Cache CLI version and extractor metadata

CI: Automatically cancel non-generated workflows

.github/actions/prepare-mergeback-branch/action.yml

@@ -41,7 +41,38 @@ runs:
         git add .
         git commit -m "Update changelog and version after ${VERSION}"
 
-        git push origin "${NEW_BRANCH}"
+    # Update the build artifacts with the new version number
+    - name: Rebuild the Action
+      shell: bash
+      run: |
+        set -exu
+        npm ci
+        npm run build
+
+    - name: Check for rebuild changes
+      id: rebuild_changes
+      shell: bash
+      run: |
+        set -exu
+        git add --all
+        if git diff --cached --quiet; then
+          echo "has_changes=false" >> "${GITHUB_OUTPUT}"
+        else
+          echo "has_changes=true" >> "${GITHUB_OUTPUT}"
+        fi
+
+    - name: Commit rebuild
+      if: steps.rebuild_changes.outputs.has_changes == 'true'
+      shell: bash
+      run: |
+        set -exu
+        git commit -m "Rebuild"
+
+    - name: Push mergeback branch
+      shell: bash
+      env:
+        NEW_BRANCH: "${{ inputs.branch }}"
+      run: git push origin "${NEW_BRANCH}"
 
     - name: Create PR
       shell: bash
@@ -60,8 +91,6 @@ runs:
 
           Please do the following:
 
-          - [ ] Remove and re-add the "Rebuild" label to the PR to trigger just this workflow.
-          - [ ] Wait for the "Rebuild" workflow to push a commit updating the distribution files.
           - [ ] Mark the PR as ready for review to trigger the full set of PR checks.
           - [ ] Approve and merge the PR. When merging the PR, make sure "Create a merge commit" is
                 selected rather than "Squash and merge" or "Rebase and merge".
@@ -74,7 +103,6 @@ runs:
           --head "${NEW_BRANCH}" \
           --base "${BASE_BRANCH}" \
           --title "${pr_title}" \
-          --label "Rebuild" \
           --body "${pr_body}" \
           --assignee "${GITHUB_ACTOR}" \
           --draft

.github/actions/release-initialise/action.yml

@@ -18,7 +18,7 @@ runs:
     - name: Set up Node
       uses: actions/setup-node@v6
       with:
-        node-version: 20
+        node-version: 24
         cache: 'npm'
 
     - name: Set up Python

.github/update-release-branch.py

@@ -19,6 +19,10 @@ No user facing changes.
 # Changing it requires a transition period where both old and new versions are supported.
 BACKPORT_COMMIT_MESSAGE = 'Update version and changelog for v'
 
+# Commit message used for rebuild commits, both those produced by this script and those produced
+# by the `Rebuild Action` workflow (`.github/workflows/rebuild.yml`).
+REBUILD_COMMIT_MESSAGE = 'Rebuild'
+
 # Name of the remote
 ORIGIN = 'origin'
 
@@ -43,6 +47,28 @@ def run_git(*args, allow_non_zero_exit_code=False):
     raise Exception(f'Call to {" ".join(cmd)} exited with code {p.returncode} stderr: {p.stderr.decode("ascii")}.')
   return p.stdout.decode('ascii')
 
+# Runs the given command, streaming output to the console.
+# Raises an error if the command does not exit successfully.
+def run_command(*args):
+  cmd = list(args)
+  print(f'Running `{" ".join(cmd)}`.')
+  subprocess.run(cmd, check=True)
+
+# Rebuilds the action and commits any changes.
+def rebuild_action():
+  # For backports, the only source-level change vs the source branch is the new version number,
+  # so we just need to refresh the version embedded in `lib/`.
+  run_command('npm', 'ci')
+  run_command('npm', 'run', 'build')
+
+  run_git('add', '--all')
+  # `git diff --cached --quiet` exits 0 if there are no staged changes, 1 if there are.
+  if subprocess.run(['git', 'diff', '--cached', '--quiet']).returncode == 0:
+    print('Rebuild produced no changes; skipping Rebuild commit.')
+  else:
+    run_git('commit', '-m', REBUILD_COMMIT_MESSAGE)
+    print('Created Rebuild commit.')
+
 # Returns true if the given branch exists on the origin remote
 def branch_exists_on_remote(branch_name):
   return run_git('ls-remote', '--heads', ORIGIN, branch_name).strip() != ''
@@ -98,9 +124,11 @@ def open_pr(
   body.append('Please do the following:')
   if len(conflicted_files) > 0:
     body.append(' - [ ] Ensure `package.json` file contains the correct version.')
-    body.append(' - [ ] Add commits to this branch to resolve the merge conflicts ' +
+    body.append(' - [ ] Add a commit to this branch to resolve the merge conflicts ' +
       'in the following files:')
-    body.extend([f'    - [ ] `{file}`' for file in conflicted_files])
+    body.extend([f'    - `{file}`' for file in conflicted_files])
+    body.append(' - [ ] Rebuild the Action locally (`npm run build`) and push any changes to the ' +
+      f'built output in `lib` as a separate commit named exactly `{REBUILD_COMMIT_MESSAGE}`.')
     body.append(' - [ ] Ensure another maintainer has reviewed the additional commits you added to this ' +
       'branch to resolve the merge conflicts.')
   body.append(' - [ ] Ensure the CHANGELOG displays the correct version and date.')
@@ -108,10 +136,6 @@ def open_pr(
   body.append(f' - [ ] Check that there are not any unexpected commits being merged into the `{target_branch}` branch.')
   body.append(' - [ ] Ensure the docs team is aware of any documentation changes that need to be released.')
 
-  if not is_primary_release:
-    body.append(' - [ ] Remove and re-add the "Rebuild" label to the PR to trigger just this workflow.')
-    body.append(' - [ ] Wait for the "Rebuild" workflow to push a commit updating the distribution files.')
-
   body.append(' - [ ] Mark the PR as ready for review to trigger the full set of PR checks.')
   body.append(' - [ ] Approve and merge this PR. Make sure `Create a merge commit` is selected rather than `Squash and merge` or `Rebase and merge`.')
 
@@ -120,13 +144,11 @@ def open_pr(
     body.append(' - [ ] Merge all backport PRs to older release branches, that will automatically be created once this PR is merged.')
 
   title = f'Merge {source_branch} into {target_branch}'
-  labels = ['Rebuild'] if not is_primary_release else []
 
   # Create the pull request
   # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft so that
   # a maintainer can take the PR out of draft, thereby triggering the PR checks.
   pr = repo.create_pull(title=title, body='\n'.join(body), head=new_branch_name, base=target_branch, draft=True)
-  pr.add_to_labels(*labels)
   print(f'Created PR #{str(pr.number)}')
 
   # Assign the conductor
@@ -385,8 +407,9 @@ def main():
       # releases.
       run_git('revert', vOlder_update_commits[0], '--no-edit')
 
-      # Also revert the "Rebuild" commit created by Actions.
-      rebuild_commit = run_git('log', '--grep', '^Rebuild$', '--format=%H').split()[0]
+      # Also revert the "Rebuild" commit, whether created by this script or by the
+      # `Rebuild Action` workflow.
+      rebuild_commit = run_git('log', '--grep', f'^{REBUILD_COMMIT_MESSAGE}$', '--format=%H').split()[0]
       print(f'  Reverting {rebuild_commit}')
       run_git('revert', rebuild_commit, '--no-edit')
 
@@ -401,9 +424,10 @@ def main():
       run_git('add', '.')
       run_git('commit', '--no-edit')
 
-    # Migrate the package version number from a vLatest version number to a vOlder version number
+    # Migrate the package version number from a vLatest version number to a vOlder version number.
+    # `package-lock.json` is updated as part of the subsequent rebuild step (see `rebuild_action`).
     print(f'Setting version number to {version} in package.json')
-    replace_version_package_json(get_current_version(), version) # We rely on the `Rebuild` workflow to update package-lock.json
+    replace_version_package_json(get_current_version(), version)
     run_git('add', 'package.json')
 
     # Migrate the changelog notes from vLatest version numbers to vOlder version numbers
@@ -426,6 +450,13 @@ def main():
     run_git('add', 'CHANGELOG.md')
     run_git('commit', '-m', f'Update changelog for v{version}')
 
+  if not is_primary_release:
+    if len(conflicted_files) == 0:
+      print('Rebuilding the Action.')
+      rebuild_action()
+    else:
+      print(f'Skipping automatic rebuild because the merge produced conflicts in {conflicted_files}.')
+
   run_git('push', ORIGIN, new_branch_name)
 
   # Open a PR to update the branch

.github/workflows/check-expected-release-files.yml

@@ -9,6 +9,10 @@ on:
     # by other workflows.
     types: [opened, synchronize, reopened, ready_for_review]
 
+concurrency:
+  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
+  group: ${{ github.workflow }}-${{ github.ref }}
+
 defaults:
   run:
     shell: bash

