the required properties exist using `satisfies`.
-    return featureConfig[feature] satisfies FeatureConfig;
+    return featureConfig[feature] satisfies FeatureConfig as FeatureConfig;
  }

  /**
@@ -193,6 +193,94 @@ test.serial(
  },
 );

+test.serial(
+  "getRef() returns merge PR ref if GITHUB_SHA still checked out (SHA-256)",
+  async (t) => {
+    await withTmpDir(async (tmpDir: string) => {
+      setupActionsVars(tmpDir, tmpDir);
+      const expectedRef = "refs/pull/1/merge";
+      const currentSha = "a".repeat(64);
+      process.env["GITHUB_REF"] = expectedRef;
+      process.env["GITHUB_SHA"] = currentSha;
+
+      const callback = sinon.stub(gitUtils, "getCommitOid");
+      callback.withArgs("HEAD").resolves(currentSha);
+
+      const actualRef = await gitUtils.getRef();
+      t.deepEqual(actualRef, expectedRef);
+      callback.restore();
+    });
+  },
+);
+
+test.serial(
+  "getRef() returns merge PR ref if GITHUB_REF still checked out but sha has changed (actions checkout@v1) (SHA-256)",
+  async (t) => {
+    await withTmpDir(async (tmpDir: string) => {
+      setupActionsVars(tmpDir, tmpDir);
+      const expectedRef = "refs/pull/1/merge";
+      process.env["GITHUB_REF"] = expectedRef;
+      process.env["GITHUB_SHA"] = "b".repeat(64);
+      const sha = "a".repeat(64);
+
+      const callback = sinon.stub(gitUtils, "getCommitOid");
+      callback.withArgs("refs/remotes/pull/1/merge").resolves(sha);
+      callback.withArgs("HEAD").resolves(sha);
+
+      const actualRef = await gitUtils.getRef();
+      t.deepEqual(actualRef, expectedRef);
+      callback.restore();
+    });
+  },
+);
+
+test.serial(
+  "getRef() returns head PR ref if GITHUB_REF no longer checked out (SHA-256)",
+  async (t) => {
+    await withTmpDir(async (tmpDir: string) => {
+      setupActionsVars(tmpDir, tmpDir);
+      process.env["GITHUB_REF"] = "refs/pull/1/merge";
+      process.env["GITHUB_SHA"] = "a".repeat(64);
+
+      const callback = sinon.stub(gitUtils, "getCommitOid");
+      callback.withArgs(tmpDir, "refs/pull/1/merge").resolves("a".repeat(64));
+      callback.withArgs(tmpDir, "HEAD").resolves("b".repeat(64));
+
+      const actualRef = await gitUtils.getRef();
+      t.deepEqual(actualRef, "refs/pull/1/head");
+      callback.restore();
+    });
+  },
+);
+
+test.serial(
+  "getRef() returns ref provided as an input and ignores current HEAD (SHA-256)",
+  async (t) => {
+    await withTmpDir(async (tmpDir: string) => {
+      setupActionsVars(tmpDir, tmpDir);
+      const getAdditionalInputStub = sinon.stub(
+        actionsUtil,
+        "getOptionalInput",
+      );
+      getAdditionalInputStub.withArgs("ref").resolves("refs/pull/2/merge");
+      getAdditionalInputStub.withArgs("sha").resolves("b".repeat(64));
+
+      // These values are be ignored
+      process.env["GITHUB_REF"] = "refs/pull/1/merge";
+      process.env["GITHUB_SHA"] = "a".repeat(64);
+
+      const callback = sinon.stub(gitUtils, "getCommitOid");
+      callback.withArgs("refs/pull/1/merge").resolves("b".repeat(64));
+      callback.withArgs("HEAD").resolves("b".repeat(64));
+
+      const actualRef = await gitUtils.getRef();
+      t.deepEqual(actualRef, "refs/pull/2/merge");
+      callback.restore();
+      getAdditionalInputStub.restore();
+    });
+  },
+);
+
 test.serial("isAnalyzingDefaultBranch()", async (t) => {
  process.env["GITHUB_EVENT_NAME"] = "push";
  process.env["CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH"] = "true";
@@ -305,6 +393,25 @@ test.serial("determineBaseBranchHeadCommitOid other error", async (t) => {
  infoStub.restore();
 });

+test.serial(
+  "determineBaseBranchHeadCommitOid returns baseOid for SHA-256 merge commit",
+  async (t) => {
+    const mergeSha = "a".repeat(64);
+    const baseOid = "b".repeat(64);
+    const headOid = "c".repeat(64);
+
+    process.env["GITHUB_EVENT_NAME"] = "pull_request";
+    process.env["GITHUB_SHA"] = mergeSha;
+
+    sinon
+      .stub(gitUtils as any, "runGitCommand")
+      .resolves(`commit ${mergeSha}\nparent ${baseOid}\nparent ${headOid}\n`);
+
+    const result = await gitUtils.determineBaseBranchHeadCommitOid(__dirname);
+    t.deepEqual(result, baseOid);
+  },
+);
+
 test.serial("decodeGitFilePath unquoted strings", async (t) => {
  t.deepEqual(gitUtils.decodeGitFilePath("foo"), "foo");
  t.deepEqual(gitUtils.decodeGitFilePath("foo bar"), "foo bar");
@@ -482,6 +589,61 @@ test.serial(
  },
 );

