Merge pull request #1626 from github/henrymercer/diagnostics-ghes

Enable diagnostics functionality on GHES

.github/query-filter-test/action.yml

@@ -40,7 +40,7 @@ runs:
       with:
         output: ${{ runner.temp }}/results
         upload-database: false
-        upload: false
+        upload: never
       env:
         CODEQL_ACTION_TEST_MODE: "true"
     - name: Check SARIF

.github/workflows/__analyze-ref-input.yml

@@ -74,7 +74,7 @@ jobs:
         version: ${{ matrix.version }}
     - name: Set up Go
       if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__config-export.yml

@@ -31,6 +31,12 @@ jobs:
           version: latest
         - os: windows-latest
           version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-latest
+          version: nightly-latest
     name: Config export
     timeout-minutes: 45
     runs-on: ${{ matrix.os }}
@@ -64,7 +70,6 @@ jobs:
       with:
         script: |
           const fs = require('fs');
-          const path = require('path');
 
           const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
           const run = sarif.runs[0];

.github/workflows/__diagnostics-export.yml

@@ -0,0 +1,134 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pip install ruamel.yaml && python3 sync.py
+# to regenerate this file.
+
+name: PR Check - Diagnostic export
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
+on:
+  push:
+    branches:
+    - main
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  diagnostics-export:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: latest
+        - os: macos-latest
+          version: latest
+        - os: windows-latest
+          version: latest
+        - os: ubuntu-latest
+          version: nightly-latest
+        - os: macos-latest
+          version: nightly-latest
+        - os: windows-latest
+          version: nightly-latest
+    name: Diagnostic export
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - uses: ./../action/init
+      id: init
+      with:
+        languages: javascript
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+    - name: Add test diagnostics
+      shell: bash
+      env:
+        CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
+      run: |
+        for i in {1..2}; do
+          # Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.5 that
+          # produces an invalid diagnostic with multiple identical location objects.
+          "$CODEQL_PATH" database add-diagnostic \
+            "$RUNNER_TEMP/codeql_databases/javascript" \
+            --file-path /path/to/file \
+            --plaintext-message "Plaintext message $i" \
+            --source-id "lang/diagnostics/example" \
+            --source-name "Diagnostic name" \
+            --ready-for-status-page
+        done
+    - uses: ./../action/analyze
+      with:
+        output: ${{ runner.temp }}/results
+        upload-database: false
+    - name: Upload SARIF
+      uses: actions/upload-artifact@v3
+      with:
+        name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
+        path: ${{ runner.temp }}/results/javascript.sarif
+        retention-days: 7
+    - name: Check diagnostics appear in SARIF
+      uses: actions/github-script@v6
+      env:
+        SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
+      with:
+        script: |
+          const fs = require('fs');
+
+          function checkStatusPageNotification(n) {
+            const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.';
+            if (n.message.text !== expectedMessage) {
+              core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`);
+            }
+            if (n.locations.length !== 1) {
+              core.setFailed(`Expected the status page diagnostic to have exactly 1 location, but found ${n.locations.length}.`);
+            }
+          }
+
+          const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
+          const run = sarif.runs[0];
+
+          const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
+          const statusPageNotifications = toolExecutionNotifications.filter(n =>
+            n.descriptor.id === 'lang/diagnostics/example' && n.properties?.visibility?.statusPage
+          );
+          if (statusPageNotifications.length !== 1) {
+            core.setFailed(
+              'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
+                `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
+                `${statusPageNotifications.length}. All notification reporting descriptors: ` + 
+                `${JSON.stringify(toolExecutionNotifications)}.`
+            );
+          }
+          checkStatusPageNotification(statusPageNotifications[0]);
+
+          const notifications = run.tool.driver.notifications;
+          const diagnosticNotification = notifications.filter(n =>
+            n.id === 'lang/diagnostics/example' && n.name === 'lang/diagnostics/example' &&
+              n.fullDescription.text === 'Diagnostic name'
+          );
+          if (diagnosticNotification.length !== 1) {
+            core.setFailed(
+              'Expected exactly one notification for this diagnostic in the ' +
+                `'runs[].tool.driver.notifications[]' SARIF property, but found ` +
+                `${diagnosticNotification.length}. All notifications: ` +
+                `${JSON.stringify(notifications)}.`
+            );
+          }
+
+          core.info('Finished diagnostic export test');
+    env:
+      CODEQL_ACTION_EXPORT_DIAGNOSTICS: true
+      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__go-custom-queries.yml

@@ -74,7 +74,7 @@ jobs:
         version: ${{ matrix.version }}
     - name: Set up Go
       if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__go-tracing-autobuilder.yml

@@ -62,7 +62,7 @@ jobs:
         version: ${{ matrix.version }}
     - name: Set up Go
       if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__go-tracing-custom-build-steps.yml

@@ -62,7 +62,7 @@ jobs:
         version: ${{ matrix.version }}
     - name: Set up Go
       if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__go-tracing-legacy-workflow.yml

@@ -62,7 +62,7 @@ jobs:
         version: ${{ matrix.version }}
     - name: Set up Go
       if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__javascript-source-root.yml

@@ -56,7 +56,7 @@ jobs:
       with:
         upload-database: false
         skip-queries: true
-        upload: false
+        upload: never
     - name: Assert database exists
       shell: bash
       run: |

.github/workflows/__ml-powered-queries.yml

@@ -62,7 +62,7 @@ jobs:
         version: ${{ matrix.version }}
     - name: Set up Go
       if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__multi-language-autodetect.yml

@@ -62,7 +62,7 @@ jobs:
         version: ${{ matrix.version }}
     - name: Set up Go
       if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__remote-config.yml

@@ -74,7 +74,7 @@ jobs:
         version: ${{ matrix.version }}
     - name: Set up Go
       if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__swift-autobuild.yml

@@ -1,72 +0,0 @@
-# Warning: This file is generated automatically, and should not be modified.
-# Instead, please modify the template in the pr-checks directory and run:
-#     pip install ruamel.yaml && python3 sync.py
-# to regenerate this file.
-
-name: PR Check - Swift analysis using autobuild
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  GO111MODULE: auto
-  CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
-on:
-  push:
-    branches:
-    - main
-    - releases/v2
-  pull_request:
-    types:
-    - opened
-    - synchronize
-    - reopened
-    - ready_for_review
-  workflow_dispatch: {}
-jobs:
-  swift-autobuild:
-    strategy:
-      matrix:
-        include:
-        - os: macos-latest
-          version: latest
-        - os: macos-latest
-          version: cached
-        - os: macos-latest
-          version: nightly-latest
-    name: Swift analysis using autobuild
-    timeout-minutes: 45
-    runs-on: ${{ matrix.os }}
-    steps:
-    - name: Check out repository
-      uses: actions/checkout@v3
-    - name: Prepare test
-      id: prepare-test
-      uses: ./.github/prepare-test
-      with:
-        version: ${{ matrix.version }}
-    - uses: ./../action/init
-      id: init
-      with:
-        languages: swift
-        tools: ${{ steps.prepare-test.outputs.tools-url }}
-    - uses: ./../action/.github/setup-swift
-      with:
-        codeql-path: ${{steps.init.outputs.codeql-path}}
-    - name: Check working directory
-      shell: bash
-      run: pwd
-    - uses: ./../action/autobuild
-      timeout-minutes: 10
-    - uses: ./../action/analyze
-      id: analysis
-      with:
-        upload-database: false
-    - name: Check database
-      shell: bash
-      run: |
-        SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}"
-        if [[ ! -d "$SWIFT_DB" ]]; then
-          echo "Did not create a database for Swift."
-          exit 1
-        fi
-    env:
-      CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: 'true' # Remove when Swift is GA.
-      CODEQL_ACTION_TEST_MODE: true

.github/workflows/__unset-environment.yml

@@ -50,7 +50,7 @@ jobs:
         version: ${{ matrix.version }}
     - name: Set up Go
       if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
         go-version: ^1.13.1
     - uses: ./../action/init

.github/workflows/__upload-ref-sha-input.yml

@@ -74,7 +74,7 @@ jobs:
         version: ${{ matrix.version }}
     - name: Set up Go
       if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
         go-version: ^1.13.1
     - uses: ./../action/init
@@ -91,7 +91,7 @@ jobs:
         upload-database: false
         ref: refs/heads/main
         sha: 5e235361806c361d4d3f8859e3c897658025a9a2
-        upload: false
+        upload: never
     - uses: ./../action/upload-sarif
       with:
         ref: refs/heads/main

.github/workflows/__with-checkout-path.yml

@@ -74,7 +74,7 @@ jobs:
         version: ${{ matrix.version }}
     - name: Set up Go
       if: matrix.os == 'ubuntu-20.04' || matrix.os == 'windows-2019'
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
         go-version: ^1.13.1
     - uses: actions/checkout@v3
@@ -103,7 +103,7 @@ jobs:
         checkout_path: x/y/z/some-path/tests/multi-language-repo
         ref: v1.1.0
         sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
-        upload: false
+        upload: never
         upload-database: false
 
     - uses: ./../action/upload-sarif

.github/workflows/debug-artifacts-failure.yml

@@ -39,7 +39,7 @@ jobs:
         uses: ./.github/prepare-test
         with:
           version: latest
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
         with:
           go-version: ^1.13.1
       - uses: ./../action/init

.github/workflows/debug-artifacts.yml

@@ -59,7 +59,7 @@ jobs:
         uses: ./.github/prepare-test
         with:
           version: ${{ matrix.version }}
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
         with:
           go-version: ^1.13.1
       - uses: ./../action/init

.github/workflows/expected-queries-runs.yml

@@ -36,7 +36,7 @@ jobs:
       with:
         output: ${{ runner.temp }}/results
         upload-database: false
-        upload: false
+        upload: never
 
     - name: Check Sarif
       uses: ./../action/.github/check-sarif

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -3,6 +3,7 @@ name: Update Supported Enterprise Server Versions
 on:
   schedule:
     - cron: "0 0 * * *"
+  workflow_dispatch:
 
 jobs:
   update-supported-enterprise-server-versions:
@@ -35,7 +36,7 @@ jobs:
         env:
           ENTERPRISE_RELEASES_PATH: ${{ github.workspace }}/enterprise-releases/
       - name: Commit Changes
-        uses: peter-evans/create-pull-request@2b011faafdcbc9ceb11414d64d0573f37c774b04 # v4.2.3
+        uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4
         with:
           commit-message: Update supported GitHub Enterprise Server versions.
           title: Update supported GitHub Enterprise Server versions.

.github/workflows/update-supported-enterprise-server-versions/update.py

@@ -15,6 +15,11 @@ def main():
 	api_compatibility_data = json.loads(_API_COMPATIBILITY_PATH.read_text())
 
 	releases = json.loads(_RELEASE_FILE_PATH.read_text())
+
+	# Remove GHES version using a previous version numbering scheme.
+	if "11.10.340" in releases:
+		del releases["11.10.340"]
+
 	oldest_supported_release = None
 	newest_supported_release = semver.VersionInfo.parse(api_compatibility_data["maximumVersion"] + ".0")
 

CHANGELOG.md

@@ -1,12 +1,30 @@
 # CodeQL Action Changelog
 
+## [UNRELEASED]
+
+No user facing changes.
+
+## 2.2.9 - 27 Mar 2023
+
+- Customers post-processing the SARIF output of the `analyze` Action before uploading it to Code Scanning will benefit from an improved debugging experience. [#1598](https://github.com/github/codeql-action/pull/1598)
+  - The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using `upload: false`. Previously, this was only available for customers using the default value of the `upload` input.
+  - The `upload` input to the `analyze` Action now accepts the following values:
+    - `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
+    - `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
+    - `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
+    - The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively.
+
+## 2.2.8 - 22 Mar 2023
+
+- Update default CodeQL bundle version to 2.12.5. [#1585](https://github.com/github/codeql-action/pull/1585)
+
 ## 2.2.7 - 15 Mar 2023
 
 No user facing changes.
 