.github/workflows/codescanning-config-cli.yml

@@ -24,6 +24,10 @@ on:
     - cron: '0 5 * * *'
   workflow_dispatch:
 
+concurrency:
+  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
+  group: ${{ github.workflow }}-${{ github.ref }}
+
 defaults:
   run:
     shell: bash

.github/workflows/debug-artifacts-failure-safe.yml

@@ -20,6 +20,10 @@ on:
     - cron: '0 5 * * *'
   workflow_dispatch:
 
+concurrency:
+  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
+  group: ${{ github.workflow }}-${{ github.ref }}
+
 defaults:
   run:
     shell: bash

.github/workflows/debug-artifacts-safe.yml

@@ -19,6 +19,10 @@ on:
     - cron: '0 5 * * *'
   workflow_dispatch:
 
+concurrency:
+  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
+  group: ${{ github.workflow }}-${{ github.ref }}
+
 defaults:
   run:
     shell: bash

.github/workflows/post-release-mergeback.yml

@@ -48,6 +48,9 @@ jobs:
         with:
           fetch-depth: 0  # ensure we have all tags and can push commits
       - uses: actions/setup-node@v6
+        with:
+          node-version: 24
+          cache: 'npm'
       - uses: actions/setup-python@v6
         with:
           python-version: '3.12'

.github/workflows/pr-checks.yml

@@ -10,6 +10,10 @@ on:
     types: [checks_requested]
   workflow_dispatch:
 
+concurrency:
+  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
+  group: ${{ github.workflow }}-${{ github.ref }}
+
 defaults:
   run:
     shell: bash

.github/workflows/python312-windows.yml

@@ -14,6 +14,10 @@ on:
     - cron: '0 0 * * 1'
   workflow_dispatch:
 
+concurrency:
+  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
+  group: ${{ github.workflow }}-${{ github.ref }}
+
 defaults:
   run:
     shell: bash

.github/workflows/query-filters.yml

@@ -17,6 +17,10 @@ on:
     - cron: '0 5 * * *'
   workflow_dispatch:
 
+concurrency:
+  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
+  group: ${{ github.workflow }}-${{ github.ref }}
+
 defaults:
   run:
     shell: bash

.github/workflows/test-codeql-bundle-all.yml

@@ -18,6 +18,11 @@ on:
   schedule:
     - cron: '0 5 * * *'
   workflow_dispatch:
+
+concurrency:
+  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
+  group: ${{ github.workflow }}-${{ github.ref }}
+
 defaults:
   run:
     shell: bash

build.mjs

@@ -65,12 +65,22 @@ const onEndPlugin = {
 /** The name of the virtual `entry-points` module. */
 const SHARED_ENTRYPOINT = "entry-points";
 
+/** The property name under which `upload-lib`'s namespace is exposed in `entry-points`. */
+const UPLOAD_LIB_EXPORT = "uploadLib";
+
+/** The relative source path of the `upload-lib` module that we re-export from `entry-points`. */
+const UPLOAD_LIB_SRC = "./src/upload-lib";
+
 /**
- * This plugin finds all source files that contain Action entry points.
- * It then generates the virtual `entry-points` module which imports all identified files,
- * and re-exports their `runWrapper` functions with suitable aliases.
- * A tiny stub file is emitted for each Action entrypoint. Each stub imports the shared bundle
- * and calls the respective entry point.
+ * This plugin finds all source files that contain Action entry points. It then generates the
+ * virtual `entry-points` module which imports all identified files, and re-exports their
+ * `runWrapper` functions with suitable aliases.
+ *
+ * The virtual module additionally re-exports `upload-lib` under the `uploadLib` namespace so that
+ * external consumers can access it via the small `lib/upload-lib.js` stub emitted below.
+ * 
+ * A tiny stub file is emitted for each Action entrypoint, and one for `upload-lib`. Each stub
+ * imports the shared bundle and calls/re-exports from the respective entry point.
  *
  * @type {esbuild.Plugin}
  */
@@ -136,22 +146,29 @@ const entryPointsPlugin = {
         )
         .join("\n\n");
 
+      // Also re-export the `upload-lib` namespace so that external consumers can reach it
+      // via the `lib/upload-lib.js` stub without us having to bundle a second copy.
+      const uploadLibReExport = `export * as ${UPLOAD_LIB_EXPORT} from "${UPLOAD_LIB_SRC}";`;
+
       return {
-        contents: `"use strict";\n${imports}\n\n${wrappers}\n`,
+        contents: `"use strict";\n${imports}\n\n${uploadLibReExport}\n\n${wrappers}\n`,
         resolveDir: ".",
         loader: "ts",
       };
     });
 
     // Emit entry point stubs for each Action using the entry template.
-    build.onEnd(async (result) => {
-      // Read the entry point template.
-      const templatePath = "action-entry.js.tpl";
-      const template = await readFile(join(SRC_DIR, templatePath), "utf-8");
-
-      const makeHeader = (sourceFile) =>
+    build.onEnd(async () => {
+      const makeHeader = (templatePath, sourceFile) =>
         `// Automatically generated from '${templatePath}' for 'src/${basename(sourceFile)}'.\n\n`;
 
+      // Read the entry point template.
+      const actionTemplatePath = "action-entry.js.tpl";
+      const actionTemplate = await readFile(
+        join(SRC_DIR, actionTemplatePath),
+        "utf-8",
+      );
+
       // Write entry point stubs for each Action.
       for (const action of actions) {
         await writeFile(
@@ -159,25 +176,38 @@ const entryPointsPlugin = {
             OUT_DIR,
             `${action.name}${action.isPost ? "-post" : ""}-entry.js`,
           ),
-          makeHeader(action.path) +
-            template.replaceAll("__ACTION__", action.pascalCaseName),
+          makeHeader(actionTemplatePath, action.path) +
+            actionTemplate.replaceAll("__ACTION__", action.pascalCaseName),
         );
       }
+
+      // Write a small stub for `upload-lib` that re-exports it from the shared bundle.
+      // External callers (e.g. internal testing environments) `require("./lib/upload-lib")`
+      // and expect the same shape as before, so we expose the namespace as `module.exports`.
+      const uploadLibStubTemplatePath = "upload-lib-stub.js.tpl";
+      const uploadLibStubTemplate = await readFile(
+        join(SRC_DIR, uploadLibStubTemplatePath),
+        "utf-8",
+      );
+      await writeFile(
+        join(OUT_DIR, "upload-lib.js"),
+        makeHeader(uploadLibStubTemplatePath, `${UPLOAD_LIB_SRC}.ts`) +
+          uploadLibStubTemplate.replaceAll(
+            "__UPLOAD_LIB_EXPORT__",
+            UPLOAD_LIB_EXPORT,
+          ),
+      );
     });
   },
 };
 
 const context = await esbuild.context({
-  // Include upload-lib.ts as an entry point for use in testing environments.
-  entryPoints: [
-    { in: SHARED_ENTRYPOINT, out: SHARED_ENTRYPOINT },
-    join(SRC_DIR, "upload-lib.ts"),
-  ],
+  entryPoints: [{ in: SHARED_ENTRYPOINT, out: SHARED_ENTRYPOINT }],
   bundle: true,
   format: "cjs",
   outdir: OUT_DIR,
   platform: "node",
-  external: ["./entry-points", "./upload-lib"],
+  external: ["./entry-points"],
   plugins: [cleanPlugin, copyDefaultsPlugin, entryPointsPlugin, onEndPlugin],
   target: ["node20"],
   define: {