+test.serial(
+  "getFileOidsUnderPath handles SHA-256 OIDs (64-char)",
+  async (t) => {
+    await withTmpDir(async (tmpDir) => {
+      sinon
+        .stub(gitUtils as any, "runGitCommand")
+        .callsFake(async (_cwd: any, args: any) => {
+          if (args[0] === "rev-parse") {
+            return `${tmpDir}\n`;
+          }
+          return (
+            "100644 9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2c0d4b7e8f9a1234567890ab 0\tlib/git-utils.js\n" +
+            "100644 aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899 0\tsrc/git-utils.ts"
+          );
+        });
+
+      const result = await gitUtils.getFileOidsUnderPath("/fake/path");
+
+      t.deepEqual(result, {
+        "lib/git-utils.js":
+          "9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2c0d4b7e8f9a1234567890ab",
+        "src/git-utils.ts":
+          "aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899",
+      });
+    });
+  },
+);
+
+test.serial(
+  "getFileOidsUnderPath handles mixed SHA-1 and SHA-256 OIDs",
+  async (t) => {
+    await withTmpDir(async (tmpDir) => {
+      sinon
+        .stub(gitUtils as any, "runGitCommand")
+        .callsFake(async (_cwd: any, args: any) => {
+          if (args[0] === "rev-parse") {
+            return `${tmpDir}\n`;
+          }
+          return (
+            "100644 30d998ded095371488be3a729eb61d86ed721a18 0\tlib/sha1-file.js\n" +
+            "100644 aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899 0\tsrc/sha256-file.ts"
+          );
+        });
+
+      const result = await gitUtils.getFileOidsUnderPath("/fake/path");
+
+      t.deepEqual(result, {
+        "lib/sha1-file.js": "30d998ded095371488be3a729eb61d86ed721a18",
+        "src/sha256-file.ts":
+          "aabbccddeeff00112233445566778899aabbccddeeff00112233445566778899",
+      });
+    });
+  },
+);
+
 test.serial(
  "getGitVersionOrThrow returns version for valid git output",
  async (t) => {
@@ -166,8 +166,8 @@ export const determineBaseBranchHeadCommitOid = async function (
    // Let's confirm our assumptions: We had a merge commit and the parsed parent data looks correct
    if (
      commitOid === mergeSha &&
-      headOid.length === 40 &&
-      baseOid.length === 40
+      (headOid.length === 40 || headOid.length === 64) &&
+      (baseOid.length === 40 || baseOid.length === 64)
    ) {
      return baseOid;
    }
@@ -296,7 +296,7 @@ export const getFileOidsUnderPath = async function (
  // 100644 4c51bc1d9e86cd86e01b0f340cb8ce095c33b283 0\tsrc/git-utils.test.ts
  // 100644 6b792ea543ce75d7a8a03df591e3c85311ecb64f 0\tsrc/git-utils.ts
  // The fields are: <mode> <oid> <stage>\t<path>
-  const regex = /^[0-9]+ ([0-9a-f]{40}) [0-9]+\t(.+)$/;
+  const regex = /^[0-9]+ ([0-9a-f]{40,64}) [0-9]+\t(.+)$/;
  for (const line of stdout.split("\n")) {
    if (line) {
      const match = line.match(regex);
@@ -19,7 +19,6 @@ import {
  createFeatures,
  createTestConfig,
  DEFAULT_ACTIONS_VARS,
-  makeMacro,
  makeVersionInfo,
  RecordingLogger,
  setupActionsVars,
@@ -602,7 +601,7 @@ async function testFailedSarifUpload(
  uploadFiles.resolves({
    sarifID: "42",
    statusReport: { raw_upload_size_bytes: 20, zipped_upload_size_bytes: 10 },
-  });
+  } as uploadLib.UploadResult);
  const waitForProcessing = sinon.stub(uploadLib, "waitForProcessing");

  const features = [] as Feature[];
@@ -797,7 +796,7 @@ test.serial(
  },
 );

-const skippedUploadTest = makeMacro({
+const skippedUploadTest = test.macro({
  exec: async (
    t: ExecutionContext<unknown>,
    config: Partial<configUtils.Config>,
@@ -824,8 +823,9 @@ const skippedUploadTest = makeMacro({
    `tryUploadSarifIfRunFailed - skips upload ${providedTitle}`,
 });

-skippedUploadTest.serial(
+test.serial(
  "without CodeQL command",
+  skippedUploadTest,
  // No codeQLCmd
  {
    analysisKinds: [AnalysisKind.RiskAssessment],
@@ -834,8 +834,9 @@ skippedUploadTest.serial(
  "CodeQL command not found",
 );

-skippedUploadTest.serial(
+test.serial(
  "if no language is configured",
+  skippedUploadTest,
  // No explicit language configuration
  {
    analysisKinds: [AnalysisKind.RiskAssessment],
@@ -844,8 +845,9 @@ skippedUploadTest.serial(
  "Unexpectedly, the configuration is not for a single language.",
 );

-skippedUploadTest.serial(
+test.serial(
  "if multiple languages is configured",
+  skippedUploadTest,
  // Multiple explicit languages configured
  {
    analysisKinds: [AnalysisKind.RiskAssessment],
@@ -22,7 +22,6 @@ import {
  createTestConfig,
  getRecordingLogger,
  setupTests,
-  makeMacro,
 } from "./testing-utils";
 import { ConfigurationError, withTmpDir } from "./util";

@@ -159,9 +158,10 @@ type PackInfo = {
  qlpackFileName?: string;
 };

-const testCheckPacksForOverlayCompatibility = makeMacro({
+const testCheckPacksForOverlayCompatibility = test.macro({
  exec: async (
    t: ExecutionContext,
+    _title: string,
    {
      cliOverlayVersion,
      languages,
@@ -234,10 +234,11 @@ const testCheckPacksForOverlayCompatibility = makeMacro({
      );
    });
  },
-  title: (title) => `checkPacksForOverlayCompatibility: ${title}`,
+  title: (_, title) => `checkPacksForOverlayCompatibility: ${title}`,
 });

-testCheckPacksForOverlayCompatibility(
+test(
+  testCheckPacksForOverlayCompatibility,
  "returns false when CLI does not support overlay",
  {
    cliOverlayVersion: undefined,
@@ -252,7 +253,8 @@ testCheckPacksForOverlayCompatibility(
  },
 );

