[pull] main from github:main

[pull]

See Commits and Changes for more details.

---

Created by pull[bot]

Can you help keep this open source service alive? 💖 Please sponsor : )

Summary by CodeRabbit

Release Notes

• New Features

  • Enhanced support for diff-informed analysis during pull request builds.
  • Improved diagnostic artifact upload for more reliable debugging.
  • Added functionality for overlay database mode in analysis workflows.
  • Introduced new utility functions for managing diff-informed analysis in GitHub actions.

• Performance & Reliability

  • Upgraded CodeQL Bundle and CLI to newer versions for greater stability.
  • Optimized dependency caching and refined error handling in analysis workflows.

• Workflow Improvements

  • Streamlined workflow configurations with clearer permissions and environment settings.
  • Updated build modes and documentation to better guide users in selecting the appropriate setup.

• Developer Experience

  • Expanded documentation and build scripts to simplify project management.
  • Enhanced error handling for uploads and refined logging for better debugging insights.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This pull request implements extensive refactoring and enhancements across the entire CodeQL Action repository. Multiple GitHub Actions workflows have been updated by removing an obsolete Kotlin-disable flag and introducing a new input parameter (setup-kotlin: 'true'), while job matrices and permissions have been streamlined (e.g. “latest” → “linked”, “write” → “read”). In addition, core library modules have been refactored—improving module imports, error handling, and version management—and several new utility files and scripts have been introduced to support dependency caching, overlay database modes, and enhanced documentation.

Changes

File(s)	Change Summary
.github/workflows/*	Updated numerous workflow files by removing CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN, switching OS matrix versions from “latest” to “linked”, adjusting permissions (e.g. security-events: write → read), removing Python setup steps, and adding new workflows (e.g. for debug artifacts, Zstandard bundle, start proxy, publish immutable action).
.github/actions/*	Modified action configuration files to update environment variable usage, adopt environment-driven parameter passing, add new inputs (setup-kotlin), update error handling (e.g. using core.setFailed instead of logging), and update external action references.
.github/codeql/*, dependabot.yml, releases.ini	Introduced a new CodeQL Actions Queries configuration, updated dependency ignore lists (e.g. eslint-plugin-import), and raised the minimum supported major version from 2 to 3.
Documentation Files (CHANGELOG.md, CONTRIBUTING.md, README.md, .gitignore, .pre-commit-config.yaml)	Expanded version histories and deprecation/addition notices, restructured sections (e.g. renaming “Supported versions” to “Build Modes” and adding an “Actions” section), added new ignore rules, and reintroduced linting hooks for TypeScript.
Core Library Modules (lib/*)	Refactored multiple modules with improved __importStar implementations, revised error handling and exports, removed obsolete functions, updated version constants, and enhanced functionality in analysis, CodeQL setup, Git utilities, configuration handling, and debug artifact upload.
New Scripts & Tools (justfile; scripts in actions-extractor/tools)	Added a new justfile defining build, lint, test, and sync targets; introduced new shell, batch, and PowerShell scripts to manage the JavaScript extractor’s autobuild process.
New Feature Files (overlay-database-utils.js, dependency-caching.js, doc-url.js)	Introduced modules to support overlay database modes, provide dependency caching utility functions, and centralize documentation URLs.
Git Utilities (lib/git-utils.js and its tests)	Added comprehensive Git utility functions (e.g. getGitRoot, getCommitOid, deepenGitHistory, gitFetch) along with corresponding tests to enhance repository operations.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant U as User
    participant GH as GitHub Actions Workflow
    participant PT as Prepare Test Step
    participant IA as Init Action
    participant AN as Analysis Step
    participant UA as Upload Artifact Step
    participant PS as Post-Step

    U->>GH: Push event / PR trigger
    GH->>PT: Start "Prepare test" (reads setup-kotlin input)
    PT->>IA: Call Init Action with updated parameters (incl. overlay mode)
    IA->>AN: Initialize CodeQL, setup environment, run queries
    AN->>UA: Analyze code and generate SARIF / debug logs
    UA->>PS: Report status and upload artifacts
    PS->>GH: End job with consolidated report

Loading

Poem

I’m a little rabbit in a code-filled maze,
Hopping through workflows in a joyful daze.
I nibbled on inputs and cleaned up the mess,
Added new features with complete finesse.
With “setup-kotlin” and changes grand,
I celebrate each commit in this wonderland.
🐰 Code hops on, bright and bold!

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Join our Discord community for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 7

Outside diff range, codebase verification and nitpick comments (18)

.github/workflows/__all-platform-bundle.yml (1)

57-57: Kotlin Setup May Be Incomplete in Workflow

The setup-kotlin: 'true' line is present, but Kotlin is missing from the languages list in the workflow configuration. This could indicate that Kotlin is not fully integrated into the workflow, potentially leading to incomplete setup or execution issues.

• File: .github/workflows/__all-platform-bundle.yml
• Lines: Around setup-kotlin: 'true'

Please ensure that Kotlin is included in all relevant configurations and dependencies within the workflow.

Analysis chain

Enable Kotlin setup.

The addition of setup-kotlin: 'true' indicates that Kotlin is now explicitly supported. Ensure that any dependencies or configurations required for Kotlin are properly handled in the workflow.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify Kotlin setup dependencies and configurations.

# Test: Search for Kotlin-related setup or configuration files. Expect: Presence of Kotlin setup or configuration.
rg --type yaml 'kotlin'

Length of output: 247

---

Script:

#!/bin/bash
# Description: Check for Kotlin-related configurations in the workflow file.

# Test: Search for Kotlin-related configurations in the specified workflow file.
rg 'kotlin' .github/workflows/__all-platform-bundle.yml -A 5

Length of output: 302

.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml (1)

57-57: Kotlin setup appears unnecessary in this workflow.

The setup-kotlin: 'true' parameter is the only Kotlin-related configuration in the workflow file, which primarily deals with Go projects. There are no other Kotlin-related actions or dependencies present, suggesting that this setup might not be required. Please review the necessity of this configuration.

• .github/workflows/__go-indirect-tracing-workaround-no-file-program.yml: Line with setup-kotlin: 'true'

Analysis chain

Ensure Kotlin setup is necessary.

The setup-kotlin: 'true' parameter has been added. Verify that Kotlin setup is required for this workflow, as it primarily deals with Go projects.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify if Kotlin setup is necessary in the Go workflow.

# Test: Search for Kotlin-related usage in the Go workflow. Expect: No Kotlin-related actions.
rg --type yaml -A 5 'setup-kotlin: true' .github/workflows/__go-indirect-tracing-workaround-no-file-program.yml

Length of output: 113

---

Script:

#!/bin/bash
# Description: Search for any Kotlin-related keywords or actions in the workflow file.

# Search for Kotlin-related keywords in the workflow file.
rg --type yaml 'kotlin|setup-kotlin' .github/workflows/__go-indirect-tracing-workaround-no-file-program.yml

Length of output: 140

eslint.config.mjs (1)

1-2: Consider removing the auto-generated comment.

The comment indicating that the file was auto-generated might not be necessary in a version-controlled environment.

- // Automatically generated by running npx @eslint/migrate-config .eslintrc.json

lib/start-proxy-action.js (3)

19-19: Consider using optional chaining.

The code could be simplified by using optional chaining, which is a more modern and concise way to handle optional properties.

- if (mod && mod.__esModule) return mod;
+ if (mod?.__esModule) return mod;

Tools

Biome

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

65-66: Clarify the comment on retention days.

The comment about retention days is informative but could be more explicit about the reason for setting it to 7 days.

- // ensure we don't keep the debug artifacts around for too long since they can be large.
+ // Set retention to 7 days to prevent large debug artifacts from being stored for too long.

---

128-129: Improve the comment on port selection.

The comment about selecting a different port could be more descriptive about the range and the reason for the random selection.

- // If the proxy failed to start, try a different port from the ephemeral range [49152, 65535]
+ // If the proxy fails to start, select a random port from the ephemeral range [49152, 65535] to avoid conflicts.

lib/debug-artifacts.js (1)

69-71: Log the error object for better debugging.

While the warning message is useful, logging the error object can provide more context for debugging purposes.

- core.warning(`Failed to upload debug artifacts: ${e}`);
+ core.warning(`Failed to upload debug artifacts: ${e.message}`);

lib/setup-codeql.js (1)

29-36: Review the removal of exports carefully.

The functions getCodeQLActionRepository, tryGetBundleVersionFromUrl, convertToSemVer, getCodeQLSource, tryGetFallbackToolcacheVersion, getCodeQLURLVersion, and setupCodeQLBundle are still being used in other parts of the codebase, including source and test files. Ensure that their removal from exports does not break functionality or refactor them appropriately to maintain accessibility.

• src/codeql.ts
• src/setup-codeql.test.ts
• lib/codeql.js

Analysis chain

Review the removal of exports.

Several functions have been removed from exports, which may affect their accessibility in other modules. Ensure these functions are not required elsewhere or have been refactored appropriately.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify if removed exports are used elsewhere in the codebase.

# Test: Search for usage of removed functions. Expect: No occurrences.
rg --type javascript -w $'getCodeQLActionRepository|tryGetBundleVersionFromUrl|convertToSemVer|getCodeQLSource|tryGetFallbackToolcacheVersion|getCodeQLURLVersion|setupCodeQLBundle'

Length of output: 216

---

Script:

#!/bin/bash
# Description: Verify if removed exports are used elsewhere in the codebase.

# Test: Search for usage of removed functions. Expect: No occurrences.
rg -w 'getCodeQLActionRepository|tryGetBundleVersionFromUrl|convertToSemVer|getCodeQLSource|tryGetFallbackToolcacheVersion|getCodeQLURLVersion|setupCodeQLBundle'

Length of output: 7733

CHANGELOG.md (10)

11-13: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.

- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024

Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

16-18: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.

- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024

Tools

LanguageTool

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

20-22: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.

- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024

Tools

LanguageTool

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

24-26: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.

- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024

Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

31-33: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.

- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024

Tools

LanguageTool

[typographical] ~31-~31: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

36-38: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.

- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024

Tools

LanguageTool

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

41-43: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.

- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024

Tools

LanguageTool

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

45-47: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.

- ## 3.25.9 - 12 Jun 2024
+ ## 3.25.9 – 12 Jun 2024

Tools

LanguageTool

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

50-52: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.

- ## 3.25.8 - 04 Jun 2024
+ ## 3.25.8 – 04 Jun 2024

Tools

LanguageTool

[typographical] ~50-~50: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

54-56: Consider using an en dash for date ranges.

For consistency and readability, consider using an en dash (–) instead of a hyphen (-) for date ranges.

- ## 3.25.7 - 31 May 2024
+ ## 3.25.7 – 31 May 2024

Tools

LanguageTool

[typographical] ~54-~54: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 47deadd and 25ad3c8.

Files ignored due to path filters (186)

• lib/actions-util.js.map is excluded by !**/*.map
• lib/analyze-action-env.test.js.map is excluded by !**/*.map
• lib/analyze-action-input.test.js.map is excluded by !**/*.map
• lib/analyze-action-post-helper.js.map is excluded by !**/*.map
• lib/analyze-action.js.map is excluded by !**/*.map
• lib/analyze.js.map is excluded by !**/*.map
• lib/api-client.js.map is excluded by !**/*.map
• lib/autobuild-action.js.map is excluded by !**/*.map
• lib/autobuild.js.map is excluded by !**/*.map
• lib/cli-errors.js.map is excluded by !**/*.map
• lib/codeql.js.map is excluded by !**/*.map
• lib/codeql.test.js.map is excluded by !**/*.map
• lib/config-utils.js.map is excluded by !**/*.map
• lib/config-utils.test.js.map is excluded by !**/*.map
• lib/database-upload.js.map is excluded by !**/*.map
• lib/debug-artifacts.js.map is excluded by !**/*.map
• lib/diagnostics.js.map is excluded by !**/*.map
• lib/doc-url.js.map is excluded by !**/*.map
• lib/feature-flags.js.map is excluded by !**/*.map
• lib/feature-flags.test.js.map is excluded by !**/*.map
• lib/fingerprints.js.map is excluded by !**/*.map
• lib/init-action-post-helper.js.map is excluded by !**/*.map
• lib/init-action-post-helper.test.js.map is excluded by !**/*.map
• lib/init-action.js.map is excluded by !**/*.map
• lib/init.js.map is excluded by !**/*.map
• lib/init.test.js.map is excluded by !**/*.map
• lib/languages.js.map is excluded by !**/*.map
• lib/logging.js.map is excluded by !**/*.map
• lib/repository.js.map is excluded by !**/*.map
• lib/resolve-environment.js.map is excluded by !**/*.map
• lib/setup-codeql.js.map is excluded by !**/*.map
• lib/setup-codeql.test.js.map is excluded by !**/*.map
• lib/start-proxy-action-post.js.map is excluded by !**/*.map
• lib/start-proxy-action.js.map is excluded by !**/*.map
• lib/status-report.js.map is excluded by !**/*.map
• lib/testing-utils.js.map is excluded by !**/*.map
• lib/tools-features.js.map is excluded by !**/*.map
• lib/tracer-config.js.map is excluded by !**/*.map
• lib/tracer-config.test.js.map is excluded by !**/*.map
• lib/trap-caching.js.map is excluded by !**/*.map
• lib/upload-lib.js.map is excluded by !**/*.map
• lib/upload-sarif-action-post-helper.js.map is excluded by !**/*.map
• lib/upload-sarif-action.js.map is excluded by !**/*.map
• lib/util.js.map is excluded by !**/*.map
• lib/workflow.js.map is excluded by !**/*.map
• lib/workflow.test.js.map is excluded by !**/*.map
• node_modules/@eslint/compat/LICENSE is excluded by !**/node_modules/**
• node_modules/@eslint/compat/README.md is excluded by !**/node_modules/**
• node_modules/@eslint/compat/dist/cjs/index.cjs is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@eslint/compat/dist/cjs/index.d.cts is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@eslint/compat/dist/esm/index.d.ts is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@eslint/compat/dist/esm/index.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@eslint/compat/package.json is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/README.md is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/dist/eslintrc-universal.cjs is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@eslint/eslintrc/dist/eslintrc-universal.cjs.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@eslint/eslintrc/dist/eslintrc.cjs is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@eslint/eslintrc/dist/eslintrc.cjs.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@eslint/eslintrc/lib/config-array-factory.js is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/lib/config-array/config-array.js is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/lib/index.js is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/lib/shared/config-validator.js is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/LICENSE is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/README.md is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/dist/eslint-visitor-keys.cjs is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/dist/eslint-visitor-keys.d.cts is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/dist/index.d.ts is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/dist/visitor-keys.d.ts is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/lib/index.js is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/lib/visitor-keys.js is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/eslint-visitor-keys/package.json is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/espree/LICENSE is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/espree/README.md is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/espree/dist/espree.cjs is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/espree/espree.js is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/espree/lib/espree.js is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/espree/lib/features.js is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/espree/lib/options.js is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/espree/lib/token-translator.js is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/espree/lib/version.js is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/espree/package.json is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/globals/globals.json is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/globals/index.d.ts is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/globals/index.js is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/globals/license is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/globals/package.json is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/node_modules/globals/readme.md is excluded by !**/node_modules/**
• node_modules/@eslint/eslintrc/package.json is excluded by !**/node_modules/**
• node_modules/@eslint/js/package.json is excluded by !**/node_modules/**
• node_modules/@eslint/js/src/configs/eslint-all.js is excluded by !**/node_modules/**
• node_modules/@eslint/js/src/configs/eslint-recommended.js is excluded by !**/node_modules/**
• node_modules/@types/console-log-level/LICENSE is excluded by !**/node_modules/**
• node_modules/@types/console-log-level/README.md is excluded by !**/node_modules/**
• node_modules/@types/console-log-level/index.d.ts is excluded by !**/node_modules/**
• node_modules/@types/console-log-level/package.json is excluded by !**/node_modules/**
• node_modules/@types/node-forge/LICENSE is excluded by !**/node_modules/**
• node_modules/@types/node-forge/README.md is excluded by !**/node_modules/**
• node_modules/@types/node-forge/index.d.ts is excluded by !**/node_modules/**
• node_modules/@types/node-forge/package.json is excluded by !**/node_modules/**
• node_modules/@types/uuid/README.md is excluded by !**/node_modules/**
• node_modules/@types/uuid/index.d.mts is excluded by !**/node_modules/**
• node_modules/@types/uuid/index.d.ts is excluded by !**/node_modules/**
• node_modules/@types/uuid/package.json is excluded by !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/all.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/all.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/disable-type-checked.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/disable-type-checked.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/recommended-type-checked-only.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/recommended-type-checked-only.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/recommended-type-checked.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/recommended-type-checked.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/recommended.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/recommended.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/strict-type-checked-only.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/strict-type-checked-only.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/strict-type-checked.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/strict-type-checked.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/strict.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/strict.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/stylistic-type-checked-only.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/stylistic-type-checked-only.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/stylistic-type-checked.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/stylistic-type-checked.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/stylistic.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/configs/stylistic.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/adjacent-overload-signatures.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/adjacent-overload-signatures.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/array-type.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/array-type.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/class-literal-property-style.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/class-literal-property-style.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/class-methods-use-this.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-type-assertions.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-type-assertions.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-type-definitions.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-type-definitions.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-type-imports.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-type-imports.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/default-param-last.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/default-param-last.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/dot-notation.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/dot-notation.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/enum-utils/shared.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/enum-utils/shared.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/explicit-member-accessibility.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/explicit-member-accessibility.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/indent.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/index.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/index.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/init-declarations.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/init-declarations.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/member-ordering.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/member-ordering.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/method-signature-style.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/method-signature-style.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/parse-options.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/parse-options.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/schema.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/schema.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/shared.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/shared.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/validator.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/validator.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-array-delete.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-array-delete.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-base-to-string.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-base-to-string.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-duplicate-enum-values.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-duplicate-enum-values.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-duplicate-type-constituents.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-duplicate-type-constituents.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-dynamic-delete.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-dynamic-delete.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-empty-interface.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-empty-interface.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-empty-object-type.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-empty-object-type.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-extraneous-class.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-extraneous-class.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-floating-promises.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-floating-promises.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-implied-eval.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-implied-eval.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-inferrable-types.js is excluded by !**/dist/**, !**/node_modules/**