package-lock.json

@@ -36,7 +36,7 @@
         "uuid": "^14.0.0"
       },
       "devDependencies": {
-        "@ava/typescript": "7.0.0",
+        "@ava/typescript": "6.0.0",
         "@eslint/compat": "^2.0.5",
         "@microsoft/eslint-formatter-sarif": "^3.1.0",
         "@octokit/types": "^16.0.0",
@@ -48,7 +48,7 @@
         "@types/sarif": "^2.1.7",
         "@types/semver": "^7.7.1",
         "@types/sinon": "^21.0.1",
-        "ava": "^7.0.0",
+        "ava": "^6.4.1",
         "esbuild": "^0.28.0",
         "eslint": "^9.39.4",
         "eslint-import-resolver-typescript": "^4.4.4",
@@ -450,17 +450,17 @@
       }
     },
     "node_modules/@ava/typescript": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/@ava/typescript/-/typescript-7.0.0.tgz",
-      "integrity": "sha512-0ktzq4/9ya2QoAuVWzl3McpLV9W//Tj+oMonQ4ucgm5l6tQ46aaju/rJL9kzeY5MkG6wzXvFt/MmaLqf9uNC9w==",
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/@ava/typescript/-/typescript-6.0.0.tgz",
+      "integrity": "sha512-+8oDYc4J5cCaWZh1VUbyc+cegGplJO9FqHpqR4LVAVx8fRLVRaYlC4yyA6cqHJ1vWP23Ff/ECS5U68Zz6OLZlg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "escape-string-regexp": "^5.0.0",
-        "execa": "^9.6.1"
+        "execa": "^9.6.0"
       },
       "engines": {
-        "node": "^22.20 || ^24.12 || >=25"
+        "node": "^20.8 || ^22 || >=24"
       }
     },
     "node_modules/@ava/typescript/node_modules/escape-string-regexp": {
@@ -3172,9 +3172,9 @@
       ]
     },
     "node_modules/@vercel/nft": {
-      "version": "1.3.2",
-      "resolved": "https://registry.npmjs.org/@vercel/nft/-/nft-1.3.2.tgz",
-      "integrity": "sha512-HC8venRc4Ya7vNeBsJneKHHMDDWpQie7VaKhAIOst3MKO+DES+Y/SbzSp8mFkD7OzwAE2HhHkeSuSmwS20mz3A==",
+      "version": "0.29.4",
+      "resolved": "https://registry.npmjs.org/@vercel/nft/-/nft-0.29.4.tgz",
+      "integrity": "sha512-6lLqMNX3TuycBPABycx7A9F1bHQR7kiQln6abjFbPrf5C/05qHM9M5E4PeTE59c7z8g6vHnx1Ioihb2AQl7BTA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -3185,7 +3185,7 @@
         "async-sema": "^3.1.1",
         "bindings": "^1.4.0",
         "estree-walker": "2.0.2",
-        "glob": "^13.0.0",
+        "glob": "^10.4.5",
         "graceful-fs": "^4.2.9",
         "node-gyp-build": "^4.2.2",
         "picomatch": "^4.0.2",
@@ -3195,7 +3195,7 @@
         "nft": "out/cli.js"
       },
       "engines": {
-        "node": ">=20"
+        "node": ">=18"
       }
     },
     "node_modules/abbrev": {
@@ -3561,57 +3561,58 @@
       "license": "MIT"
     },
     "node_modules/ava": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/ava/-/ava-7.0.0.tgz",
-      "integrity": "sha512-4sRJO/gehlfAgSbuH02mClDDiyymnuFmirE3KqPXl2pic1FaFTZaAACKqr85WT4o08iLjViMR9gmMkxzbZ3AgA==",
+      "version": "6.4.1",
+      "resolved": "https://registry.npmjs.org/ava/-/ava-6.4.1.tgz",
+      "integrity": "sha512-vxmPbi1gZx9zhAjHBgw81w/iEDKcrokeRk/fqDTyA2DQygZ0o+dUGRHFOtX8RA5N0heGJTTsIk7+xYxitDb61Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@vercel/nft": "^1.3.2",
-        "acorn": "^8.16.0",
-        "acorn-walk": "^8.3.5",
-        "ansi-styles": "^6.2.3",
+        "@vercel/nft": "^0.29.4",
+        "acorn": "^8.15.0",
+        "acorn-walk": "^8.3.4",
+        "ansi-styles": "^6.2.1",
         "arrgv": "^1.0.2",
         "arrify": "^3.0.0",
         "callsites": "^4.2.0",
-        "cbor": "^10.0.11",
-        "chalk": "^5.6.2",
+        "cbor": "^10.0.9",
+        "chalk": "^5.4.1",
         "chunkd": "^2.0.1",
-        "ci-info": "^4.4.0",
+        "ci-info": "^4.3.0",
         "ci-parallel-vars": "^1.0.1",
-        "cli-truncate": "^5.1.1",
+        "cli-truncate": "^4.0.0",
         "code-excerpt": "^4.0.0",
         "common-path-prefix": "^3.0.0",
         "concordance": "^5.0.4",
         "currently-unhandled": "^0.4.1",
-        "debug": "^4.4.3",
+        "debug": "^4.4.1",
         "emittery": "^1.2.0",
         "figures": "^6.1.0",
-        "globby": "^16.1.1",
+        "globby": "^14.1.0",
         "ignore-by-default": "^2.1.0",
         "indent-string": "^5.0.0",
         "is-plain-object": "^5.0.0",
         "is-promise": "^4.0.0",
-        "matcher": "^6.0.0",
-        "memoize": "^10.2.0",
+        "matcher": "^5.0.0",
+        "memoize": "^10.1.0",
         "ms": "^2.1.3",
-        "p-map": "^7.0.4",
+        "p-map": "^7.0.3",
         "package-config": "^5.0.0",
-        "picomatch": "^4.0.3",
-        "plur": "^6.0.0",
-        "pretty-ms": "^9.3.0",
+        "picomatch": "^4.0.2",
+        "plur": "^5.1.0",
+        "pretty-ms": "^9.2.0",
         "resolve-cwd": "^3.0.0",
         "stack-utils": "^2.0.6",
+        "strip-ansi": "^7.1.0",
         "supertap": "^3.0.1",
         "temp-dir": "^3.0.0",
-        "write-file-atomic": "^7.0.0",
-        "yargs": "^18.0.0"
+        "write-file-atomic": "^6.0.0",
+        "yargs": "^17.7.2"
       },
       "bin": {
         "ava": "entrypoints/cli.mjs"
       },
       "engines": {
-        "node": "^20.19 || ^22.20 || ^24.12 || >=25"
+        "node": "^18.18 || ^20.8 || ^22 || ^23 || >=24"
       },
       "peerDependencies": {
         "@ava/typescript": "*"
@@ -3622,6 +3623,19 @@
         }
       }
     },
+    "node_modules/ava/node_modules/ansi-regex": {
+      "version": "6.2.2",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz",
+      "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
+      }
+    },
     "node_modules/ava/node_modules/callsites": {
       "version": "4.2.0",
       "resolved": "https://registry.npmjs.org/callsites/-/callsites-4.2.0.tgz",
@@ -3652,6 +3666,22 @@
         }
       }
     },
+    "node_modules/ava/node_modules/strip-ansi": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz",
+      "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^6.2.2"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+      }
+    },
     "node_modules/available-typed-arrays": {
       "version": "1.0.7",
       "resolved": "https://registry.npmjs.org/available-typed-arrays/-/available-typed-arrays-1.0.7.tgz",
@@ -3765,9 +3795,9 @@
       "license": "MIT"
     },
     "node_modules/brace-expansion": {
-      "version": "1.1.13",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.13.tgz",
-      "integrity": "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w==",
+      "version": "1.1.14",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.14.tgz",
+      "integrity": "sha512-MWPGfDxnyzKU7rNOW9SP/c50vi3xrmrua/+6hfPbCS2ABNWfx24vPidzvC7krjU/RTo235sV776ymlsMtGKj8g==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^1.0.0",
@@ -4016,17 +4046,17 @@
       "dev": true
     },
     "node_modules/cli-truncate": {
-      "version": "5.2.0",
-      "resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-5.2.0.tgz",
-      "integrity": "sha512-xRwvIOMGrfOAnM1JYtqQImuaNtDEv9v6oIYAs4LIHwTiKee8uwvIi363igssOC0O5U04i4AlENs79LQLu9tEMw==",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/cli-truncate/-/cli-truncate-4.0.0.tgz",
+      "integrity": "sha512-nPdaFdQ0h/GEigbPClz11D0v/ZJEwxmeVZGeMo3Z5StPtUTkA9o1lD6QwoirYiSDzbcwn2XcjwmCp68W1IS4TA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "slice-ansi": "^8.0.0",
-        "string-width": "^8.2.0"
+        "slice-ansi": "^5.0.0",
+        "string-width": "^7.0.0"
       },
       "engines": {
-        "node": ">=20"
+        "node": ">=18"
       },
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
@@ -4045,18 +4075,26 @@
         "url": "https://github.com/chalk/ansi-regex?sponsor=1"
       }
     },
+    "node_modules/cli-truncate/node_modules/emoji-regex": {
+      "version": "10.6.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz",
+      "integrity": "sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/cli-truncate/node_modules/string-width": {
-      "version": "8.2.0",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-8.2.0.tgz",
-      "integrity": "sha512-6hJPQ8N0V0P3SNmP6h2J99RLuzrWz2gvT7VnK5tKvrNqJoyS9W4/Fb8mo31UiPvy00z7DQXkP2hnKBVav76thw==",
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz",
+      "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "get-east-asian-width": "^1.5.0",
-        "strip-ansi": "^7.1.2"
+        "emoji-regex": "^10.3.0",
+        "get-east-asian-width": "^1.0.0",
+        "strip-ansi": "^7.1.0"
       },
       "engines": {
-        "node": ">=20"
+        "node": ">=18"
       },
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
@@ -4079,72 +4117,18 @@
       }
     },
     "node_modules/cliui": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/cliui/-/cliui-9.0.1.tgz",
-      "integrity": "sha512-k7ndgKhwoQveBL+/1tqGJYNz097I7WOvwbmmU2AR5+magtbjPWQTS1C5vzGkBC8Ym8UWRzfKUzUUqFLypY4Q+w==",
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/cliui/-/cliui-8.0.1.tgz",
+      "integrity": "sha512-BSeNnyus75C4//NQ9gQt1/csTXyo/8Sb+afLAkzAptFuMsod9HFokGNudZpi/oQV73hnVK+sR+5PVRMd+Dr7YQ==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
-        "string-width": "^7.2.0",
-        "strip-ansi": "^7.1.0",
-        "wrap-ansi": "^9.0.0"
-      },
-      "engines": {
-        "node": ">=20"
-      }
-    },
-    "node_modules/cliui/node_modules/ansi-regex": {
-      "version": "6.2.2",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz",
-      "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
-      }
-    },
-    "node_modules/cliui/node_modules/emoji-regex": {
-      "version": "10.6.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz",
-      "integrity": "sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==",
-      "dev": true,
-      "license": "MIT"
-    },
-    "node_modules/cliui/node_modules/string-width": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz",
-      "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "emoji-regex": "^10.3.0",
-        "get-east-asian-width": "^1.0.0",
-        "strip-ansi": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=18"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/cliui/node_modules/strip-ansi": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz",
-      "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "ansi-regex": "^6.2.2"
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.1",
+        "wrap-ansi": "^7.0.0"
       },
       "engines": {
         "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
       }
     },
     "node_modules/code-excerpt": {
@@ -5138,9 +5122,9 @@
       }
     },
     "node_modules/eslint-plugin-import-x/node_modules/brace-expansion": {
-      "version": "5.0.5",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
-      "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5939,9 +5923,9 @@
       }
     },
     "node_modules/get-east-asian-width": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.5.0.tgz",
-      "integrity": "sha512-CQ+bEO+Tva/qlmw24dCejulK5pMzVnUOFOijVogd3KQs07HnRIgp8TGipvCCRT06xeYEbpbgwaCxglFyiuIcmA==",
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/get-east-asian-width/-/get-east-asian-width-1.6.0.tgz",
+      "integrity": "sha512-QRbvDIbx6YklUe6RxeTeleMR0yv3cYH6PsPZHcnVn7xv7zO1BHN8r0XETu8n6Ye3Q+ahtSarc3WgtNWmehIBfA==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -6094,9 +6078,9 @@
       }
     },
     "node_modules/glob/node_modules/brace-expansion": {
-      "version": "5.0.5",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.5.tgz",
-      "integrity": "sha512-VZznLgtwhn+Mact9tfiwx64fA9erHH/MCXEUfB/0bX/6Fz6ny5EGTXYltMocqg4xFAQZtnO3DHWWXi8RiuN7cQ==",
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
       "license": "MIT",
       "dependencies": {
         "balanced-match": "^4.0.2"
@@ -6151,21 +6135,34 @@
       }
     },
     "node_modules/globby": {
-      "version": "16.1.1",
-      "resolved": "https://registry.npmjs.org/globby/-/globby-16.1.1.tgz",
-      "integrity": "sha512-dW7vl+yiAJSp6aCekaVnVJxurRv7DCOLyXqEG3RYMYUg7AuJ2jCqPkZTA8ooqC2vtnkaMcV5WfFBMuEnTu1OQg==",
+      "version": "14.1.0",
+      "resolved": "https://registry.npmjs.org/globby/-/globby-14.1.0.tgz",
+      "integrity": "sha512-0Ia46fDOaT7k4og1PDW4YbodWWr3scS2vAr2lTbsplOt2WkKp0vQbkI9wKis/T5LV/dqPjO3bpS/z6GTJB82LA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@sindresorhus/merge-streams": "^4.0.0",
+        "@sindresorhus/merge-streams": "^2.1.0",
         "fast-glob": "^3.3.3",
-        "ignore": "^7.0.5",
-        "is-path-inside": "^4.0.0",
+        "ignore": "^7.0.3",
+        "path-type": "^6.0.0",
         "slash": "^5.1.0",