-testCheckPacksForOverlayCompatibility(
+test(
+  testCheckPacksForOverlayCompatibility,
  "returns true when there are no query packs",
  {
    cliOverlayVersion: 2,
@@ -262,7 +264,8 @@ testCheckPacksForOverlayCompatibility(
  },
 );

-testCheckPacksForOverlayCompatibility(
+test(
+  testCheckPacksForOverlayCompatibility,
  "returns true when query pack has not been compiled",
  {
    cliOverlayVersion: 2,
@@ -278,7 +281,8 @@ testCheckPacksForOverlayCompatibility(
  },
 );

-testCheckPacksForOverlayCompatibility(
+test(
+  testCheckPacksForOverlayCompatibility,
  "returns true when query pack has expected overlay version",
  {
    cliOverlayVersion: 2,
@@ -293,7 +297,8 @@ testCheckPacksForOverlayCompatibility(
  },
 );

-testCheckPacksForOverlayCompatibility(
+test(
+  testCheckPacksForOverlayCompatibility,
  "returns true when query packs for all languages to analyze are compatible",
  {
    cliOverlayVersion: 2,
@@ -312,7 +317,8 @@ testCheckPacksForOverlayCompatibility(
  },
 );

-testCheckPacksForOverlayCompatibility(
+test(
+  testCheckPacksForOverlayCompatibility,
  "returns true when query pack for a language not analyzed is incompatible",
  {
    cliOverlayVersion: 2,
@@ -331,7 +337,8 @@ testCheckPacksForOverlayCompatibility(
  },
 );

-testCheckPacksForOverlayCompatibility(
+test(
+  testCheckPacksForOverlayCompatibility,
  "returns false when query pack for a language to analyze is incompatible",
  {
    cliOverlayVersion: 2,
@@ -350,7 +357,8 @@ testCheckPacksForOverlayCompatibility(
  },
 );

-testCheckPacksForOverlayCompatibility(
+test(
+  testCheckPacksForOverlayCompatibility,
  "returns false when query pack is missing .packinfo",
  {
    cliOverlayVersion: 2,
@@ -369,7 +377,8 @@ testCheckPacksForOverlayCompatibility(
  },
 );

-testCheckPacksForOverlayCompatibility(
+test(
+  testCheckPacksForOverlayCompatibility,
  "returns false when query pack has different overlay version",
  {
    cliOverlayVersion: 2,
@@ -388,7 +397,8 @@ testCheckPacksForOverlayCompatibility(
  },
 );

-testCheckPacksForOverlayCompatibility(
+test(
+  testCheckPacksForOverlayCompatibility,
  "returns false when query pack is missing overlayVersion in .packinfo",
  {
    cliOverlayVersion: 2,
@@ -407,7 +417,8 @@ testCheckPacksForOverlayCompatibility(
  },
 );

-testCheckPacksForOverlayCompatibility(
+test(
+  testCheckPacksForOverlayCompatibility,
  "returns false when .packinfo is not valid JSON",
  {
    cliOverlayVersion: 2,
@@ -426,7 +437,8 @@ testCheckPacksForOverlayCompatibility(
  },
 );

-testCheckPacksForOverlayCompatibility(
+test(
+  testCheckPacksForOverlayCompatibility,
  "returns true when query pack uses codeql-pack.yml filename",
  {
    cliOverlayVersion: 2,
@@ -7,13 +7,12 @@ import * as sinon from "sinon";

 import * as actionsUtil from "../actions-util";
 import * as apiClient from "../api-client";
-import type { ResolveDatabaseOutput } from "../codeql";
+import { ResolveDatabaseOutput } from "../codeql";
 import * as gitUtils from "../git-utils";
 import { BuiltInLanguage } from "../languages";
 import { getRunnerLogger } from "../logging";
 import {
  createTestConfig,
-  makeMacro,
  mockCodeQLVersion,
  setupTests,
 } from "../testing-utils";
@@ -24,7 +23,6 @@ import {
  downloadOverlayBaseDatabaseFromCache,
  getCacheRestoreKeyPrefix,
  getCacheSaveKey,
-  getCodeQlVersionsForOverlayBaseDatabases,
 } from "./caching";
 import { OverlayDatabaseMode } from "./overlay-database-mode";

@@ -52,9 +50,10 @@ const defaultDownloadTestCase: DownloadOverlayBaseDatabaseTestCase = {
  resolveDatabaseOutput: { overlayBaseSpecifier: "20250626:XXX" },
 };

-const testDownloadOverlayBaseDatabaseFromCache = makeMacro({
+const testDownloadOverlayBaseDatabaseFromCache = test.macro({
  exec: async (
    t,
+    _title: string,
    partialTestCase: Partial<DownloadOverlayBaseDatabaseTestCase>,
    expectDownloadSuccess: boolean,
  ) => {
@@ -142,16 +141,18 @@ const testDownloadOverlayBaseDatabaseFromCache = makeMacro({
      }
    });
  },
-  title: (title) => `downloadOverlayBaseDatabaseFromCache: ${title}`,
+  title: (_, title) => `downloadOverlayBaseDatabaseFromCache: ${title}`,
 });

-testDownloadOverlayBaseDatabaseFromCache.serial(
+test.serial(
+  testDownloadOverlayBaseDatabaseFromCache,
  "returns stats when successful",
  {},
  true,
 );

-testDownloadOverlayBaseDatabaseFromCache.serial(
+test.serial(
+  testDownloadOverlayBaseDatabaseFromCache,
  "returns undefined when mode is OverlayDatabaseMode.OverlayBase",
  {
    overlayDatabaseMode: OverlayDatabaseMode.OverlayBase,
@@ -159,7 +160,8 @@ testDownloadOverlayBaseDatabaseFromCache.serial(
  false,
 );

-testDownloadOverlayBaseDatabaseFromCache.serial(
+test.serial(
+  testDownloadOverlayBaseDatabaseFromCache,
  "returns undefined when mode is OverlayDatabaseMode.None",
  {
    overlayDatabaseMode: OverlayDatabaseMode.None,
@@ -167,7 +169,8 @@ testDownloadOverlayBaseDatabaseFromCache.serial(
  false,
 );