Files selected for processing (106)

• .github/actions/prepare-test/action.yml (2 hunks)
• .github/actions/query-filter-test/action.yml (1 hunks)
• .github/workflows/__all-platform-bundle.yml (3 hunks)
• .github/workflows/__analyze-ref-input.yml (4 hunks)
• .github/workflows/__autobuild-action.yml (5 hunks)
• .github/workflows/__autobuild-direct-tracing-with-working-dir.yml (1 hunks)
• .github/workflows/__autobuild-direct-tracing.yml (4 hunks)
• .github/workflows/__build-mode-autobuild.yml (3 hunks)
• .github/workflows/__build-mode-manual.yml (4 hunks)
• .github/workflows/__build-mode-none.yml (4 hunks)
• .github/workflows/__build-mode-rollback.yml (3 hunks)
• .github/workflows/__cleanup-db-cluster-dir.yml (1 hunks)
• .github/workflows/__config-export.yml (4 hunks)
• .github/workflows/__config-input.yml (4 hunks)
• .github/workflows/__cpp-deptrace-disabled.yml (4 hunks)
• .github/workflows/__cpp-deptrace-enabled-on-macos.yml (3 hunks)
• .github/workflows/__cpp-deptrace-enabled.yml (4 hunks)
• .github/workflows/__diagnostics-export.yml (6 hunks)
• .github/workflows/__export-file-baseline-information.yml (4 hunks)
• .github/workflows/__extractor-ram-threads.yml (4 hunks)
• .github/workflows/__go-custom-queries.yml (6 hunks)
• .github/workflows/__go-indirect-tracing-workaround-diagnostic.yml (3 hunks)
• .github/workflows/__go-indirect-tracing-workaround-no-file-program.yml (3 hunks)
• .github/workflows/__go-indirect-tracing-workaround.yml (4 hunks)
• .github/workflows/__go-tracing-autobuilder.yml (6 hunks)
• .github/workflows/__go-tracing-custom-build-steps.yml (6 hunks)
• .github/workflows/__go-tracing-legacy-workflow.yml (6 hunks)
• .github/workflows/__init-with-registries.yml (4 hunks)
• .github/workflows/__javascript-source-root.yml (5 hunks)
• .github/workflows/__language-aliases.yml (4 hunks)
• .github/workflows/__multi-language-autodetect.yml (6 hunks)
• .github/workflows/__packaging-codescanning-config-inputs-js.yml (4 hunks)
• .github/workflows/__packaging-config-inputs-js.yml (4 hunks)
• .github/workflows/__packaging-config-js.yml (4 hunks)
• .github/workflows/__packaging-inputs-js.yml (4 hunks)
• .github/workflows/__remote-config.yml (5 hunks)
• .github/workflows/__resolve-environment-action.yml (5 hunks)
• .github/workflows/__rubocop-multi-language.yml (3 hunks)
• .github/workflows/__ruby.yml (4 hunks)
• .github/workflows/__split-workflow.yml (4 hunks)
• .github/workflows/__submit-sarif-failure.yml (4 hunks)
• .github/workflows/__swift-autobuild.yml (4 hunks)
• .github/workflows/__swift-custom-build.yml (4 hunks)
• .github/workflows/__test-autobuild-working-dir.yml (5 hunks)
• .github/workflows/__test-local-codeql.yml (4 hunks)
• .github/workflows/__test-proxy.yml (4 hunks)
• .github/workflows/__unset-environment.yml (4 hunks)
• .github/workflows/__upload-ref-sha-input.yml (4 hunks)
• .github/workflows/__with-checkout-path.yml (5 hunks)
• .github/workflows/codeql.yml (4 hunks)
• .github/workflows/codescanning-config-cli.yml (1 hunks)
• .github/workflows/debug-artifacts-failure.yml (2 hunks)
• .github/workflows/debug-artifacts.yml (4 hunks)
• .github/workflows/expected-queries-runs.yml (1 hunks)
• .github/workflows/pr-checks.yml (5 hunks)
• .github/workflows/python312-windows.yml (2 hunks)
• .github/workflows/query-filters.yml (1 hunks)
• .github/workflows/script/update-node-modules.sh (1 hunks)
• .github/workflows/script/update-required-checks.sh (1 hunks)
• .github/workflows/test-codeql-bundle-all.yml (2 hunks)
• CHANGELOG.md (1 hunks)
• README.md (1 hunks)
• eslint.config.mjs (1 hunks)
• init/action.yml (1 hunks)
• lib/actions-util.js (16 hunks)
• lib/analyze-action-env.test.js (1 hunks)
• lib/analyze-action-input.test.js (1 hunks)
• lib/analyze-action-post-helper.js (2 hunks)
• lib/analyze-action.js (5 hunks)
• lib/analyze.js (9 hunks)
• lib/api-client.js (11 hunks)
• lib/api-compatibility.json (1 hunks)
• lib/autobuild-action.js (3 hunks)
• lib/autobuild.js (5 hunks)
• lib/cli-errors.js (9 hunks)
• lib/codeql.js (27 hunks)
• lib/codeql.test.js (20 hunks)
• lib/config-utils.js (18 hunks)
• lib/config-utils.test.js (1 hunks)
• lib/database-upload.js (3 hunks)
• lib/debug-artifacts.js (6 hunks)
• lib/defaults.json (1 hunks)
• lib/diagnostics.js (7 hunks)
• lib/doc-url.js (1 hunks)
• lib/feature-flags.js (4 hunks)
• lib/feature-flags.test.js (3 hunks)
• lib/fingerprints.js (5 hunks)
• lib/init-action-post-helper.js (5 hunks)
• lib/init-action-post-helper.test.js (2 hunks)
• lib/init-action.js (12 hunks)
• lib/init.js (5 hunks)
• lib/init.test.js (2 hunks)
• lib/languages.js (3 hunks)
• lib/logging.js (1 hunks)
• lib/repository.js (2 hunks)
• lib/resolve-environment.js (2 hunks)
• lib/setup-codeql.js (13 hunks)
• lib/setup-codeql.test.js (2 hunks)
• lib/start-proxy-action-post.js (1 hunks)
• lib/start-proxy-action.js (1 hunks)
• lib/status-report.js (8 hunks)
• lib/testing-utils.js (8 hunks)
• lib/tools-features.js (3 hunks)
• lib/tracer-config.js (4 hunks)
• lib/tracer-config.test.js (3 hunks)
• lib/trap-caching.js (5 hunks)

Files not processed due to max files limit (6)

• lib/upload-lib.js
• lib/upload-sarif-action-post-helper.js
• lib/upload-sarif-action.js
• lib/util.js
• lib/workflow.js
• lib/workflow.test.js

Files skipped from review due to trivial changes (13)

• .github/actions/query-filter-test/action.yml
• .github/workflows/__autobuild-direct-tracing-with-working-dir.yml
• .github/workflows/__cleanup-db-cluster-dir.yml
• README.md
• lib/analyze-action-env.test.js
• lib/analyze-action-input.test.js
• lib/autobuild-action.js
• lib/defaults.json
• lib/feature-flags.test.js
• lib/languages.js
• lib/repository.js
• lib/testing-utils.js
• lib/trap-caching.js

Additional context used

Biome

lib/doc-url.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 15-15: The assignment should not be in an expression.

The use of assignments in expressions is confusing.
Expressions are often considered as side-effect free.

(lint/suspicious/noAssignInExpressions)

---

[error] 15-15: The assignment should not be in an expression.

The use of assignments in expressions is confusing.
Expressions are often considered as side-effect free.

(lint/suspicious/noAssignInExpressions)

lib/start-proxy-action-post.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 47-47: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/init.test.js

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 26-26: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/start-proxy-action.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/cli-errors.js

[error] 144-144: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

LanguageTool

CHANGELOG.md

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~31-~31: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~50-~50: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~54-~54: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Additional comments not posted (221)

lib/api-compatibility.json (1)

1-1: Verify impact on users due to version changes.

The changes in maximumVersion and minimumVersion update the supported API versions. Ensure that users relying on older versions are informed about the need to upgrade to maintain compatibility.

.github/workflows/script/update-node-modules.sh (1)

1-2: LGTM! Verify npm cache cleaning permissions.

The addition of #!/bin/bash and set -eu improves script robustness. The changes are approved.

Ensure that the user has the necessary permissions to run sudo npm cache clean --force.

.github/workflows/python312-windows.yml (2)

37-37: Verify impact of changing tools to linked.

The change from tools: latest to tools: linked may affect the version of tools used. Verify its impact on the workflow.

Verification successful

---

No functional impact from changing tools: latest to tools: linked.

The change is a renaming to clarify that tools: linked specifies using tools shipped with the Action. The old name remains supported for backward compatibility, indicating no immediate impact on the workflow.

• Refer to CHANGELOG.md for more details.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the impact of changing tools to linked.

# Test: Search for documentation or code comments related to tools: linked. Expect: Explanation of the change and its impact.
rg "tools: linked" -A 5

Length of output: 2385

---

17-18: Verify implications of CODEQL_ACTION_TEST_MODE.

The addition of CODEQL_ACTION_TEST_MODE: true suggests a new testing mode. Verify its impact on the workflow and testing process.

Verification successful

---

Implications of CODEQL_ACTION_TEST_MODE in the Workflow

The CODEQL_ACTION_TEST_MODE environment variable is used to toggle a testing mode for CodeQL actions. It is referenced in several parts of the codebase, indicating its role in modifying the behavior of workflows for testing purposes. This mode might affect how workflows execute, potentially enabling additional logging or altering execution paths.

• Files Involved:
  • src/environment.ts and lib/environment.js define it as a test mode variable.
  • pr-checks/sync.py checks and sets this variable if not already present.
  • pr-checks/checks/submit-sarif-failure.yml sets it to false, indicating different configurations for different workflows.

Consider reviewing these references to ensure the testing mode's behavior aligns with your expectations for the workflow.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the implications of CODEQL_ACTION_TEST_MODE on the workflow.

# Test: Search for references to CODEQL_ACTION_TEST_MODE in the codebase. Expect: Documentation or code comments explaining its purpose.
rg "CODEQL_ACTION_TEST_MODE" -A 5

Length of output: 1691

.github/workflows/expected-queries-runs.yml (1)

32-32: Switch to a specific version for stability.

The version parameter has been changed from latest to linked. This change can help ensure consistency and avoid unexpected issues due to updates in the latest version.

.github/workflows/test-codeql-bundle-all.yml (1)

45-46: Exclude unsupported languages for efficiency.

Swift has been excluded from the language list as it is not supported on Ubuntu. This change optimizes the workflow by focusing only on compatible languages.

lib/tools-features.js (1)

14-14: Expand feature set with ForceOverwrite.

The addition of ForceOverwrite to the ToolsFeature enum extends the feature set, allowing for more granular control over tool behaviors.

lib/logging.js (2)

26-27: LGTM! The export changes improve clarity.

The direct assignment of exports enhances readability and consistency.

---

34-40: Enhanced logging functionality is beneficial.

The added methods (info, warning, error) in getRunnerLogger provide a more comprehensive logging interface.

.github/workflows/__test-proxy.yml (1)

31-31: Workflow configuration changes look good.

The shift to version: linked and the addition of setup-kotlin: 'false' streamline the workflow configuration.

Also applies to: 57-57

.github/workflows/__all-platform-bundle.yml (1)

61-62: Update supported languages list.

The languages list now explicitly excludes Swift on Ubuntu. This change should align with the environments and languages supported by your project.

.github/workflows/query-filters.yml (1)

30-30: Change version parameter to linked.

The version parameter change from latest to linked suggests a preference for a specific version. Verify that this change aligns with the intended stability or compatibility goals.

lib/analyze-action-post-helper.js (1)

26-26: Ensure proper export of the run function.

The change to exports.run = run; correctly exports the run function, making it accessible to other modules. This resolves any previous issues with the function not being properly exported.

.github/workflows/__test-local-codeql.yml (3)

57-57: Kotlin setup enabled.

The setup-kotlin parameter is now set to 'true', indicating explicit support for Kotlin. Ensure that this aligns with other configurations.

---

67-68: Swift exclusion from Ubuntu supported languages.

Swift has been excluded from the list of supported languages on Ubuntu, which aligns with the note that Swift is not supported on this platform.

---

Line range hint 1-75:
Verify impact of removing CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN.

The removal of this environment variable indicates a change in how Kotlin is handled. Ensure that this does not negatively impact the CodeQL analysis for Kotlin.

Verification successful

---

Kotlin Analysis Configuration Verified

The removal of CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN does not negatively impact Kotlin analysis. The codebase includes several references to Kotlin, indicating that it is still supported through language aliases and other configurations.

• References to Kotlin are found in workflow and configuration files, such as language-aliases.yml and other setup scripts.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the impact of removing `CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN`.

# Test: Check if Kotlin extraction is still functioning as expected.
# Expect: No errors related to Kotlin extraction in CodeQL workflows.
rg --type yaml 'CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN'

Length of output: 59

---

Script:

#!/bin/bash
# Description: Check for references to Kotlin in workflow files and related configurations.

# Search for any mention of Kotlin in YAML workflow files.
rg --type yaml 'kotlin'

# Search for any mention of Kotlin in the pr-checks directory or related setup scripts.
fd --type f --exec rg 'kotlin' {}

Length of output: 2657

.github/workflows/__language-aliases.yml (3)

57-57: Kotlin setup enabled.

The setup-kotlin parameter is now set to 'true', indicating explicit support for Kotlin. Ensure that this aligns with other configurations.

---

Line range hint 1-73:
Verify impact of removing CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN.

The removal of this environment variable indicates a change in how Kotlin is handled. Ensure that this does not negatively impact the CodeQL analysis for Kotlin.

---

31-31: Verify impact of changing version to linked.

The version parameter has been changed from latest to linked. Ensure that this change aligns with the intended version control strategy and does not affect compatibility.

Verification successful

---

Change to version: linked appears isolated.

The change to version: linked in the .github/workflows/__language-aliases.yml file does not appear to impact other parts of the codebase, as no other references to this specific setting were found. Ensure this aligns with the intended configuration for this workflow.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the impact of changing `version` to `linked`.

# Test: Check for references to the `version` parameter.
# Expect: Consistent usage of `linked` version in relevant workflows.
rg --type yaml 'version: linked'

Length of output: 34

---

Script:

#!/bin/bash
# Description: Search for any references to the `version` parameter in YAML files.

# Test: Broaden the search to include all `version` references.
rg --type yaml 'version:'

Length of output: 2852

.github/workflows/script/update-required-checks.sh (1)

31-31: Refined filtering logic for check runs.

The filtering logic now excludes check runs with a conclusion of "skipped", ensuring only relevant and completed checks are considered. This change aligns with the intended behavior.

.github/workflows/__analyze-ref-input.yml (1)

61-61: Enable Kotlin setup explicitly.

The addition of setup-kotlin: 'true' ensures that Kotlin is explicitly supported in the workflow setup. This change aligns with the removal of CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN, indicating a shift towards better Kotlin handling.

.github/workflows/__rubocop-multi-language.yml (1)

57-57: Enable Kotlin setup explicitly.

The addition of setup-kotlin: 'true' ensures that Kotlin is explicitly supported in the workflow setup. This change aligns with the removal of CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN, indicating a shift towards better Kotlin handling.

.github/workflows/__build-mode-manual.yml (1)

57-57: Enable Kotlin setup explicitly.

The addition of setup-kotlin: 'true' ensures that Kotlin is explicitly supported in the workflow setup. This change aligns with the removal of CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN, indicating a shift towards better Kotlin handling.

.github/workflows/__javascript-source-root.yml (2)

31-31: Switch to linked version for stability.

Changing the version from latest to linked can enhance stability by using a specific version rather than the most recent one.

---

61-61: Explicit Kotlin setup enabled.

The addition of setup-kotlin: 'true' ensures that Kotlin is explicitly set up, which may be necessary for the workflow's execution.

.github/workflows/__ruby.yml (3)

31-31: Switch to linked version for Ubuntu stability.

Changing the version from latest to linked for Ubuntu can enhance stability by using a specific version rather than the most recent one.

---

33-33: Switch to linked version for macOS stability.

Changing the version from latest to linked for macOS can enhance stability by using a specific version rather than the most recent one.

---

67-67: Explicit Kotlin setup enabled.

The addition of setup-kotlin: 'true' ensures that Kotlin is explicitly set up, which may be necessary for the workflow's execution.