-        "unicorn-magic": "^0.4.0"
+        "unicorn-magic": "^0.3.0"
       },
       "engines": {
-        "node": ">=20"
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/globby/node_modules/@sindresorhus/merge-streams": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/@sindresorhus/merge-streams/-/merge-streams-2.3.0.tgz",
+      "integrity": "sha512-LtoMMhxAlorcGhmFYI+LhPgbPZCkgP6ra1YL604EeF6U98pLlQ3iWIGMdWSC+vWmPBWBNgmDBAhnAobLROJmwg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
       },
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
@@ -6181,32 +6178,6 @@
         "node": ">= 4"
       }
     },
-    "node_modules/globby/node_modules/is-path-inside": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-4.0.0.tgz",
-      "integrity": "sha512-lJJV/5dYS+RcL8uQdBDW9c9uWFLLBNRyFhnAKXw5tVqLlKZ4RMGZKv+YQ/IA3OhD+RpbJa1LLFM1FQPGyIXvOA==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/globby/node_modules/unicorn-magic": {
-      "version": "0.4.0",
-      "resolved": "https://registry.npmjs.org/unicorn-magic/-/unicorn-magic-0.4.0.tgz",
-      "integrity": "sha512-wH590V9VNgYH9g3lH9wWjTrUoKsjLF6sGLjhR4sH1LWpLmCOH0Zf7PukhDA8BiS7KHe4oPNkcTHqYkj7SOGUOw==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=20"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/gopd": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
@@ -6471,16 +6442,13 @@
       }
     },
     "node_modules/irregular-plurals": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/irregular-plurals/-/irregular-plurals-4.2.0.tgz",
-      "integrity": "sha512-bW9UXHL7bnUcNtTo+9ccSngbxc+V40H32IgvdVin0Xs8gbo+AVYD5g/72ce/54Kjfhq66vcZr8H8TKEvsifeOw==",
+      "version": "3.5.0",
+      "resolved": "https://registry.npmjs.org/irregular-plurals/-/irregular-plurals-3.5.0.tgz",
+      "integrity": "sha512-1ANGLZ+Nkv1ptFb2pa8oG8Lem4krflKuX/gINiHJHjJUKaJHk/SXk5x6K3J+39/p0h1RQ2saROclJJ+QLvETCQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
-        "node": ">=18.20"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
+        "node": ">=8"
       }
     },
     "node_modules/is-array-buffer": {
@@ -7251,16 +7219,16 @@
       }
     },
     "node_modules/matcher": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/matcher/-/matcher-6.0.0.tgz",
-      "integrity": "sha512-TzDerdcNtI79w7Av4GT57bLdElPA/VAkjqdMZv8yhuc8geU2z0ljW9anXbX/55aHEMTpYypZb1lxsA/46r9oOQ==",
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/matcher/-/matcher-5.0.0.tgz",
+      "integrity": "sha512-s2EMBOWtXFc8dgqvoAzKJXxNHibcdJMV0gwqKUaw9E2JBJuGUK7DrNKrA6g/i+v72TT16+6sVm5mS3thaMLQUw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "escape-string-regexp": "^5.0.0"
       },
       "engines": {
-        "node": ">=20"
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
       },
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
@@ -7881,6 +7849,19 @@
         "url": "https://github.com/sponsors/isaacs"
       }
     },
+    "node_modules/path-type": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/path-type/-/path-type-6.0.0.tgz",
+      "integrity": "sha512-Vj7sf++t5pBD637NSfkxpHSMfWaeig5+DKWLhcqIYx6mWQz5hdJTGDVMQiJcw1ZYkhs7AazKDGpRVji1LJCZUQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/picocolors": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
@@ -7902,16 +7883,16 @@
       }
     },
     "node_modules/plur": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/plur/-/plur-6.0.0.tgz",
-      "integrity": "sha512-Y9wXQivjRX0REtwpA9+n0bYYypWESn3cWtW2vazymw711qn+AQXxzZjRqhANYGBLIMC1UzVdpwe/1hHQwHfwng==",
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/plur/-/plur-5.1.0.tgz",
+      "integrity": "sha512-VP/72JeXqak2KiOzjgKtQen5y3IZHn+9GOuLDafPv0eXa47xq0At93XahYBs26MsifCQ4enGKwbjBTKgb9QJXg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "irregular-plurals": "^4.2.0"
+        "irregular-plurals": "^3.3.0"
       },
       "engines": {
-        "node": ">=20"
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
       },
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
@@ -8128,6 +8109,16 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/require-directory": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
+      "integrity": "sha512-fGxEI7+wsG9xrvdjsrlmL22OMTTiHRwAMroiEeMgq8gzoLC/PQr7RsRDSTLUg/bZAZtF+TVIkHc6/4RIKrui+Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/requireindex": {
       "version": "1.1.0",
       "dev": true,
@@ -8541,33 +8532,30 @@
       }
     },
     "node_modules/slice-ansi": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-8.0.0.tgz",
-      "integrity": "sha512-stxByr12oeeOyY2BlviTNQlYV5xOj47GirPr4yA1hE9JCtxfQN0+tVbkxwCtYDQWhEKWFHsEK48ORg5jrouCAg==",
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-5.0.0.tgz",
+      "integrity": "sha512-FC+lgizVPfie0kkhqUScwRu1O/lF6NOgJmlCgK+/LYxDCTk8sGelYaHDhFcDN+Sn3Cv+3VSa4Byeo+IMCzpMgQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "ansi-styles": "^6.2.3",
-        "is-fullwidth-code-point": "^5.1.0"
+        "ansi-styles": "^6.0.0",
+        "is-fullwidth-code-point": "^4.0.0"
       },
       "engines": {
-        "node": ">=20"
+        "node": ">=12"
       },
       "funding": {
         "url": "https://github.com/chalk/slice-ansi?sponsor=1"
       }
     },
     "node_modules/slice-ansi/node_modules/is-fullwidth-code-point": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-5.1.0.tgz",
-      "integrity": "sha512-5XHYaSyiqADb4RnZ1Bdad6cPp8Toise4TzEjcOYDHZkTCbKgiUl7WTUCpNWHuxmDt91wnsZBc9xinNzopv3JMQ==",
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-4.0.0.tgz",
+      "integrity": "sha512-O4L094N2/dZ7xqVdrXhh9r1KODPJpFms8B5sGdJLPy664AgvXsreZUyCQQNItZRDlYug4xStLjNp/sz3HvBowQ==",
       "dev": true,
       "license": "MIT",
-      "dependencies": {
-        "get-east-asian-width": "^1.3.1"
-      },
       "engines": {
-        "node": ">=18"
+        "node": ">=12"
       },
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
@@ -8962,9 +8950,9 @@
       }
     },
     "node_modules/tar": {
-      "version": "7.5.11",
-      "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.11.tgz",
-      "integrity": "sha512-ChjMH33/KetonMTAtpYdgUFr0tbz69Fp2v7zWxQfYZX4g5ZN2nOBXm1R2xyA+lMIKrLKIoKAwFj93jE/avX9cQ==",
+      "version": "7.5.15",
+      "resolved": "https://registry.npmjs.org/tar/-/tar-7.5.15.tgz",
+      "integrity": "sha512-dzGK0boVlC4W5QFuQN1EFSl3bIDYsk7Tj40U6eIBnK2k/8ml7TZ5agbI5j5+qnoVcAA+rNtBml8SEiLxZpNqRQ==",
       "dev": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
@@ -10104,18 +10092,18 @@
       }
     },
     "node_modules/wrap-ansi": {
-      "version": "9.0.2",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-9.0.2.tgz",
-      "integrity": "sha512-42AtmgqjV+X1VpdOfyTGOYRi0/zsoLqtXQckTmqTeybT+BDIbM/Guxo7x3pE2vtpr1ok6xRqM9OpBe+Jyoqyww==",
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "ansi-styles": "^6.2.1",
-        "string-width": "^7.0.0",
-        "strip-ansi": "^7.1.0"
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
       },
       "engines": {
-        "node": ">=18"
+        "node": ">=10"
       },
       "funding": {
         "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
@@ -10154,58 +10142,20 @@
         "url": "https://github.com/chalk/ansi-styles?sponsor=1"
       }
     },
-    "node_modules/wrap-ansi/node_modules/ansi-regex": {
-      "version": "6.2.2",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz",
-      "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
-      }
-    },
-    "node_modules/wrap-ansi/node_modules/emoji-regex": {
-      "version": "10.6.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz",
-      "integrity": "sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==",
-      "dev": true,
-      "license": "MIT"
-    },
-    "node_modules/wrap-ansi/node_modules/string-width": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz",
-      "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==",
+    "node_modules/wrap-ansi/node_modules/ansi-styles": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "emoji-regex": "^10.3.0",
-        "get-east-asian-width": "^1.0.0",
-        "strip-ansi": "^7.1.0"
+        "color-convert": "^2.0.1"
       },
       "engines": {
-        "node": ">=18"
+        "node": ">=8"
       },
       "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/wrap-ansi/node_modules/strip-ansi": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz",
-      "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "ansi-regex": "^6.2.2"
-      },
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
       }
     },
     "node_modules/wrappy": {
@@ -10213,16 +10163,17 @@
       "license": "ISC"
     },
     "node_modules/write-file-atomic": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-7.0.1.tgz",
-      "integrity": "sha512-OTIk8iR8/aCRWBqvxrzxR0hgxWpnYBblY1S5hDWBQfk/VFmJwzmJgQFN3WsoUKHISv2eAwe+PpbUzyL1CKTLXg==",
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-6.0.0.tgz",
+      "integrity": "sha512-GmqrO8WJ1NuzJ2DrziEI2o57jKAVIQNf8a18W3nCYU3H7PNWqCCVTeH6/NQE93CIllIgQS98rrmVkYgTX9fFJQ==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
+        "imurmurhash": "^0.1.4",
         "signal-exit": "^4.0.1"
       },
       "engines": {
-        "node": "^20.17.0 || >=22.9.0"
+        "node": "^18.17.0 || >=20.5.0"
       }
     },
     "node_modules/xml-naming": {
@@ -10276,85 +10227,32 @@
       }
     },
     "node_modules/yargs": {
-      "version": "18.0.0",
-      "resolved": "https://registry.npmjs.org/yargs/-/yargs-18.0.0.tgz",
-      "integrity": "sha512-4UEqdc2RYGHZc7Doyqkrqiln3p9X2DZVxaGbwhn2pi7MrRagKaOcIKe8L3OxYcbhXLgLFUS3zAYuQjKBQgmuNg==",
+      "version": "17.7.2",
+      "resolved": "https://registry.npmjs.org/yargs/-/yargs-17.7.2.tgz",
+      "integrity": "sha512-7dSzzRQ++CKnNI/krKnYRV7JKKPUXMEh61soaHKg9mrWEhzFWhFnxPxGl+69cD1Ou63C13NUPCnmIcrvqCuM6w==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "cliui": "^9.0.1",
+        "cliui": "^8.0.1",
         "escalade": "^3.1.1",
         "get-caller-file": "^2.0.5",
-        "string-width": "^7.2.0",
+        "require-directory": "^2.1.1",
+        "string-width": "^4.2.3",
         "y18n": "^5.0.5",
-        "yargs-parser": "^22.0.0"
+        "yargs-parser": "^21.1.1"
       },
       "engines": {
-        "node": "^20.19.0 || ^22.12.0 || >=23"
+        "node": ">=12"
       }
     },
     "node_modules/yargs-parser": {
-      "version": "22.0.0",
-      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-22.0.0.tgz",
-      "integrity": "sha512-rwu/ClNdSMpkSrUb+d6BRsSkLUq1fmfsY6TOpYzTwvwkg1/NRG85KBy3kq++A8LKQwX6lsu+aWad+2khvuXrqw==",
+      "version": "21.1.1",
+      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-21.1.1.tgz",
+      "integrity": "sha512-tVpsJW7DdjecAiFpbIB1e3qxIQsE6NoPc5/eTdrbbIC4h0LVsWhnoa3g+m2HclBIujHzsxZ4VJVA+GUuc2/LBw==",
       "dev": true,
       "license": "ISC",
-      "engines": {
-        "node": "^20.19.0 || ^22.12.0 || >=23"
-      }
-    },
-    "node_modules/yargs/node_modules/ansi-regex": {
-      "version": "6.2.2",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz",
-      "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==",
-      "dev": true,
-      "license": "MIT",
       "engines": {
         "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
-      }
-    },
-    "node_modules/yargs/node_modules/emoji-regex": {
-      "version": "10.6.0",
-      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-10.6.0.tgz",
-      "integrity": "sha512-toUI84YS5YmxW219erniWD0CIVOo46xGKColeNQRgOzDorgBi1v4D71/OFzgD9GO2UGKIv1C3Sp8DAn0+j5w7A==",
-      "dev": true,
-      "license": "MIT"
-    },
-    "node_modules/yargs/node_modules/string-width": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-7.2.0.tgz",
-      "integrity": "sha512-tsaTIkKW9b4N+AEj+SVA+WhJzV7/zMhcSu78mLKWSk7cXMOSHsBKFWUs0fWwq8QyK3MgJBQRX6Gbi4kYbdvGkQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "emoji-regex": "^10.3.0",
-        "get-east-asian-width": "^1.0.0",
-        "strip-ansi": "^7.1.0"
-      },
-      "engines": {
-        "node": ">=18"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
-    "node_modules/yargs/node_modules/strip-ansi": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz",
-      "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "ansi-regex": "^6.2.2"
-      },
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
       }
     },
     "node_modules/yocto-queue": {