-testDownloadOverlayBaseDatabaseFromCache.serial(
+test.serial(
+  testDownloadOverlayBaseDatabaseFromCache,
  "returns undefined when caching is disabled",
  {
    useOverlayDatabaseCaching: false,
@@ -175,7 +178,8 @@ testDownloadOverlayBaseDatabaseFromCache.serial(
  false,
 );

-testDownloadOverlayBaseDatabaseFromCache.serial(
+test.serial(
+  testDownloadOverlayBaseDatabaseFromCache,
  "returns undefined in test mode",
  {
    isInTestMode: true,
@@ -183,7 +187,8 @@ testDownloadOverlayBaseDatabaseFromCache.serial(
  false,
 );

-testDownloadOverlayBaseDatabaseFromCache.serial(
+test.serial(
+  testDownloadOverlayBaseDatabaseFromCache,
  "returns undefined when cache miss",
  {
    restoreCacheResult: undefined,
@@ -191,7 +196,8 @@ testDownloadOverlayBaseDatabaseFromCache.serial(
  false,
 );

-testDownloadOverlayBaseDatabaseFromCache.serial(
+test.serial(
+  testDownloadOverlayBaseDatabaseFromCache,
  "returns undefined when download fails",
  {
    restoreCacheResult: new Error("Download failed"),
@@ -199,7 +205,8 @@ testDownloadOverlayBaseDatabaseFromCache.serial(
  false,
 );

-testDownloadOverlayBaseDatabaseFromCache.serial(
+test.serial(
+  testDownloadOverlayBaseDatabaseFromCache,
  "returns undefined when downloaded database is invalid",
  {
    hasBaseDatabaseOidsFile: false,
@@ -207,7 +214,8 @@ testDownloadOverlayBaseDatabaseFromCache.serial(
  false,
 );

-testDownloadOverlayBaseDatabaseFromCache.serial(
+test.serial(
+  testDownloadOverlayBaseDatabaseFromCache,
  "returns undefined when downloaded database doesn't have an overlayBaseSpecifier",
  {
    resolveDatabaseOutput: {},
@@ -215,7 +223,8 @@ testDownloadOverlayBaseDatabaseFromCache.serial(
  false,
 );

-testDownloadOverlayBaseDatabaseFromCache.serial(
+test.serial(
+  testDownloadOverlayBaseDatabaseFromCache,
  "returns undefined when resolving database metadata fails",
  {
    resolveDatabaseOutput: new Error("Failed to resolve database metadata"),
@@ -223,7 +232,8 @@ testDownloadOverlayBaseDatabaseFromCache.serial(
  false,
 );

-testDownloadOverlayBaseDatabaseFromCache.serial(
+test.serial(
+  testDownloadOverlayBaseDatabaseFromCache,
  "returns undefined when filesystem error occurs",
  {
    tryGetFolderBytesSucceeds: false,
@@ -275,134 +285,3 @@ test.serial("overlay-base database cache keys remain stable", async (t) => {
    `Expected save key "${saveKey}" to start with restore key prefix "${restoreKeyPrefix}"`,
  );
 });
-
-test.serial(
-  "getCodeQlVersionsForOverlayBaseDatabases returns unique versions sorted latest first",
-  async (t) => {
-    const logger = getRunnerLogger(true);
-
-    sinon.stub(apiClient, "getAutomationID").resolves("test-automation-id/");
-    sinon.stub(apiClient, "listActionsCaches").resolves([
-      {
-        key: "codeql-overlay-base-database-1-c5666c509a2d9895-javascript_python-2.23.0-abc123-1-1",
-      },
-      {
-        key: "codeql-overlay-base-database-1-c5666c509a2d9895-javascript_python-2.24.1-def456-2-1",
-      },
-      {
-        key: "codeql-overlay-base-database-1-c5666c509a2d9895-javascript_python-2.23.0-ghi789-3-1",
-      },
-    ]);
-
-    const result = await getCodeQlVersionsForOverlayBaseDatabases(
-      ["javascript", "python"],
-      logger,
-    );
-    t.deepEqual(result, ["2.24.1", "2.23.0"]);
-  },
-);
-
-test.serial(
-  "getCodeQlVersionsForOverlayBaseDatabases returns empty list when no caches exist",
-  async (t) => {
-    const logger = getRunnerLogger(true);
-
-    sinon.stub(apiClient, "getAutomationID").resolves("test-automation-id/");
-    sinon.stub(apiClient, "listActionsCaches").resolves([]);
-
-    const result = await getCodeQlVersionsForOverlayBaseDatabases(
-      ["python"],
-      logger,
-    );
-    t.deepEqual(result, []);
-  },
-);
-
-test.serial(
-  "getCodeQlVersionsForOverlayBaseDatabases returns empty list when cache keys are unparseable",
-  async (t) => {
-    const logger = getRunnerLogger(true);
-
-    sinon.stub(apiClient, "getAutomationID").resolves("test-automation-id/");
-    sinon.stub(apiClient, "listActionsCaches").resolves([
-      {
-        key: "codeql-overlay-base-database-1-c5666c509a2d9895-python-malformed",
-      },
-      { key: undefined },
-    ]);
-
-    const result = await getCodeQlVersionsForOverlayBaseDatabases(
-      ["python"],
-      logger,
-    );
-    t.deepEqual(result, []);
-  },
-);
-
-test.serial(
-  "getCodeQlVersionsForOverlayBaseDatabases returns the single version when only one cache exists",
-  async (t) => {
-    const logger = getRunnerLogger(true);
-
-    sinon.stub(apiClient, "getAutomationID").resolves("test-automation-id/");
-    sinon.stub(apiClient, "listActionsCaches").resolves([
-      {
-        key: "codeql-overlay-base-database-1-c5666c509a2d9895-cpp-2.25.0-abc123-1-1",
-      },
-    ]);
-
-    const result = await getCodeQlVersionsForOverlayBaseDatabases(
-      ["cpp"],
-      logger,
-    );
-    t.deepEqual(result, ["2.25.0"]);
-  },
-);
-
-test.serial(
-  "getCodeQlVersionsForOverlayBaseDatabases resolves language aliases",
-  async (t) => {
-    const logger = getRunnerLogger(true);
-    // The alias `c++` should be resolved to "cpp" and match cache entries keyed with "cpp"
-
-    sinon.stub(apiClient, "getAutomationID").resolves("test-automation-id/");
-    sinon.stub(apiClient, "listActionsCaches").resolves([
-      {
-        key: "codeql-overlay-base-database-1-c5666c509a2d9895-cpp-2.25.0-abc123-1-1",
-      },
-    ]);
-
-    const result = await getCodeQlVersionsForOverlayBaseDatabases(
-      ["c++"],
-      logger,
-    );
-    t.deepEqual(result, ["2.25.0"]);
-  },
-);
-
-test.serial(
-  "getCodeQlVersionsForOverlayBaseDatabases ignores nightly versions with build metadata",
-  async (t) => {
-    const logger = getRunnerLogger(true);
-
-    sinon.stub(apiClient, "getAutomationID").resolves("test-automation-id/");
-    sinon.stub(apiClient, "listActionsCaches").resolves([
-      {
-        key: "codeql-overlay-base-database-1-c5666c509a2d9895-python-2.25.0-abc123-1-1",
-      },
-      {
-        // Nightly release with semver build metadata; should be ignored.
-        key: "codeql-overlay-base-database-1-c5666c509a2d9895-python-2.26.0+202604211234-def456-2-1",
-      },
-      {
-        key: "codeql-overlay-base-database-1-c5666c509a2d9895-python-2.24.0-ghi789-3-1",
-      },
-    ]);
-
-    const result = await getCodeQlVersionsForOverlayBaseDatabases(
-      ["python"],
-      logger,
-    );
-    t.deepEqual(result, ["2.25.0", "2.24.0"]);
-  },
-);
@@ -1,20 +1,18 @@
 import * as fs from "fs";