.github/workflows/__test-autobuild-working-dir.yml (2)

31-31: Switch to linked version for stability.

Changing the version from latest to linked can enhance stability by using a specific version rather than the most recent one.

---

57-57: Explicit Kotlin setup enabled.

The addition of setup-kotlin: 'true' ensures that Kotlin is explicitly set up, which may be necessary for the workflow's execution.

.github/workflows/__cpp-deptrace-enabled.yml (2)

31-31: Use of specific versioning is good practice.

Changing the version from latest to linked enhances build consistency and stability.

---

61-61: Explicit Kotlin setup is beneficial.

Adding setup-kotlin: 'true' ensures that Kotlin is properly configured, which is important for projects using Kotlin.

.github/workflows/__autobuild-action.yml (2)

31-35: Use of specific versioning is good practice.

Changing the version from latest to linked across multiple OS configurations enhances build consistency and stability.

---

61-61: Explicit Kotlin setup is beneficial.

Adding setup-kotlin: 'true' ensures that Kotlin is properly configured, which is important for projects using Kotlin.

.github/workflows/__build-mode-none.yml (2)

31-31: Use of specific versioning is good practice.

Changing the version from latest to linked enhances build consistency and stability.

---

59-59: Explicit Kotlin setup is beneficial.

Adding setup-kotlin: 'true' ensures that Kotlin is properly configured, which is important for projects using Kotlin.

.github/workflows/__cpp-deptrace-enabled-on-macos.yml (1)

57-57: Ensure Kotlin setup is necessary.

The addition of setup-kotlin: 'true' suggests that Kotlin support is now required. Verify that this change aligns with the project's requirements and does not introduce unnecessary dependencies.

Verification successful

---

Kotlin Setup Justification

The presence of the Kotlin file tests/multi-language-repo/main.kt suggests that the Kotlin setup in the workflow is likely necessary. Ensure that this aligns with the project's requirements and that the Kotlin component is actively utilized in the build or test processes.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Test: Search for Kotlin-related files or configurations. Expect: Relevant Kotlin files or configurations.
rg --type kotlin

Length of output: 415

---

Script:

#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Test: Search for Kotlin-related files or configurations. Expect: Relevant Kotlin files or configurations.
rg --type kotlin --files-with-matches

Length of output: 436

---

Script:

#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Test: Search for Kotlin files by their common file extension. Expect: Relevant Kotlin files.
fd --extension kt

Length of output: 53

.github/workflows/__build-mode-autobuild.yml (1)

57-57: Verify Kotlin setup requirements.

The addition of setup-kotlin: 'true' indicates that Kotlin support is now explicitly enabled. Ensure that this aligns with the project's requirements and does not introduce unnecessary dependencies.

Verification successful

Let's correct the command to search for Kotlin-related files and configurations in the repository.

---

Kotlin setup is justified.

The presence of the Kotlin file tests/multi-language-repo/main.kt indicates that enabling Kotlin support in the workflow is necessary and aligns with the project's requirements. No unnecessary dependencies are introduced by this change.

• Kotlin file found: tests/multi-language-repo/main.kt

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Test: Search for Kotlin-related files or configurations. Expect: Relevant Kotlin files or configurations.
rg --type kotlin

Length of output: 415

---

Script:

#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Corrected command to search for Kotlin files
rg --files | grep '\.kt$'

Length of output: 61

.github/workflows/__cpp-deptrace-disabled.yml (2)

31-31: Review matrix version change.

The matrix version has been changed from latest to linked. Ensure that this change is intentional and aligns with the desired version stability or specificity.

Verification successful

---

Matrix version change from latest to linked is intentional and documented.

The change from latest to linked is consistent with the documentation and configuration updates. The CHANGELOG.md indicates that tools: latest has been renamed to tools: linked, and this change is recommended for new workflows.

• Refer to CHANGELOG.md for more details on this update.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the impact of changing the matrix version from `latest` to `linked`.

# Test: Check for documentation or configuration files that specify the `linked` version. Expect: Relevant documentation or configurations.
rg 'linked'

Length of output: 299908

---

61-61: Confirm Kotlin setup necessity.

The addition of setup-kotlin: 'true' suggests that Kotlin support is now required. Verify that this change aligns with the project's requirements and does not introduce unnecessary dependencies.

Verification successful

---

Kotlin setup is justified.

The presence of Kotlin files and references in configuration files confirms that Kotlin support is necessary for this project. The addition of setup-kotlin: 'true' aligns with the project's requirements.

• Kotlin file found: tests/multi-language-repo/main.kt
• References in configuration files:
  • pr-checks/checks/language-aliases.yml
  • pr-checks/checks/export-file-baseline-information.yml

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Test: Search for Kotlin-related files or configurations. Expect: Relevant Kotlin files or configurations.
rg --type kotlin

Length of output: 415

---

Script:

#!/bin/bash
# Description: Verify if Kotlin setup is necessary by checking for Kotlin-related files or configurations.

# Search for Kotlin files by extension
fd --extension kt

# Search for Kotlin-related keywords in configuration files
rg 'kotlin' --glob '*.gradle' --glob '*.kts' --glob '*.yaml' --glob '*.yml'

Length of output: 353

.github/workflows/__extractor-ram-threads.yml (2)

31-31: Update version to linked.

Changing the version from latest to linked suggests a move towards more stable and predictable builds. Ensure that the linked version is correctly configured and maintained.

Verification successful

---

Presence of version: linked confirmed.

The version: linked is present in the .github/workflows/__extractor-ram-threads.yml file as expected. Please ensure that this version is correctly configured and maintained for stability and predictability in builds.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the usage of `linked` version in the workflow templates.

# Test: Check if `linked` version is used consistently across workflow templates.
rg --type yaml 'version: linked'

Length of output: 34

---

Script:

#!/bin/bash
# Description: Verify the specific usage of `version: linked` in the given workflow file.

# Test: Check if `version: linked` is present in the specified workflow file.
rg 'version: linked' .github/workflows/__extractor-ram-threads.yml

Length of output: 96

---

57-57: Enable Kotlin setup.

The addition of setup-kotlin: 'true' indicates Kotlin setup is now required. Verify that this change aligns with the intended support for Kotlin in the workflow.

Verification successful

---

Kotlin setup is consistently integrated across workflows.

The addition of setup-kotlin: 'true' in the .github/workflows/__extractor-ram-threads.yml file aligns with the overall configuration for Kotlin support, as evidenced by its presence in multiple workflow files. This suggests a deliberate effort to include Kotlin in the workflow processes.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the impact of enabling Kotlin setup on the workflow.

# Test: Check for Kotlin-related configurations and ensure they are properly set up.
rg --type yaml 'setup-kotlin: true'

Length of output: 37

---

Script:

#!/bin/bash
# Description: Search for any Kotlin-related configurations or mentions in workflow files.

# Test: Look for 'kotlin' keyword in YAML files within the .github/workflows directory.
rg --type yaml 'kotlin' .github/workflows

Length of output: 3925

.github/workflows/__upload-ref-sha-input.yml (2)

61-61: Enable Kotlin setup.

Adding setup-kotlin: 'true' suggests Kotlin setup is now explicitly required. Ensure this aligns with the intended support for Kotlin in the workflow.

Verification successful

---

Kotlin setup alignment verified.

The addition of setup-kotlin: 'true' aligns with the intended support for Kotlin, as evidenced by multiple references to Kotlin configurations and logic across the codebase. The workflow change is consistent with existing Kotlin-related setups and tests.

• pr-checks/checks/language-aliases.yml: Contains Kotlin in language aliases.
• pr-checks/sync.py: Handles Kotlin setup conditionally.
• src/init-action.ts: Mentions disabling Kotlin analysis via feature flags.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the impact of enabling Kotlin setup on the workflow.

# Test: Check for Kotlin-related configurations and ensure they are properly set up.
rg --type yaml 'setup-kotlin: true'

Length of output: 37

---

Script:

#!/bin/bash
# Description: Search for Kotlin-related configurations or mentions across the repository.

# Search for any mention of Kotlin in YAML files to check for related configurations.
rg --type yaml 'kotlin' -i

# Additionally, search for Kotlin mentions in other common configuration files.
rg 'kotlin' -i

Length of output: 5474

---

71-71: Removal of upload-database input.

The removal of the upload-database input from the analyze action may affect how databases are handled. Verify that this change does not disrupt the workflow's intended functionality.

.github/workflows/__config-input.yml (2)

57-57: Enable Kotlin setup.

The addition of setup-kotlin: 'true' indicates Kotlin setup is now required. Verify that this change aligns with the intended support for Kotlin in the workflow.

Verification successful

---

Kotlin setup verification complete.

The addition of setup-kotlin: 'true' aligns with existing Kotlin-related configurations in the workflow, confirming the intended support for Kotlin. No further action is required.

• Kotlin is mentioned in language lists and associated with build.gradle in several workflow files.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the impact of enabling Kotlin setup on the workflow.

# Test: Check for Kotlin-related configurations and ensure they are properly set up.
rg --type yaml 'setup-kotlin: true'

Length of output: 37

---

Script:

#!/bin/bash
# Description: Search for Kotlin-related configurations and dependencies in YAML workflow files.

# Check for any Kotlin-related keywords in YAML files to ensure proper setup.
rg --type yaml 'kotlin|gradle|kotlinc'

Length of output: 427

---

31-31: Update version to linked.

Changing the version from latest to linked suggests a move towards more stable and predictable builds. Ensure that the linked version is correctly configured and maintained.

lib/resolve-environment.js (2)

26-26: Export change approved.

The direct export of runResolveBuildEnvironment clarifies module exports.

---

43-46: Verify the removal of the version check.

The removal of the version check for CodeQL compatibility assumes that all environments are suitable. Ensure that this change does not introduce compatibility issues.

Verification successful

---

Version check for language aliasing remains intact.

The version check for CodeQL compatibility regarding language aliasing is still present in lib/resolve-environment.js. This ensures that the appropriate language input is used based on the CodeQL version, mitigating potential compatibility issues. The removal of another version check does not appear to introduce any new compatibility concerns.

• The version check at lib/resolve-environment.js ensures compatibility with language aliasing.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that the removal of the version check does not affect compatibility.

# Test: Search for usage of `codeQlVersionAtLeast` to ensure no other dependencies on this check exist.
rg --type js 'codeQlVersionAtLeast'

Length of output: 2429

---

Script:

#!/bin/bash
# Examine the context around the usage of `codeQlVersionAtLeast` in `lib/resolve-environment.js`
rg --type js -A 5 -B 5 'codeQlVersionAtLeast' lib/resolve-environment.js

Length of output: 811

.github/workflows/__swift-autobuild.yml (4)

6-6: Job name change approved.

The update to "Swift analysis using autobuild" accurately reflects the new focus of the workflow.

---

25-32: Matrix configuration change approved.

The simplification to "macos-latest" and "nightly-latest" aligns with the Swift focus and reduces complexity.

---

61-70: Swift setup steps approved.

The addition of Swift setup and working directory check ensures proper environment configuration for analysis.

---

76-83: Database check step approved.

The validation step ensures that a Swift database is created, which is essential for verifying the analysis process.

.github/workflows/__build-mode-rollback.yml (2)

57-57: Kotlin setup addition approved.

The addition of setup-kotlin: 'true' aligns with the enhanced support for Kotlin in the workflow.

---

57-57: Verify the impact of removing Java agent configuration.

The removal of CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN may affect Java analysis. Ensure this change does not introduce issues.

lib/start-proxy-action-post.js (3)

2-24: Custom module binding functions are well-implemented.

These functions ensure compatibility with different module systems.

Tools

Biome

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

31-35: Imports are correctly structured and necessary.

The imports are essential for the functionality provided in this file.

---

55-55: Appropriate usage of void for async function invocation.

The use of void is correct to suppress unhandled promise rejections.

.github/workflows/__swift-custom-build.yml (2)

31-31: Change to specific versioning strategy is beneficial.

Switching from latest to linked enhances consistency and reliability in the workflow.

---

61-61: Explicit Kotlin setup improves clarity.

Adding setup-kotlin: 'true' ensures that Kotlin is set up explicitly, clarifying workflow requirements.

.github/workflows/debug-artifacts-failure.yml (1)

37-37: Switch to specific versioning enhances consistency.

Changing the version from latest to linked ensures a stable testing environment.

.github/workflows/__autobuild-direct-tracing.yml (2)

31-33: Approved: Use of version: linked.

Switching from latest to linked for the version parameter can improve build stability by ensuring a consistent environment across runs.

---

63-63: Approved: Kotlin setup enabled.

Setting setup-kotlin to true ensures that Kotlin is properly configured, which is essential for Kotlin-based projects.

.github/workflows/__submit-sarif-failure.yml (3)

31-31: Approved: Use of version: linked.

Switching from latest to linked for the version parameter can improve build stability by ensuring a consistent environment across runs.

---

61-61: Approved: Kotlin setup enabled.

Setting setup-kotlin to true ensures that Kotlin is properly configured, which is essential for Kotlin-based projects.

---

66-66: Approved: Dynamic tools configuration.

Referencing the tools parameter from a previous step's output enhances flexibility and maintainability in the workflow.

.github/workflows/debug-artifacts.yml (4)

25-31: Approved: Updated job matrix versions.

The addition of stable-v2.17.6 and removal of latest focuses on specific stable versions, enhancing compatibility and reliability.

---

37-37: Approved: Change to runs-on: ubuntu-latest.

Switching the runs-on environment to ubuntu-latest aligns with the focus on supported languages on Ubuntu, potentially improving compatibility.

---

56-57: Approved: Exclusion of Swift from languages.

Excluding Swift from the languages list reflects a decision to focus on supported languages on Ubuntu, aligning with platform compatibility.

---

74-74: Approved: Update to VERSIONS variable.

Including stable-v2.17.6 in the VERSIONS variable ensures comprehensive artifact verification, maintaining consistency across the workflow.

.github/actions/prepare-test/action.yml (4)

5-5: Description Update Approved for version Input.

The change to include "linked" as a valid option in the description aligns with the updated logic in the runs section.

---

11-14: Addition of setup-kotlin Input Approved.

The new setup-kotlin input parameter enhances the workflow by allowing conditional Kotlin setup, with sensible defaults.

---

57-58: Logic Update for linked Version Approved.

The updated logic correctly handles the "linked" version, ensuring consistency with the input description.

---

66-69: Conditional Kotlin Setup Step Approved.

The addition of the fwilhe2/setup-kotlin step, conditional on the setup-kotlin input, is correctly implemented and enhances the workflow.

.github/workflows/__go-indirect-tracing-workaround.yml (1)

57-57: Addition of setup-kotlin Input Approved.

The inclusion of the setup-kotlin input parameter aligns with the workflow's objectives and enhances its configurability.

.github/workflows/__go-tracing-legacy-workflow.yml (3)

46-49: Matrix Version Updates Approved.

The addition of new stable versions and removal of outdated ones aligns with the workflow's testing objectives.

---

55-57: Change from latest to linked Version Approved.

The update from latest to linked for the default version aligns with the workflow's dependency resolution strategy.

---

87-87: Addition of setup-kotlin Input Approved.

The inclusion of the setup-kotlin input parameter aligns with the workflow's objectives and enhances its configurability.

.github/workflows/__resolve-environment-action.yml (4)

82-82: Conditional language setup.

The conditional setup for languages based on the version is a good practice. Ensure that all required languages are included for each version.

---

97-104: Conditional check for JavaScript/TypeScript configuration.

The conditional check ensures that JavaScript/TypeScript configurations are only present for specific versions. This is a correct approach to maintain compatibility.

---

31-35: Update version numbers to stable-v2.13.5 and linked.

The version numbers have been updated to stable-v2.13.5 and linked. Ensure that all dependencies and configurations are compatible with these versions.

Also applies to: 43-47

Verification successful

---

Version update to stable-v2.13.5 is consistent and without issues.

The version stable-v2.13.5 is consistently used across the configuration files, and there are no indications of compatibility problems or specific changes related to this update. The transition appears to be smooth and correctly implemented.

• The old version stable-v2.13.4 is no longer referenced.
• No comments or notes suggest any issues with stable-v2.13.5.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify compatibility of updated version numbers.

# Test: Check for any references to the old version `stable-v2.13.4`.
rg --type yaml 'stable-v2.13.4'

Length of output: 31

---

Script:

#!/bin/bash
# Description: Verify consistency and any notes regarding `stable-v2.13.5`.

# Test: Check for any references to the new version `stable-v2.13.5`.
rg --type yaml 'stable-v2.13.5' -A 2

# Test: Check for any notes or comments regarding version changes.
rg --type yaml '#.*version' -A 2

Length of output: 3284

---

79-79: Set up Kotlin explicitly.

The setup-kotlin: 'true' parameter is added, indicating explicit Kotlin setup. Ensure that this setup is required and correctly configured in the workflow.

Verification successful

---

Kotlin setup is necessary and correctly configured.

The repository contains Kotlin code, and the setup-kotlin: 'true' configuration is consistently used across multiple GitHub Actions workflows. This indicates that the Kotlin setup is required and appropriately configured for the workflows.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the necessity and correctness of Kotlin setup.