package.json

@@ -44,7 +44,7 @@
     "uuid": "^14.0.0"
   },
   "devDependencies": {
-    "@ava/typescript": "7.0.0",
+    "@ava/typescript": "6.0.0",
     "@eslint/compat": "^2.0.5",
     "@microsoft/eslint-formatter-sarif": "^3.1.0",
     "@octokit/types": "^16.0.0",
@@ -56,7 +56,7 @@
     "@types/sarif": "^2.1.7",
     "@types/semver": "^7.7.1",
     "@types/sinon": "^21.0.1",
-    "ava": "^7.0.0",
+    "ava": "^6.4.1",
     "esbuild": "^0.28.0",
     "eslint": "^9.39.4",
     "eslint-import-resolver-typescript": "^4.4.4",

src/analyses.test.ts

@@ -16,7 +16,12 @@ import {
 } from "./analyses";
 import { EnvVar } from "./environment";
 import { getRunnerLogger } from "./logging";
-import { createFeatures, RecordingLogger, setupTests } from "./testing-utils";
+import {
+  createFeatures,
+  RecordingLogger,
+  setupBaseActionsVars,
+  setupTests,
+} from "./testing-utils";
 import { AssessmentPayload } from "./upload-lib/types";
 import { ConfigurationError } from "./util";
 