 ## 2.2.6 - 10 Mar 2023
 
-- Update default CodeQL bundle version to 2.12.4.
+- Update default CodeQL bundle version to 2.12.4. [#1561](https://github.com/github/codeql-action/pull/1561)
 
 ## 2.2.5 - 24 Feb 2023
 

analyze/action.yml

@@ -10,10 +10,14 @@ inputs:
     required: false
     default: "../results"
   upload:
-    description: Upload the SARIF file to Code Scanning
+    description: >-
+      Upload the SARIF file to Code Scanning.
+      Defaults to 'always' which uploads the SARIF file to Code Scanning for successful and failed runs.
+      'failure-only' only uploads debugging information to Code Scanning if the workflow run fails, for users post-processing the SARIF file before uploading it to Code Scanning.
+      'never' avoids uploading the SARIF file to Code Scanning, even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
     required: false
     # If changing this, make sure to update workflow.ts accordingly.
-    default: "true"
+    default: "always"
   cleanup-level:
     description: "Level of cleanup to perform on CodeQL databases at the end of the analyze step. This should either be 'none' to skip cleanup, or be a valid argument for the --mode flag of the CodeQL CLI command 'codeql database cleanup' as documented at https://codeql.github.com/docs/codeql-cli/manual/database-cleanup"
     required: false

lib/actions-util.js

@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.workflowEventName = exports.sendStatusReport = exports.createStatusReportBase = exports.getActionVersion = exports.getActionsStatus = exports.getRef = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
+exports.getUploadValue = exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.workflowEventName = exports.sendStatusReport = exports.createStatusReportBase = exports.getActionVersion = exports.getActionsStatus = exports.getRef = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
@@ -478,9 +478,14 @@ function getWorkflowEvent() {
 function removeRefsHeadsPrefix(ref) {
     return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref;
 }
-// Is the version of the repository we are currently analyzing from the default branch,
-// or alternatively from another branch or a pull request.
+// Returns whether we are analyzing the default branch for the repository.
+// For cases where the repository information might not be available (e.g.,
+// dynamic workflows), this can be forced by the environment variable
+// CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH.
 async function isAnalyzingDefaultBranch() {
+    if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") {
+        return true;
+    }
     // Get the current ref and trim and refs/heads/ prefix
     let currentRef = await getRef();
     currentRef = removeRefsHeadsPrefix(currentRef);
@@ -521,4 +526,22 @@ async function printDebugLogs(config) {
     }
 }
 exports.printDebugLogs = printDebugLogs;
+// Parses the `upload` input into an `UploadKind`, converting unspecified and deprecated upload inputs appropriately.
+function getUploadValue(input) {
+    switch (input) {
+        case undefined:
+        case "true":
+        case "always":
+            return "always";
+        case "false":
+        case "failure-only":
+            return "failure-only";
+        case "never":
+            return "never";
+        default:
+            core.warning(`Unrecognized 'upload' input to 'analyze' Action: ${input}. Defaulting to 'always'.`);
+            return "always";
+    }
+}
+exports.getUploadValue = getUploadValue;
 //# sourceMappingURL=actions-util.js.map

lib/actions-util.test.js

@@ -172,6 +172,9 @@ const util_1 = require("./util");
     t.deepEqual(process.env.CODEQL_ACTION_VERSION, "1.2.3");
 });
 (0, ava_1.default)("isAnalyzingDefaultBranch()", async (t) => {
+    process.env["CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH"] = "true";
+    t.deepEqual(await actionsutil.isAnalyzingDefaultBranch(), true);
+    process.env["CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH"] = "false";
     await (0, util_1.withTmpDir)(async (tmpDir) => {
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         const envFile = path.join(tmpDir, "event.json");

lib/analyze-action.js

@@ -103,7 +103,7 @@ function doesGoExtractionOutputExist(config) {
  * an autobuild step or manual build steps.
  *
  * - We detect whether an autobuild step is present by checking the
- * `util.DID_AUTOBUILD_GO_ENV_VAR_NAME` environment variable, which is set
+ * `CODEQL_ACTION_DID_AUTOBUILD_GOLANG` environment variable, which is set
  * when the autobuilder is invoked.
  * - We detect whether the Go database has already been finalized in case it
  * has been manually set in a prior Action step.
@@ -114,7 +114,7 @@ async function runAutobuildIfLegacyGoWorkflow(config, logger) {
     if (!config.languages.includes(languages_1.Language.go)) {
         return;
     }
-    if (process.env[util.DID_AUTOBUILD_GO_ENV_VAR_NAME] === "true") {
+    if (process.env[shared_environment_1.CODEQL_ACTION_DID_AUTOBUILD_GOLANG] === "true") {
         logger.debug("Won't run Go autobuild since it has already been run.");
         return;
     }
@@ -155,7 +155,7 @@ async function run() {
         if (hasBadExpectErrorInput()) {
             throw new Error("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
         }
-        await util.enrichEnvironment(await (0, codeql_1.getCodeQL)(config.codeQLCmd));
+        await (0, codeql_1.enrichEnvironment)(await (0, codeql_1.getCodeQL)(config.codeQLCmd));
         const apiDetails = (0, api_client_1.getApiDetails)();
         const outputDir = actionsUtil.getRequiredInput("output");
         const threads = util.getThreadsFlag(actionsUtil.getOptionalInput("threads") || process.env["CODEQL_THREADS"], logger);
@@ -176,7 +176,8 @@ async function run() {
             dbLocations[language] = util.getCodeQLDatabasePath(config, language);
         }
         core.setOutput("db-locations", dbLocations);
-        if (runStats && actionsUtil.getRequiredInput("upload") === "true") {
+        const uploadInput = actionsUtil.getOptionalInput("upload");
+        if (runStats && actionsUtil.getUploadValue(uploadInput) === "always") {
             uploadResult = await upload_lib.uploadFromActions(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger);
             core.setOutput("sarif-id", uploadResult.sarifID);
         }

lib/analyze.js

@@ -218,7 +218,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
     return statusReport;
     async function runInterpretResults(language, queries, sarifFile, enableDebugLogging) {
         const databasePath = util.getCodeQLDatabasePath(config, language);
-        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, config, features);
+        return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, config, features, logger);
     }
     async function runPrintLinesOfCode(language) {
         const databasePath = util.getCodeQLDatabasePath(config, language);

lib/api-compatibility.json

@@ -1 +1 @@
-{ "maximumVersion": "3.8", "minimumVersion": "3.4" }
+{ "maximumVersion": "3.9", "minimumVersion": "3.5" }

lib/autobuild-action.js

@@ -30,6 +30,7 @@ const autobuild_1 = require("./autobuild");
 const configUtils = __importStar(require("./config-utils"));
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
+const shared_environment_1 = require("./shared-environment");
 const util_1 = require("./util");
 async function sendCompletedStatusReport(startedAt, allLanguages, failingLanguage, cause) {
     (0, util_1.initializeEnvironment)((0, actions_util_1.getActionVersion)());
@@ -68,7 +69,7 @@ async function run() {
                 currentLanguage = language;
                 await (0, autobuild_1.runAutobuild)(language, config, logger);
                 if (language === languages_1.Language.go) {
-                    core.exportVariable(util_1.DID_AUTOBUILD_GO_ENV_VAR_NAME, "true");
+                    core.exportVariable(shared_environment_1.CODEQL_ACTION_DID_AUTOBUILD_GOLANG, "true");
                 }
             }
         }

lib/autobuild-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAQwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAC9C,2CAAuC;AACvC,uCAA6C;AAC7C,iCAIgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;gBAChC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;gBAC7C,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE;oBAC5B,IAAI,CAAC,cAAc,CAAC,oCAA6B,EAAE,MAAM,CAAC,CAAC;iBAC5D;aACF;SACF;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAQwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,4DAA8C;AAC9C,2CAAuC;AACvC,uCAA6C;AAC7C,6DAA0E;AAC1E,iCAA0E;AAS1E,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,+BAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,qCAAsB,EACnD,WAAW,EACX,MAAM,EACN,SAAS,EACT,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,+BAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,eAAe,GAAyB,SAAS,CAAC;IACtD,IAAI,SAAS,GAA2B,SAAS,CAAC;IAClD,IAAI;QACF,IACE,CAAC,CAAC,MAAM,IAAA,+BAAgB,EACtB,MAAM,IAAA,qCAAsB,EAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CACjE,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QAED,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE;gBACpB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;aACjC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE;gBAChC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;gBAC7C,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE;oBAC5B,IAAI,CAAC,cAAc,CAAC,uDAAkC,EAAE,MAAM,CAAC,CAAC;iBACjE;aACF;SACF;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIACE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CACvD,EAAE,CACH,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAC1D,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9D,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;QACpD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/codeql.js

@@ -23,9 +23,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
+exports.enrichEnvironment = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const core = __importStar(require("@actions/core"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const yaml = __importStar(require("js-yaml"));
 const actions_util_1 = require("./actions-util");
@@ -34,6 +35,7 @@ const error_matcher_1 = require("./error-matcher");
 const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const setupCodeql = __importStar(require("./setup-codeql"));
+const shared_environment_1 = require("./shared-environment");
 const toolrunner_error_catcher_1 = require("./toolrunner-error-catcher");
 const trap_caching_1 = require("./trap-caching");
 const util = __importStar(require("./util"));
@@ -189,6 +191,7 @@ function setCodeQL(partialCodeql) {
         databaseRunQueries: resolveFunction(partialCodeql, "databaseRunQueries"),
         databaseInterpretResults: resolveFunction(partialCodeql, "databaseInterpretResults"),
         databasePrintBaseline: resolveFunction(partialCodeql, "databasePrintBaseline"),
+        databaseExportDiagnostics: resolveFunction(partialCodeql, "databaseExportDiagnostics"),
         diagnosticsExport: resolveFunction(partialCodeql, "diagnosticsExport"),
     };
     return cachedCodeQL;
@@ -504,14 +507,18 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             }
             await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, codeqlArgs, error_matcher_1.errorMatchers);
         },
-        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features) {
+        async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features, logger) {
+            const shouldExportDiagnostics = await features.getValue(feature_flags_1.Feature.ExportDiagnosticsEnabled, this);
+            const codeqlOutputFile = shouldExportDiagnostics
+                ? path.join(config.tempDir, "codeql-intermediate-results.sarif")
+                : sarifFile;
             const codeqlArgs = [
                 "database",
                 "interpret-results",
                 threadsFlag,
                 "--format=sarif-latest",
                 verbosityFlag,
-                `--output=${sarifFile}`,
+                `--output=${codeqlOutputFile}`,
                 addSnippetsFlag,
                 "--print-diagnostics-summary",
                 "--print-metrics-summary",
@@ -527,12 +534,21 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (await util.codeQlVersionAbove(this, CODEQL_VERSION_FILE_BASELINE_INFORMATION)) {
                 codeqlArgs.push("--sarif-add-baseline-file-info");
             }
+            if (shouldExportDiagnostics) {
+                codeqlArgs.push("--sarif-include-diagnostics");
+            }
+            else if (await util.codeQlVersionAbove(this, "2.12.4")) {
+                codeqlArgs.push("--no-sarif-include-diagnostics");
+            }
             codeqlArgs.push(databasePath);
             if (querySuitePaths) {
                 codeqlArgs.push(...querySuitePaths);
             }
             // capture stdout, which contains analysis summaries
             const returnState = await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, codeqlArgs, error_matcher_1.errorMatchers);
+            if (shouldExportDiagnostics) {
+                util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
+            }
             return returnState.stdout;
         },
         async databasePrintBaseline(databasePath) {
@@ -609,6 +625,26 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             ];
             await new toolrunner.ToolRunner(cmd, args).exec();
         },
+        async databaseExportDiagnostics(databasePath, sarifFile, automationDetailsId, tempDir, logger) {
+            const intermediateSarifFile = path.join(tempDir, "codeql-intermediate-results.sarif");
+            const args = [
+                "database",
+                "export-diagnostics",
+                `${databasePath}`,
+                "--db-cluster",
+                "--format=sarif-latest",
+                `--output=${intermediateSarifFile}`,
+                "--sarif-include-diagnostics",
+                "-vvv",
+                ...getExtraOptionsFromEnv(["diagnostics", "export"]),
+            ];
+            if (automationDetailsId !== undefined) {
+                args.push("--sarif-category", automationDetailsId);
+            }
+            await new toolrunner.ToolRunner(cmd, args).exec();
+            // Fix invalid notifications in the SARIF file output by CodeQL.
+            util.fixInvalidNotificationsInFile(intermediateSarifFile, sarifFile, logger);
+        },
         async diagnosticsExport(sarifFile, automationDetailsId, config, features) {
             const args = [
                 "diagnostics",
@@ -808,4 +844,19 @@ async function getCodeScanningConfigExportArguments(config, codeql, features) {
     }
     return [];
 }
+/**
+ * Enrich the environment variables with further flags that we cannot
+ * know the value of until we know what version of CodeQL we're running.
+ */
+async function enrichEnvironment(codeql) {
+    if (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_NEW_TRACING)) {
+        core.exportVariable(shared_environment_1.EnvVar.FEATURE_MULTI_LANGUAGE, "false");
+        core.exportVariable(shared_environment_1.EnvVar.FEATURE_SANDWICH, "false");
+    }
+    else {
+        core.exportVariable(shared_environment_1.EnvVar.FEATURE_MULTI_LANGUAGE, "true");
+        core.exportVariable(shared_environment_1.EnvVar.FEATURE_SANDWICH, "true");
+    }
+}
+exports.enrichEnvironment = enrichEnvironment;
 //# sourceMappingURL=codeql.js.map

lib/codeql.test.js

@@ -424,7 +424,7 @@ for (const isBundleVersionInUrl of [true, false]) {
     sinon.stub(codeqlObject, "getVersion").resolves("2.7.0");
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]));
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
     t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be absent, but it is present");
 });
 (0, ava_1.default)("databaseInterpretResults() sets --sarif-add-query-help for 2.7.1", async (t) => {
@@ -433,7 +433,7 @@ for (const isBundleVersionInUrl of [true, false]) {
     sinon.stub(codeqlObject, "getVersion").resolves("2.7.1");
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]));
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
     t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be present, but it is absent");
 });
 (0, ava_1.default)("databaseInitCluster() without injected codescanning config", async (t) => {
@@ -733,7 +733,7 @@ const injectedConfigMacro = ava_1.default.macro({
     sinon.stub(codeqlObject, "getVersion").resolves("2.11.3");
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]));
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
     t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info should be present, but it is absent");
 });
 (0, ava_1.default)("databaseInterpretResults() does not set --sarif-add-baseline-file-info for 2.11.2", async (t) => {
@@ -742,7 +742,7 @@ const injectedConfigMacro = ava_1.default.macro({
     sinon.stub(codeqlObject, "getVersion").resolves("2.11.2");
     // safeWhich throws because of the test CodeQL object.
     sinon.stub(safeWhich, "safeWhich").resolves("");
-    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]));
+    await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
     t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info must be absent, but it is present");
 });
 function stubToolRunnerConstructor() {