# Test: Check for any Kotlin-related configurations or dependencies.
rg --type yaml 'setup-kotlin'

Length of output: 29

---

Script:

#!/bin/bash
# Search for Kotlin-related files in the repository.
fd --extension kt

# Search for any Kotlin-related configurations in all YAML files.
rg --type yaml 'kotlin'

# Search for any references to Kotlin in GitHub Actions workflows.
rg --type yaml 'kotlin' .github/workflows/

Length of output: 4228

.github/workflows/__split-workflow.yml (2)

31-33: Consider implications of version change to linked.

The versioning for ubuntu-latest and macos-latest has been changed from latest to linked. Ensure that this change aligns with the project's stability and compatibility requirements.

Verification successful

---

The change to linked versioning aligns with project goals.

The use of linked specifies that the tools or environments used are consistent with the version of the Action, as noted in the CHANGELOG.md. This change likely enhances compatibility and stability, aligning with the project's requirements. No further documentation was found discussing additional implications.

• Refer to CHANGELOG.md for more details on the linked versioning.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the impact of changing versioning to `linked`.

# Test: Search for documentation or discussions on the implications of using `linked` versions.
rg --type md 'linked' README.md

Length of output: 31

---

Script:

#!/bin/bash
# Description: Search for mentions of `linked` in markdown and YAML files to understand its implications.

# Search for `linked` in all markdown and YAML files.
rg 'linked' --type md --type yaml

Length of output: 7104

---

67-67: Ensure Kotlin setup is necessary.

The setup-kotlin: 'true' parameter has been added. Verify that Kotlin setup is required for this workflow, as it primarily deals with JavaScript projects.

.github/workflows/__remote-config.yml (3)

103-103: Ensure Kotlin setup is necessary.

The setup-kotlin: 'true' parameter has been added. Verify that Kotlin setup is required for this workflow, as it primarily deals with multiple languages.

---

67-71: Consider implications of version change to linked.

The versioning for ubuntu-latest, macos-latest, and windows-latest has been changed from latest to linked. Ensure that this change aligns with the project's stability and compatibility requirements.

Verification successful

---

Version change to linked aligns with stability goals

The change from latest to linked for versioning in the GitHub Actions workflow is intended to ensure that the tools used are consistent with the version of the Action, as mentioned in the CHANGELOG.md. This approach can enhance stability by preventing unexpected updates. Ensure this aligns with your project's specific stability and compatibility requirements.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the impact of changing versioning to `linked`.

# Test: Search for documentation or discussions on the implications of using `linked` versions.
rg --type md 'linked' README.md

Length of output: 31

---

Script:

#!/bin/bash
# Description: Search for the term 'linked' in all markdown files to find any documentation.
rg --type md 'linked'

# Description: Search for the term 'linked' in all GitHub Actions workflow files to understand its usage.
rg 'linked' .github/workflows/

Length of output: 10081

---

54-59: Review new OS versions for compatibility.

New OS versions stable-v2.17.6 have been added. Ensure these versions are compatible with the project's requirements and dependencies.

.github/workflows/__go-custom-queries.yml (2)

54-59: Matrix version updates look good.

The updates to include stable-v2.17.6 and replace latest with linked ensure compatibility with recent versions and maintain a stable environment.

Also applies to: 67-71

---

103-103: Addition of setup-kotlin is appropriate.

The inclusion of setup-kotlin: 'true' likely improves the Kotlin setup process in the workflow.

.github/workflows/codeql.yml (4)

44-44: Update to tools: linked is appropriate.

Switching from latest to linked provides a more controlled environment for CodeQL tools.

---

66-66: Update to VERSIONS_JSON is appropriate.

Including linked ensures tests are run with both default and linked bundles, enhancing test coverage.

---

78-78: OS matrix update to include macos-14 is beneficial.

This addition enhances compatibility and expands the environments for CodeQL analysis.

---

100-101: Addition of category parameter is appropriate.

Specifying the language with category: "/language:javascript" adds clarity to the workflow.

.github/workflows/__go-tracing-autobuilder.yml (2)

46-49: Matrix version updates look good.

The updates to include stable-v2.17.6 and replace latest with linked ensure compatibility with recent versions and maintain a stable environment.

Also applies to: 55-57

---

87-87: Addition of setup-kotlin is appropriate.

The inclusion of setup-kotlin: 'true' likely improves the Kotlin setup process in the workflow.

.github/workflows/__packaging-config-js.yml (2)

73-73: Kotlin setup added.

The setup-kotlin: 'true' parameter has been added to the configuration. Ensure that this setup is necessary and correctly configured for Kotlin-related tasks.

---

31-35: Ensure compatibility with linked versions.

The matrix version has been changed from latest to linked for multiple operating systems. This change aims to ensure compatibility with specific versions. Verify that the linked versions are correctly defined and compatible with your dependencies.

Verification successful

---

Ensure compatibility with linked versions is verified.

The linked version is a special value used to specify the version of the CodeQL tools, as mentioned in init/action.yml. This aligns with ensuring compatibility with specific versions of the CodeQL CLI, as indicated by comments in other YAML files. The review comment is accurate in its suggestion to verify compatibility with linked versions.

• init/action.yml: Mentions linked as a special value for CodeQL tools.
• Other YAML files use linked for versioning, with comments about compatibility.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify that the 'linked' versions are correctly defined and compatible.

# Check if the linked versions are specified in the workflow files.
rg --type yaml 'version: linked'

Length of output: 34

---

Script:

#!/bin/bash
# Search for occurrences of 'linked' across the repository to find any definitions or references.
rg 'linked'

Length of output: 299908

---

Script:

#!/bin/bash
# Search for occurrences of 'linked' specifically within YAML files to find any definitions or references related to GitHub Actions workflows.
rg 'linked' --type yaml

Length of output: 3476

.github/workflows/__packaging-config-inputs-js.yml (2)

31-35: Ensure compatibility with linked versions.

The matrix version has been changed from latest to linked for multiple operating systems. This change aims to ensure compatibility with specific versions. Verify that the linked versions are correctly defined and compatible with your dependencies.

---

73-73: Kotlin setup added.

The setup-kotlin: 'true' parameter has been added to the configuration. Ensure that this setup is necessary and correctly configured for Kotlin-related tasks.

.github/workflows/__packaging-inputs-js.yml (2)

31-35: Ensure compatibility with linked versions.

The matrix version has been changed from latest to linked for multiple operating systems. This change aims to ensure compatibility with specific versions. Verify that the linked versions are correctly defined and compatible with your dependencies.

---

73-73: Kotlin setup added.

The setup-kotlin: 'true' parameter has been added to the configuration. Ensure that this setup is necessary and correctly configured for Kotlin-related tasks.

.github/workflows/__packaging-codescanning-config-inputs-js.yml (2)

31-35: Use stable environment versions.

Changing version: latest to version: linked indicates a move towards more stable and controlled environments, which can improve build consistency.

---

73-73: Ensure Kotlin setup is necessary.

Adding setup-kotlin: 'true' explicitly sets up Kotlin, which could impact the build process if Kotlin dependencies are involved. Ensure this is necessary for your project.

.github/workflows/__config-export.yml (2)

31-35: Use stable environment versions.

The update from version: latest to version: linked for the OS matrix helps maintain build consistency by using stable versions.

---

67-67: Verify the need for Kotlin setup.

The addition of setup-kotlin: 'true' suggests a focus on Kotlin support. Verify that this setup is required for your project.

.github/workflows/__go-tracing-custom-build-steps.yml (3)

46-49: Update to newer stable versions.

Including stable-v2.17.6 for both Ubuntu and macOS ensures using the latest stable features and improvements.

---

55-57: Use stable environment versions.

Switching to version: linked from version: latest enhances stability and consistency across builds.

---

87-87: Confirm Kotlin setup necessity.

Adding setup-kotlin: 'true' implies Kotlin dependencies. Confirm that this is required for your Go project.

.github/workflows/__with-checkout-path.yml (2)

31-35: Good practice: Use specific versions instead of latest.

Changing the matrix version from latest to linked enhances consistency and predictability across CI runs.

---

61-61: Explicit Kotlin setup is beneficial.

Adding setup-kotlin: 'true' ensures that Kotlin dependencies are managed properly, enhancing the build process.

.github/workflows/__init-with-registries.yml (2)

37-41: Good practice: Use specific versions instead of latest.

Changing the matrix version from latest to linked enhances consistency and predictability across CI runs.

---

74-74: Explicit Kotlin setup is beneficial.

Adding setup-kotlin: 'true' ensures that Kotlin dependencies are managed properly, enhancing the build process.

lib/diagnostics.js (3)

6-9: Improved export organization.

Reordering export statements enhances readability and maintainability without altering functionality.

---

41-43: Enhanced robustness in addDiagnostic.

The updated logic for determining databasePath ensures correct path setting even when language is not specified, preventing potential errors.

---

63-66: Consistent path determination in writeDiagnostic.

Using the newly defined databasePath for diagnosticsPath computation maintains consistency and reinforces the updated logic.

eslint.config.mjs (3)

25-34: Review ignored files and directories.

Ensure that the ignored files and directories are correct and necessary for your project setup. This list includes common directories like lib, tests, and .github.

---

36-45: Check compatibility with extended configurations.

The compat.extends function is used to extend configurations. Verify that these configurations are compatible with your codebase.

---

80-133: Review ESLint rules for potential improvements.

The rules section contains various configurations. Ensure these rules align with your project's coding standards and consider adjusting them if necessary.

lib/database-upload.js (2)

26-26: Export statement updated for clarity.

The export statement now directly references the uploadDatabases function, which is a good practice for clarity and maintainability.

---

38-41: Test mode check added to uploadDatabases.

The addition of a test mode check is a beneficial change to prevent unnecessary uploads during testing. Ensure that this mode is correctly set and used in your testing environment.

lib/tracer-config.js (3)

35-47: Function shouldEnableIndirectTracing simplified.

The logic in shouldEnableIndirectTracing has been simplified by removing the features parameter and focusing on build mode conditions. This enhances clarity and maintainability.

---

Line range hint 58-75:
Function endTracingForCluster updated.

The function has been updated to remove the features parameter, aligning with the changes in shouldEnableIndirectTracing. Ensure that this change does not affect other parts of the codebase that might rely on the features parameter.

---

Line range hint 87-104:
Function getCombinedTracerConfig streamlined.

The removal of the features parameter from getCombinedTracerConfig simplifies the function. Check for any dependencies on the features parameter elsewhere in the codebase.

.github/workflows/pr-checks.yml (4)

66-66: Verify conditional logic for check-file-contents.

Ensure that the conditional logic correctly reflects the desired execution conditions. The current condition prevents execution on non-main branches unless they start with releases/v.

---

91-91: Verify conditional logic for npm-test.

Ensure that the conditional logic correctly reflects the desired execution conditions. The current condition prevents execution on non-main branches unless they start with releases/v.

---

55-55: Verify conditional logic for check-node-modules.

Ensure that the conditional logic correctly reflects the desired execution conditions. The current condition prevents execution on non-main branches unless they start with releases/v.

Verification successful

---

Conditional Logic for check-node-modules is Correctly Implemented

The conditional logic in the workflow file matches the intended behavior described in the review comment. The job is configured to run on events other than push, on the main branch, and on branches starting with releases/v. No changes are necessary.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the conditional logic for `check-node-modules`.

# Test: Search for all instances of `check-node-modules` in the workflow file.
# Expect: The if condition matches the intended workflow behavior.
rg --type yaml 'check-node-modules'

Length of output: 35

---

Script:

#!/bin/bash
# Description: Search for the conditional logic snippet in the workflow file to gather more context.
rg --type yaml 'if: github.event_name != '\''push'\'' || github.ref == '\''refs/heads/main'\'' || startsWith(github.ref, '\''refs/heads/releases/v'\'')' .github/workflows/pr-checks.yml -A 5

Length of output: 5351

---

111-111: Verify conditional logic for check-node-version.

The condition has been simplified, but ensure it aligns with the intended workflow behavior. The job now runs only for pull requests.

Verification successful

---

Conditional Logic Verified for check-node-version

The check-node-version job is correctly configured to run only on pull request events with the condition if: github.event.pull_request. This aligns with the intended workflow behavior. No issues found.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the conditional logic for `check-node-version`.

# Test: Search for all instances of `check-node-version` in the workflow file.
# Expect: The if condition matches the intended workflow behavior.
rg --type yaml 'check-node-version'

Length of output: 35

---

Script:

#!/bin/bash
# Description: Search for any jobs or steps related to node version checks in the workflow file.

# Test: Search for any references to node version checks in the workflow file.
rg --type yaml 'node' .github/workflows/pr-checks.yml -A 5

Length of output: 3014

lib/tracer-config.test.js (3)

70-70: Verify removal of third argument in getCombinedTracerConfig.

Ensure that the removal of (0, testing_utils_1.createFeatures)([]) does not affect the test logic or outcomes. Verify that the function handles the change correctly.

---

105-105: Verify removal of third argument in getCombinedTracerConfig.

Ensure that the removal of (0, testing_utils_1.createFeatures)([]) does not affect the test logic or outcomes. Verify that the function handles the change correctly.

---

49-49: Verify removal of third argument in getCombinedTracerConfig.

Ensure that the removal of (0, testing_utils_1.createFeatures)([]) does not affect the test logic or outcomes. Verify that the function handles the change correctly.

Verification successful

---

Removal of Third Argument in getCombinedTracerConfig Verified

The function getCombinedTracerConfig is correctly defined to accept only two arguments, codeql and config. The test cases have been updated to match this signature, and the logic within the function does not depend on a third argument. Therefore, the removal does not affect the test logic or outcomes.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the impact of removing the third argument in `getCombinedTracerConfig`.

# Test: Search for all instances of `getCombinedTracerConfig` in the test file.
# Expect: The function calls match the new signature and tests pass without the third argument.
rg --type js 'getCombinedTracerConfig'

Length of output: 1219

---

Script:

#!/bin/bash
# Extract the implementation of `getCombinedTracerConfig` to verify how it handles the absence of the third argument.
ast-grep --lang javascript --pattern 'async function getCombinedTracerConfig($_, $_) { $$$ }'

Length of output: 1664

.github/workflows/__unset-environment.yml (3)

76-77: Verify exclusion of Swift on Ubuntu.

Ensure that the exclusion of Swift from the supported languages list aligns with the intended testing strategy on Ubuntu.

Verification successful

---

Swift is correctly excluded from the supported languages on Ubuntu.

The unset-environment.yml file does not list Swift among the supported languages, aligning with the intended testing strategy on Ubuntu. Other YAML files do include Swift, indicating its use in different contexts or environments. No further action is needed.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the exclusion of Swift from the supported languages on Ubuntu.

# Test: Search for all instances of `languages` in the workflow file.
# Expect: Swift is excluded from the list for Ubuntu.
rg --type yaml 'languages'

Length of output: 5254

---

71-71: Verify Kotlin setup configuration.

Ensure that the setup-kotlin parameter is correctly configured for the new environment. Confirm that it aligns with the intended testing strategy.

Verification successful

---

Kotlin setup configuration appears consistent across workflows.

The setup-kotlin parameter is consistently set to 'true' in multiple workflow files, including .github/workflows/__unset-environment.yml. This suggests alignment with a common configuration strategy. If further verification against specific testing requirements is necessary, a manual review is recommended.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the `setup-kotlin` configuration in the workflow file.

# Test: Search for all instances of `setup-kotlin` in the workflow file.
# Expect: The configuration aligns with the intended testing strategy.
rg --type yaml 'setup-kotlin'

Length of output: 29

---

Script:

#!/bin/bash
# Description: Search for `setup-kotlin` in all files to verify its presence and configuration.

# Test: Search for all instances of `setup-kotlin` in the entire repository.
# Expect: To find the configuration and verify its correctness.
rg 'setup-kotlin' --hidden --glob '!.git/**'

Length of output: 4049

---

30-44: Verify job matrix changes.

Ensure that the job matrix changes align with the intended testing strategy. The shift to ubuntu-latest and the specified versions should be confirmed to meet testing requirements.

Verification successful

---

Job matrix changes verified successfully.

The job matrix in .github/workflows/__unset-environment.yml includes a comprehensive range of versions, from stable releases to the latest nightly build. This aligns well with a robust testing strategy aimed at ensuring compatibility across different stages of software release.

• Versions included: stable-v2.13.5, stable-v2.14.6, stable-v2.15.5, stable-v2.16.6, stable-v2.17.6, default, linked, and nightly-latest.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the job matrix changes in the workflow file.

# Test: Search for all instances of `ubuntu-latest` in the workflow file.
# Expect: The job matrix aligns with the intended testing strategy and includes all necessary versions.
rg --type yaml 'ubuntu-latest'

Length of output: 30

---

Script:

#!/bin/bash
# Verify the existence of the .github/workflows/__unset-environment.yml file and search for 'ubuntu-latest' in it.

# Check if the file exists
if [ -f ".github/workflows/__unset-environment.yml" ]; then
  # Search for 'ubuntu-latest' in the file
  rg 'ubuntu-latest' .github/workflows/__unset-environment.yml
else
  echo "File .github/workflows/__unset-environment.yml does not exist."
fi

Length of output: 355

---

Script:

#!/bin/bash
# Extract context around 'ubuntu-latest' entries to verify associated versions in the workflow file.

# Show 3 lines of context around each match to capture associated versions
rg 'ubuntu-latest' .github/workflows/__unset-environment.yml -C 3

Length of output: 696

.github/workflows/__diagnostics-export.yml (4)

67-67: Verify Kotlin setup.