@@ -72,6 +77,7 @@ test.serial(
 test.serial(
   "getAnalysisKinds - only use `code-scanning` for multiple analysis kinds outside of test mode",
   async (t) => {
+    setupBaseActionsVars();
     process.env[EnvVar.TEST_MODE] = "false";
     const features = createFeatures([]);
     const logger = new RecordingLogger();
@@ -89,6 +95,40 @@ test.serial(
   },
 );
 
+test.serial(
+  "getAnalysisKinds - logs error for non-default `analysis-kinds` in custom workflow",
+  async (t) => {
+    setupBaseActionsVars({ GITHUB_EVENT_NAME: "push" });
+    process.env[EnvVar.TEST_MODE] = "false";
+    const features = createFeatures([]);
+    const logger = new RecordingLogger();
+    const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
+    requiredInputStub.withArgs("analysis-kinds").returns("code-quality");
+    const result = await getAnalysisKinds(logger, features, true);
+    t.deepEqual(result, [AnalysisKind.CodeQuality]);
+    t.assert(
+      logger.hasMessage(
+        "An analysis kind other than `code-scanning` was specified in a custom workflow.",
+      ),
+    );
+  },
+);
+
+test.serial(
+  "getAnalysisKinds - no error for non-default `analysis-kinds` in managed workflow",
+  async (t) => {
+    setupBaseActionsVars({ GITHUB_EVENT_NAME: "dynamic" });
+    process.env[EnvVar.TEST_MODE] = "false";
+    const features = createFeatures([]);
+    const logger = new RecordingLogger();
+    const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
+    requiredInputStub.withArgs("analysis-kinds").returns("code-quality");
+    const result = await getAnalysisKinds(logger, features, true);
+    t.deepEqual(result, [AnalysisKind.CodeQuality]);
+    t.deepEqual(logger.messages, []);
+  },
+);
+
 test.serial(
   "getAnalysisKinds - includes `code-quality` when deprecated `quality-queries` input is used",
   async (t) => {
@@ -133,6 +173,7 @@ for (let i = 0; i < analysisKinds.length; i++) {
       test.serial(
         `getAnalysisKinds - allows ${analysisKind} with ${otherAnalysis}`,
         async (t) => {
+          setupBaseActionsVars();
           process.env[EnvVar.TEST_MODE] = "true";
           const features = createFeatures([]);
           const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
@@ -151,6 +192,7 @@ for (let i = 0; i < analysisKinds.length; i++) {
       test.serial(
         `getAnalysisKinds - throws if ${analysisKind} is enabled with ${otherAnalysis}`,
         async (t) => {
+          setupBaseActionsVars();
           const features = createFeatures([]);
           const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
           requiredInputStub

src/analyses.ts

@@ -2,6 +2,7 @@ import {
   fixCodeQualityCategory,
   getOptionalInput,
   getRequiredInput,
+  isDynamicWorkflow,
 } from "./actions-util";
 import { EnvVar } from "./environment";
 import { Feature, FeatureEnablement } from "./feature-flags";
@@ -65,6 +66,21 @@ export async function parseAnalysisKinds(
 // Used to avoid re-parsing the input after we have done it once.
 let cachedAnalysisKinds: AnalysisKind[] | undefined;
 
+/** Determines whether `code-scanning` is the only enabled analysis kind in `analysisKinds`. */
+function isOnlyCodeScanningEnabled(analysisKinds: AnalysisKind[]) {
+  return (
+    analysisKinds.length === 1 && analysisKinds[0] === AnalysisKind.CodeScanning
+  );
+}
+
+/** Prepends a generic message about the intended usage for `analysis-kinds` to `message`. */
+function makeAnalysisKindUsageError(message: string) {
+  return (
+    "The `analysis-kinds` input is experimental and for GitHub-internal use only. " +
+    `Its behaviour may change at any time or be removed entirely. ${message}`
+  );
+}
+
 /**
  * Initialises the analysis kinds for the analysis based on the `analysis-kinds` input.
  * This function will also use the deprecated `quality-queries` input as an indicator to enable `code-quality`.
@@ -89,6 +105,26 @@ export async function getAnalysisKinds(
     getRequiredInput("analysis-kinds"),
   );
 
+  // Log an error if we are outside of a GitHub-managed workflow and an analysis kind
+  // other than `code-scanning` is enabled.
+  if (
+    !isInTestMode() &&
+    !isDynamicWorkflow() &&
+    !isOnlyCodeScanningEnabled(analysisKinds)
+  ) {
+    const codeQualityHint = analysisKinds.includes(AnalysisKind.CodeQuality)
+      ? " If your intention is to use quality queries outside of Code Quality, " +
+        "use the `queries` input with `code-quality` instead."
+      : "";
+
+    logger.error(
+      makeAnalysisKindUsageError(
+        "An analysis kind other than `code-scanning` was specified in a custom workflow. " +
+          `This is not supported and will become a fatal error in a future version of the CodeQL Action.${codeQualityHint}`,
+      ),
+    );
+  }
+
   // Warn that `quality-queries` is deprecated if there is an argument for it.
   const qualityQueriesInput = getOptionalInput("quality-queries");
 
@@ -130,10 +166,10 @@ export async function getAnalysisKinds(
     !(await features.getValue(Feature.AllowMultipleAnalysisKinds))
   ) {
     logger.error(
-      "The `analysis-kinds` input is experimental and for GitHub-internal use only. " +
-        "Its behaviour may change at any time or be removed entirely. " +
+      makeAnalysisKindUsageError(
         "Specifying multiple values as input is no longer supported. " +
-        "Continuing with only `analysis-kinds: code-scanning`.",
+          "Continuing with only `analysis-kinds: code-scanning`.",
+      ),
     );
 
     // Only enable Code Scanning.

src/analyze-action-post.ts

@@ -38,7 +38,7 @@ export async function runWrapper() {
         logger,
       );
       if (config !== undefined) {
-        const codeql = await getCodeQL(config.codeQLCmd);
+        const codeql = await getCodeQL(config.codeQLCmd, config.codeQLMetadata);
         const version = await codeql.getVersion();
         await debugArtifacts.uploadCombinedSarifArtifacts(
           logger,

src/analyze-action.ts

@@ -256,7 +256,7 @@ async function run(startedAt: Date) {
       );
     }
 
-    const codeql = await getCodeQL(config.codeQLCmd);
+    const codeql = await getCodeQL(config.codeQLCmd, config.codeQLMetadata);
 
     if (hasBadExpectErrorInput()) {
       throw new util.ConfigurationError(

src/autobuild-action.ts

@@ -101,7 +101,7 @@ async function run(startedAt: Date) {
       );
     }
 
-    const codeql = await getCodeQL(config.codeQLCmd);
+    const codeql = await getCodeQL(config.codeQLCmd, config.codeQLMetadata);
 
     languages = await determineAutobuildLanguages(codeql, config, logger);
     if (languages !== undefined) {

src/autobuild.ts

@@ -155,7 +155,7 @@ export async function runAutobuild(
   logger: Logger,
 ) {
   logger.startGroup(`Attempting to automatically build ${language} code`);
-  const codeQL = await getCodeQL(config.codeQLCmd);
+  const codeQL = await getCodeQL(config.codeQLCmd, config.codeQLMetadata);
   if (language === BuiltInLanguage.cpp) {
     await setupCppAutobuild(codeQL, logger);
   }

src/codeql.test.ts

@@ -1,4 +1,5 @@
 import * as fs from "fs";
+import * as path from "path";
 
 import { ExecOptions } from "@actions/exec";
 import * as toolrunner from "@actions/exec/lib/toolrunner";
@@ -123,6 +124,166 @@ async function stubCodeql(): Promise<codeql.CodeQL> {
   return codeqlObject;
 }
 