 import * as actionsCache from "@actions/cache";
-import * as semver from "semver";

 import {
  getRequiredInput,
  getWorkflowRunAttempt,
  getWorkflowRunID,
 } from "../actions-util";
-import { getAutomationID, listActionsCaches } from "../api-client";
+import { getAutomationID } from "../api-client";
 import { createCacheKeyHash } from "../caching-utils";
 import { type CodeQL } from "../codeql";
 import { type Config } from "../config-utils";
 import { getCommitOid } from "../git-utils";
-import { type Language, parseBuiltInLanguage } from "../languages";
-import { type Logger, withGroupAsync } from "../logging";
+import { Logger, withGroupAsync } from "../logging";
 import {
  CleanupLevel,
  getBaseDatabaseOidsFilePath,
@@ -406,17 +404,7 @@ export async function getCacheRestoreKeyPrefix(
  config: Config,
  codeQlVersion: string,
 ): Promise<string> {
-  return `${await getCacheKeyPrefixBase(config.languages)}${codeQlVersion}-`;
-}
-
-/**
- * Computes the cache key prefix for overlay-base databases, excluding the
- * CodeQL version.
- */
-async function getCacheKeyPrefixBase(
-  parsedLanguages: Language[],
-): Promise<string> {
-  const languagesComponent = [...parsedLanguages].sort().join("_");
+  const languages = [...config.languages].sort().join("_");

  const cacheKeyComponents = {
    automationID: await getAutomationID(),
@@ -424,97 +412,17 @@ async function getCacheKeyPrefixBase(
  };
  const componentsHash = createCacheKeyHash(cacheKeyComponents);