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-20230304",
-    "cliVersion": "2.12.4",
-    "priorBundleVersion": "codeql-bundle-20230217",
-    "priorCliVersion": "2.12.3"
+    "bundleVersion": "codeql-bundle-20230317",
+    "cliVersion": "2.12.5",
+    "priorBundleVersion": "codeql-bundle-20230304",
+    "priorCliVersion": "2.12.4"
 }

lib/feature-flags.js

@@ -37,6 +37,7 @@ var Feature;
     Feature["CliConfigFileEnabled"] = "cli_config_file_enabled";
     Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
     Feature["ExportCodeScanningConfigEnabled"] = "export_code_scanning_config_enabled";
+    Feature["ExportDiagnosticsEnabled"] = "export_diagnostics_enabled";
     Feature["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
     Feature["UploadFailedSarifEnabled"] = "upload_failed_sarif_enabled";
 })(Feature = exports.Feature || (exports.Feature = {}));
@@ -54,7 +55,12 @@ exports.featureConfig = {
     [Feature.ExportCodeScanningConfigEnabled]: {
         envVar: "CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG",
         minimumVersion: "2.12.3",
-        defaultValue: false,
+        defaultValue: true,
+    },
+    [Feature.ExportDiagnosticsEnabled]: {
+        envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS",
+        minimumVersion: "2.12.4",
+        defaultValue: true,
     },
     [Feature.MlPoweredQueriesEnabled]: {
         envVar: "CODEQL_ML_POWERED_QUERIES",
@@ -64,7 +70,7 @@ exports.featureConfig = {
     [Feature.UploadFailedSarifEnabled]: {
         envVar: "CODEQL_ACTION_UPLOAD_FAILED_SARIF",
         minimumVersion: "2.11.3",
-        defaultValue: false,
+        defaultValue: true,
     },
 };
 exports.FEATURE_FLAGS_FILE_NAME = "cached-feature-flags.json";

lib/init-action-post-helper.js

@@ -54,14 +54,24 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
     const workflow = await (0, workflow_1.getWorkflow)();
     const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
     const matrix = (0, util_1.parseMatrixInput)(actionsUtil.getRequiredInput("matrix"));
-    if ((0, workflow_1.getUploadInputOrThrow)(workflow, jobName, matrix) !== "true" ||
+    const shouldUpload = (0, workflow_1.getUploadInputOrThrow)(workflow, jobName, matrix);
+    if (!["always", "failure-only"].includes(actionsUtil.getUploadValue(shouldUpload)) ||
         (0, util_1.isInTestMode)()) {
         return { upload_failed_run_skipped_because: "SARIF upload is disabled" };
     }
     const category = (0, workflow_1.getCategoryInputOrThrow)(workflow, jobName, matrix);
     const checkoutPath = (0, workflow_1.getCheckoutPathInputOrThrow)(workflow, jobName, matrix);
+    const databasePath = config.dbLocation;
     const sarifFile = "../codeql-failed-run.sarif";
-    await codeql.diagnosticsExport(sarifFile, category, config, features);
+    // If there is no database or the feature flag is off, we run 'export diagnostics'
+    if (databasePath === undefined ||
+        !(await features.getValue(feature_flags_1.Feature.ExportDiagnosticsEnabled, codeql))) {
+        await codeql.diagnosticsExport(sarifFile, category, config, features);
+    }
+    else {
+        // We call 'database export-diagnostics' to find any per-database diagnostics.
+        await codeql.databaseExportDiagnostics(databasePath, sarifFile, category, config.tempDir, logger);
+    }
     core.info(`Uploading failed SARIF file ${sarifFile}`);
     const uploadResult = await uploadLib.uploadFromActions(sarifFile, checkoutPath, category, logger);
     await uploadLib.waitForProcessing(repositoryNwo, uploadResult.sarifID, logger, { isUnsuccessfulExecution: true });

lib/init-action-post-helper.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAA6E;AAC7E,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,OAAO;QACL,uBAAuB,EACrB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACxD,6BAA6B,EAC3B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACnD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,GAAE,CAAC;IACrC,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,IACE,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,MAAM;QAC3D,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAE5E,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAC/C,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAEtE,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IACF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,uBAAuB,GAAG,CAC3D,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AApDD,kBAoDC"}
+{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAA6E;AAC7E,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,OAAO;QACL,uBAAuB,EACrB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACxD,6BAA6B,EAC3B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACnD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,GAAE,CAAC;IACrC,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,MAAM,YAAY,GAAG,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACtE,IACE,CAAC,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,QAAQ,CAClC,WAAW,CAAC,cAAc,CAAC,YAAY,CAAC,CACzC;QACD,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,YAAY,GAAG,MAAM,CAAC,UAAU,CAAC;IAEvC,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAE/C,kFAAkF;IAClF,IACE,YAAY,KAAK,SAAS;QAC1B,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EACpE;QACA,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;KACvE;SAAM;QACL,8EAA8E;QAC9E,MAAM,MAAM,CAAC,yBAAyB,CACpC,YAAY,EACZ,SAAS,EACT,QAAQ,EACR,MAAM,CAAC,OAAO,EACd,MAAM,CACP,CAAC;KACH;IAED,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IAEF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,uBAAuB,GAAG,CAC3D,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AArDD,kBAqDC"}

lib/init-action-post-helper.test.js

@@ -84,7 +84,7 @@ const workflow = __importStar(require("./workflow"));
         t.assert(printDebugLogsSpy.called);
     });
 });
-(0, ava_1.default)("uploads failed SARIF run for typical workflow", async (t) => {
+(0, ava_1.default)("uploads failed SARIF run with `diagnostics export` if feature flag is off", async (t) => {
     const actionsWorkflow = createTestWorkflow([
         {
             name: "Checkout repository",
@@ -107,7 +107,7 @@ const workflow = __importStar(require("./workflow"));
     ]);
     await testFailedSarifUpload(t, actionsWorkflow, { category: "my-category" });
 });
-(0, ava_1.default)("doesn't upload failed SARIF for workflow with upload: false", async (t) => {
+(0, ava_1.default)("uploads failed SARIF run with `diagnostics export` if the database doesn't exist", async (t) => {
     const actionsWorkflow = createTestWorkflow([
         {
             name: "Checkout repository",
@@ -125,15 +125,98 @@ const workflow = __importStar(require("./workflow"));
             uses: "github/codeql-action/analyze@v2",
             with: {
                 category: "my-category",
-                upload: false,
             },
         },
     ]);
-    const result = await testFailedSarifUpload(t, actionsWorkflow, {
-        expectUpload: false,
+    await testFailedSarifUpload(t, actionsWorkflow, {
+        category: "my-category",
+        databaseExists: false,
     });
-    t.is(result.upload_failed_run_skipped_because, "SARIF upload is disabled");
 });
+(0, ava_1.default)("uploads failed SARIF run with database export-diagnostics if the database exists and feature flag is on", async (t) => {
+    const actionsWorkflow = createTestWorkflow([
+        {
+            name: "Checkout repository",
+            uses: "actions/checkout@v3",
+        },
+        {
+            name: "Initialize CodeQL",
+            uses: "github/codeql-action/init@v2",
+            with: {
+                languages: "javascript",
+            },
+        },
+        {
+            name: "Perform CodeQL Analysis",
+            uses: "github/codeql-action/analyze@v2",
+            with: {
+                category: "my-category",
+            },
+        },
+    ]);
+    await testFailedSarifUpload(t, actionsWorkflow, {
+        category: "my-category",
+        exportDiagnosticsEnabled: true,
+    });
+});
+const UPLOAD_INPUT_TEST_CASES = [
+    {
+        uploadInput: "true",
+        shouldUpload: true,
+    },
+    {
+        uploadInput: "false",
+        shouldUpload: true,
+    },
+    {
+        uploadInput: "always",
+        shouldUpload: true,
+    },
+    {
+        uploadInput: "failure-only",
+        shouldUpload: true,
+    },
+    {
+        uploadInput: "never",
+        shouldUpload: false,
+    },
+    {
+        uploadInput: "unrecognized-value",
+        shouldUpload: true,
+    },
+];
+for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
+    (0, ava_1.default)(`does ${shouldUpload ? "" : "not "}upload failed SARIF run for workflow with upload: ${uploadInput}`, async (t) => {
+        const actionsWorkflow = createTestWorkflow([
+            {
+                name: "Checkout repository",
+                uses: "actions/checkout@v3",
+            },
+            {
+                name: "Initialize CodeQL",
+                uses: "github/codeql-action/init@v2",
+                with: {
+                    languages: "javascript",
+                },
+            },
+            {
+                name: "Perform CodeQL Analysis",
+                uses: "github/codeql-action/analyze@v2",
+                with: {
+                    category: "my-category",
+                    upload: uploadInput,
+                },
+            },
+        ]);
+        const result = await testFailedSarifUpload(t, actionsWorkflow, {
+            category: "my-category",
+            expectUpload: shouldUpload,
+        });
+        if (!shouldUpload) {
+            t.is(result.upload_failed_run_skipped_because, "SARIF upload is disabled");
+        }
+    });
+}
 (0, ava_1.default)("uploading failed SARIF run succeeds when workflow uses an input with a matrix var", async (t) => {
     const actionsWorkflow = createTestWorkflow([
         {
@@ -221,13 +304,16 @@ function createTestWorkflow(steps) {
         },
     };
 }
-async function testFailedSarifUpload(t, actionsWorkflow, { category, expectUpload = true, matrix = {}, } = {}) {
+async function testFailedSarifUpload(t, actionsWorkflow, { category, databaseExists = true, expectUpload = true, exportDiagnosticsEnabled = false, matrix = {}, } = {}) {
     const config = {
         codeQLCmd: "codeql",
         debugMode: true,
         languages: [],
         packs: [],
     };
+    if (databaseExists) {
+        config.dbLocation = "path/to/database";
+    }
     process.env["GITHUB_JOB"] = "analyze";
     process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
     process.env["GITHUB_WORKSPACE"] =
@@ -238,6 +324,7 @@ async function testFailedSarifUpload(t, actionsWorkflow, { category, expectUploa
         .returns(JSON.stringify(matrix));
     const codeqlObject = await codeql.getCodeQLForTesting();
     sinon.stub(codeql, "getCodeQL").resolves(codeqlObject);
+    const databaseExportDiagnosticsStub = sinon.stub(codeqlObject, "databaseExportDiagnostics");
     const diagnosticsExportStub = sinon.stub(codeqlObject, "diagnosticsExport");
     sinon.stub(workflow, "getWorkflow").resolves(actionsWorkflow);
     const uploadFromActions = sinon.stub(uploadLib, "uploadFromActions");
@@ -246,15 +333,22 @@ async function testFailedSarifUpload(t, actionsWorkflow, { category, expectUploa
         statusReport: { raw_upload_size_bytes: 20, zipped_upload_size_bytes: 10 },
     });
     const waitForProcessing = sinon.stub(uploadLib, "waitForProcessing");
-    const result = await initActionPostHelper.tryUploadSarifIfRunFailed(config, (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.UploadFailedSarifEnabled]), (0, logging_1.getRunnerLogger)(true));
+    const features = [feature_flags_1.Feature.UploadFailedSarifEnabled];
+    if (exportDiagnosticsEnabled) {
+        features.push(feature_flags_1.Feature.ExportDiagnosticsEnabled);
+    }
+    const result = await initActionPostHelper.tryUploadSarifIfRunFailed(config, (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)(features), (0, logging_1.getRunnerLogger)(true));
     if (expectUpload) {
         t.deepEqual(result, {
             raw_upload_size_bytes: 20,
             zipped_upload_size_bytes: 10,
         });
-    }
-    if (expectUpload) {
-        t.true(diagnosticsExportStub.calledOnceWith(sinon.match.string, category, sinon.match.any, sinon.match.any), `Actual args were: ${diagnosticsExportStub.args}`);
+        if (databaseExists && exportDiagnosticsEnabled) {
+            t.true(databaseExportDiagnosticsStub.calledOnceWith(config.dbLocation, sinon.match.string, category, sinon.match.any, sinon.match.any), `Actual args were: ${databaseExportDiagnosticsStub.args}`);
+        }
+        else {
+            t.true(diagnosticsExportStub.calledOnceWith(sinon.match.string, category, config, sinon.match.any), `Actual args were: ${diagnosticsExportStub.args}`);
+        }
         t.true(uploadFromActions.calledOnceWith(sinon.match.string, sinon.match.string, category, sinon.match.any), `Actual args were: ${uploadFromActions.args}`);
         t.true(waitForProcessing.calledOnceWith(sinon.match.any, "42", sinon.match.any, {
             isUnsuccessfulExecution: true,

lib/init-action.js

@@ -129,7 +129,7 @@ async function run() {
         toolsDownloadDurationMs = initCodeQLResult.toolsDownloadDurationMs;
         toolsVersion = initCodeQLResult.toolsVersion;
         toolsSource = initCodeQLResult.toolsSource;
-        await (0, util_1.enrichEnvironment)(codeql);
+        await (0, codeql_1.enrichEnvironment)(codeql);
         config = await (0, init_1.initConfig)((0, actions_util_1.getOptionalInput)("languages"), (0, actions_util_1.getOptionalInput)("queries"), (0, actions_util_1.getOptionalInput)("packs"), registriesInput, (0, actions_util_1.getOptionalInput)("config-file"), (0, actions_util_1.getOptionalInput)("db-location"), getTrapCachingEnabled(), 
         // Debug mode is enabled if:
         // - The `init` Action is passed `debug: true`.