+function stubSuccessfulToolRunner(
+  stdoutForArgs: (args: string[]) => string | undefined,
+): sinon.SinonStub<any[], toolrunner.ToolRunner> {
+  const runnerConstructorStub = sinon.stub(
+    toolrunner,
+    "ToolRunner",
+  ) as sinon.SinonStub<any[], toolrunner.ToolRunner>;
+
+  runnerConstructorStub.callsFake((_cmd, args, options: ExecOptions) => {
+    return {
+      exec: async () => {
+        const stdout = stdoutForArgs(args as string[]);
+        if (stdout !== undefined) {
+          options.listeners?.stdout?.(Buffer.from(stdout));
+        }
+        return 0;
+      },
+    } as toolrunner.ToolRunner;
+  });
+
+  return runnerConstructorStub;
+}
+
+test.serial("getVersion and printVersion share cached version", async (t) => {
+  const version = { version: "2.30.0" };
+  let versionCalls = 0;
+  stubSuccessfulToolRunner((args) => {
+    if (args.join(" ") === "version --format=json") {
+      versionCalls++;
+      return JSON.stringify(version);
+    }
+    return undefined;
+  });
+
+  const codeqlObject = await codeql.getCodeQLForTesting();
+
+  t.deepEqual(await codeqlObject.getVersion(), version);
+  await codeqlObject.printVersion();
+
+  t.is(versionCalls, 1);
+});
+
+test.serial(
+  "betterResolveLanguages caches only the unfiltered result",
+  async (t) => {
+    const unfilteredLanguages = {
+      aliases: { typescript: BuiltInLanguage.javascript },
+      extractors: {
+        html: [{ extractor_root: "/html" }],
+        javascript: [{ extractor_root: "/javascript" }],
+      },
+    };
+    const filteredLanguages = {
+      aliases: { typescript: BuiltInLanguage.javascript },
+      extractors: {
+        javascript: [{ extractor_root: "/javascript" }],
+      },
+    };
+
+    let unfilteredCalls = 0;
+    let filteredCalls = 0;
+    stubSuccessfulToolRunner((args) => {
+      if (args[0] === "resolve" && args[1] === "languages") {
+        if (args.includes("--filter-to-languages-with-queries")) {
+          filteredCalls++;
+          return JSON.stringify(filteredLanguages);
+        }
+        unfilteredCalls++;
+        return JSON.stringify(unfilteredLanguages);
+      }
+      return undefined;
+    });
+
+    const codeqlObject = await codeql.getCodeQLForTesting();
+
+    t.deepEqual(
+      await codeqlObject.betterResolveLanguages(),
+      unfilteredLanguages,
+    );
+    t.deepEqual(
+      await codeqlObject.betterResolveLanguages(),
+      unfilteredLanguages,
+    );
+    t.deepEqual(
+      await codeqlObject.betterResolveLanguages({
+        filterToLanguagesWithQueries: true,
+      }),
+      filteredLanguages,
+    );
+    t.deepEqual(
+      await codeqlObject.betterResolveLanguages({
+        filterToLanguagesWithQueries: true,
+      }),
+      filteredLanguages,
+    );
+
+    // The unfiltered result is cached after the first call; the filtered
+    // variant is not cached because nothing reuses it.
+    t.is(unfilteredCalls, 1);
+    t.is(filteredCalls, 2);
+  },
+);
+
+test.serial("resolveExtractor caches its result per language", async (t) => {
+  await util.withTmpDir(async (tempDir) => {
+    const extractorRoot = path.join(tempDir, "javascript");
+    fs.mkdirSync(path.join(extractorRoot, "tools"), { recursive: true });
+    fs.writeFileSync(
+      path.join(extractorRoot, "tools", "tracing-config.lua"),
+      "",
+    );
+
+    let resolveExtractorCalls = 0;
+    stubSuccessfulToolRunner((args) => {
+      if (args[0] === "resolve" && args[1] === "extractor") {
+        resolveExtractorCalls++;
+        return JSON.stringify(extractorRoot);
+      }
+      return undefined;
+    });
+
+    const codeqlObject = await codeql.getCodeQLForTesting();
+
+    t.is(
+      await codeqlObject.resolveExtractor(BuiltInLanguage.javascript),
+      extractorRoot,
+    );
+    t.is(
+      await codeqlObject.resolveExtractor(BuiltInLanguage.javascript),
+      extractorRoot,
+    );
+    t.true(await codeqlObject.isTracedLanguage(BuiltInLanguage.javascript));
+    t.is(resolveExtractorCalls, 1);
+  });
+});
+
+test.serial(
+  "hydrateCliMetadata seeds the cache from persisted metadata",
+  async (t) => {
+    let cliCalls = 0;
+    stubSuccessfulToolRunner((_args) => {
+      cliCalls++;
+      return "{}";
+    });
+
+    const codeqlObject = await codeql.getCodeQLForTesting();
+
+    codeqlObject.hydrateCliMetadata({
+      codeQLCmd: "codeql-for-testing",
+      extractorPaths: { javascript: "/javascript" },
+    });
+
+    t.is(
+      await codeqlObject.resolveExtractor(BuiltInLanguage.javascript),
+      "/javascript",
+    );
+    t.is(cliCalls, 0);
+  },
+);
+
 test.serial(
   "downloads and caches explicitly requested bundles that aren't in the toolcache",
   async (t) => {

src/codeql.ts

@@ -218,6 +218,10 @@ export interface CodeQL {
     outputFile: string,
     options: { mergeRunsFromEqualCategory?: boolean },
   ): Promise<void>;
+  /** Return cacheable metadata gathered from the CodeQL CLI. */
+  getCliMetadata(): CodeQLCliMetadata;
+  /** Hydrate the CodeQL wrapper with cacheable metadata gathered earlier in the job. */
+  hydrateCliMetadata(metadata: CodeQLCliMetadata | undefined): void;
 }
 
 export interface VersionInfo {
@@ -247,12 +251,10 @@ export interface BetterResolveLanguagesOutput {
     [alias: string]: string;
   };
   extractors: {
-    [language: string]: [
-      {
-        extractor_root: string;
-        extractor_options?: any;
-      },
-    ];
+    [language: string]: Array<{
+      extractor_root: string;
+      extractor_options?: any;
+    }>;
   };
 }
 
@@ -264,6 +266,11 @@ export interface ResolveBuildEnvironmentOutput {
   };
 }
 
+export interface CodeQLCliMetadata {
+  codeQLCmd: string;
+  extractorPaths?: { [language: string]: string };
+}
+
 /**
  * Stores the CodeQL object, and is populated by `setupCodeQL` or `getCodeQL`.
  */
@@ -392,9 +399,14 @@ export async function setupCodeQL(
 /**
  * Use the CodeQL executable located at the given path.
  */
-export async function getCodeQL(cmd: string): Promise<CodeQL> {
+export async function getCodeQL(
+  cmd: string,
+  cliMetadata?: CodeQLCliMetadata,
+): Promise<CodeQL> {
   if (cachedCodeQL === undefined) {
-    cachedCodeQL = await getCodeQLForCmd(cmd, true);
+    cachedCodeQL = await getCodeQLForCmd(cmd, true, cliMetadata);
+  } else {
+    cachedCodeQL.hydrateCliMetadata(cliMetadata);
   }
   return cachedCodeQL;
 }
@@ -492,6 +504,14 @@ export function createStubCodeQL(partialCodeql: Partial<CodeQL>): CodeQL {
     ),
     resolveDatabase: resolveFunction(partialCodeql, "resolveDatabase"),
     mergeResults: resolveFunction(partialCodeql, "mergeResults"),
+    getCliMetadata: resolveFunction(partialCodeql, "getCliMetadata", () => ({
+      codeQLCmd: partialCodeql.getPath?.() ?? "/tmp/dummy-path",
+    })),
+    hydrateCliMetadata: resolveFunction(
+      partialCodeql,
+      "hydrateCliMetadata",
+      () => {},
+    ),
   };
 }
 
@@ -506,6 +526,12 @@ export async function getCodeQLForTesting(
   return getCodeQLForCmd(cmd, false);
 }
 