+  // For a cached overlay-base database to be considered compatible for overlay
+  // analysis, all components in the cache restore key must match:
+  //
  // CACHE_PREFIX: distinguishes overlay-base databases from other cache objects
  // CACHE_VERSION: cache format version
  // componentsHash: hash of additional components (see above for details)
-  // languagesComponent: the languages included in the overlay-base database
+  // languages: the languages included in the overlay-base database
+  // codeQlVersion: CodeQL bundle version
  //
-  // Technically we can also include languages in the componentsHash, but
-  // including them explicitly in the cache key makes it easier to debug and
-  // understand the cache key structure.
-  return `${CACHE_PREFIX}-${CACHE_VERSION}-${componentsHash}-${languagesComponent}-`;
-}
-
-/**
- * Searches the GitHub Actions cache for overlay-base databases matching the given languages, and
- * returns all stable CodeQL versions found across matching cache entries.
- *
- * Note that we do not guarantee that the cache entry for these versions of CodeQL will still be
- * present by the time we attempt to restore the cache. We could achieve that with a download retry
- * loop, but we expect that if there is sufficient Actions cache contention that an overlay-base
- * cache entry for a particular CodeQL version is evicted before we can use it, then it is likely
- * that the same thing will happen to other overlay-base cache entries, and therefore we will not be
- * able to use overlay.
- *
- * @returns Unique stable CodeQL versions found in cached overlay-base databases, sorted from latest to
- * earliest, or undefined if one of the languages is not a built-in language.
- */
-export async function getCodeQlVersionsForOverlayBaseDatabases(
-  rawLanguages: string[],
-  logger: Logger,
-): Promise<string[] | undefined> {
-  const languages = rawLanguages.map(parseBuiltInLanguage);
-  if (languages.includes(undefined)) {
-    logger.warning(
-      "One or more provided languages are not recognized as built-in languages. " +
-        "Skipping searching for overlay-base databases in cache.",
-    );
-    return undefined;
-  }
-  const cacheKeyPrefix = await getCacheKeyPrefixBase(
-    languages.filter((l) => l !== undefined),
-  );
-
-  logger.debug(
-    `Searching for overlay-base databases in Actions cache with ` +
-      `prefix ${cacheKeyPrefix}`,
-  );
-
-  const caches = await listActionsCaches(cacheKeyPrefix);
-
-  if (caches.length === 0) {
-    logger.info("No overlay-base databases found in Actions cache.");
-    return [];
-  }
-
-  logger.info(
-    `Found ${caches.length} overlay-base ` +
-      `${caches.length === 1 ? "database" : "databases"} in the Actions cache.`,
-  );
-
-  // Parse CodeQL versions from cache keys, matching only stable releases.
-  //
-  // After the prefix, the remaining key format starts with `${codeQlVersion}-`. Nightlies will have
-  // a suffix like `+202604201548` that will break the match.
-  //
-  // Caveat: this relies on the fact that we haven't released any CodeQL bundles with the
-  // `x.y.z-<pre-release>` semver format which does not interact well with the current overlay base
-  // DB cache key format.
-  const versionRegex = /^([\d.]+)-/;
-  const versionSet = new Set<string>();
-
-  for (const cache of caches) {
-    if (!cache.key) continue;
-    const suffix = cache.key.substring(cacheKeyPrefix.length);
-    const match = suffix.match(versionRegex);
-    if (match && semver.valid(match[1])) {
-      versionSet.add(match[1]);
-    }
-  }
-
-  if (versionSet.size === 0) {
-    logger.info(
-      "Could not parse any CodeQL versions from overlay-base database " +
-        "cache keys.",
-    );
-    return [];
-  }
-
-  const versions = [...versionSet].sort(semver.rcompare);
-
-  logger.info(
-    `Found overlay databases for the following CodeQL versions in the Actions cache: ${versions.join(", ")}`,
-  );
-
-  return versions;
+  // Technically we can also include languages and codeQlVersion in the
+  // componentsHash, but including them explicitly in the cache key makes it
+  // easier to debug and understand the cache key structure.
+  return `${CACHE_PREFIX}-${CACHE_VERSION}-${componentsHash}-${languages}-${codeQlVersion}-`;
 }
@@ -20,7 +20,6 @@ import {
  createFeatures,
  getRecordingLogger,
  initializeFeatures,
-  makeMacro,
  mockBundleDownloadApi,
  setupActionsVars,
  setupTests,
@@ -474,7 +473,7 @@ test.serial(
  },
 );

-const toolcacheInputFallbackMacro = makeMacro({
+const toolcacheInputFallbackMacro = test.macro({
  exec: async (
    t: ExecutionContext<unknown>,
    featureList: Feature[],
@@ -534,8 +533,9 @@ const toolcacheInputFallbackMacro = makeMacro({
    `getCodeQLSource falls back to downloading the CLI if ${providedTitle}`,
 });

-toolcacheInputFallbackMacro.serial(
+test.serial(
  "the toolcache doesn't have a CodeQL CLI when tools == toolcache",
+  toolcacheInputFallbackMacro,
  [Feature.AllowToolcacheInput],
  { GITHUB_EVENT_NAME: "dynamic" },
  [],
@@ -545,8 +545,9 @@ toolcacheInputFallbackMacro.serial(
  ],
 );

-toolcacheInputFallbackMacro.serial(
+test.serial(
  "the workflow trigger is not `dynamic`",
+  toolcacheInputFallbackMacro,
  [Feature.AllowToolcacheInput],
  { GITHUB_EVENT_NAME: "pull_request" },
  [],
@@ -555,8 +556,9 @@ toolcacheInputFallbackMacro.serial(
  ],
 );

-toolcacheInputFallbackMacro.serial(
+test.serial(
  "the feature flag is not enabled",
+  toolcacheInputFallbackMacro,
  [],
  { GITHUB_EVENT_NAME: "dynamic" },
  [],
@@ -18,7 +18,6 @@ import {
  assertNotLogged,
  checkExpectedLogMessages,
  createFeatures,
-  makeMacro,
  makeTestToken,
  RecordingLogger,
  setupTests,
@@ -33,7 +32,7 @@ import {

 setupTests(test);

-const sendFailedStatusReportTest = makeMacro({
+const sendFailedStatusReportTest = test.macro({
  exec: async (
    t: ExecutionContext<unknown>,
    err: Error,
@@ -89,14 +88,16 @@ const sendFailedStatusReportTest = makeMacro({
  title: (providedTitle = "") => `sendFailedStatusReport - ${providedTitle}`,
 });

-sendFailedStatusReportTest.serial(
+test.serial(
  "reports generic error message for non-StartProxyError error",
+  sendFailedStatusReportTest,
  new Error("Something went wrong today"),
  "Error from start-proxy Action omitted (Error).",
 );

-sendFailedStatusReportTest.serial(
+test.serial(
  "reports generic error message for non-StartProxyError error with safe error message",
+  sendFailedStatusReportTest,
  new Error(
    startProxyExports.getStartProxyErrorMessage(
      startProxyExports.StartProxyErrorType.DownloadFailed,
@@ -105,8 +106,9 @@ sendFailedStatusReportTest.serial(
  "Error from start-proxy Action omitted (Error).",
 );

-sendFailedStatusReportTest.serial(
+test.serial(
  "reports generic error message for ConfigurationError error",
+  sendFailedStatusReportTest,
  new ConfigurationError("Something went wrong today"),
  "Error from start-proxy Action omitted (ConfigurationError).",
  "user-error",
@@ -412,7 +414,7 @@ test("getCredentials accepts OIDC configurations", (t) => {
  }
 });

-const getCredentialsMacro = makeMacro({
+const getCredentialsMacro = test.macro({
  exec: async (
    t: ExecutionContext<unknown>,
    credentials: startProxyExports.RawCredential[],
@@ -438,8 +440,9 @@ const getCredentialsMacro = makeMacro({
  title: (providedTitle = "") => `getCredentials - ${providedTitle}`,
 });