lib/shared-environment.js

@@ -1,6 +1,43 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.ODASA_TRACER_CONFIGURATION = exports.CODEQL_WORKFLOW_STARTED_AT = exports.CODEQL_ACTION_TEST_MODE = exports.CODEQL_ACTION_TESTING_ENVIRONMENT = exports.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY = void 0;
+exports.ODASA_TRACER_CONFIGURATION = exports.CODEQL_WORKFLOW_STARTED_AT = exports.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX = exports.CODEQL_ACTION_TEST_MODE = exports.CODEQL_ACTION_TESTING_ENVIRONMENT = exports.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY = exports.CODEQL_ACTION_DID_AUTOBUILD_GOLANG = exports.EnvVar = void 0;
+/**
+ * Environment variables to be set by codeql-action and used by the
+ * CLI.
+ */
+var EnvVar;
+(function (EnvVar) {
+    /**
+     * Semver of the codeql-action as specified in package.json.
+     */
+    EnvVar["VERSION"] = "CODEQL_ACTION_VERSION";
+    /**
+     * If set to a truthy value, then the codeql-action might combine SARIF
+     * output from several `interpret-results` runs for the same Language.
+     */
+    EnvVar["FEATURE_SARIF_COMBINE"] = "CODEQL_ACTION_FEATURE_SARIF_COMBINE";
+    /**
+     * If set to the "true" string, then the codeql-action will upload SARIF,
+     * not the cli.
+     */
+    EnvVar["FEATURE_WILL_UPLOAD"] = "CODEQL_ACTION_FEATURE_WILL_UPLOAD";
+    /**
+     * If set to the "true" string, then the codeql-action is using its
+     * own deprecated and non-standard way of scanning for multiple
+     * languages.
+     */
+    EnvVar["FEATURE_MULTI_LANGUAGE"] = "CODEQL_ACTION_FEATURE_MULTI_LANGUAGE";
+    /**
+     * If set to the "true" string, then the codeql-action is using its
+     * own sandwiched workflow mechanism
+     */
+    EnvVar["FEATURE_SANDWICH"] = "CODEQL_ACTION_FEATURE_SANDWICH";
+})(EnvVar = exports.EnvVar || (exports.EnvVar = {}));
+/**
+ * Environment variable that is set to true when the CodeQL Action has invoked
+ * the Go autobuilder.
+ */
+exports.CODEQL_ACTION_DID_AUTOBUILD_GOLANG = "CODEQL_ACTION_DID_AUTOBUILD_GOLANG";
 /**
  * This environment variable is set to true when the `analyze` Action
  * completes successfully.
@@ -9,6 +46,11 @@ exports.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY = "CODEQL_ACTION_ANALYZE
 exports.CODEQL_ACTION_TESTING_ENVIRONMENT = "CODEQL_ACTION_TESTING_ENVIRONMENT";
 /** Used to disable uploading SARIF results or status reports to the GitHub API */
 exports.CODEQL_ACTION_TEST_MODE = "CODEQL_ACTION_TEST_MODE";
+/**
+ * Used to disable the SARIF post-processing in the Action that removes duplicate locations from
+ * notifications in the `run[].invocations[].toolExecutionNotifications` SARIF property.
+ */
+exports.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX = "CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX";
 /**
  * The time at which the first action (normally init) started executing.
  * If a workflow invokes a different action without first invoking the init

lib/shared-environment.js.map

@@ -1 +1 @@
-{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACU,QAAA,+CAA+C,GAC1D,iDAAiD,CAAC;AAEvC,QAAA,iCAAiC,GAC5C,mCAAmC,CAAC;AAEtC,kFAAkF;AACrE,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AAEjE;;;;;;GAMG;AACU,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAE1D,QAAA,0BAA0B,GAAG,4BAA4B,CAAC"}
+{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,IAAY,MA8BX;AA9BD,WAAY,MAAM;IAChB;;OAEG;IACH,2CAAiC,CAAA;IAEjC;;;OAGG;IACH,uEAA6D,CAAA;IAE7D;;;OAGG;IACH,mEAAyD,CAAA;IAEzD;;;;OAIG;IACH,yEAA+D,CAAA;IAE/D;;;OAGG;IACH,6DAAmD,CAAA;AACrD,CAAC,EA9BW,MAAM,GAAN,cAAM,KAAN,cAAM,QA8BjB;AAED;;;GAGG;AACU,QAAA,kCAAkC,GAC7C,oCAAoC,CAAC;AAEvC;;;GAGG;AACU,QAAA,+CAA+C,GAC1D,iDAAiD,CAAC;AAEvC,QAAA,iCAAiC,GAC5C,mCAAmC,CAAC;AAEtC,kFAAkF;AACrE,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AAEjE;;;GAGG;AACU,QAAA,4CAA4C,GACvD,8CAA8C,CAAC;AAEjD;;;;;;GAMG;AACU,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAE1D,QAAA,0BAA0B,GAAG,4BAA4B,CAAC"}

lib/upload-lib.js

@@ -38,7 +38,7 @@ const actionsUtil = __importStar(require("./actions-util"));
 const api = __importStar(require("./api-client"));
 const fingerprints = __importStar(require("./fingerprints"));
 const repository_1 = require("./repository");
-const sharedEnv = __importStar(require("./shared-environment"));
+const shared_environment_1 = require("./shared-environment");
 const util = __importStar(require("./util"));
 const workflow = __importStar(require("./workflow"));
 // Takes a list of paths to sarif files and combines them together,
@@ -206,7 +206,7 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
         workflow_run_id: workflowRunID,
         checkout_uri: checkoutURI,
         environment,
-        started_at: process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT],
+        started_at: process.env[shared_environment_1.CODEQL_WORKFLOW_STARTED_AT],
         tool_names: toolNames,
         base_ref: undefined,
         base_sha: undefined,

lib/util.js

@@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.parseMatrixInput = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.supportExpectDiscardedCache = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.enrichEnvironment = exports.initializeEnvironment = exports.EnvVar = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DID_AUTOBUILD_GO_ENV_VAR_NAME = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
+exports.fixInvalidNotificationsInFile = exports.fixInvalidNotifications = exports.parseMatrixInput = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.supportExpectDiscardedCache = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.initializeEnvironment = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
@@ -37,7 +37,6 @@ const get_folder_size_1 = __importDefault(require("get-folder-size"));
 const semver = __importStar(require("semver"));
 const api_client_1 = require("./api-client");
 const apiCompatibility = __importStar(require("./api-compatibility.json"));
-const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const feature_flags_1 = require("./feature-flags");
 const shared_environment_1 = require("./shared-environment");
@@ -58,11 +57,6 @@ exports.DEFAULT_DEBUG_ARTIFACT_NAME = "debug-artifacts";
  * Default name of the database in the debugging artifact.
  */
 exports.DEFAULT_DEBUG_DATABASE_NAME = "db";
-/**
- * Environment variable that is set to "true" when the CodeQL Action has invoked
- * the Go autobuilder.
- */
-exports.DID_AUTOBUILD_GO_ENV_VAR_NAME = "CODEQL_ACTION_DID_AUTOBUILD_GOLANG";
 /**
  * Get the extra options for the codeql commands.
  */
@@ -265,6 +259,7 @@ var GitHubVariant;
     GitHubVariant[GitHubVariant["DOTCOM"] = 0] = "DOTCOM";
     GitHubVariant[GitHubVariant["GHES"] = 1] = "GHES";
     GitHubVariant[GitHubVariant["GHAE"] = 2] = "GHAE";
+    GitHubVariant[GitHubVariant["GHE_DOTCOM"] = 3] = "GHE_DOTCOM";
 })(GitHubVariant = exports.GitHubVariant || (exports.GitHubVariant = {}));
 async function getGitHubVersion(apiDetails) {
     // We can avoid making an API request in the standard dotcom case
@@ -283,6 +278,9 @@ async function getGitHubVersion(apiDetails) {
     if (response.headers[GITHUB_ENTERPRISE_VERSION_HEADER] === "GitHub AE") {
         return { type: GitHubVariant.GHAE };
     }
+    if (response.headers[GITHUB_ENTERPRISE_VERSION_HEADER] === "ghe.com") {
+        return { type: GitHubVariant.GHE_DOTCOM };
+    }
     const version = response.headers[GITHUB_ENTERPRISE_VERSION_HEADER];
     return { type: GitHubVariant.GHES, version };
 }
@@ -334,63 +332,16 @@ function assertNever(value) {
     throw new ExhaustivityCheckingError(value);
 }
 exports.assertNever = assertNever;
-/**
- * Environment variables to be set by codeql-action and used by the
- * CLI.
- */
-var EnvVar;
-(function (EnvVar) {
-    /**
-     * Semver of the codeql-action as specified in package.json.
-     */
-    EnvVar["VERSION"] = "CODEQL_ACTION_VERSION";
-    /**
-     * If set to a truthy value, then the codeql-action might combine SARIF
-     * output from several `interpret-results` runs for the same Language.
-     */
-    EnvVar["FEATURE_SARIF_COMBINE"] = "CODEQL_ACTION_FEATURE_SARIF_COMBINE";
-    /**
-     * If set to the "true" string, then the codeql-action will upload SARIF,
-     * not the cli.
-     */
-    EnvVar["FEATURE_WILL_UPLOAD"] = "CODEQL_ACTION_FEATURE_WILL_UPLOAD";
-    /**
-     * If set to the "true" string, then the codeql-action is using its
-     * own deprecated and non-standard way of scanning for multiple
-     * languages.
-     */
-    EnvVar["FEATURE_MULTI_LANGUAGE"] = "CODEQL_ACTION_FEATURE_MULTI_LANGUAGE";
-    /**
-     * If set to the "true" string, then the codeql-action is using its
-     * own sandwiched workflow mechanism
-     */
-    EnvVar["FEATURE_SANDWICH"] = "CODEQL_ACTION_FEATURE_SANDWICH";
-})(EnvVar = exports.EnvVar || (exports.EnvVar = {}));
 /**
  * Set some initial environment variables that we can set even without
  * knowing what version of CodeQL we're running.
  */
 function initializeEnvironment(version) {
-    core.exportVariable(EnvVar.VERSION, version);
-    core.exportVariable(EnvVar.FEATURE_SARIF_COMBINE, "true");
-    core.exportVariable(EnvVar.FEATURE_WILL_UPLOAD, "true");
+    core.exportVariable(shared_environment_1.EnvVar.VERSION, version);
+    core.exportVariable(shared_environment_1.EnvVar.FEATURE_SARIF_COMBINE, "true");
+    core.exportVariable(shared_environment_1.EnvVar.FEATURE_WILL_UPLOAD, "true");
 }
 exports.initializeEnvironment = initializeEnvironment;
-/**
- * Enrich the environment variables with further flags that we cannot
- * know the value of until we know what version of CodeQL we're running.
- */
-async function enrichEnvironment(codeql) {
-    if (await codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
-        core.exportVariable(EnvVar.FEATURE_MULTI_LANGUAGE, "false");
-        core.exportVariable(EnvVar.FEATURE_SANDWICH, "false");
-    }
-    else {
-        core.exportVariable(EnvVar.FEATURE_MULTI_LANGUAGE, "true");
-        core.exportVariable(EnvVar.FEATURE_SANDWICH, "true");
-    }
-}
-exports.enrichEnvironment = enrichEnvironment;
 /**
  * Get an environment parameter, but throw an error if it is not set.
  */
@@ -708,4 +659,73 @@ function parseMatrixInput(matrixInput) {
     return JSON.parse(matrixInput);
 }
 exports.parseMatrixInput = parseMatrixInput;
+function removeDuplicateLocations(locations) {
+    const newJsonLocations = new Set();
+    return locations.filter((location) => {
+        const jsonLocation = JSON.stringify(location);
+        if (!newJsonLocations.has(jsonLocation)) {
+            newJsonLocations.add(jsonLocation);
+            return true;
+        }
+        return false;
+    });
+}
+function fixInvalidNotifications(sarif, logger) {
+    if (process.env[shared_environment_1.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX] === "true") {
+        logger.info("SARIF notification object duplicate location fix disabled by the " +
+            `${shared_environment_1.CODEQL_ACTION_DISABLE_DUPLICATE_LOCATION_FIX} environment variable.`);
+        return sarif;
+    }
+    if (!Array.isArray(sarif.runs)) {
+        return sarif;
+    }
+    // Ensure that the array of locations for each SARIF notification contains unique locations.
+    // This is a workaround for a bug in the CodeQL CLI that causes duplicate locations to be
+    // emitted in some cases.
+    let numDuplicateLocationsRemoved = 0;
+    const newSarif = {
+        ...sarif,
+        runs: sarif.runs.map((run) => {
+            if (run.tool?.driver?.name !== "CodeQL" ||
+                !Array.isArray(run.invocations)) {
+                return run;
+            }
+            return {
+                ...run,
+                invocations: run.invocations.map((invocation) => {
+                    if (!Array.isArray(invocation.toolExecutionNotifications)) {
+                        return invocation;
+                    }
+                    return {
+                        ...invocation,
+                        toolExecutionNotifications: invocation.toolExecutionNotifications.map((notification) => {
+                            if (!Array.isArray(notification.locations)) {
+                                return notification;
+                            }
+                            const newLocations = removeDuplicateLocations(notification.locations);
+                            numDuplicateLocationsRemoved +=
+                                notification.locations.length - newLocations.length;
+                            return {
+                                ...notification,
+                                locations: newLocations,
+                            };
+                        }),
+                    };
+                }),
+            };
+        }),
+    };
+    if (numDuplicateLocationsRemoved > 0) {
+        logger.info(`Removed ${numDuplicateLocationsRemoved} duplicate locations from SARIF notification ` +
+            "objects.");
+    }
+    return newSarif;
+}
+exports.fixInvalidNotifications = fixInvalidNotifications;
+function fixInvalidNotificationsInFile(inputPath, outputPath, logger) {
+    let sarif = JSON.parse(fs.readFileSync(inputPath, "utf8"));
+    sarif = fixInvalidNotifications(sarif, logger);
+    fs.writeFileSync(outputPath, JSON.stringify(sarif));
+}
+exports.fixInvalidNotificationsInFile = fixInvalidNotificationsInFile;
 //# sourceMappingURL=util.js.map