The setup-kotlin parameter is set to 'true'. Ensure this change is intentional and that Kotlin is required for the workflow.

Verification successful

---

Kotlin setup is intentional and consistent across workflows.

The setup-kotlin: 'true' parameter is used in multiple workflow files, indicating that Kotlin setup is a common requirement. This suggests that the change is intentional and aligns with the overall configuration strategy. No further action is needed.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the usage of `setup-kotlin` in the workflow.

# Test: Check for `setup-kotlin` parameter usage in the workflow file.
rg --type yaml $'setup-kotlin: \'true\''

Length of output: 45

---

Script:

#!/bin/bash
# Description: Re-verify the usage of `setup-kotlin` in the workflow files.

# Test: Search for any instances of `setup-kotlin` in the .github/workflows directory.
rg 'setup-kotlin' .github/workflows

Length of output: 3681

---

31-35: Simplify the job matrix.

The job matrix now uses a single linked version entry for each OS. Ensure this change aligns with your versioning strategy and does not omit necessary test cases.

---

78-84: Streamline diagnostic addition.

The diagnostic addition step has been streamlined to a single entry. Ensure this meets your diagnostic requirements and does not omit necessary diagnostics.

Verification successful

---

Streamlined diagnostic addition confirmed.

The diagnostic addition step has been successfully streamlined to a single entry in the repository, as indicated by the review comment. There are no other occurrences of the database add-diagnostic command.

• Location: pr-checks/checks/diagnostics-export.yml

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the diagnostic addition step in the workflow.

# Test: Check for the diagnostic addition command in the workflow file.
rg --type yaml $'database add-diagnostic'

Length of output: 129

---

Script:

#!/bin/bash
# Description: Search for all occurrences of the `database add-diagnostic` command in the repository.

rg 'database add-diagnostic'

Length of output: 117

---

104-107: Check status page notification logic.

Ensure the expected message in the status page notification matches the actual output. This is crucial for accurate diagnostic reporting.

Verification successful

---

Status page notification logic is correctly implemented.

The logic to verify the expected message in the status page notification is present and functioning as intended. The code checks if the message text matches the expected value and sets a failure if it does not. No issues were found with this logic.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the status page notification logic in the workflow.

# Test: Check the expected message in the status page notification logic.
rg --type javascript $'Expected the status page diagnostic to have the message'

Length of output: 115

---

Script:

#!/bin/bash
# Description: Verify the status page notification logic in the workflow.

# Test: Check the expected message in the status page notification logic.
rg 'Expected the status page diagnostic to have the message' .github/workflows/__diagnostics-export.yml -A 5

Length of output: 478

.github/workflows/__multi-language-autodetect.yml (3)

154-155: Check Swift language autodetection condition.

The condition for Swift language autodetection is now specific to macOS. Ensure this change aligns with your platform requirements and does not exclude necessary cases.

Verification successful

---

Swift language autodetection condition is appropriate.

The condition for Swift language autodetection being specific to macOS is justified by the comment in the workflow file, which states that Swift is not supported on Ubuntu. This aligns with platform requirements and does not exclude necessary cases.

• Comment in pr-checks/checks/multi-language-autodetect.yml explains the exclusion of Swift on Ubuntu.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the Swift language autodetection condition in the workflow.

# Test: Check the condition for Swift language autodetection in the workflow file.
rg --type yaml $'runner.os == \'macOS\''

Length of output: 197

---

Script:

#!/bin/bash
# Description: Search for comments or documentation related to the Swift language autodetection condition in the workflow file.

# Search for comments in the workflow file for context on the macOS condition.
rg --type yaml --context 5 'runner.os == '\''macOS'\''' pr-checks/checks/multi-language-autodetect.yml

Length of output: 1018

---

31-61: Expanded job matrix for multiple versions.

The job matrix now includes multiple stable versions for macOS and Ubuntu. Ensure these versions are necessary and align with your testing strategy.

Verification successful

---

Expanded job matrix confirmed

The .github/workflows/__multi-language-autodetect.yml file indeed includes multiple stable versions for macOS and Ubuntu as part of the job matrix. This aligns with the review comment's observation about the expanded job matrix. Ensure these versions are necessary for your testing strategy.

• Versions included: stable-v2.13.5, stable-v2.14.6, stable-v2.15.5, stable-v2.16.6, stable-v2.17.6

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the expanded job matrix in the workflow.

# Test: Check for the presence of multiple stable versions in the workflow file.
rg --type yaml $'version: stable-v'

Length of output: 36

---

Script:

#!/bin/bash
# Re-run the search for stable versions in the workflow file with a broader pattern.
rg --type yaml 'version: stable-v' -A 1

Length of output: 41

---

Script:

#!/bin/bash
# Directly view the contents of the specified workflow file to verify job matrix entries.
cat .github/workflows/__multi-language-autodetect.yml

Length of output: 6010

---

87-87: Verify Kotlin setup.

The setup-kotlin parameter is set to 'true'. Ensure this change is necessary for the workflow and that Kotlin is required.

lib/init.test.js (2)

53-68: Ensure comprehensive test coverage for cleanup.

The test cleanupDatabaseClusterDirectory cleans up where possible checks the cleanup process and logs. Ensure it covers all necessary scenarios for directory cleanup.

---

69-109: Validate error handling in cleanup tests.

The tests for error handling in cleanupDatabaseClusterDirectory ensure correct exceptions are thrown. Verify that all expected error scenarios are covered.

lib/debug-artifacts.js (2)

29-33: Export statements are well-placed after function definitions.

The export statements have been moved to after the function definitions, which improves code readability and logical flow.

---

58-58: Ensure the catch block handles JSON parsing errors.

The catch block logs a message if the matrix input cannot be parsed. Ensure that this is sufficient for your use case and consider logging the error for debugging purposes.

init/action.yml (1)

142-143: New output parameter codeql-version is correctly added.

The addition of the codeql-version output parameter enhances the action's functionality by providing additional information.

.github/workflows/codescanning-config-cli.yml (1)

31-33: LGTM! Ensure the impact on the CI/CD pipeline is verified.

The change from version: latest to version: linked can improve build consistency by using specific versions. Ensure that these linked versions are correctly configured and tested in your CI/CD pipeline.

lib/init.js (3)

26-32: LGTM! Export reordering and initCodeQL changes improve clarity and functionality.

The reordering of exports enhances code organization. The change in initCodeQL to use toolsDownloadStatusReport instead of toolsDownloadDurationMs likely provides more comprehensive reporting.

---

62-71: LGTM! Verify the impact of removing the features parameter.

The removal of the features parameter from runInit simplifies the function. Ensure that this change does not negatively impact other parts of the codebase that might rely on this parameter.

---

116-149: LGTM! The cleanupDatabaseClusterDirectory function adds valuable error handling.

The function enhances robustness by providing detailed error handling and feedback for different environments, improving reliability.

lib/autobuild.js (3)

26-33: LGTM! Export reordering and documentation link improvements enhance clarity and maintainability.

The reordering of exports improves code organization. Using a constant for documentation links in determineAutobuildLanguages ensures easier updates and better maintainability.

---

122-127: LGTM! Documentation link structure in setupCppAutobuild improves user experience.

The updated logging messages ensure users are directed to the correct documentation, enhancing clarity and usability.

---

136-143: LGTM! Verify the impact of removing the features parameter in runAutobuild.

The removal of the features parameter simplifies the function. Ensure that this change does not negatively impact other parts of the codebase that might rely on this parameter.

lib/setup-codeql.test.js (1)

118-122: LGTM! Verify the usage of the new structure in tests.

The restructuring of the statusReport object in the stubbed downloadCodeQL function enhances clarity. Ensure that the tests correctly utilize this new structure.

Verification successful

---

Verification Successful: New statusReport Structure Utilized in Tests

The restructuring of the statusReport object is correctly utilized in the tests. Assertions in test files confirm that the new structure is being checked for expected values.

• lib/setup-codeql.test.js: Direct usage of statusReport in test cases.
• lib/status-report.test.js: Assertions verifying statusReport properties.
• lib/trap-caching.test.js: Checks involving statusReport.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the usage of the new `statusReport` structure in tests.

# Test: Search for the usage of `statusReport`. Expect: Correct utilization in assertions.
rg --type js 'statusReport'

Length of output: 14170

---

Script:

#!/bin/bash
# Description: Search for `statusReport` usage in test files with context to verify correct utilization in assertions.
rg --type js 'statusReport' -A 5 -g '*test.js'

Length of output: 8498

lib/api-client.js (2)

30-41: Reordering of exports improves readability.

The reorganization of export statements enhances the clarity of the module's interface.

---

126-132: Verify the regex logic in getWorkflowRelativePath.

The regex check optimizes the function by reducing unnecessary API calls. Ensure that it correctly identifies invalid workflow URLs.

lib/init-action-post-helper.js (3)

26-28: Reordering of exports improves clarity.

The explicit assignment of exports enhances the module's interface clarity.

---

139-155: Verify enhancements in run function.

The new logic for cleaning up the database cluster directory improves resource management. Ensure that the error handling and conditions are correctly implemented.

Verification successful

---

Enhancements in run function verified successfully.

The logic for cleaning up the database cluster directory is well-implemented with appropriate error handling and condition checks. The use of a try-catch block ensures errors are logged without disrupting the flow, and the condition to check for a self-hosted runner is correctly applied.

• Confirmed the presence of fs.rmSync usage in lib/init-action-post-helper.js.
• Error handling and conditions are correctly implemented.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the enhancements in the `run` function.

# Test: Search for `fs.rmSync` usage. Expect: Correct error handling and conditions.
rg --type js 'fs.rmSync'

Length of output: 325

---

77-80: Verify changes in maybeUploadFailedSarif.

The simplification of the databaseExportDiagnostics call likely reflects a change in diagnostics processing. Ensure that the new logic is correct.

lib/fingerprints.js (3)

29-31: Export statements improved.

The export statements have been reordered and simplified, enhancing the readability of the module's interface.

---

203-203: Streamlined error handling.

The catch block now omits the unused error parameter, which is a good practice when the error object is not needed.

---

242-242: Improved logging with dynamic URL reference.

The logging message now uses a dynamic URL reference, enhancing maintainability.

lib/cli-errors.js (4)

3-5: Reordered export statements for better organization.

The export order of functions has been adjusted, improving code organization without altering functionality.

---

23-32: Consistent error message formatting.

The use of ensureEndsInPeriod ensures that fatal error messages are consistently formatted, which is a good practice.

---

74-74: Enhanced regex pattern for error detection.

The regex pattern now accommodates variations in the error message format, increasing robustness.

---

Line range hint 118-133:
Expanded error categorization.

The CliConfigErrorCategory enumeration and cliErrorsConfig object have been expanded, allowing for more granular categorization of CLI errors.

Also applies to: 142-231

lib/status-report.js (2)

26-31: Improved export structure.

The restructuring of exports enhances readability and clarity regarding the module's public API.

---

Line range hint 257-281:
Enhanced error logging.

The error handling in sendStatusReport has been refined with more descriptive logging messages, improving the debugging process.

lib/analyze-action.js (4)

Line range hint 111-138:
Simplified function signature.

The removal of the features parameter from runAutobuildIfLegacyGoWorkflow simplifies the function signature without affecting its logic.

---

173-173: Updated function call for consistency.

The function call to runAutobuildIfLegacyGoWorkflow has been updated to match its new signature, ensuring consistency.

---

189-189: Refactored upload function call.

The call to uploadLib.uploadFiles reflects an update in the upload mechanism, allowing it to utilize feature flags more effectively.

---

223-225: Improved error handling.

The consolidation of error handling using a ternary operator enhances code readability and reduces redundancy.

lib/init-action-post-helper.test.js (2)

318-322: Updated stub method and version.

The stub method for uploads has been updated to uploadFiles, and the CodeQL version has been updated to "2.17.6". These changes align the test with the updated functionality.

---

340-352: Adjusted test assertions.

The test assertions have been adjusted to verify the expected behavior of the updated uploadFiles method accurately.

lib/analyze.js (4)

54-59: Enhanced error handling in CodeQLAnalysisError.

The inclusion of an error parameter in the constructor allows for more detailed error information, enhancing error handling capabilities.

---

29-35: Restructured export statements for clarity.

The restructuring of export statements improves the readability and maintainability of the code.

---

189-189: Refined error handling in runQueries.

The refinement to wrap and pass the original error enhances the traceability of errors during query execution.

---

Line range hint 222-235:
Simplified function signature in runFinalize.

The removal of the features parameter simplifies the function signature, aligning with potential design changes.

lib/feature-flags.js (4)

49-49: Update Feature enum with new feature flag.

The Feature enum has been updated to include DisableCsharpBuildless. Ensure that this new feature flag is correctly integrated and used where applicable.

---

67-70: Add configuration for DisableCsharpBuildless.

The featureConfig object now includes a configuration for DisableCsharpBuildless. Verify that this configuration is correctly utilized in the application logic.

---

212-212: Simplify filtering logic in GitHubFeatureFlags.

The filtering logic in GitHubFeatureFlags has been simplified. Ensure that this change does not affect the intended behavior of the feature flag processing.

---

26-26: Verify removal of CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED.

The export for CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED has been removed. Ensure that any references to this export elsewhere in the codebase are also removed or updated.

Verification successful

---

Removal of CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED verified.

There are no remaining references to CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED in the codebase, confirming its successful removal.

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify removal of `CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED`.

# Test: Search for any remaining references to `CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED`.
rg --type javascript 'CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED'

Length of output: 102

---

Script:

#!/bin/bash
# Description: Verify removal of `CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED`.

# Test: Search for any remaining references to `CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED` with the correct file type.
rg --type js 'CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED'

Length of output: 59

lib/actions-util.js (4)

107-107: Simplify error handling in getCommitOid.

The error handling in getCommitOid has been simplified by removing the error parameter. This change improves clarity and reduces unnecessary variable declarations.

---

164-164: Simplify error handling in determineMergeBaseCommitOid.

The error handling in determineMergeBaseCommitOid has been simplified by removing the error parameter. This change improves clarity and reduces unnecessary variable declarations.

---

429-431: Add isSelfHostedRunner function.

The isSelfHostedRunner function has been added to check if the runner is self-hosted. Ensure that this function is used appropriately where needed.

---

26-39: Verify removal of multiple exports.

Several functions have been removed from the exports list. Ensure that these functions are not used elsewhere in the codebase or are accessed differently.

lib/init-action.js (6)

47-47: Update sendCompletedStatusReport function signature.

The function signature has been updated to replace toolsDownloadDurationMs with toolsDownloadStatusReport. Ensure that this change is reflected in all calls to this function.

---

61-63: Handle toolsDownloadStatusReport in status report.

The toolsDownloadStatusReport is now used to populate the tools_download_duration_ms field. Ensure that this object is correctly constructed and used.

---

86-103: Enhance status report with additional fields.

Additional fields such as packs, query_filters, and registries have been added to the status report. Verify that these fields are correctly populated and useful for reporting.

---

133-133: Update variable to toolsDownloadStatusReport.

The variable toolsDownloadDurationMs has been replaced with toolsDownloadStatusReport. Ensure that this change is consistent throughout the code.

---

206-220: Log CodeQL download telemetry.

The CodeQL download telemetry is now logged if toolsDownloadStatusReport is available. Ensure that this telemetry is useful for diagnostics and monitoring.

---

369-375: Update error handling in run function.

The error handling in the run function has been updated to accommodate the new status report structure. Ensure that errors are reported accurately.

lib/setup-codeql.js (3)

459-461: Ensure compatibility with semantic versioning.

The logic for determining the toolcache version has been updated to use semantic versioning. Verify that this aligns with the rest of the codebase and does not introduce inconsistencies.

---

Line range hint 369-430: Ensure proper handling of download and extraction durations.

The downloadCodeQL function now returns a statusReport object with download and extraction durations. Verify that this change is correctly handled in all places where the function is used.

---

Line range hint 480-503: Review the return structure of setupCodeQLBundle.

The function now returns a toolsDownloadStatusReport object. Ensure that all consumers of this function are updated to handle the new structure correctly.

lib/config-utils.js (2)

26-50: Review the restructuring of export statements.

The export statements have been restructured for clarity. Ensure that all necessary functions and constants are exported as intended and that there are no missing exports.

---

511-516: Security enhancement with parseRegistriesWithoutCredentials.

The new function processes registries without exposing credentials. Ensure that this function is used wherever registry parsing is required to enhance security.

Verification successful

---

Security enhancement verified for parseRegistriesWithoutCredentials.

The function parseRegistriesWithoutCredentials is used across the codebase, ensuring registry parsing without exposing credentials, as recommended.

• Files where it is used:
  • src/init-action.ts
  • lib/init-action.js

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify usage of `parseRegistriesWithoutCredentials`.

# Test: Search for registry parsing logic. Expect: Use of `parseRegistriesWithoutCredentials`.
rg --type javascript 'parseRegistries'

Length of output: 73

---

Script:

#!/bin/bash
# Description: Verify usage of `parseRegistriesWithoutCredentials`.

# Test: Search for usage of `parseRegistriesWithoutCredentials`.
rg 'parseRegistriesWithoutCredentials'

Length of output: 528

lib/codeql.test.js (12)

29-29: Export stubToolRunnerConstructor for testing.

The function stubToolRunnerConstructor is now exported, which is useful for testing purposes. Ensure that this change does not inadvertently expose the function in unintended contexts.