-getCredentialsMacro(
+test(
  "warns for PAT-like password without a username",
+  getCredentialsMacro,
  [
    {
      type: "git_server",
@@ -467,8 +470,9 @@ getCredentialsMacro(
  },
 );

-getCredentialsMacro(
+test(
  "no warning for PAT-like password with a username",
+  getCredentialsMacro,
  [
    {
      type: "git_server",
@@ -498,8 +502,9 @@ getCredentialsMacro(
  },
 );

-getCredentialsMacro(
+test(
  "warns for PAT-like token without a username",
+  getCredentialsMacro,
  [
    {
      type: "git_server",
@@ -527,8 +532,9 @@ getCredentialsMacro(
  },
 );

-getCredentialsMacro(
+test(
  "no warning for PAT-like token with a username",
+  getCredentialsMacro,
  [
    {
      type: "git_server",
@@ -790,7 +796,7 @@ test.serial(
  },
 );

-const wrapFailureTest = makeMacro({
+const wrapFailureTest = test.macro({
  exec: async (
    t: ExecutionContext<unknown>,
    setup: () => void,
@@ -821,8 +827,9 @@ test.serial("downloadProxy - returns file path on success", async (t) => {
  });
 });

-wrapFailureTest.serial(
+test.serial(
  "downloadProxy",
+  wrapFailureTest,
  () => {
    sinon.stub(toolcache, "downloadTool").throws();
  },
@@ -841,8 +848,9 @@ test.serial("extractProxy - returns file path on success", async (t) => {
  });
 });

-wrapFailureTest.serial(
+test.serial(
  "extractProxy",
+  wrapFailureTest,
  () => {
    sinon.stub(toolcache, "extractTar").throws();
  },
@@ -866,8 +874,9 @@ test.serial("cacheProxy - returns file path on success", async (t) => {
  });
 });

-wrapFailureTest.serial(
+test.serial(
  "cacheProxy",
+  wrapFailureTest,
  () => {
    sinon.stub(toolcache, "cacheDir").throws();
  },
@@ -19,7 +19,6 @@ import {
  setupTests,
  setupActionsVars,
  createTestConfig,
-  makeMacro,
 } from "./testing-utils";
 import { BuildMode, ConfigurationError, withTmpDir, wrapError } from "./util";

@@ -292,9 +291,10 @@ test.serial(
  },
 );

-const testCreateInitWithConfigStatusReport = makeMacro({
+const testCreateInitWithConfigStatusReport = test.macro({
  exec: async (
    t,
+    _title: string,
    config: Config,
    expectedReportProperties: Partial<InitWithConfigStatusReport>,
  ) => {
@@ -337,10 +337,11 @@ const testCreateInitWithConfigStatusReport = makeMacro({
      }
    });
  },
-  title: (title) => `createInitWithConfigStatusReport: ${title}`,
+  title: (_, title) => `createInitWithConfigStatusReport: ${title}`,
 });

-testCreateInitWithConfigStatusReport.serial(
+test.serial(
+  testCreateInitWithConfigStatusReport,
  "returns a value",
  createTestConfig({
    buildMode: BuildMode.None,
@@ -354,7 +355,8 @@ testCreateInitWithConfigStatusReport.serial(
  },
 );

-testCreateInitWithConfigStatusReport.serial(
+test.serial(
+  testCreateInitWithConfigStatusReport,
  "includes packs for a single language",
  createTestConfig({
    buildMode: BuildMode.None,
@@ -370,7 +372,8 @@ testCreateInitWithConfigStatusReport.serial(
  },
 );

-testCreateInitWithConfigStatusReport.serial(
+test.serial(
+  testCreateInitWithConfigStatusReport,
  "includes packs for multiple languages",
  createTestConfig({
    buildMode: BuildMode.None,
@@ -2,11 +2,7 @@ import { TextDecoder } from "node:util";
 import path from "path";

 import * as github from "@actions/github";
-import test, {
-  type ExecutionContext,
-  type MacroDeclarationOptions,
-  type TestFn,
-} from "ava";
+import { ExecutionContext, TestFn } from "ava";
 import nock from "nock";
 import * as sinon from "sinon";

@@ -89,8 +85,8 @@ function wrapOutput(context: TestContext) {
  };
 }

-export function setupTests(testFn: TestFn<any>) {
-  const typedTest = testFn as TestFn<TestContext>;
+export function setupTests(test: TestFn<any>) {
+  const typedTest = test as TestFn<TestContext>;

  typedTest.beforeEach((t) => {
    // Set an empty CodeQL object so that all method calls will fail
@@ -143,26 +139,6 @@ export function setupTests(testFn: TestFn<any>) {
  });
 }

-/**
- * Declare a reusable test implementation, with better type safety than `test.macro`.
- */
-export function makeMacro<Args extends unknown[]>(
-  decl: MacroDeclarationOptions<Args, unknown>,
-) {
-  const m = test.macro<Args>(decl);
-
-  const wrapper = (name: string, ...args: Args) => test(name, m, ...args);
-  wrapper.test = (...args: Args) => test(m, ...args);
-  wrapper.serial = (name: string, ...args: Args) =>
-    test.serial(name, m, ...args);
-  // Make the implementation available as `fn`. We don't call it `exec` so
-  // that results from this function are not valid arguments to `test`
-  // or `test.serial`.
-  wrapper.fn = decl.exec;
-
-  return wrapper;
-}
-
 /**
 * Default values for environment variables typically set in an Actions
 * environment. Tests can override individual variables by passing them in the
@@ -184,6 +160,9 @@ export const DEFAULT_ACTIONS_VARS = {
  RUNNER_OS: "Linux",
 } as const satisfies Record<string, string>;