lib/util.test.js

@@ -182,6 +182,13 @@ function mockGetMetaVersionHeader(versionHeader) {
         apiURL: undefined,
     });
     t.deepEqual({ type: util.GitHubVariant.DOTCOM }, v3);
+    mockGetMetaVersionHeader("ghe.com");
+    const gheDotcom = await util.getGitHubVersion({
+        auth: "",
+        url: "https://foo.ghe.com",
+        apiURL: undefined,
+    });
+    t.deepEqual({ type: util.GitHubVariant.GHE_DOTCOM }, gheDotcom);
 });
 const ML_POWERED_JS_STATUS_TESTS = [
     // If no packs are loaded, status is false.
@@ -323,4 +330,49 @@ const shortTime = 10;
     t.deepEqual(shortTaskTimedOut, false);
     t.deepEqual(result, 99);
 });
+function createMockSarifWithNotification(locations) {
+    return {
+        runs: [
+            {
+                tool: {
+                    driver: {
+                        name: "CodeQL",
+                    },
+                },
+                invocations: [
+                    {
+                        toolExecutionNotifications: [
+                            {
+                                locations,
+                            },
+                        ],
+                    },
+                ],
+            },
+        ],
+    };
+}
+const stubLocation = {
+    physicalLocation: {
+        artifactLocation: {
+            uri: "file1",
+        },
+    },
+};
+(0, ava_1.default)("fixInvalidNotifications leaves notifications with unique locations alone", (t) => {
+    const messages = [];
+    const result = util.fixInvalidNotifications(createMockSarifWithNotification([stubLocation]), (0, testing_utils_1.getRecordingLogger)(messages));
+    t.deepEqual(result, createMockSarifWithNotification([stubLocation]));
+    t.is(messages.length, 0);
+});
+(0, ava_1.default)("fixInvalidNotifications removes duplicate locations", (t) => {
+    const messages = [];
+    const result = util.fixInvalidNotifications(createMockSarifWithNotification([stubLocation, stubLocation]), (0, testing_utils_1.getRecordingLogger)(messages));
+    t.deepEqual(result, createMockSarifWithNotification([stubLocation]));
+    t.is(messages.length, 1);
+    t.deepEqual(messages[0], {
+        type: "info",
+        message: "Removed 1 duplicate locations from SARIF notification objects.",
+    });
+});
 //# sourceMappingURL=util.test.js.map

lib/workflow.js

@@ -84,8 +84,6 @@ function toCodedErrors(errors) {
 exports.WorkflowErrors = toCodedErrors({
     MismatchedBranches: `Please make sure that every branch in on.pull_request is also in on.push so that Code Scanning can compare pull requests against the state of the base branch.`,
     MissingPushHook: `Please specify an on.push hook so that Code Scanning can compare pull requests against the state of the base branch.`,
-    PathsSpecified: `Using on.push.paths can prevent Code Scanning annotating new alerts in your pull requests.`,
-    PathsIgnoreSpecified: `Using on.push.paths-ignore can prevent Code Scanning annotating new alerts in your pull requests.`,
     CheckoutWrongHead: `git checkout HEAD^2 is no longer necessary. Please remove this step as Code Scanning recommends analyzing the merge commit for best results.`,
 });
 function getWorkflowErrors(doc) {
@@ -130,19 +128,6 @@ function getWorkflowErrors(doc) {
         if (!hasPush && hasPullRequest) {
             missingPush = true;
         }
-        if (hasPush && hasPullRequest) {
-            const paths = doc.on.push?.paths;
-            // if you specify paths or paths-ignore you can end up with commits that have no baseline
-            // if they didn't change any files
-            // currently we cannot go back through the history and find the most recent baseline
-            if (Array.isArray(paths) && paths.length > 0) {
-                errors.push(exports.WorkflowErrors.PathsSpecified);
-            }
-            const pathsIgnore = doc.on.push?.["paths-ignore"];
-            if (Array.isArray(pathsIgnore) && pathsIgnore.length > 0) {
-                errors.push(exports.WorkflowErrors.PathsIgnoreSpecified);
-            }
-        }
         // if doc.on.pull_request is null that means 'all branches'
         // if doc.on.pull_request is undefined that means 'off'
         // we only want to check for mismatched branches if pull_request is on.
@@ -339,12 +324,11 @@ exports.getCategoryInputOrThrow = getCategoryInputOrThrow;
  *
  * Typically you'll want to wrap this function in a try/catch block and handle the error.
  *
- * @returns the upload input
+ * @returns the user input to upload, or undefined if input was unspecified
  * @throws an error if the upload input could not be determined
  */
 function getUploadInputOrThrow(workflow, jobName, matrixVars) {
-    return (getInputOrThrow(workflow, jobName, getAnalyzeActionName(), "upload", matrixVars) || "true" // if unspecified, upload defaults to true
-    );
+    return getInputOrThrow(workflow, jobName, getAnalyzeActionName(), "upload", matrixVars);
 }
 exports.getUploadInputOrThrow = getUploadInputOrThrow;
 /**

lib/workflow.test.js

@@ -58,15 +58,6 @@ function errorCodes(actual, expected) {
     });
     t.deepEqual(...errorCodes(errors, []));
 });
-(0, ava_1.default)("getWorkflowErrors() when on.push should not have a path", (t) => {
-    const errors = (0, workflow_1.getWorkflowErrors)({
-        on: {
-            push: { branches: ["main"], paths: ["test/*"] },
-            pull_request: { branches: ["main"] },
-        },
-    });
-    t.deepEqual(...errorCodes(errors, [workflow_1.WorkflowErrors.PathsSpecified]));
-});
 (0, ava_1.default)("getWorkflowErrors() when on.push is a correct object", (t) => {
     const errors = (0, workflow_1.getWorkflowErrors)({
         on: { push: { branches: ["main"] }, pull_request: { branches: ["main"] } },
@@ -227,7 +218,7 @@ function errorCodes(actual, expected) {
 (0, ava_1.default)("formatWorkflowErrors() when there are multiple errors", (t) => {
     const message = (0, workflow_1.formatWorkflowErrors)([
         workflow_1.WorkflowErrors.CheckoutWrongHead,
-        workflow_1.WorkflowErrors.PathsSpecified,
+        workflow_1.WorkflowErrors.MismatchedBranches,
     ]);
     t.true(message.startsWith("2 issues were detected with this workflow:"));
 });
@@ -238,9 +229,9 @@ function errorCodes(actual, expected) {
 (0, ava_1.default)("formatWorkflowCause()", (t) => {
     const message = (0, workflow_1.formatWorkflowCause)([
         workflow_1.WorkflowErrors.CheckoutWrongHead,
-        workflow_1.WorkflowErrors.PathsSpecified,
+        workflow_1.WorkflowErrors.MismatchedBranches,
     ]);
-    t.deepEqual(message, "CheckoutWrongHead,PathsSpecified");
+    t.deepEqual(message, "CheckoutWrongHead,MismatchedBranches");
     t.deepEqual((0, workflow_1.formatWorkflowCause)([]), undefined);
 });
 (0, ava_1.default)("patternIsSuperset()", (t) => {

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.2.7",
+  "version": "2.2.10",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
@@ -867,14 +867,14 @@
       }
     },
     "node_modules/@typescript-eslint/parser": {
-      "version": "5.48.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.48.2.tgz",
-      "integrity": "sha512-38zMsKsG2sIuM5Oi/olurGwYJXzmtdsHhn5mI/pQogP+BjYVkK5iRazCQ8RGS0V+YLk282uWElN70zAAUmaYHw==",
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-5.56.0.tgz",
+      "integrity": "sha512-sn1OZmBxUsgxMmR8a8U5QM/Wl+tyqlH//jTqCg8daTAmhAk26L2PFhcqPLlYBhYUJMZJK276qLXlHN3a83o2cg==",
       "dev": true,
       "dependencies": {
-        "@typescript-eslint/scope-manager": "5.48.2",
-        "@typescript-eslint/types": "5.48.2",
-        "@typescript-eslint/typescript-estree": "5.48.2",
+        "@typescript-eslint/scope-manager": "5.56.0",
+        "@typescript-eslint/types": "5.56.0",
+        "@typescript-eslint/typescript-estree": "5.56.0",
         "debug": "^4.3.4"
       },
       "engines": {
@@ -893,6 +893,89 @@
         }
       }
     },
+    "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": {
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.56.0.tgz",
+      "integrity": "sha512-jGYKyt+iBakD0SA5Ww8vFqGpoV2asSjwt60Gl6YcO8ksQ8s2HlUEyHBMSa38bdLopYqGf7EYQMUIGdT/Luw+sw==",
+      "dev": true,
+      "dependencies": {
+        "@typescript-eslint/types": "5.56.0",
+        "@typescript-eslint/visitor-keys": "5.56.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": {
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-5.56.0.tgz",
+      "integrity": "sha512-JyAzbTJcIyhuUhogmiu+t79AkdnqgPUEsxMTMc/dCZczGMJQh1MK2wgrju++yMN6AWroVAy2jxyPcPr3SWCq5w==",
+      "dev": true,
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": {
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-5.56.0.tgz",
+      "integrity": "sha512-41CH/GncsLXOJi0jb74SnC7jVPWeVJ0pxQj8bOjH1h2O26jXN3YHKDT1ejkVz5YeTEQPeLCCRY0U2r68tfNOcg==",
+      "dev": true,
+      "dependencies": {
+        "@typescript-eslint/types": "5.56.0",
+        "@typescript-eslint/visitor-keys": "5.56.0",
+        "debug": "^4.3.4",
+        "globby": "^11.1.0",
+        "is-glob": "^4.0.3",
+        "semver": "^7.3.7",
+        "tsutils": "^3.21.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": {
+      "version": "5.56.0",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-5.56.0.tgz",
+      "integrity": "sha512-1mFdED7u5bZpX6Xxf5N9U2c18sb+8EvU3tyOIj6LQZ5OOvnmj8BVeNNP603OFPm5KkS1a7IvCIcwrdHXaEMG/Q==",
+      "dev": true,
+      "dependencies": {
+        "@typescript-eslint/types": "5.56.0",
+        "eslint-visitor-keys": "^3.3.0"
+      },
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/typescript-eslint"
+      }
+    },
+    "node_modules/@typescript-eslint/parser/node_modules/eslint-visitor-keys": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.3.0.tgz",
+      "integrity": "sha512-mQ+suqKJVyeuwGYHAdjMFqjCyfl8+Ldnxuyp3ldiMBFKkvytrXUZWaiPCEav8qDHKty44bD+qV1IP4T+w+xXRA==",
+      "dev": true,
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      }
+    },
     "node_modules/@typescript-eslint/scope-manager": {
       "version": "5.48.2",
       "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-5.48.2.tgz",
@@ -5833,16 +5916,16 @@
       }
     },
     "node_modules/typescript": {
-      "version": "4.9.4",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.9.4.tgz",
-      "integrity": "sha512-Uz+dTXYzxXXbsFpM86Wh3dKCxrQqUcVMxwU54orwlJjOpO3ao8L7j5lH+dWfTwgCwIuM9GQ2kvVotzYJMXTBZg==",
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.0.2.tgz",
+      "integrity": "sha512-wVORMBGO/FAs/++blGNeAVdbNKtIh1rbBL2EyQ1+J9lClJ93KiiKe8PmFIVdXhHcyv44SL9oglmfeSsndo0jRw==",
       "dev": true,
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"
       },
       "engines": {
-        "node": ">=4.2.0"
+        "node": ">=12.20"
       }
     },
     "node_modules/unbox-primitive": {

node_modules/@typescript-eslint/parser/_ts3.4/dist/index.d.ts

@@ -1,4 +1,8 @@
 export { parse, parseForESLint, ParserOptions } from './parser';
 export { ParserServices, clearCaches, createProgram, } from '@typescript-eslint/typescript-estree';
 export declare const version: string;
+export declare const meta: {
+    name: string;
+    version: string;
+};
 //# sourceMappingURL=index.d.ts.map

node_modules/@typescript-eslint/parser/dist/index.d.ts

@@ -1,4 +1,8 @@
 export { parse, parseForESLint, ParserOptions } from './parser';
 export { ParserServices, clearCaches, createProgram, } from '@typescript-eslint/typescript-estree';
 export declare const version: string;
+export declare const meta: {
+    name: string;
+    version: string;
+};
 //# sourceMappingURL=index.d.ts.map

node_modules/@typescript-eslint/parser/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAChE,OAAO,EACL,cAAc,EACd,WAAW,EACX,aAAa,GACd,MAAM,sCAAsC,CAAC;AAI9C,eAAO,MAAM,OAAO,EAAE,MAA2C,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAChE,OAAO,EACL,cAAc,EACd,WAAW,EACX,aAAa,GACd,MAAM,sCAAsC,CAAC;AAI9C,eAAO,MAAM,OAAO,EAAE,MAA2C,CAAC;AAElE,eAAO,MAAM,IAAI;;;CAGhB,CAAC"}

node_modules/@typescript-eslint/parser/dist/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.version = exports.createProgram = exports.clearCaches = exports.parseForESLint = exports.parse = void 0;
+exports.meta = exports.version = exports.createProgram = exports.clearCaches = exports.parseForESLint = exports.parse = void 0;
 var parser_1 = require("./parser");
 Object.defineProperty(exports, "parse", { enumerable: true, get: function () { return parser_1.parse; } });
 Object.defineProperty(exports, "parseForESLint", { enumerable: true, get: function () { return parser_1.parseForESLint; } });
@@ -10,4 +10,8 @@ Object.defineProperty(exports, "createProgram", { enumerable: true, get: functio
 // note - cannot migrate this to an import statement because it will make TSC copy the package.json to the dist folder
 // eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access
 exports.version = require('../package.json').version;
+exports.meta = {
+    name: 'typescript-eslint/parser',
+    version: exports.version,
+};
 //# sourceMappingURL=index.js.map

node_modules/@typescript-eslint/parser/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,mCAAgE;AAAvD,+FAAA,KAAK,OAAA;AAAE,wGAAA,cAAc,OAAA;AAC9B,0EAI8C;AAF5C,gHAAA,WAAW,OAAA;AACX,kHAAA,aAAa,OAAA;AAGf,sHAAsH;AACtH,+GAA+G;AAClG,QAAA,OAAO,GAAW,OAAO,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,mCAAgE;AAAvD,+FAAA,KAAK,OAAA;AAAE,wGAAA,cAAc,OAAA;AAC9B,0EAI8C;AAF5C,gHAAA,WAAW,OAAA;AACX,kHAAA,aAAa,OAAA;AAGf,sHAAsH;AACtH,+GAA+G;AAClG,QAAA,OAAO,GAAW,OAAO,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC;AAErD,QAAA,IAAI,GAAG;IAClB,IAAI,EAAE,0BAA0B;IAChC,OAAO,EAAP,eAAO;CACR,CAAC"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2019 typescript-eslint and other contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/README.md

@@ -0,0 +1,8 @@
+# `@typescript-eslint/scope-manager`
+
+[![NPM Version](https://img.shields.io/npm/v/@typescript-eslint/scope-manager.svg?style=flat-square)](https://www.npmjs.com/package/@typescript-eslint/scope-manager)
+[![NPM Downloads](https://img.shields.io/npm/dm/@typescript-eslint/scope-manager.svg?style=flat-square)](https://www.npmjs.com/package/@typescript-eslint/scope-manager)
+
+👉 See **https://typescript-eslint.io/architecture/scope-manager** for documentation on this package.
+
+> See https://typescript-eslint.io for general documentation on typescript-eslint, the tooling that allows you to run ESLint and Prettier on TypeScript code.