---

104-104: Verify download duration reporting in tests.

The test now checks for toolsDownloadStatusReport?.downloadDurationMs. Ensure that this change accurately reflects the updated logic and is consistent across all relevant tests.

---

121-121: Ensure semantic versioning in test assertions.

The test checks for semantic versioning in the toolcache. Verify that this aligns with the code changes and does not introduce inconsistencies.

---

139-139: Check for download duration reporting consistency.

The test ensures that toolsDownloadStatusReport?.downloadDurationMs is an integer. Verify that this check is consistent across all tests that involve download operations.

---

144-149: Update test cases for new tag names.

The test cases have been updated to reflect new tag names for explicitly requested bundles. Ensure that these updates are consistent with the changes in the main codebase.

---

153-165: Verify caching logic for requested bundles.

The test ensures that explicitly requested bundles are cached correctly. Verify that this logic aligns with the updated caching strategy in the codebase.

---

Line range hint 445-462: Test for qlconfig and code scanning config injection.

The test checks that both a qlconfig and a code scanning config are passed to the CLI. Ensure that this behavior is consistent with the intended functionality.

---

516-519: Check for new analysis summary flag in tests.

The test verifies the correct passing of the --new-analysis-summary flag. Ensure that this logic is consistent with the code changes and accurately reflects the intended behavior.

---

529-529: Enhance error reporting in tests.

The test captures and reports detailed error messages for fatal internal errors. Ensure that this enhancement improves the robustness of the test suite.

---

551-558: Summarize autobuilder errors in tests.

The test captures autobuilder errors and provides a summary. Ensure that this change enhances error reporting and aligns with the main codebase.

---

581-599: Recognize fatal internal errors in tests.

The test ensures that fatal internal errors are recognized and reported. Verify that this logic is consistent with the error handling improvements in the codebase.

---

616-621: Avoid duplicate flags in tests.

The test ensures that the --overwrite flag is not duplicated. Verify that this behavior is consistent with the intended functionality and does not introduce issues.

lib/config-utils.test.js (3)

767-784: Refactoring improves maintainability.

The consolidation of test cases into a loop reduces redundancy and enhances readability while maintaining the original test logic.

---

785-790: Refactoring maintains test logic.

The refactored loop structure preserves the original test intent and enhances code clarity.

---

791-801: Refactoring enhances readability.

The use of a loop to consolidate test cases maintains the original logic and improves code maintainability.

lib/codeql.js (6)

66-78: Version constants updated for compatibility.

The updates to CODEQL_MINIMUM_VERSION, CODEQL_NEXT_MINIMUM_VERSION, GHES_VERSION_MOST_RECENTLY_DEPRECATED, and GHES_MOST_RECENT_DEPRECATION_DATE ensure compatibility with the latest versions.

---

Line range hint 123-134: Improved reporting in setupCodeQL.

The change from toolsDownloadDurationMs to toolsDownloadStatusReport likely provides more detailed status information.

---

Line range hint 255-290: Simplified parameter management in databaseInitCluster.

The removal of the features parameter likely streamlines the function's interface.

---

Line range hint 468-511: Refined diagnostics handling in databaseInterpretResults.

The refined handling of diagnostics export improves the function's clarity and functionality.

---

284-286: Enhanced flexibility in getCodeQLForCmd.

The addition of overwriteFlag logic allows for dynamic selection of overwrite options, improving command execution flexibility.

---

33-36: Streamlined module API.

The removal of exports like getExtraOptions and others likely reflects a refactoring to streamline the module's public API.

.github/workflows/__export-file-baseline-information.yml (2)

61-61: Kotlin setup enabled.

The addition of setup-kotlin: 'true' explicitly enables Kotlin setup in the workflow. Ensure that this change integrates smoothly with other steps and doesn't introduce conflicts.

---

87-87: Refined Swift condition for macOS.

The condition for including Swift in the expected baseline languages now checks specifically for macOS. This change aligns with macOS compatibility requirements.

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml (3)

57-57: Kotlin setup enabled.

The addition of setup-kotlin: 'true' explicitly enables Kotlin setup in the workflow. Ensure that this change integrates smoothly with other steps and doesn't introduce conflicts.

---

Line range hint 20-20:
Streamlined version checks.

The version check for stable-20230403 has been removed, focusing on stable-v2.13.5 and stable-v2.14.6. Ensure that this change aligns with the intended workflow requirements.

---

12-12: Removed Kotlin-related environment variable.

The removal of CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN suggests a change in Kotlin handling. Ensure that this change aligns with the intended workflow requirements and doesn't introduce issues.

[coderabbitai]

Refactor to avoid assignment within an expression.

Assignments within expressions can be confusing. Consider separating the assignment from the expression.

-})(DocUrl || (exports.DocUrl = DocUrl = {}));
+})(DocUrl || (exports.DocUrl = (DocUrl = {})));

Committable suggestion was skipped due to low confidence.

Tools

Biome

[error] 15-15: The assignment should not be in an expression.

The use of assignments in expressions is confusing.
Expressions are often considered as side-effect free.

(lint/suspicious/noAssignInExpressions)

---

[error] 15-15: The assignment should not be in an expression.

The use of assignments in expressions is confusing.
Expressions are often considered as side-effect free.

(lint/suspicious/noAssignInExpressions)

[coderabbitai]

Remove redundant "use strict" directive.

In ES6 modules, the "use strict" directive is unnecessary because modules are always in strict mode.

-"use strict";

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"use strict";

Tools

Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[coderabbitai]

Reorder exports for clarity.

The export statement for isSupportedToolsFeature is now placed after its definition. This reordering enhances readability by aligning the export with its definition.

[coderabbitai]

Consider using optional chaining for improved readability.

Using optional chaining can make the code more concise and readable.

- if ((config && config.debugMode) || core.isDebug()) {
+ if ((config?.debugMode) || core.isDebug()) {

Also applies to: 47-47

Tools

Biome

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[coderabbitai]

Remove redundant "use strict" directive.

JavaScript modules are in strict mode by default, so this directive is unnecessary.

- "use strict";

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"use strict";

Tools

Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[coderabbitai]

Use regex literal instead of constructor.

Regular expression literals are preferred over the RegExp constructor for simplicity and better static analysis.

-            new RegExp("We were unable to automatically build your code"),
+            /We were unable to automatically build your code/,

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	new RegExp("We were unable to automatically build your code"),
	/We were unable to automatically build your code/,

Tools

Biome

[error] 144-144: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

[coderabbitai]

Remove the redundant 'use strict' directive.

The 'use strict' directive is unnecessary in JavaScript modules as they are in strict mode by default.

- "use strict";

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"use strict";

Tools

Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (2)

CHANGELOG.md (2)

11-11: Use en dashes for date ranges.

Consider using en dashes (–) instead of hyphens (-) for date ranges to improve readability and adhere to typographical standards.

- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024

- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024

- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024

- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024

- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024

- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024

- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024

- ## 3.25.9 - 12 Jun 2024
+ ## 3.25.9 – 12 Jun 2024

- ## 3.25.8 - 04 Jun 2024
+ ## 3.25.8 – 04 Jun 2024

- ## 3.25.7 - 31 May 2024
+ ## 3.25.7 – 31 May 2024

Also applies to: 16-16, 20-20, 24-24, 31-31, 36-36, 41-41, 45-45, 50-50, 54-54

Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

22-22: Add a comma for clarity.

Consider adding a comma after "production" for better readability.

- Do not use this in production as it is part of an internal experiment and subject to change at any time.
+ Do not use this in production, as it is part of an internal experiment and subject to change at any time.

Tools

LanguageTool

[uncategorized] ~22-~22: Possible missing comma found.
Context: .../dependabot-action). Do not use this in production as it is part of an internal experiment...

(AI_HYDRA_LEO_MISSING_COMMA)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 25ad3c8 and c4c3c44.

Files ignored due to path filters (7)

• node_modules/@eslint/js/package.json is excluded by !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/member-ordering.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/member-ordering.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-floating-promises.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/no-floating-promises.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map

Files selected for processing (2)

• CHANGELOG.md (1 hunks)
• lib/defaults.json (1 hunks)

Files skipped from review due to trivial changes (1)

• lib/defaults.json

Additional context used

LanguageTool

CHANGELOG.md

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[uncategorized] ~22-~22: Possible missing comma found.
Context: .../dependabot-action). Do not use this in production as it is part of an internal experiment...

(AI_HYDRA_LEO_MISSING_COMMA)

---

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~31-~31: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~50-~50: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~54-~54: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between c4c3c44 and da9ecb0.

Files ignored due to path filters (1)

• lib/init-action.js.map is excluded by !**/*.map

Files selected for processing (1)

• lib/init-action.js (13 hunks)

Additional comments not posted (4)

lib/init-action.js (4)

Line range hint 47-116:
Enhancement to status reporting mechanism.

The changes to the sendCompletedStatusReport function enhance the reporting mechanism by providing more detailed information through the toolsDownloadStatusReport object and additional fields like packs, query_filters, and registries. Ensure that these changes are correctly integrated and that any dependent code is updated accordingly.

---

133-133: Consistent replacement of toolsDownloadDurationMs.

The variable toolsDownloadDurationMs has been consistently replaced with toolsDownloadStatusReport. Ensure that this change is reflected throughout the codebase and that the new variable is used correctly.

---

208-232: Updated logic for Go and Swift analysis.

The logic for handling Go binaries and Swift analysis on Ubuntu runners has been updated. These changes ensure compatibility with current platform support and address specific configuration needs. Verify that these updates are correctly implemented and that they do not introduce any issues.

---

Line range hint 296-346:
Environment variable settings based on CodeQL version.

The logic for setting environment variables based on CodeQL version checks is correctly implemented. This ensures that the appropriate features are enabled or disabled based on the version in use. Verify that these settings align with the intended functionality and do not cause any unintended side effects.

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (1)

README.md (1)

38-38: Consider improving adjective order for clarity.

The sentence "We typically release new minor versions of the CodeQL Action and Bundle..." can be improved by adjusting the adjective order for better readability.

- We typically release new minor versions of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GHES) is released.
+ We typically release minor new versions of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GHES) is released.

Tools

LanguageTool

[style] ~38-~38: This is not the usual sequence for adjectives that have no special emphasis.
Context: ...Enterprise Server We typically release new minor versions of the CodeQL Action and Bundl...

(EN_ADJ_ORDER)

---

[style] ~38-~38: This is not the usual sequence for adjectives that have no special emphasis.
Context: ... of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GH...

(EN_ADJ_ORDER)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between da9ecb0 and 0d5982a.

Files selected for processing (1)

• README.md (1 hunks)

Additional context used

LanguageTool

README.md

[style] ~38-~38: This is not the usual sequence for adjectives that have no special emphasis.
Context: ...Enterprise Server We typically release new minor versions of the CodeQL Action and Bundl...

(EN_ADJ_ORDER)

---

[style] ~38-~38: This is not the usual sequence for adjectives that have no special emphasis.
Context: ... of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GH...

(EN_ADJ_ORDER)

Additional comments not posted (2)

README.md (2)

36-40: Terminology update approved. Verify consistency across the document.

The changes from "CLI" to "Bundle" are consistent with the updated terminology. Ensure that all references to "CLI" have been updated to "Bundle" throughout the document.

Tools

LanguageTool

[style] ~38-~38: This is not the usual sequence for adjectives that have no special emphasis.
Context: ...Enterprise Server We typically release new minor versions of the CodeQL Action and Bundl...

(EN_ADJ_ORDER)

---

[style] ~38-~38: This is not the usual sequence for adjectives that have no special emphasis.
Context: ... of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GH...

(EN_ADJ_ORDER)

---

43-47: Version updates approved. Verify version consistency.

The table updates align with the latest recommendations. Ensure that the version numbers are accurate and consistent with the latest releases.

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (11)

CHANGELOG.md (11)

11-11: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.

- ## 3.26.1 - 13 Aug 2024
+ ## 3.26.1 – 13 Aug 2024

Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

13-13: Consider using a hyphen for compound adjectives.

If "user facing" is intended as a compound adjective, use a hyphen.

- No user facing changes.
+ No user-facing changes.

Tools

LanguageTool

[uncategorized] ~13-~13: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

15-15: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.

- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024

Tools

LanguageTool

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

20-20: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.

- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024

Tools

LanguageTool

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

24-24: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.

- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024

Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

28-28: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.

- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024

Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

35-35: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.

- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024

Tools

LanguageTool

[typographical] ~35-~35: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

40-40: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.

- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024

Tools

LanguageTool

[typographical] ~40-~40: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

45-45: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.

- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024

Tools

LanguageTool

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

49-49: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.

- ## 3.25.9 - 12 Jun 2024
+ ## 3.25.9 – 12 Jun 2024

Tools

LanguageTool

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

54-54: Use an en dash for date ranges.

Consider using an en dash for date ranges to improve readability.

- ## 3.25.8 - 04 Jun 2024
+ ## 3.25.8 – 04 Jun 2024

Tools

LanguageTool

[typographical] ~54-~54: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 0d5982a and a93f8c2.

Files selected for processing (1)

• CHANGELOG.md (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~13-~13: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~35-~35: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~40-~40: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~54-~54: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (14)

CHANGELOG.md (14)

9-9: Consider using a hyphen for compound adjectives.

In "user facing changes," if this is a compound adjective, use a hyphen: "user-facing changes."

- No user facing changes.
+ No user-facing changes.

Tools

LanguageTool

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.2 - 14 Aug 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

11-11: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "14 Aug 2024."

- ## 3.26.2 - 14 Aug 2024
+ ## 3.26.2 – 14 Aug 2024

Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

15-15: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "13 Aug 2024."

- ## 3.26.1 - 13 Aug 2024
+ ## 3.26.1 – 13 Aug 2024

Tools

LanguageTool

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

17-17: Consider using a hyphen for compound adjectives.

In "user facing changes," if this is a compound adjective, use a hyphen: "user-facing changes."

- No user facing changes.
+ No user-facing changes.

Tools

LanguageTool

[uncategorized] ~17-~17: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

19-19: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "06 Aug 2024."

- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024

Tools

LanguageTool

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

24-24: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "26 Jul 2024."

- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024

Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

28-28: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "25 Jul 2024."

- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024

Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

32-32: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "19 Jul 2024."

- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024

Tools

LanguageTool

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

39-39: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "12 Jul 2024."

- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024

Tools

LanguageTool

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

44-44: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "28 Jun 2024."

- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024

Tools

LanguageTool

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

49-49: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "13 Jun 2024."

- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024

Tools

LanguageTool

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

53-53: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "12 Jun 2024."

- ## 3.25.9 - 12 Jun 2024
+ ## 3.25.9 – 12 Jun 2024

Tools

LanguageTool

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

58-58: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "04 Jun 2024."

- ## 3.25.8 - 04 Jun 2024
+ ## 3.25.8 – 04 Jun 2024

Tools

LanguageTool

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

62-62: Use an en dash for date ranges.

For consistency and readability, consider using an en dash for date ranges: "31 May 2024."

- ## 3.25.7 - 31 May 2024
+ ## 3.25.7 – 31 May 2024

Tools

LanguageTool

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between a93f8c2 and 5c681ef.

Files selected for processing (1)

• CHANGELOG.md (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.2 - 14 Aug 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~17-~17: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (11)

CHANGELOG.md (11)

11-11: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.

- ## 3.26.2 - 14 Aug 2024
+ ## 3.26.2 – 14 Aug 2024

Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

15-15: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.

- ## 3.26.1 - 13 Aug 2024
+ ## 3.26.1 – 13 Aug 2024

Tools

LanguageTool

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

19-19: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.

- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024

Tools

LanguageTool

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

24-24: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.

- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024

Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

28-28: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.

- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024

Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

32-32: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.

- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024

Tools

LanguageTool

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

39-39: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.

- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024

Tools

LanguageTool

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

44-44: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.

- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024

Tools

LanguageTool

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

49-49: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.

- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024

Tools

LanguageTool

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

53-53: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.

- ## 3.25.9 - 12 Jun 2024
+ ## 3.25.9 – 12 Jun 2024

Tools

LanguageTool

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

58-58: Use an en dash for date ranges.

Consider using an en dash for the date range to improve typographical consistency.

- ## 3.25.8 - 04 Jun 2024
+ ## 3.25.8 – 04 Jun 2024

Tools

LanguageTool

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 5c681ef and b187c86.

Files ignored due to path filters (1)

• lib/diagnostics.js.map is excluded by !**/*.map

Files selected for processing (2)

• CHANGELOG.md (1 hunks)
• lib/diagnostics.js (7 hunks)

Files skipped from review as they are similar to previous changes (1)

• lib/diagnostics.js

Additional context used

LanguageTool

CHANGELOG.md

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~17-~17: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (2)

CHANGELOG.md (2)

9-9: Consider using a hyphen for compound adjectives.

To improve clarity, consider using a hyphen in "user facing" to form "user-facing".

- No user facing changes.
+ No user-facing changes.

Tools

LanguageTool

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.3 - 19 Aug 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

11-11: Consider using an en dash for date ranges.

For consistency and typographical correctness, consider using an en dash for date ranges, e.g., "3.26.3 – 19 Aug 2024".

- ## 3.26.3 - 19 Aug 2024
+ ## 3.26.3 – 19 Aug 2024

Also applies to: 15-15, 19-19, 23-23, 28-28, 32-32, 36-36, 43-43, 48-48, 53-53, 57-57, 62-62, 66-66

Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between b187c86 and 339aada.