+function cacheCodeQlVersionForStatusReports(versionInfo: VersionInfo): void {
+  if (util.getCachedCodeQlVersion() === undefined) {
+    util.cacheCodeQlVersion(versionInfo);
+  }
+}
+
 /**
  * Return a CodeQL object for CodeQL CLI access.
  *
@@ -517,13 +543,24 @@ export async function getCodeQLForTesting(
 async function getCodeQLForCmd(
   cmd: string,
   checkVersion: boolean,
+  initialCliMetadata?: CodeQLCliMetadata,
 ): Promise<CodeQL> {
+  // Metadata persisted across the init/autobuild/analyze steps. Only extractor
+  // paths are reused by a later step, so that's all this holds.
+  const cliMetadata: CodeQLCliMetadata = { codeQLCmd: cmd };
+  // In-process-only caches. These aren't persisted because no later step reuses
+  // them: the CLI version always matches across steps, and `resolve languages`
+  // is only re-read within a single step.
+  let cachedVersion: VersionInfo | undefined;
+  let cachedUnfilteredBetterResolveLanguages:
+    | BetterResolveLanguagesOutput
+    | undefined;
   const codeql: CodeQL = {
     getPath() {
       return cmd;
     },
     async getVersion() {
-      let result = util.getCachedCodeQlVersion();
+      let result = cachedVersion;
       if (result === undefined) {
         const output = await runCli(cmd, ["version", "--format=json"], {
           noStreamStdout: true,
@@ -535,12 +572,15 @@ async function getCodeQLForCmd(
             `Invalid JSON output from \`version --format=json\`: ${output}`,
           );
         }
-        util.cacheCodeQlVersion(result);
+        cachedVersion = result;
       }
+      cacheCodeQlVersionForStatusReports(result);
       return result;
     },
     async printVersion() {
-      await runCli(cmd, ["version", "--format=json"]);
+      const version = await this.getVersion();
+      process.stdout.write(`[command]${cmd} version --format=json\n`);
+      process.stdout.write(`${JSON.stringify(version)}\n`);
     },
     async supportsFeature(feature: ToolsFeature) {
       return isSupportedToolsFeature(await this.getVersion(), feature);
@@ -758,6 +798,13 @@ async function getCodeQLForCmd(
         filterToLanguagesWithQueries: boolean;
       } = { filterToLanguagesWithQueries: false },
     ) {
+      if (
+        !filterToLanguagesWithQueries &&
+        cachedUnfilteredBetterResolveLanguages
+      ) {
+        return cachedUnfilteredBetterResolveLanguages;
+      }
+
       const codeqlArgs = [
         "resolve",
         "languages",
@@ -772,7 +819,11 @@ async function getCodeQLForCmd(
       const output = await runCli(cmd, codeqlArgs);
 
       try {
-        return JSON.parse(output) as BetterResolveLanguagesOutput;
+        const result = JSON.parse(output) as BetterResolveLanguagesOutput;
+        if (!filterToLanguagesWithQueries) {
+          cachedUnfilteredBetterResolveLanguages = result;
+        }
+        return result;
       } catch (e) {
         throw new Error(
           `Unexpected output from codeql resolve languages with --format=betterjson: ${e}`,
@@ -968,6 +1019,11 @@ async function getCodeQLForCmd(
       await new toolrunner.ToolRunner(cmd, args).exec();
     },
     async resolveExtractor(language: Language): Promise<string> {
+      const cachedExtractorPath = cliMetadata.extractorPaths?.[language];
+      if (cachedExtractorPath !== undefined) {
+        return cachedExtractorPath;
+      }
+
       // Request it using `format=json` so we don't need to strip the trailing new line generated by
       // the CLI.
       let extractorPath = "";
@@ -993,7 +1049,10 @@ async function getCodeQLForCmd(
           },
         },
       ).exec();
-      return JSON.parse(extractorPath) as string;
+      const resolvedExtractorPath = JSON.parse(extractorPath) as string;
+      cliMetadata.extractorPaths ??= {};
+      cliMetadata.extractorPaths[language] = resolvedExtractorPath;
+      return resolvedExtractorPath;
     },
     async resolveQueriesStartingPacks(queries: string[]): Promise<string[]> {
       const codeqlArgs = [
@@ -1058,7 +1117,22 @@ async function getCodeQLForCmd(
 
       await runCli(cmd, args);
     },
+    getCliMetadata() {
+      return cliMetadata;
+    },
+    hydrateCliMetadata(metadata: CodeQLCliMetadata | undefined): void {
+      if (metadata?.codeQLCmd !== cliMetadata.codeQLCmd) {
+        return;
+      }
+
+      cliMetadata.extractorPaths = {
+        ...metadata.extractorPaths,
+        ...cliMetadata.extractorPaths,
+      };
+    },
   };
+  // Seed the cache with any metadata persisted by an earlier step.
+  codeql.hydrateCliMetadata(initialCliMetadata);
   // To ensure that status reports include the CodeQL CLI version wherever
   // possible, we want to call getVersion(), which populates the version value
   // used by status reporting, at the earliest opportunity. But invoking

src/config-utils.ts

@@ -19,7 +19,7 @@ import {
 } from "./analyses";
 import * as api from "./api-client";
 import { CachingKind, getCachingKind } from "./caching-utils";
-import { type CodeQL } from "./codeql";
+import { type CodeQL, type CodeQLCliMetadata } from "./codeql";
 import {
   calculateAugmentation,
   ExcludeQueryFilter,
@@ -177,6 +177,10 @@ export interface Config {
    * Path of the CodeQL executable.
    */
   codeQLCmd: string;
+  /**
+   * Cacheable metadata gathered from the CodeQL CLI while initializing the workflow.
+   */
+  codeQLMetadata?: CodeQLCliMetadata;
   /**
    * Version of GitHub we are talking to.
    */
@@ -561,6 +565,7 @@ export async function initActionState(
     computedConfig,
     tempDir,
     codeQLCmd: codeql.getPath(),
+    codeQLMetadata: codeql.getCliMetadata(),
     gitHubVersion: githubVersion,
     dbLocation: dbLocationOrDefault(dbLocation, tempDir),
     debugMode,

src/init-action-post-helper.ts

@@ -163,7 +163,7 @@ async function generateFailedSarif(
   sarifFile?: string,
 ) {
   const databasePath = config.dbLocation;
-  const codeql = await getCodeQL(config.codeQLCmd);
+  const codeql = await getCodeQL(config.codeQLCmd, config.codeQLMetadata);
 
   // Set the filename for the SARIF file if not already set.
   if (sarifFile === undefined) {

src/init-action-post.ts

@@ -75,7 +75,7 @@ async function run(startedAt: Date) {
         "Debugging artifacts are unavailable since the 'init' Action failed before it could produce any.",
       );
     } else {
-      const codeql = await getCodeQL(config.codeQLCmd);
+      const codeql = await getCodeQL(config.codeQLCmd, config.codeQLMetadata);
 
       uploadFailedSarifResult = await initActionPostHelper.uploadFailureInfo(
         debugArtifacts.tryUploadAllAvailableDebugArtifacts,

src/testing-utils.ts

@@ -188,17 +188,37 @@ export const DEFAULT_ACTIONS_VARS = {
   RUNNER_OS: "Linux",
 } as const satisfies Record<string, string>;
 
-// Sets environment variables that make using some libraries designed for
-// use only on actions safe to use outside of actions.
-export function setupActionsVars(
-  tempDir: string,
-  toolsDir: string,
-  overrides?: Partial<Record<keyof typeof DEFAULT_ACTIONS_VARS, string>>,
-) {
+/** Partial mappings from GitHub Actions environment variables to values. */
+export type ActionVarOverrides = Partial<
+  Record<keyof typeof DEFAULT_ACTIONS_VARS, string>
+>;
+
+/**
+ * Sets environment variables that are always available on GitHub Actions,
+ * excluding some that are expected to be set to paths. See `setupActionsVars`.
+ *
+ * @param overrides Overrides for the defaults.
+ */
+export function setupBaseActionsVars(overrides?: ActionVarOverrides) {
   const vars = { ...DEFAULT_ACTIONS_VARS, ...overrides };
   for (const [key, value] of Object.entries(vars)) {
     process.env[key] = value;
   }
+}
+
+/**
+ * Sets environment variables that are always available on GitHub Actions.
+ *
+ * @param tempDir A value for `RUNNER_TEMP` and `GITHUB_WORKSPACE`.
+ * @param toolsDir A value for `RUNNER_TOOL_CACHE`.
+ * @param overrides Overrides for the defaults.
+ */
+export function setupActionsVars(
+  tempDir: string,
+  toolsDir: string,
+  overrides?: ActionVarOverrides,
+) {
+  setupBaseActionsVars(overrides);
   process.env["RUNNER_TEMP"] = tempDir;
   process.env["RUNNER_TOOL_CACHE"] = toolsDir;
   process.env["GITHUB_WORKSPACE"] = tempDir;
@@ -540,7 +560,7 @@ export function mockBundleDownloadApi({
 }
 
 export function createTestConfig(overrides: Partial<Config>): Config {
-  return Object.assign(
+  const config = Object.assign(
     {},
     {
       version: getActionVersion(),
@@ -570,6 +590,8 @@ export function createTestConfig(overrides: Partial<Config>): Config {
     } satisfies Config,
     overrides,
   );
+  config.codeQLMetadata ??= { codeQLCmd: config.codeQLCmd };
+  return config;
 }
 
 export function makeTestToken(length: number = 36) {

src/upload-lib-stub.js.tpl

@@ -0,0 +1,3 @@
+"use strict";
+
+module.exports = require("./entry-points").__UPLOAD_LIB_EXPORT__;

src/upload-lib.ts

@@ -140,7 +140,7 @@ async function combineSarifFilesUsingCLI(
 
   const config = await getConfig(tempDir, logger);
   if (config !== undefined) {
-    codeQL = await getCodeQL(config.codeQLCmd);
+    codeQL = await getCodeQL(config.codeQLCmd, config.codeQLMetadata);
     tempDir = config.tempDir;
   } else {
     logger.info(