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/ID.d.ts

@@ -0,0 +1,4 @@
+declare function createIdGenerator(): () => number;
+declare function resetIds(): void;
+export { createIdGenerator, resetIds };
+//# sourceMappingURL=ID.d.ts.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/ID.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ID.d.ts","sourceRoot":"","sources":["../src/ID.ts"],"names":[],"mappings":"AAGA,iBAAS,iBAAiB,IAAI,MAAM,MAAM,CAUzC;AAED,iBAAS,QAAQ,IAAI,IAAI,CAExB;AAED,OAAO,EAAE,iBAAiB,EAAE,QAAQ,EAAE,CAAC"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/ID.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.resetIds = exports.createIdGenerator = void 0;
+const ID_CACHE = new Map();
+let NEXT_KEY = 0;
+function createIdGenerator() {
+    const key = (NEXT_KEY += 1);
+    ID_CACHE.set(key, 0);
+    return () => {
+        var _a;
+        const current = (_a = ID_CACHE.get(key)) !== null && _a !== void 0 ? _a : 0;
+        const next = current + 1;
+        ID_CACHE.set(key, next);
+        return next;
+    };
+}
+exports.createIdGenerator = createIdGenerator;
+function resetIds() {
+    ID_CACHE.clear();
+}
+exports.resetIds = resetIds;
+//# sourceMappingURL=ID.js.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/ID.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ID.js","sourceRoot":"","sources":["../src/ID.ts"],"names":[],"mappings":";;;AAAA,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAkB,CAAC;AAC3C,IAAI,QAAQ,GAAG,CAAC,CAAC;AAEjB,SAAS,iBAAiB;IACxB,MAAM,GAAG,GAAG,CAAC,QAAQ,IAAI,CAAC,CAAC,CAAC;IAC5B,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAErB,OAAO,GAAW,EAAE;;QAClB,MAAM,OAAO,GAAG,MAAA,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,mCAAI,CAAC,CAAC;QACvC,MAAM,IAAI,GAAG,OAAO,GAAG,CAAC,CAAC;QACzB,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAMQ,8CAAiB;AAJ1B,SAAS,QAAQ;IACf,QAAQ,CAAC,KAAK,EAAE,CAAC;AACnB,CAAC;AAE2B,4BAAQ"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/ScopeManager.d.ts

@@ -0,0 +1,73 @@
+import type { TSESTree } from '@typescript-eslint/types';
+import type { Scope } from './scope';
+import { BlockScope, CatchScope, ClassScope, ConditionalTypeScope, ForScope, FunctionExpressionNameScope, FunctionScope, FunctionTypeScope, GlobalScope, MappedTypeScope, ModuleScope, SwitchScope, TSEnumScope, TSModuleScope, TypeScope, WithScope } from './scope';
+import { ClassFieldInitializerScope } from './scope/ClassFieldInitializerScope';
+import { ClassStaticBlockScope } from './scope/ClassStaticBlockScope';
+import type { Variable } from './variable';
+interface ScopeManagerOptions {
+    globalReturn?: boolean;
+    sourceType?: 'module' | 'script';
+    impliedStrict?: boolean;
+    ecmaVersion?: number;
+}
+declare class ScopeManager {
+    #private;
+    currentScope: Scope | null;
+    readonly declaredVariables: WeakMap<TSESTree.Node, Variable[]>;
+    /**
+     * The root scope
+     * @public
+     */
+    globalScope: GlobalScope | null;
+    readonly nodeToScope: WeakMap<TSESTree.Node, Scope[]>;
+    /**
+     * All scopes
+     * @public
+     */
+    readonly scopes: Scope[];
+    get variables(): Variable[];
+    constructor(options: ScopeManagerOptions);
+    isGlobalReturn(): boolean;
+    isModule(): boolean;
+    isImpliedStrict(): boolean;
+    isStrictModeSupported(): boolean;
+    isES6(): boolean;
+    /**
+     * Get the variables that a given AST node defines. The gotten variables' `def[].node`/`def[].parent` property is the node.
+     * If the node does not define any variable, this returns an empty array.
+     * @param node An AST node to get their variables.
+     * @public
+     */
+    getDeclaredVariables(node: TSESTree.Node): Variable[];
+    /**
+     * Get the scope of a given AST node. The gotten scope's `block` property is the node.
+     * This method never returns `function-expression-name` scope. If the node does not have their scope, this returns `null`.
+     *
+     * @param node An AST node to get their scope.
+     * @param inner If the node has multiple scopes, this returns the outermost scope normally.
+     *                If `inner` is `true` then this returns the innermost scope.
+     * @public
+     */
+    acquire(node: TSESTree.Node, inner?: boolean): Scope | null;
+    protected nestScope<T extends Scope>(scope: T): T;
+    nestBlockScope(node: BlockScope['block']): BlockScope;
+    nestCatchScope(node: CatchScope['block']): CatchScope;
+    nestClassScope(node: ClassScope['block']): ClassScope;
+    nestClassFieldInitializerScope(node: ClassFieldInitializerScope['block']): ClassFieldInitializerScope;
+    nestClassStaticBlockScope(node: ClassStaticBlockScope['block']): ClassStaticBlockScope;
+    nestConditionalTypeScope(node: ConditionalTypeScope['block']): ConditionalTypeScope;
+    nestForScope(node: ForScope['block']): ForScope;
+    nestFunctionExpressionNameScope(node: FunctionExpressionNameScope['block']): FunctionExpressionNameScope;
+    nestFunctionScope(node: FunctionScope['block'], isMethodDefinition: boolean): FunctionScope;
+    nestFunctionTypeScope(node: FunctionTypeScope['block']): FunctionTypeScope;
+    nestGlobalScope(node: GlobalScope['block']): GlobalScope;
+    nestMappedTypeScope(node: MappedTypeScope['block']): MappedTypeScope;
+    nestModuleScope(node: ModuleScope['block']): ModuleScope;
+    nestSwitchScope(node: SwitchScope['block']): SwitchScope;
+    nestTSEnumScope(node: TSEnumScope['block']): TSEnumScope;
+    nestTSModuleScope(node: TSModuleScope['block']): TSModuleScope;
+    nestTypeScope(node: TypeScope['block']): TypeScope;
+    nestWithScope(node: WithScope['block']): WithScope;
+}
+export { ScopeManager };
+//# sourceMappingURL=ScopeManager.d.ts.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/ScopeManager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ScopeManager.d.ts","sourceRoot":"","sources":["../src/ScopeManager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAGzD,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EACL,UAAU,EACV,UAAU,EACV,UAAU,EACV,oBAAoB,EACpB,QAAQ,EACR,2BAA2B,EAC3B,aAAa,EACb,iBAAiB,EACjB,WAAW,EACX,eAAe,EACf,WAAW,EACX,WAAW,EACX,WAAW,EACX,aAAa,EACb,SAAS,EACT,SAAS,EACV,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,0BAA0B,EAAE,MAAM,oCAAoC,CAAC;AAChF,OAAO,EAAE,qBAAqB,EAAE,MAAM,+BAA+B,CAAC;AACtE,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAE3C,UAAU,mBAAmB;IAC3B,YAAY,CAAC,EAAE,OAAO,CAAC;IACvB,UAAU,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IACjC,aAAa,CAAC,EAAE,OAAO,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,cAAM,YAAY;;IACT,YAAY,EAAE,KAAK,GAAG,IAAI,CAAC;IAClC,SAAgB,iBAAiB,EAAE,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;IACtE;;;OAGG;IACI,WAAW,EAAE,WAAW,GAAG,IAAI,CAAC;IACvC,SAAgB,WAAW,EAAE,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAE7D;;;OAGG;IACH,SAAgB,MAAM,EAAE,KAAK,EAAE,CAAC;IAEhC,IAAW,SAAS,IAAI,QAAQ,EAAE,CAQjC;gBAEW,OAAO,EAAE,mBAAmB;IASjC,cAAc,IAAI,OAAO;IAIzB,QAAQ,IAAI,OAAO;IAInB,eAAe,IAAI,OAAO;IAG1B,qBAAqB,IAAI,OAAO;IAIhC,KAAK,IAAI,OAAO;IAIvB;;;;;OAKG;IACI,oBAAoB,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,GAAG,QAAQ,EAAE;IAI5D;;;;;;;;OAQG;IACI,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,KAAK,UAAQ,GAAG,KAAK,GAAG,IAAI;IAiChE,SAAS,CAAC,SAAS,CAAC,CAAC,SAAS,KAAK,EAAE,KAAK,EAAE,CAAC,GAAG,CAAC;IAU1C,cAAc,CAAC,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,UAAU;IAKrD,cAAc,CAAC,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,UAAU;IAKrD,cAAc,CAAC,IAAI,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,UAAU;IAKrD,8BAA8B,CACnC,IAAI,EAAE,0BAA0B,CAAC,OAAO,CAAC,GACxC,0BAA0B;IAOtB,yBAAyB,CAC9B,IAAI,EAAE,qBAAqB,CAAC,OAAO,CAAC,GACnC,qBAAqB;IAOjB,wBAAwB,CAC7B,IAAI,EAAE,oBAAoB,CAAC,OAAO,CAAC,GAClC,oBAAoB;IAOhB,YAAY,CAAC,IAAI,EAAE,QAAQ,CAAC,OAAO,CAAC,GAAG,QAAQ;IAK/C,+BAA+B,CACpC,IAAI,EAAE,2BAA2B,CAAC,OAAO,CAAC,GACzC,2BAA2B;IAOvB,iBAAiB,CACtB,IAAI,EAAE,aAAa,CAAC,OAAO,CAAC,EAC5B,kBAAkB,EAAE,OAAO,GAC1B,aAAa;IAOT,qBAAqB,CAC1B,IAAI,EAAE,iBAAiB,CAAC,OAAO,CAAC,GAC/B,iBAAiB;IAKb,eAAe,CAAC,IAAI,EAAE,WAAW,CAAC,OAAO,CAAC,GAAG,WAAW;IAIxD,mBAAmB,CAAC,IAAI,EAAE,eAAe,CAAC,OAAO,CAAC,GAAG,eAAe;IAKpE,eAAe,CAAC,IAAI,EAAE,WAAW,CAAC,OAAO,CAAC,GAAG,WAAW;IAKxD,eAAe,CAAC,IAAI,EAAE,WAAW,CAAC,OAAO,CAAC,GAAG,WAAW;IAKxD,eAAe,CAAC,IAAI,EAAE,WAAW,CAAC,OAAO,CAAC,GAAG,WAAW;IAKxD,iBAAiB,CAAC,IAAI,EAAE,aAAa,CAAC,OAAO,CAAC,GAAG,aAAa;IAK9D,aAAa,CAAC,IAAI,EAAE,SAAS,CAAC,OAAO,CAAC,GAAG,SAAS;IAKlD,aAAa,CAAC,IAAI,EAAE,SAAS,CAAC,OAAO,CAAC,GAAG,SAAS;CAI1D;AAED,OAAO,EAAE,YAAY,EAAE,CAAC"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/ScopeManager.js