Files selected for processing (1)

• CHANGELOG.md (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.3 - 19 Aug 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~21-~21: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~23-~23: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~43-~43: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~57-~57: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 339aada and 512e306.

Files ignored due to path filters (2)

• lib/start-proxy-action-post.js.map is excluded by !**/*.map
• lib/start-proxy-action.js.map is excluded by !**/*.map

Files selected for processing (2)

• lib/start-proxy-action-post.js (1 hunks)
• lib/start-proxy-action.js (1 hunks)

Additional context used

Biome

lib/start-proxy-action-post.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 47-47: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/start-proxy-action.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

Additional comments not posted (8)

lib/start-proxy-action-post.js (3)

1-1: Remove the redundant "use strict" directive.

JavaScript modules are in strict mode by default, so this directive is unnecessary.

Tools

Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

19-19: Consider using optional chaining for improved readability.

Using optional chaining can make the code more concise and readable.

- if ((config && config.debugMode) || core.isDebug()) {
+ if ((config?.debugMode) || core.isDebug()) {

Also applies to: 47-47

Tools

Biome

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

36-64: LGTM!

The runWrapper function is well-structured and handles errors appropriately.

Tools

Biome

[error] 47-47: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/start-proxy-action.js (5)

1-1: Remove the redundant "use strict" directive.

JavaScript modules are in strict mode by default, so this directive is unnecessary.

Tools

Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

66-80: LGTM!

The generateCertificateAuthority function correctly implements certificate generation using node-forge.

---

104-147: LGTM!

The startProxy function is well-structured with appropriate error handling and retry logic.

---

151-183: LGTM!

The getCredentials function correctly retrieves and validates credentials from action inputs.

---

186-195: LGTM!

The getProxyAuth function correctly handles optional input retrieval for proxy authentication.

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (12)

CHANGELOG.md (12)

9-9: Correct the operating system name to "macOS".

The correct spelling for Apple's operating system is "macOS".

- on MacOS ARM machines
+ on macOS ARM machines

Tools

LanguageTool

[grammar] ~9-~9: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

11-11: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.

- ## 3.26.3 - 19 Aug 2024
+ ## 3.26.3 – 19 Aug 2024

Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

15-15: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.

- ## 3.26.2 - 14 Aug 2024
+ ## 3.26.2 – 14 Aug 2024

Tools

LanguageTool

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

19-19: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.

- ## 3.26.1 - 13 Aug 2024
+ ## 3.26.1 – 13 Aug 2024

Tools

LanguageTool

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

21-21: Hyphenate the compound adjective "user-facing".

The phrase "user-facing" should be hyphenated as it is a compound adjective.

- No user facing changes.
+ No user-facing changes.

Tools

LanguageTool

[uncategorized] ~21-~21: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

23-23: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.

- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024

Tools

LanguageTool

[typographical] ~23-~23: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

28-28: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.

- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024

Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

32-32: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.

- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024

Tools

LanguageTool

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

36-36: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.

- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024

Tools

LanguageTool

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

43-43: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.

- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024

Tools

LanguageTool

[typographical] ~43-~43: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

48-48: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.

- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024

Tools

LanguageTool

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

53-53: Use an en dash for date ranges.

For consistency and typographical correctness, use an en dash for date ranges.

- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024

Tools

LanguageTool

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 512e306 and 202b3b9.

Files ignored due to path filters (7)

• lib/analyze-action.js.map is excluded by !**/*.map
• lib/init-action-post.js.map is excluded by !**/*.map
• lib/init-action.js.map is excluded by !**/*.map
• lib/init.js.map is excluded by !**/*.map
• lib/resolve-environment-action.js.map is excluded by !**/*.map
• lib/upload-sarif-action.js.map is excluded by !**/*.map
• lib/util.js.map is excluded by !**/*.map

Files selected for processing (8)

• CHANGELOG.md (1 hunks)
• lib/analyze-action.js (6 hunks)
• lib/init-action-post.js (1 hunks)
• lib/init-action.js (13 hunks)
• lib/init.js (4 hunks)
• lib/resolve-environment-action.js (2 hunks)
• lib/upload-sarif-action.js (3 hunks)
• lib/util.js (33 hunks)

Files skipped from review as they are similar to previous changes (2)

• lib/analyze-action.js
• lib/init.js

Additional context used

LanguageTool

CHANGELOG.md

[grammar] ~9-~9: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~21-~21: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~23-~23: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~43-~43: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~57-~57: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Additional comments not posted (5)

lib/init-action-post.js (1)

62-62: LGTM! Verify the checkDiskUsage function usage.

The changes enhance logging by passing the logger to checkDiskUsage. Ensure all calls to checkDiskUsage are updated accordingly.

To verify the function usage, run the following script:

#!/bin/bash
# Description: Verify all function calls to `checkDiskUsage` include the logger parameter.

# Test: Search for the function usage. Expect: Only occurrences with the logger parameter.
rg --type js -A 1 $'checkDiskUsage(logger)'

Also applies to: 70-70

lib/resolve-environment-action.js (1)

41-41: LGTM! Verify the checkDiskUsage function usage.

The changes enhance logging by passing the logger to checkDiskUsage. Ensure all calls to checkDiskUsage are updated accordingly.

To verify the function usage, run the following script:

#!/bin/bash
# Description: Verify all function calls to `checkDiskUsage` include the logger parameter.

# Test: Search for the function usage. Expect: Only occurrences with the logger parameter.
rg --type js -A 1 $'checkDiskUsage(logger)'

Also applies to: 67-67, 74-74

lib/upload-sarif-action.js (1)

37-37: LGTM! Verify the checkDiskUsage function usage and Features instance.

The changes enhance logging by passing the logger to checkDiskUsage and introduce a Features instance for feature-aware processes. Ensure all calls to checkDiskUsage are updated accordingly and verify the correct initialization and usage of Features.

To verify the function usage, run the following script:

#!/bin/bash
# Description: Verify all function calls to `checkDiskUsage` include the logger parameter and check the initialization of `Features`.

# Test: Search for the function usage. Expect: Only occurrences with the logger parameter.
rg --type js -A 1 $'checkDiskUsage(logger)'

# Test: Verify the initialization of `Features`.
rg --type js -A 3 $'new feature_flags_1.Features'

Also applies to: 54-54, 77-77

lib/init-action.js (1)

47-47: LGTM! Verify the new status report fields.

The changes enhance the status reporting mechanism by incorporating more detailed configuration data. Ensure that the new fields are correctly populated and used throughout the codebase.

To verify the new status report fields, run the following script:

#!/bin/bash
# Description: Verify the new fields in the status report are correctly populated and used.

# Test: Search for the usage of new fields in the status report.
rg --type js -A 5 $'initWithConfigStatusReport'

Also applies to: 61-63, 86-103, 111-116, 133-133, 161-161, 201-201, 208-221, 229-232, 296-296, 332-332, 337-346, 356-366, 371-371, 377-377

lib/util.js (1)

29-70: LGTM! Verify the new utility functions and checkDiskUsage modifications.

The restructuring of exports improves readability, and the new utility functions enhance functionality. The checkDiskUsage function is streamlined for better performance. Ensure the new functions are correctly implemented and utilized.

To verify the new utility functions and checkDiskUsage modifications, run the following script:

#!/bin/bash
# Description: Verify the new utility functions and modifications to `checkDiskUsage`.

# Test: Search for the implementation and usage of `cloneObject`.
rg --type js -A 2 $'function cloneObject'

# Test: Search for the implementation and usage of `isSipEnabled`.
rg --type js -A 2 $'async function isSipEnabled'

# Test: Verify the modifications to `checkDiskUsage`.
rg --type js -A 5 $'checkDiskUsage'

Also applies to: 795-820, 868-870, 873-890

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (2)

CHANGELOG.md (2)

9-9: Typographical improvement: Use "macOS" instead of "MacOS".

Correct the capitalization for consistency with Apple's branding.

- Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning.
+ Fix an issue where the disk usage system call used for telemetry would fail on macOS ARM machines with System Integrity Protection disabled, and then surface a warning.

---

12-12: Typographical improvement: Use en dashes for date ranges.

Consider using en dashes for numerical ranges or time ranges for consistency and clarity.

- ## 3.26.3 - 19 Aug 2024
+ ## 3.26.3 – 19 Aug 2024

Repeat this change for all similar instances.

Also applies to: 16-16, 20-20, 24-24, 29-29, 33-33, 37-37, 44-44, 49-49, 54-54, 58-58, 63-63, 67-67

Tools

LanguageTool

[typographical] ~12-~12: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 202b3b9 and ae01f80.

Files selected for processing (2)

• CHANGELOG.md (1 hunks)
• analyze/action.yml (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[grammar] ~10-~10: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

[typographical] ~12-~12: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~22-~22: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~29-~29: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~33-~33: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~54-~54: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~63-~63: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~67-~67: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Additional comments not posted (1)

analyze/action.yml (1)

37-41: Deprecation notice for add-snippets input is clear and informative.

The deprecation message provides a clear timeline and explanation for the removal of the add-snippets input.

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (15)

CHANGELOG.md (15)

9-9: Use a hyphen for compound adjectives.

Change "user facing" to "user-facing" for clarity.

Apply this diff:

- No user facing changes.
+ No user-facing changes.

Tools

LanguageTool

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.4 - 21 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

11-11: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:

- ## 3.26.4 - 21 Aug 2024
+ ## 3.26.4 – 21 Aug 2024

Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

14-14: Correct capitalization of "macOS".

Change "MacOS" to "macOS" for correct capitalization.

Apply this diff:

- MacOS ARM machines
+ macOS ARM machines

Tools

LanguageTool

[grammar] ~14-~14: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

16-16: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:

- ## 3.26.3 - 19 Aug 2024
+ ## 3.26.3 – 19 Aug 2024

Tools

LanguageTool

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

20-20: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:

- ## 3.26.2 - 14 Aug 2024
+ ## 3.26.2 – 14 Aug 2024

Tools

LanguageTool

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

24-24: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:

- ## 3.26.1 - 13 Aug 2024
+ ## 3.26.1 – 13 Aug 2024

Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

26-26: Use a hyphen for compound adjectives.

Change "user facing" to "user-facing" for clarity.

Apply this diff:

- No user facing changes.
+ No user-facing changes.

Tools

LanguageTool

[uncategorized] ~26-~26: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

28-28: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:

- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024

Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

33-33: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:

- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024

Tools

LanguageTool

[typographical] ~33-~33: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

37-37: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:

- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024

Tools

LanguageTool

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

41-41: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:

- ## 3.25.13 - 19 Jul 2024
+ ## 3.25.13 – 19 Jul 2024

Tools

LanguageTool

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

48-48: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:

- ## 3.25.12 - 12 Jul 2024
+ ## 3.25.12 – 12 Jul 2024

Tools

LanguageTool

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

53-53: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:

- ## 3.25.11 - 28 Jun 2024
+ ## 3.25.11 – 28 Jun 2024

Tools

LanguageTool

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

58-58: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:

- ## 3.25.10 - 13 Jun 2024
+ ## 3.25.10 – 13 Jun 2024

Tools

LanguageTool

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

62-62: Use an en dash for date ranges.

Replace the hyphen with an en dash for the date range.

Apply this diff:

- ## 3.25.9 - 12 Jun 2024
+ ## 3.25.9 – 12 Jun 2024

Tools

LanguageTool

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between ae01f80 and fd5fa13.

Files selected for processing (1)

• CHANGELOG.md (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.4 - 21 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[grammar] ~14-~14: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~26-~26: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~33-~33: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~67-~67: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (10)

CHANGELOG.md (10)

9-9: Correct the operating system name to "macOS".

The term "MacOS" should be corrected to "macOS" for consistency with Apple's branding.

Apply this diff to correct the name:

- Fix an issue where the `csrutil` system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled.
+ Fix an issue where the `csrutil` system call used for telemetry would fail on macOS ARM machines with System Integrity Protection disabled.

Tools

LanguageTool

[grammar] ~9-~9: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

11-11: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:

- ## 3.26.4 - 21 Aug 2024
+ ## 3.26.4 – 21 Aug 2024

Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

14-14: Correct the operating system name to "macOS".

The term "MacOS" should be corrected to "macOS" for consistency with Apple's branding.

Apply this diff to correct the name:

- Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning.
+ Fix an issue where the disk usage system call used for telemetry would fail on macOS ARM machines with System Integrity Protection disabled, and then surface a warning.

Tools

LanguageTool

[grammar] ~14-~14: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

16-16: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:

- ## 3.26.3 - 19 Aug 2024
+ ## 3.26.3 – 19 Aug 2024

Tools

LanguageTool

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

20-20: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:

- ## 3.26.2 - 14 Aug 2024
+ ## 3.26.2 – 14 Aug 2024

Tools

LanguageTool

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

24-24: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:

- ## 3.26.1 - 13 Aug 2024
+ ## 3.26.1 – 13 Aug 2024

Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

26-26: Hyphenate compound adjectives.

The phrase "user facing" should be hyphenated as "user-facing" since it is a compound adjective.

Apply this diff to correct the phrase:

- No user facing changes.
+ No user-facing changes.

Tools

LanguageTool

[uncategorized] ~26-~26: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

28-28: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:

- ## 3.26.0 - 06 Aug 2024
+ ## 3.26.0 – 06 Aug 2024

Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

33-33: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:

- ## 3.25.15 - 26 Jul 2024
+ ## 3.25.15 – 26 Jul 2024

Tools

LanguageTool

[typographical] ~33-~33: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

37-37: Use an en dash for date ranges.

Replace the hyphen with an en dash for typographical correctness.

Apply this diff to correct the dash:

- ## 3.25.14 - 25 Jul 2024
+ ## 3.25.14 – 25 Jul 2024

Tools

LanguageTool

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between fd5fa13 and 7e27807.

Files ignored due to path filters (3)

• lib/environment.js.map is excluded by !**/*.map
• lib/init-action.js.map is excluded by !**/*.map
• lib/util.js.map is excluded by !**/*.map

Files selected for processing (4)

• CHANGELOG.md (1 hunks)
• lib/environment.js (1 hunks)
• lib/init-action.js (13 hunks)
• lib/util.js (33 hunks)

Files skipped from review as they are similar to previous changes (1)

• lib/init-action.js

Additional context used

LanguageTool

CHANGELOG.md

[grammar] ~9-~9: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[grammar] ~14-~14: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

[typographical] ~16-~16: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~26-~26: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~33-~33: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~67-~67: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Additional comments not posted (8)

lib/environment.js (1)

46-50: Addition of IS_SIP_ENABLED is clear and well-documented.

The new environment variable IS_SIP_ENABLED is appropriately added with a clear comment explaining its purpose related to MacOS System Integrity Protection.

lib/util.js (2)

868-870: cloneObject function is correctly implemented.

The function uses JSON serialization to create a deep copy of an object, which is suitable for objects without circular references.

---

871-898: checkSipEnablement function is well-implemented.

The function effectively checks and caches the SIP status on macOS, handling errors and logging warnings as needed.

Ensure that the csrutil status command is executed correctly across different macOS environments. Consider testing on various macOS versions to confirm consistent behavior.

CHANGELOG.md (5)

18-18: LGTM!

The changes made to fix the diagnostic messages on Windows look good.

---

22-22: LGTM!

The update to the default CodeQL bundle version looks good.

---

30-31: LGTM!

The deprecation notice and version bump look good.

---

35-35: LGTM!

The update to the default CodeQL bundle version looks good.

---

39-39: LGTM!

The introduction of the experimental start-proxy action looks good.

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (2)

CHANGELOG.md (2)

13-13: Correct the spelling of "MacOS" to "macOS".

The operating system from Apple is written as "macOS".

Tools

LanguageTool

[grammar] ~13-~13: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

17-18: Correct the spelling of "MacOS" to "macOS".

The operating system from Apple is written as "macOS".

Tools

LanguageTool

[grammar] ~18-~18: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 7e27807 and 715faf4.

Files selected for processing (1)

• CHANGELOG.md (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.5 - 23 Aug 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[grammar] ~13-~13: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[grammar] ~18-~18: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~30-~30: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~52-~52: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~57-~57: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Additional comments not posted (4)

CHANGELOG.md (4)

22-22: Entry is clear and well-documented.

The changelog entry provides a clear description of the fix and references the relevant pull request.

---

26-26: Entry is clear and well-documented.

The changelog entry provides a clear description of the update and references the relevant pull request.

---

34-35: Entry is clear and well-documented.

The changelog entry provides a clear description of the deprecation and version bump, with references to the relevant pull requests.

---

47-50: Entry is clear and well-documented.

The changelog entry provides a clear description of the changes and offers detailed guidance for users.

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 715faf4 and 864b979.

Files ignored due to path filters (18)

• lib/init-action.js.map is excluded by !**/*.map
• node_modules/@eslint/js/package.json is excluded by !**/node_modules/**
• node_modules/@nolyfill/is-core-module/LICENSE is excluded by !**/node_modules/**
• node_modules/@nolyfill/is-core-module/index.d.ts is excluded by !**/node_modules/**
• node_modules/@nolyfill/is-core-module/index.js is excluded by !**/node_modules/**
• node_modules/@nolyfill/is-core-module/package.json is excluded by !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/array-type.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/array-type.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-generic-constructors.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/consistent-generic-constructors.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/enum-utils/shared.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/enum-utils/shared.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/init-declarations.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/init-declarations.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/member-ordering.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/member-ordering.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/shared.js is excluded by !**/dist/**, !**/node_modules/**
• node_modules/@typescript-eslint/eslint-plugin/dist/rules/naming-convention-utils/shared.js.map is excluded by !**/dist/**, !**/node_modules/**, !**/*.map

Files selected for processing (1)

• lib/init-action.js (14 hunks)

Files skipped from review as they are similar to previous changes (1)

• lib/init-action.js

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 864b979 and b8efe4d.