+/** A 64-character SHA-256 Git OID for use in SHA-256 repository test scenarios. */
+export const SHA256_GITHUB_SHA = "0".repeat(64);
+
 // Sets environment variables that make using some libraries designed for
 // use only on actions safe to use outside of actions.
 export function setupActionsVars(
@@ -12,7 +12,7 @@ import * as api from "./api-client";
 import * as diffUtils from "./diff-informed-analysis-utils";
 import { getRunnerLogger, Logger } from "./logging";
 import * as sarif from "./sarif";
-import { setupTests } from "./testing-utils";
+import { setupTests, SHA256_GITHUB_SHA } from "./testing-utils";
 import * as uploadLib from "./upload-lib";
 import { UploadPayload } from "./upload-lib/types";
 import { GitHubVariant, initializeEnvironment, withTmpDir } from "./util";
@@ -110,6 +110,35 @@ test.serial(
  },
 );

+test.serial(
+  "validate correct payload used for PR merge commit with SHA-256 OIDs",
+  async (t) => {
+    process.env["GITHUB_EVENT_NAME"] = "pull_request";
+    process.env["GITHUB_SHA"] = SHA256_GITHUB_SHA;
+    process.env["GITHUB_BASE_REF"] = "master";
+    process.env["GITHUB_EVENT_PATH"] =
+      `${__dirname}/../src/testdata/pull_request.json`;
+
+    const sha256MergeBase = "b".repeat(64);
+    const prMergePayload: any = uploadLib.buildPayload(
+      SHA256_GITHUB_SHA,
+      "refs/pull/123/merge",
+      "key",
+      undefined,
+      "",
+      1234,
+      1,
+      "/opt/src",
+      undefined,
+      ["CodeQL", "eslint"],
+      sha256MergeBase,
+    );
+    // Uploads for a merge commit use the merge base (SHA-256)
+    t.deepEqual(prMergePayload.base_ref, "refs/heads/master");
+    t.deepEqual(prMergePayload.base_sha, sha256MergeBase);
+  },
+);
+
 test.serial("finding SARIF files", async (t) => {
  await withTmpDir(async (tmpDir) => {
    // include a couple of sarif files
@@ -6,7 +6,7 @@ import * as sinon from "sinon";

 import { AnalysisKind, getAnalysisConfig } from "./analyses";
 import { getRunnerLogger } from "./logging";
-import { createFeatures, makeMacro, setupTests } from "./testing-utils";
+import { createFeatures, setupTests } from "./testing-utils";
 import { UploadResult } from "./upload-lib";
 import * as uploadLib from "./upload-lib";
 import { postProcessAndUploadSarif } from "./upload-sarif";
@@ -43,7 +43,7 @@ function mockPostProcessSarifFiles() {
  return postProcessSarifFiles;
 }

-const postProcessAndUploadSarifMacro = makeMacro({
+const postProcessAndUploadSarifMacro = test.macro({
  exec: async (
    t: ExecutionContext<unknown>,
    sarifFiles: string[],
@@ -67,7 +67,7 @@ const postProcessAndUploadSarifMacro = makeMacro({
        const analysisConfig = getAnalysisConfig(analysisKind);
        uploadPostProcessedFiles
          .withArgs(logger, sinon.match.any, analysisConfig, sinon.match.any)
-          .resolves(expectedResult[analysisKind]?.uploadResult);
+          .resolves(expectedResult[analysisKind as AnalysisKind]?.uploadResult);
      }

      const fullSarifPaths = sarifFiles.map(toFullPath);
@@ -123,8 +123,9 @@ const postProcessAndUploadSarifMacro = makeMacro({
  title: (providedTitle = "") => `processAndUploadSarif - ${providedTitle}`,
 });

-postProcessAndUploadSarifMacro.serial(
+test.serial(
  "SARIF file",
+  postProcessAndUploadSarifMacro,
  ["test.sarif"],
  (tempDir) => path.join(tempDir, "test.sarif"),
  {
@@ -137,8 +138,9 @@ postProcessAndUploadSarifMacro.serial(
  },
 );

-postProcessAndUploadSarifMacro.serial(
+test.serial(
  "JSON file",
+  postProcessAndUploadSarifMacro,
  ["test.json"],
  (tempDir) => path.join(tempDir, "test.json"),
  {
@@ -151,8 +153,9 @@ postProcessAndUploadSarifMacro.serial(
  },
 );

-postProcessAndUploadSarifMacro.serial(
+test.serial(
  "Code Scanning files",
+  postProcessAndUploadSarifMacro,
  ["test.json", "test.sarif"],
  undefined,
  {
@@ -166,8 +169,9 @@ postProcessAndUploadSarifMacro.serial(
  },
 );

-postProcessAndUploadSarifMacro.serial(
+test.serial(
  "Code Quality file",
+  postProcessAndUploadSarifMacro,
  ["test.quality.sarif"],
  (tempDir) => path.join(tempDir, "test.quality.sarif"),
  {
@@ -180,8 +184,9 @@ postProcessAndUploadSarifMacro.serial(
  },
 );

-postProcessAndUploadSarifMacro.serial(
+test.serial(
  "Mixed files",
+  postProcessAndUploadSarifMacro,
  ["test.sarif", "test.quality.sarif"],
  undefined,
  {
@@ -422,7 +422,7 @@ async function testLanguageAliases(
          ],
        },
      },
-    },
+    } as Workflow,
    codeql,
  );
Author	SHA1	Message	Date
Óscar San José	2041daafe4	Fix lint errors	2026-05-06 17:30:02 +02:00
copilot-swe-agent[bot]	807ce4efd0	Support SHA-256 Git object hashes in git-utils and tests Agent-Logs-Url: https://github.com/github/codeql-action/sessions/e39d1fb6-4ce3-47c3-9113-e41b111fc8fb Co-authored-by: oscarsj <1410188+oscarsj@users.noreply.github.com>	2026-05-04 15:53:11 +00:00
copilot-swe-agent[bot]	bd0f7a95e7	Initial plan	2026-05-04 15:43:19 +00:00