@@ -0,0 +1,183 @@
+"use strict";
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var _ScopeManager_options;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ScopeManager = void 0;
+const assert_1 = require("./assert");
+const scope_1 = require("./scope");
+const ClassFieldInitializerScope_1 = require("./scope/ClassFieldInitializerScope");
+const ClassStaticBlockScope_1 = require("./scope/ClassStaticBlockScope");
+class ScopeManager {
+    get variables() {
+        const variables = new Set();
+        function recurse(scope) {
+            scope.variables.forEach(v => variables.add(v));
+            scope.childScopes.forEach(recurse);
+        }
+        this.scopes.forEach(recurse);
+        return Array.from(variables).sort((a, b) => a.$id - b.$id);
+    }
+    constructor(options) {
+        _ScopeManager_options.set(this, void 0);
+        this.scopes = [];
+        this.globalScope = null;
+        this.nodeToScope = new WeakMap();
+        this.currentScope = null;
+        __classPrivateFieldSet(this, _ScopeManager_options, options, "f");
+        this.declaredVariables = new WeakMap();
+    }
+    isGlobalReturn() {
+        return __classPrivateFieldGet(this, _ScopeManager_options, "f").globalReturn === true;
+    }
+    isModule() {
+        return __classPrivateFieldGet(this, _ScopeManager_options, "f").sourceType === 'module';
+    }
+    isImpliedStrict() {
+        return __classPrivateFieldGet(this, _ScopeManager_options, "f").impliedStrict === true;
+    }
+    isStrictModeSupported() {
+        return __classPrivateFieldGet(this, _ScopeManager_options, "f").ecmaVersion != null && __classPrivateFieldGet(this, _ScopeManager_options, "f").ecmaVersion >= 5;
+    }
+    isES6() {
+        return __classPrivateFieldGet(this, _ScopeManager_options, "f").ecmaVersion != null && __classPrivateFieldGet(this, _ScopeManager_options, "f").ecmaVersion >= 6;
+    }
+    /**
+     * Get the variables that a given AST node defines. The gotten variables' `def[].node`/`def[].parent` property is the node.
+     * If the node does not define any variable, this returns an empty array.
+     * @param node An AST node to get their variables.
+     * @public
+     */
+    getDeclaredVariables(node) {
+        var _a;
+        return (_a = this.declaredVariables.get(node)) !== null && _a !== void 0 ? _a : [];
+    }
+    /**
+     * Get the scope of a given AST node. The gotten scope's `block` property is the node.
+     * This method never returns `function-expression-name` scope. If the node does not have their scope, this returns `null`.
+     *
+     * @param node An AST node to get their scope.
+     * @param inner If the node has multiple scopes, this returns the outermost scope normally.
+     *                If `inner` is `true` then this returns the innermost scope.
+     * @public
+     */
+    acquire(node, inner = false) {
+        var _a;
+        function predicate(testScope) {
+            if (testScope.type === 'function' && testScope.functionExpressionScope) {
+                return false;
+            }
+            return true;
+        }
+        const scopes = this.nodeToScope.get(node);
+        if (!scopes || scopes.length === 0) {
+            return null;
+        }
+        // Heuristic selection from all scopes.
+        // If you would like to get all scopes, please use ScopeManager#acquireAll.
+        if (scopes.length === 1) {
+            return scopes[0];
+        }
+        if (inner) {
+            for (let i = scopes.length - 1; i >= 0; --i) {
+                const scope = scopes[i];
+                if (predicate(scope)) {
+                    return scope;
+                }
+            }
+            return null;
+        }
+        return (_a = scopes.find(predicate)) !== null && _a !== void 0 ? _a : null;
+    }
+    nestScope(scope) {
+        if (scope instanceof scope_1.GlobalScope) {
+            (0, assert_1.assert)(this.currentScope == null);
+            this.globalScope = scope;
+        }
+        this.currentScope = scope;
+        return scope;
+    }
+    nestBlockScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.BlockScope(this, this.currentScope, node));
+    }
+    nestCatchScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.CatchScope(this, this.currentScope, node));
+    }
+    nestClassScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.ClassScope(this, this.currentScope, node));
+    }
+    nestClassFieldInitializerScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new ClassFieldInitializerScope_1.ClassFieldInitializerScope(this, this.currentScope, node));
+    }
+    nestClassStaticBlockScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new ClassStaticBlockScope_1.ClassStaticBlockScope(this, this.currentScope, node));
+    }
+    nestConditionalTypeScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.ConditionalTypeScope(this, this.currentScope, node));
+    }
+    nestForScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.ForScope(this, this.currentScope, node));
+    }
+    nestFunctionExpressionNameScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.FunctionExpressionNameScope(this, this.currentScope, node));
+    }
+    nestFunctionScope(node, isMethodDefinition) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.FunctionScope(this, this.currentScope, node, isMethodDefinition));
+    }
+    nestFunctionTypeScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.FunctionTypeScope(this, this.currentScope, node));
+    }
+    nestGlobalScope(node) {
+        return this.nestScope(new scope_1.GlobalScope(this, node));
+    }
+    nestMappedTypeScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.MappedTypeScope(this, this.currentScope, node));
+    }
+    nestModuleScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.ModuleScope(this, this.currentScope, node));
+    }
+    nestSwitchScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.SwitchScope(this, this.currentScope, node));
+    }
+    nestTSEnumScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.TSEnumScope(this, this.currentScope, node));
+    }
+    nestTSModuleScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.TSModuleScope(this, this.currentScope, node));
+    }
+    nestTypeScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.TypeScope(this, this.currentScope, node));
+    }
+    nestWithScope(node) {
+        (0, assert_1.assert)(this.currentScope);
+        return this.nestScope(new scope_1.WithScope(this, this.currentScope, node));
+    }
+}
+exports.ScopeManager = ScopeManager;
+_ScopeManager_options = new WeakMap();
+//# sourceMappingURL=ScopeManager.js.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/analyze.d.ts

@@ -0,0 +1,62 @@
+import type { EcmaVersion, Lib, TSESTree } from '@typescript-eslint/types';
+import type { ReferencerOptions } from './referencer';
+import { ScopeManager } from './ScopeManager';
+interface AnalyzeOptions {
+    /**
+     * Known visitor keys.
+     */
+    childVisitorKeys?: ReferencerOptions['childVisitorKeys'];
+    /**
+     * Which ECMAScript version is considered.
+     * Defaults to `2018`.
+     * `'latest'` is converted to 1e8 at parser.
+     */
+    ecmaVersion?: EcmaVersion | 1e8;
+    /**
+     * Whether the whole script is executed under node.js environment.
+     * When enabled, the scope manager adds a function scope immediately following the global scope.
+     * Defaults to `false`.
+     */
+    globalReturn?: boolean;
+    /**
+     * Implied strict mode (if ecmaVersion >= 5).
+     * Defaults to `false`.
+     */
+    impliedStrict?: boolean;
+    /**
+     * The identifier that's used for JSX Element creation (after transpilation).
+     * This should not be a member expression - just the root identifier (i.e. use "React" instead of "React.createElement").
+     * Defaults to `"React"`.
+     */
+    jsxPragma?: string | null;
+    /**
+     * The identifier that's used for JSX fragment elements (after transpilation).
+     * If `null`, assumes transpilation will always use a member on `jsxFactory` (i.e. React.Fragment).
+     * This should not be a member expression - just the root identifier (i.e. use "h" instead of "h.Fragment").
+     * Defaults to `null`.
+     */
+    jsxFragmentName?: string | null;
+    /**
+     * The lib used by the project.
+     * This automatically defines a type variable for any types provided by the configured TS libs.
+     * Defaults to the lib for the provided `ecmaVersion`.
+     *
+     * https://www.typescriptlang.org/tsconfig#lib
+     */
+    lib?: Lib[];
+    /**
+     * The source type of the script.
+     */
+    sourceType?: 'script' | 'module';
+    /**
+     * Emit design-type metadata for decorated declarations in source.
+     * Defaults to `false`.
+     */
+    emitDecoratorMetadata?: boolean;
+}
+/**
+ * Takes an AST and returns the analyzed scopes.
+ */
+declare function analyze(tree: TSESTree.Node, providedOptions?: AnalyzeOptions): ScopeManager;
+export { analyze, AnalyzeOptions };
+//# sourceMappingURL=analyze.d.ts.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/analyze.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyze.d.ts","sourceRoot":"","sources":["../src/analyze.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAI3E,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,cAAc,CAAC;AAEtD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAM9C,UAAU,cAAc;IACtB;;OAEG;IACH,gBAAgB,CAAC,EAAE,iBAAiB,CAAC,kBAAkB,CAAC,CAAC;IAEzD;;;;OAIG;IACH,WAAW,CAAC,EAAE,WAAW,GAAG,GAAG,CAAC;IAEhC;;;;OAIG;IACH,YAAY,CAAC,EAAE,OAAO,CAAC;IAEvB;;;OAGG;IACH,aAAa,CAAC,EAAE,OAAO,CAAC;IAExB;;;;OAIG;IACH,SAAS,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAE1B;;;;;OAKG;IACH,eAAe,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAEhC;;;;;;OAMG;IACH,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC;IAEZ;;OAEG;IACH,UAAU,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAEjC;;;OAGG;IACH,qBAAqB,CAAC,EAAE,OAAO,CAAC;CACjC;AA6BD;;GAEG;AACH,iBAAS,OAAO,CACd,IAAI,EAAE,QAAQ,CAAC,IAAI,EACnB,eAAe,CAAC,EAAE,cAAc,GAC/B,YAAY,CAgCd;AAED,OAAO,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/analyze.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.analyze = void 0;
+const visitor_keys_1 = require("@typescript-eslint/visitor-keys");
+const lib_1 = require("./lib");
+const referencer_1 = require("./referencer");
+const ScopeManager_1 = require("./ScopeManager");
+const DEFAULT_OPTIONS = {
+    childVisitorKeys: visitor_keys_1.visitorKeys,
+    ecmaVersion: 2018,
+    globalReturn: false,
+    impliedStrict: false,
+    jsxPragma: 'React',
+    jsxFragmentName: null,
+    lib: ['es2018'],
+    sourceType: 'script',
+    emitDecoratorMetadata: false,
+};
+/**
+ * Convert ecmaVersion to lib.
+ * `'latest'` is converted to 1e8 at parser.
+ */
+function mapEcmaVersion(version) {
+    if (version == null || version === 3 || version === 5) {
+        return 'es5';
+    }
+    const year = version > 2000 ? version : 2015 + (version - 6);
+    const lib = `es${year}`;
+    return lib in lib_1.lib ? lib : year > 2020 ? 'esnext' : 'es5';
+}
+/**
+ * Takes an AST and returns the analyzed scopes.
+ */
+function analyze(tree, providedOptions) {
+    var _a, _b, _c, _d, _e, _f, _g, _h;
+    const ecmaVersion = (_a = providedOptions === null || providedOptions === void 0 ? void 0 : providedOptions.ecmaVersion) !== null && _a !== void 0 ? _a : DEFAULT_OPTIONS.ecmaVersion;
+    const options = {
+        childVisitorKeys: (_b = providedOptions === null || providedOptions === void 0 ? void 0 : providedOptions.childVisitorKeys) !== null && _b !== void 0 ? _b : DEFAULT_OPTIONS.childVisitorKeys,
+        ecmaVersion,
+        globalReturn: (_c = providedOptions === null || providedOptions === void 0 ? void 0 : providedOptions.globalReturn) !== null && _c !== void 0 ? _c : DEFAULT_OPTIONS.globalReturn,
+        impliedStrict: (_d = providedOptions === null || providedOptions === void 0 ? void 0 : providedOptions.impliedStrict) !== null && _d !== void 0 ? _d : DEFAULT_OPTIONS.impliedStrict,
+        jsxPragma: (providedOptions === null || providedOptions === void 0 ? void 0 : providedOptions.jsxPragma) === undefined
+            ? DEFAULT_OPTIONS.jsxPragma
+            : providedOptions.jsxPragma,
+        jsxFragmentName: (_e = providedOptions === null || providedOptions === void 0 ? void 0 : providedOptions.jsxFragmentName) !== null && _e !== void 0 ? _e : DEFAULT_OPTIONS.jsxFragmentName,
+        sourceType: (_f = providedOptions === null || providedOptions === void 0 ? void 0 : providedOptions.sourceType) !== null && _f !== void 0 ? _f : DEFAULT_OPTIONS.sourceType,
+        lib: (_g = providedOptions === null || providedOptions === void 0 ? void 0 : providedOptions.lib) !== null && _g !== void 0 ? _g : [mapEcmaVersion(ecmaVersion)],
+        emitDecoratorMetadata: (_h = providedOptions === null || providedOptions === void 0 ? void 0 : providedOptions.emitDecoratorMetadata) !== null && _h !== void 0 ? _h : DEFAULT_OPTIONS.emitDecoratorMetadata,
+    };
+    // ensure the option is lower cased
+    options.lib = options.lib.map(l => l.toLowerCase());
+    const scopeManager = new ScopeManager_1.ScopeManager(options);
+    const referencer = new referencer_1.Referencer(options, scopeManager);
+    referencer.visit(tree);
+    return scopeManager;
+}
+exports.analyze = analyze;
+//# sourceMappingURL=analyze.js.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/analyze.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyze.js","sourceRoot":"","sources":["../src/analyze.ts"],"names":[],"mappings":";;;AACA,kEAA8D;AAE9D,+BAA2C;AAE3C,6CAA0C;AAC1C,iDAA8C;AAoE9C,MAAM,eAAe,GAA6B;IAChD,gBAAgB,EAAE,0BAAW;IAC7B,WAAW,EAAE,IAAI;IACjB,YAAY,EAAE,KAAK;IACnB,aAAa,EAAE,KAAK;IACpB,SAAS,EAAE,OAAO;IAClB,eAAe,EAAE,IAAI;IACrB,GAAG,EAAE,CAAC,QAAQ,CAAC;IACf,UAAU,EAAE,QAAQ;IACpB,qBAAqB,EAAE,KAAK;CAC7B,CAAC;AAEF;;;GAGG;AACH,SAAS,cAAc,CAAC,OAAsC;IAC5D,IAAI,OAAO,IAAI,IAAI,IAAI,OAAO,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,EAAE;QACrD,OAAO,KAAK,CAAC;KACd;IAED,MAAM,IAAI,GAAG,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC;IAC7D,MAAM,GAAG,GAAG,KAAK,IAAI,EAAE,CAAC;IAExB,OAAO,GAAG,IAAI,SAAW,CAAC,CAAC,CAAE,GAAW,CAAC,CAAC,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC;AAC5E,CAAC;AAED;;GAEG;AACH,SAAS,OAAO,CACd,IAAmB,EACnB,eAAgC;;IAEhC,MAAM,WAAW,GACf,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,WAAW,mCAAI,eAAe,CAAC,WAAW,CAAC;IAC9D,MAAM,OAAO,GAA6B;QACxC,gBAAgB,EACd,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,gBAAgB,mCAAI,eAAe,CAAC,gBAAgB;QACvE,WAAW;QACX,YAAY,EAAE,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,YAAY,mCAAI,eAAe,CAAC,YAAY;QAC3E,aAAa,EACX,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,aAAa,mCAAI,eAAe,CAAC,aAAa;QACjE,SAAS,EACP,CAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,SAAS,MAAK,SAAS;YACtC,CAAC,CAAC,eAAe,CAAC,SAAS;YAC3B,CAAC,CAAC,eAAe,CAAC,SAAS;QAC/B,eAAe,EACb,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,eAAe,mCAAI,eAAe,CAAC,eAAe;QACrE,UAAU,EAAE,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,UAAU,mCAAI,eAAe,CAAC,UAAU;QACrE,GAAG,EAAE,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,GAAG,mCAAI,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;QAC1D,qBAAqB,EACnB,MAAA,eAAe,aAAf,eAAe,uBAAf,eAAe,CAAE,qBAAqB,mCACtC,eAAe,CAAC,qBAAqB;KACxC,CAAC;IAEF,mCAAmC;IACnC,OAAO,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,EAAS,CAAC,CAAC;IAE3D,MAAM,YAAY,GAAG,IAAI,2BAAY,CAAC,OAAO,CAAC,CAAC;IAC/C,MAAM,UAAU,GAAG,IAAI,uBAAU,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;IAEzD,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAEvB,OAAO,YAAY,CAAC;AACtB,CAAC;AAEQ,0BAAO"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/assert.d.ts

@@ -0,0 +1,3 @@
+declare function assert(value: unknown, message?: string): asserts value;
+export { assert };
+//# sourceMappingURL=assert.d.ts.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/assert.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"assert.d.ts","sourceRoot":"","sources":["../src/assert.ts"],"names":[],"mappings":"AACA,iBAAS,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,KAAK,CAI/D;AAED,OAAO,EAAE,MAAM,EAAE,CAAC"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/assert.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.assert = void 0;
+// the base assert module doesn't use ts assertion syntax
+function assert(value, message) {
+    if (value == null) {
+        throw new Error(message);
+    }
+}
+exports.assert = assert;
+//# sourceMappingURL=assert.js.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/assert.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"assert.js","sourceRoot":"","sources":["../src/assert.ts"],"names":[],"mappings":";;;AAAA,yDAAyD;AACzD,SAAS,MAAM,CAAC,KAAc,EAAE,OAAgB;IAC9C,IAAI,KAAK,IAAI,IAAI,EAAE;QACjB,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC;KAC1B;AACH,CAAC;AAEQ,wBAAM"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/CatchClauseDefinition.d.ts

@@ -0,0 +1,10 @@
+import type { TSESTree } from '@typescript-eslint/types';
+import { DefinitionBase } from './DefinitionBase';
+import { DefinitionType } from './DefinitionType';
+declare class CatchClauseDefinition extends DefinitionBase<DefinitionType.CatchClause, TSESTree.CatchClause, null, TSESTree.BindingName> {
+    constructor(name: TSESTree.BindingName, node: CatchClauseDefinition['node']);
+    readonly isTypeDefinition = false;
+    readonly isVariableDefinition = true;
+}
+export { CatchClauseDefinition };
+//# sourceMappingURL=CatchClauseDefinition.d.ts.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/CatchClauseDefinition.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"CatchClauseDefinition.d.ts","sourceRoot":"","sources":["../../src/definition/CatchClauseDefinition.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAEzD,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,cAAM,qBAAsB,SAAQ,cAAc,CAChD,cAAc,CAAC,WAAW,EAC1B,QAAQ,CAAC,WAAW,EACpB,IAAI,EACJ,QAAQ,CAAC,WAAW,CACrB;gBACa,IAAI,EAAE,QAAQ,CAAC,WAAW,EAAE,IAAI,EAAE,qBAAqB,CAAC,MAAM,CAAC;IAI3E,SAAgB,gBAAgB,SAAS;IACzC,SAAgB,oBAAoB,QAAQ;CAC7C;AAED,OAAO,EAAE,qBAAqB,EAAE,CAAC"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/CatchClauseDefinition.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CatchClauseDefinition = void 0;
+const DefinitionBase_1 = require("./DefinitionBase");
+const DefinitionType_1 = require("./DefinitionType");
+class CatchClauseDefinition extends DefinitionBase_1.DefinitionBase {
+    constructor(name, node) {
+        super(DefinitionType_1.DefinitionType.CatchClause, name, node, null);
+        this.isTypeDefinition = false;
+        this.isVariableDefinition = true;
+    }
+}
+exports.CatchClauseDefinition = CatchClauseDefinition;
+//# sourceMappingURL=CatchClauseDefinition.js.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/CatchClauseDefinition.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"CatchClauseDefinition.js","sourceRoot":"","sources":["../../src/definition/CatchClauseDefinition.ts"],"names":[],"mappings":";;;AAEA,qDAAkD;AAClD,qDAAkD;AAElD,MAAM,qBAAsB,SAAQ,+BAKnC;IACC,YAAY,IAA0B,EAAE,IAAmC;QACzE,KAAK,CAAC,+BAAc,CAAC,WAAW,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAGtC,qBAAgB,GAAG,KAAK,CAAC;QACzB,yBAAoB,GAAG,IAAI,CAAC;IAH5C,CAAC;CAIF;AAEQ,sDAAqB"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/ClassNameDefinition.d.ts

@@ -0,0 +1,10 @@
+import type { TSESTree } from '@typescript-eslint/types';
+import { DefinitionBase } from './DefinitionBase';
+import { DefinitionType } from './DefinitionType';
+declare class ClassNameDefinition extends DefinitionBase<DefinitionType.ClassName, TSESTree.ClassDeclaration | TSESTree.ClassExpression, null, TSESTree.Identifier> {
+    constructor(name: TSESTree.Identifier, node: ClassNameDefinition['node']);
+    readonly isTypeDefinition = true;
+    readonly isVariableDefinition = true;
+}
+export { ClassNameDefinition };
+//# sourceMappingURL=ClassNameDefinition.d.ts.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/ClassNameDefinition.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ClassNameDefinition.d.ts","sourceRoot":"","sources":["../../src/definition/ClassNameDefinition.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAEzD,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAClD,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAElD,cAAM,mBAAoB,SAAQ,cAAc,CAC9C,cAAc,CAAC,SAAS,EACxB,QAAQ,CAAC,gBAAgB,GAAG,QAAQ,CAAC,eAAe,EACpD,IAAI,EACJ,QAAQ,CAAC,UAAU,CACpB;gBACa,IAAI,EAAE,QAAQ,CAAC,UAAU,EAAE,IAAI,EAAE,mBAAmB,CAAC,MAAM,CAAC;IAIxE,SAAgB,gBAAgB,QAAQ;IACxC,SAAgB,oBAAoB,QAAQ;CAC7C;AAED,OAAO,EAAE,mBAAmB,EAAE,CAAC"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/ClassNameDefinition.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ClassNameDefinition = void 0;
+const DefinitionBase_1 = require("./DefinitionBase");
+const DefinitionType_1 = require("./DefinitionType");
+class ClassNameDefinition extends DefinitionBase_1.DefinitionBase {
+    constructor(name, node) {
+        super(DefinitionType_1.DefinitionType.ClassName, name, node, null);
+        this.isTypeDefinition = true;
+        this.isVariableDefinition = true;
+    }
+}
+exports.ClassNameDefinition = ClassNameDefinition;
+//# sourceMappingURL=ClassNameDefinition.js.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/ClassNameDefinition.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ClassNameDefinition.js","sourceRoot":"","sources":["../../src/definition/ClassNameDefinition.ts"],"names":[],"mappings":";;;AAEA,qDAAkD;AAClD,qDAAkD;AAElD,MAAM,mBAAoB,SAAQ,+BAKjC;IACC,YAAY,IAAyB,EAAE,IAAiC;QACtE,KAAK,CAAC,+BAAc,CAAC,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAGpC,qBAAgB,GAAG,IAAI,CAAC;QACxB,yBAAoB,GAAG,IAAI,CAAC;IAH5C,CAAC;CAIF;AAEQ,kDAAmB"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/Definition.d.ts

@@ -0,0 +1,14 @@
+import type { CatchClauseDefinition } from './CatchClauseDefinition';
+import type { ClassNameDefinition } from './ClassNameDefinition';
+import type { FunctionNameDefinition } from './FunctionNameDefinition';
+import type { ImplicitGlobalVariableDefinition } from './ImplicitGlobalVariableDefinition';
+import type { ImportBindingDefinition } from './ImportBindingDefinition';
+import type { ParameterDefinition } from './ParameterDefinition';
+import type { TSEnumMemberDefinition } from './TSEnumMemberDefinition';
+import type { TSEnumNameDefinition } from './TSEnumNameDefinition';
+import type { TSModuleNameDefinition } from './TSModuleNameDefinition';
+import type { TypeDefinition } from './TypeDefinition';
+import type { VariableDefinition } from './VariableDefinition';
+type Definition = CatchClauseDefinition | ClassNameDefinition | FunctionNameDefinition | ImplicitGlobalVariableDefinition | ImportBindingDefinition | ParameterDefinition | TSEnumMemberDefinition | TSEnumNameDefinition | TSModuleNameDefinition | TypeDefinition | VariableDefinition;
+export { Definition };
+//# sourceMappingURL=Definition.d.ts.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/Definition.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"Definition.d.ts","sourceRoot":"","sources":["../../src/definition/Definition.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AACrE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AACvE,OAAO,KAAK,EAAE,gCAAgC,EAAE,MAAM,oCAAoC,CAAC;AAC3F,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AACzE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AACjE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AACvE,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AACnE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,0BAA0B,CAAC;AACvE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AACvD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAE/D,KAAK,UAAU,GACX,qBAAqB,GACrB,mBAAmB,GACnB,sBAAsB,GACtB,gCAAgC,GAChC,uBAAuB,GACvB,mBAAmB,GACnB,sBAAsB,GACtB,oBAAoB,GACpB,sBAAsB,GACtB,cAAc,GACd,kBAAkB,CAAC;AAEvB,OAAO,EAAE,UAAU,EAAE,CAAC"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/Definition.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=Definition.js.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/Definition.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Definition.js","sourceRoot":"","sources":["../../src/definition/Definition.ts"],"names":[],"mappings":""}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/DefinitionBase.d.ts

@@ -0,0 +1,39 @@
+import type { TSESTree } from '@typescript-eslint/types';
+import type { DefinitionType } from './DefinitionType';
+declare abstract class DefinitionBase<TType extends DefinitionType, TNode extends TSESTree.Node, TParent extends TSESTree.Node | null, TName extends TSESTree.Node = TSESTree.BindingName> {
+    /**
+     * A unique ID for this instance - primarily used to help debugging and testing
+     */
+    readonly $id: number;
+    /**
+     * The type of the definition
+     * @public
+     */
+    readonly type: TType;
+    /**
+     * The `Identifier` node of this definition
+     * @public
+     */
+    readonly name: TName;
+    /**
+     * The enclosing node of the name.
+     * @public
+     */
+    readonly node: TNode;
+    /**
+     * the enclosing statement node of the identifier.
+     * @public
+     */
+    readonly parent: TParent;
+    constructor(type: TType, name: TName, node: TNode, parent: TParent);
+    /**
+     * `true` if the variable is valid in a type context, false otherwise
+     */
+    abstract readonly isTypeDefinition: boolean;
+    /**
+     * `true` if the variable is valid in a value context, false otherwise
+     */
+    abstract readonly isVariableDefinition: boolean;
+}
+export { DefinitionBase };
+//# sourceMappingURL=DefinitionBase.d.ts.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/DefinitionBase.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"DefinitionBase.d.ts","sourceRoot":"","sources":["../../src/definition/DefinitionBase.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAGzD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAIvD,uBAAe,cAAc,CAC3B,KAAK,SAAS,cAAc,EAC5B,KAAK,SAAS,QAAQ,CAAC,IAAI,EAC3B,OAAO,SAAS,QAAQ,CAAC,IAAI,GAAG,IAAI,EACpC,KAAK,SAAS,QAAQ,CAAC,IAAI,GAAG,QAAQ,CAAC,WAAW;IAElD;;OAEG;IACH,SAAgB,GAAG,EAAE,MAAM,CAAe;IAE1C;;;OAGG;IACH,SAAgB,IAAI,EAAE,KAAK,CAAC;IAE5B;;;OAGG;IACH,SAAgB,IAAI,EAAE,KAAK,CAAC;IAE5B;;;OAGG;IACH,SAAgB,IAAI,EAAE,KAAK,CAAC;IAE5B;;;OAGG;IACH,SAAgB,MAAM,EAAE,OAAO,CAAC;gBAEpB,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO;IAOlE;;OAEG;IACH,kBAAyB,gBAAgB,EAAE,OAAO,CAAC;IAEnD;;OAEG;IACH,kBAAyB,oBAAoB,EAAE,OAAO,CAAC;CACxD;AAED,OAAO,EAAE,cAAc,EAAE,CAAC"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/DefinitionBase.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefinitionBase = void 0;
+const ID_1 = require("../ID");
+const generator = (0, ID_1.createIdGenerator)();
+class DefinitionBase {
+    constructor(type, name, node, parent) {
+        /**
+         * A unique ID for this instance - primarily used to help debugging and testing
+         */
+        this.$id = generator();
+        this.type = type;
+        this.name = name;
+        this.node = node;
+        this.parent = parent;
+    }
+}
+exports.DefinitionBase = DefinitionBase;
+//# sourceMappingURL=DefinitionBase.js.map

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/DefinitionBase.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DefinitionBase.js","sourceRoot":"","sources":["../../src/definition/DefinitionBase.ts"],"names":[],"mappings":";;;AAEA,8BAA0C;AAG1C,MAAM,SAAS,GAAG,IAAA,sBAAiB,GAAE,CAAC;AAEtC,MAAe,cAAc;IAmC3B,YAAY,IAAW,EAAE,IAAW,EAAE,IAAW,EAAE,MAAe;QA7BlE;;WAEG;QACa,QAAG,GAAW,SAAS,EAAE,CAAC;QA2BxC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CAWF;AAEQ,wCAAc"}

node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager/dist/definition/DefinitionType.d.ts

@@ -0,0 +1,15 @@
+declare enum DefinitionType {
+    CatchClause = "CatchClause",
+    ClassName = "ClassName",
+    FunctionName = "FunctionName",
+    ImplicitGlobalVariable = "ImplicitGlobalVariable",
+    ImportBinding = "ImportBinding",
+    Parameter = "Parameter",
+    TSEnumName = "TSEnumName",
+    TSEnumMember = "TSEnumMemberName",
+    TSModuleName = "TSModuleName",
+    Type = "Type",
+    Variable = "Variable"
+}
+export { DefinitionType };
+//# sourceMappingURL=DefinitionType.d.ts.map