Files selected for processing (1)

• lib/api-compatibility.json (1 hunks)

Files skipped from review as they are similar to previous changes (1)

• lib/api-compatibility.json

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between b8efe4d and 7233ec5.

Files selected for processing (2)

• CHANGELOG.md (1 hunks)
• lib/defaults.json (1 hunks)

Files skipped from review due to trivial changes (1)

• lib/defaults.json

Additional context used

LanguageTool

CHANGELOG.md

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[grammar] ~13-~13: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[grammar] ~18-~18: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

[typographical] ~20-~20: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~30-~30: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~37-~37: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~52-~52: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~57-~57: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Additional comments not posted (12)

CHANGELOG.md (12)

9-10: Update default CodeQL bundle version to 2.18.3.

This entry clearly communicates the update of the default CodeQL bundle version. The link to the pull request provides additional context.

---

13-14: Fix telemetry system call issue on macOS ARM machines.

This change addresses a specific issue with the csrutil system call on macOS ARM machines. The entry is clear and includes a link to the relevant pull request.

Tools

LanguageTool

[grammar] ~13-~13: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

17-18: Deprecate the add-snippets input on the analyze action.

This entry clearly marks the deprecation of the add-snippets input and provides a timeline for its removal. It is well-documented with a link to the pull request.

Tools

LanguageTool

[grammar] ~18-~18: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

22-23: Fix diagnostic message writing issue on Windows.

This entry addresses a fix for an issue where the CodeQL Action could not write diagnostic messages on Windows. The issue's impact on analysis quality is also clarified.

---

26-27: Update default CodeQL bundle version to 2.18.2.

Another version update for the CodeQL bundle is documented here. The change is straightforward and includes a link for more details.

---

34-35: Deprecate Swift analysis on Ubuntu runner images.

This entry informs users about the deprecation of Swift analysis on Ubuntu runners and advises migration to macOS runners. It is clear and actionable.

---

43-44: Introduce experimental start-proxy action.

This entry introduces a new experimental feature. It is clearly marked as experimental and not for production use, providing users with appropriate warnings.

---

47-50: Add deprecation warning for outdated CodeQL versions.

This entry effectively communicates critical deprecation warnings for older CodeQL versions, providing clear instructions for users on how to update or maintain their current setup.

---

54-55: Improve reliability and performance for compiled languages.

This entry highlights improvements in reliability and performance for analyzing compiled languages, which is a significant update for users working with these languages.

---

59-60: Handle errors during debug artifact uploads more gracefully.

This change aims to improve the user experience by avoiding workflow failures in case of errors during debug artifact uploads. It's a useful update for users relying on these artifacts for troubleshooting.

---

68-69: Enhance database creation robustness.

This entry addresses improvements in the database creation process, specifically aimed at handling unexpected files in the database folder. It includes measures to clean up the database directory, which is a practical enhancement for maintaining consistency.

---

76-76: Reduce Actions cache usage by managing TRAP cache.

This entry announces a feature rollout aimed at reducing the Actions cache usage by managing the TRAP cache more efficiently. It's a significant update for users concerned with resource management.

[coderabbitai]

Actionable comments posted: 0

Outside diff range, codebase verification and nitpick comments (16)

CHANGELOG.md (16)

11-11: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.26.6 - 29 Aug 2024
+## 3.26.6 – 29 Aug 2024

Tools

LanguageTool

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

15-17: Use an en dash for date ranges and correct "MacOS" to "macOS".

Consider using an en dash for the date range and correcting "MacOS" to "macOS" to improve readability and accuracy.

-## 3.26.5 - 23 Aug 2024
+## 3.26.5 – 23 Aug 2024

- Fix an issue where the `csrutil` system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled.
+ Fix an issue where the `csrutil` system call used for telemetry would fail on macOS ARM machines with System Integrity Protection disabled.

Tools

LanguageTool

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[grammar] ~17-~17: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

19-22: Use an en dash for date ranges and correct "MacOS" to "macOS".

Consider using an en dash for the date range and correcting "MacOS" to "macOS" to improve readability and accuracy.

-## 3.26.4 - 21 Aug 2024
+## 3.26.4 – 21 Aug 2024

- Fix an issue where the disk usage system call used for telemetry would fail on MacOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines.
+ Fix an issue where the disk usage system call used for telemetry would fail on macOS ARM machines with System Integrity Protection disabled, and then surface a warning. The system call is now disabled for these machines.

Tools

LanguageTool

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[grammar] ~22-~22: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

24-26: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.26.3 - 19 Aug 2024
+## 3.26.3 – 19 Aug 2024

Tools

LanguageTool

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

28-28: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.26.2 - 14 Aug 2024
+## 3.26.2 – 14 Aug 2024

Tools

LanguageTool

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

32-34: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.26.1 - 13 Aug 2024
+## 3.26.1 – 13 Aug 2024

Tools

LanguageTool

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~34-~34: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

36-39: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.26.0 - 06 Aug 2024
+## 3.26.0 – 06 Aug 2024

Tools

LanguageTool

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

41-41: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.25.15 - 26 Jul 2024
+## 3.25.15 – 26 Jul 2024

Tools

LanguageTool

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

45-47: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.25.14 - 25 Jul 2024
+## 3.25.14 – 25 Jul 2024

Tools

LanguageTool

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

49-51: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.25.13 - 19 Jul 2024
+## 3.25.13 – 19 Jul 2024

Tools

LanguageTool

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

56-58: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.25.12 - 12 Jul 2024
+## 3.25.12 – 12 Jul 2024

Tools

LanguageTool

[typographical] ~56-~56: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

61-63: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.25.11 - 28 Jun 2024
+## 3.25.11 – 28 Jun 2024

Tools

LanguageTool

[typographical] ~61-~61: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

66-68: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.25.10 - 13 Jun 2024
+## 3.25.10 – 13 Jun 2024

Tools

LanguageTool

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

70-72: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.25.9 - 12 Jun 2024
+## 3.25.9 – 12 Jun 2024

Tools

LanguageTool

[typographical] ~70-~70: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

75-77: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.25.8 - 04 Jun 2024
+## 3.25.8 – 04 Jun 2024

Tools

LanguageTool

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

79-80: Use an en dash for date ranges.

Consider using an en dash for the date range to improve readability.

-## 3.25.7 - 31 May 2024
+## 3.25.7 – 31 May 2024

Tools

LanguageTool

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 7233ec5 and b43ac1c.

Files selected for processing (1)

• CHANGELOG.md (1 hunks)

Additional context used

LanguageTool

CHANGELOG.md

[uncategorized] ~9-~9: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...h version numbers. ## [UNRELEASED] No user facing changes. ## 3.26.6 - 29 Aug 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~11-~11: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...SED] No user facing changes. ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~15-~15: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[grammar] ~17-~17: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

[typographical] ~19-~19: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[grammar] ~22-~22: The operating system from Apple is written “macOS”.
Context: ...m call used for telemetry would fail on MacOS ARM machines with System Integrity Prot...

(MAC_OS)

---

[typographical] ~24-~24: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~28-~28: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~32-~32: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~34-~34: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~36-~36: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~41-~41: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~45-~45: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~49-~49: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~56-~56: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~61-~61: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~70-~70: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

[coderabbitai]

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between b43ac1c and 821ab42.

Files ignored due to path filters (5)

• lib/codeql.js.map is excluded by !**/*.map
• lib/init-action.js.map is excluded by !**/*.map
• lib/setup-codeql.js.map is excluded by !**/*.map
• lib/setup-codeql.test.js.map is excluded by !**/*.map
• lib/tar.js.map is excluded by !**/*.map

Files selected for processing (7)

• .github/actions/prepare-test/action.yml (3 hunks)
• .github/workflows/__test-local-codeql.yml (4 hunks)
• lib/codeql.js (27 hunks)
• lib/init-action.js (15 hunks)
• lib/setup-codeql.js (11 hunks)
• lib/setup-codeql.test.js (2 hunks)
• lib/tar.js (1 hunks)

Files skipped from review as they are similar to previous changes (3)

• .github/actions/prepare-test/action.yml
• .github/workflows/__test-local-codeql.yml
• lib/setup-codeql.test.js

Additional context used

Biome

lib/tar.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

Additional comments not posted (13)

lib/tar.js (2)

2-24: Utility functions for module handling are well-implemented.

The utility functions for creating bindings and setting module defaults are implemented with compatibility in mind, providing both modern and fallback methods.

The implementation is robust and ensures compatibility across environments.

Tools

Biome

[error] 19-19: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

33-92: Core tar handling functions are well-implemented but consider enhancing error messages.

The functions for handling tar versions and checking zstd availability are crucial and well-implemented. Consider adding more descriptive error messages to improve debugging and user experience.

The logic and structure are correct. Suggest enhancing error messages for better clarity:

- throw new Error("Unknown tar version");
+ throw new Error("Unknown tar version. Please ensure the tar utility is installed and accessible.");

lib/setup-codeql.js (1)

Line range hint 370-434: Enhancements to the downloadCodeQL function improve robustness.

The modifications to the downloadCodeQL function enhance its ability to handle different scenarios and compression methods effectively. Consider adding more specific error handling for network issues to further improve robustness.

The changes are well-thought-out and improve the function's flexibility and error handling. Suggest adding specific catch blocks for network-related errors to provide clearer user guidance:

+ catch (networkError) {
+   logger.error("Network error occurred during download: " + networkError.message);
+   throw networkError;
+ }

lib/init-action.js (1)

Line range hint 48-382: Updated sendCompletedStatusReport function enhances status reporting.

The updates to the sendCompletedStatusReport function improve the detail and accuracy of the status reports by including more configuration data and a more detailed download status. Consider adding validation for the new fields to ensure data integrity.

The changes are beneficial and enhance the functionality of the status reporting. Suggest adding validation checks for the new fields to ensure the integrity of the data being reported:

+ if (!validateConfigFields(config)) {
+   throw new Error("Invalid configuration data");
+ }

lib/codeql.js (9)

66-66: Approved: Updated CODEQL_MINIMUM_VERSION.

The update from "2.12.6" to "2.13.5" aligns with the PR's objective to increase the minimum required CodeQL bundle version.

---

70-70: Approved: Updated CODEQL_NEXT_MINIMUM_VERSION.

The update from "2.12.6" to "2.13.5" aligns with the PR's objective to prepare for future minimum version requirements.

---

74-74: Approved: Updated GHES_VERSION_MOST_RECENTLY_DEPRECATED.

The update from "3.8" to "3.9" aligns with the PR's objective to keep the toolchain up to date with the latest GHES versions.

---

78-78: Approved: Updated GHES_MOST_RECENT_DEPRECATION_DATE.

The update from "2024-03-26" to "2024-07-09" aligns with the PR's objective to reflect the new deprecation schedule.

---

Line range hint 123-135: Approved: Enhanced return value in setupCodeQL.

The change from toolsDownloadDurationMs to toolsDownloadStatusReport likely provides more detailed information about the tool download process, enhancing the function's utility.

---

Line range hint 469-512: Approved: Streamlined databaseInterpretResults.

The removal of unnecessary checks related to invalid notifications simplifies the function and potentially improves performance.

---

285-291: Approved: Enhanced flexibility in getCodeQLForCmd.

The addition of overwriteFlag logic allows dynamic determination of overwrite options based on feature support, enhancing the flexibility of command execution.

---

Line range hint 256-291: Approved: Simplified databaseInitCluster function signature.

The removal of the features parameter simplifies the function signature. Verify that this change does not negatively impact how feature flags are managed within the application.

Verification successful

---

Removal of features parameter is safe and well-tested.

The databaseInitCluster function is thoroughly tested in lib/codeql.test.js, covering various configurations. This indicates that the removal of the features parameter is unlikely to negatively impact feature flag management. The tests would catch any issues if they existed.

• Files to note:
  • lib/init.js
  • lib/codeql.test.js

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the impact of removing the `features` parameter on feature flag management.

# Test: Search for the function usage. Expect: No adverse effects on feature flag management.
rg --type javascript -A 5 $'databaseInitCluster'

Length of output: 82

---

Script:

#!/bin/bash
# Description: Verify the impact of removing the `features` parameter on feature flag management.

# Test: Search for the function usage. Expect: No adverse effects on feature flag management.
rg --type js -A 5 $'databaseInitCluster'

Length of output: 4258

---

33-35: Approved: Streamlined exports in codeql.js.

The removal of several functions from exports likely indicates a refactoring effort to streamline the module's public API, potentially improving maintainability. Verify that this change does not negatively impact the module's usability.

[coderabbitai]

Remove redundant 'use strict' directive.

The 'use strict' directive is unnecessary in ES6 modules as they are strict by default.

Remove the line to clean up the code:

- "use strict";

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

"use strict";

Tools

Biome

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (63)

.github/workflows/script/prepare_changelog.py (3)

20-20: Unused loop variable detected.

The loop variable i is not used in the loop body. Consider renaming it to _i or using just _ to indicate it's intentionally unused.

- for i, line in enumerate(lines):
+ for _, line in enumerate(lines):

🧰 Tools

🪛 Ruff (0.8.2)

20-20: Loop control variable i not used within loop body

Rename unused i to _i

(B007)

---

14-16: Add error handling for file operations.

The file opening operation lacks error handling. Consider using a try-except block to catch potential exceptions like PermissionError when opening the file.

  else:
-    with open('CHANGELOG.md', 'r') as f:
-      lines = f.readlines()
+    try:
+      with open('CHANGELOG.md', 'r') as f:
+        lines = f.readlines()
+    except (IOError, PermissionError) as e:
+      print(f"Error reading changelog file: {e}")
+      return EMPTY_CHANGELOG

---

33-35: Add more descriptive error message for command-line arguments.

The error message when command-line arguments are missing doesn't clearly explain what parameters are expected.

- raise Exception('Expecting argument: changelog_file version_tag')
+ raise Exception('Usage: python prepare_changelog.py <path_to_changelog_file> <version_tag>')

actions-extractor/codeql-extractor.yml (1)

4-4: Consider semver conventions for version numbering.

While 0.0.1 is appropriate for an initial implementation, consider adopting semantic versioning (semver) conventions for future releases to communicate the nature of changes more effectively.

actions-extractor/tools/autobuild-impl.ps1 (1)

37-40: Consider enhancing error reporting.

While the error handling is present, it could be improved by capturing and including the actual error output from the JavaScript autobuilder.

-&$JavaScriptAutoBuild
-if ($LASTEXITCODE -ne 0) {
-    throw "JavaScript autobuilder failed."
-}
+$output = & $JavaScriptAutoBuild 2>&1
+if ($LASTEXITCODE -ne 0) {
+    throw "JavaScript autobuilder failed with exit code $LASTEXITCODE. Error: $output"
+}

lib/init-action-post.js (2)

23-31: Consider adding comments to explain the ownKeys function

The newly added ownKeys function implementation is complex and would benefit from comments explaining its purpose and how it determines the appropriate method to obtain property names.

 var __importStar = (this && this.__importStar) || (function () {
+    // Helper function to get all own property names of an object
+    // Falls back to iterating over properties if Object.getOwnPropertyNames is not available
     var ownKeys = function(o) {
         ownKeys = Object.getOwnPropertyNames || function (o) {
             var ar = [];
             for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
             return ar;
         };
         return ownKeys(o);
     };

---

33-33: Use optional chaining for safer code

The static analysis tool suggests using optional chaining which would make the code more robust.

-        if (mod && mod.__esModule) return mod;
+        if (mod?..__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 33-33: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

.github/workflows/test-codeql-bundle-all.yml (1)

45-46: Remove trailing spaces in line 46

There are trailing spaces at the end of line 46 that should be removed for consistency.

-        languages: cpp,csharp,go,java,javascript,python,ruby 
+        languages: cpp,csharp,go,java,javascript,python,ruby

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 46-46: trailing spaces

(trailing-spaces)

.github/workflows/__autobuild-direct-tracing-with-working-dir.yml (1)

69-69: Use -n instead of ! -z for better shell script style

For better shell script style and readability, use -n instead of ! -z when checking if a variable is not empty.

-          if [[ ! -z "${CODEQL_RUNNER}" ]]; then
+          if [[ -n "${CODEQL_RUNNER}" ]]; then

.github/workflows/debug-artifacts-failure-safe.yml (1)

94-94: Add comment explaining special treatment for Go language

The script has a special condition for the Go language, but it's not clear why Go is treated differently. Adding a comment would improve code readability.

-              if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then
+              # Skip checking language/log directory for Go as it has a different logging structure
+              if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then

lib/feature-flags.test.js (2)

18-34: Consider optional chaining.
The statement at line 28 could be simplified by using optional chaining, though this is purely stylistic and non-blocking.

- if (mod && mod.__esModule) return mod;
+ if (mod?.__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

68-81: Potential negative test cases.
You might consider adding negative tests (e.g., handling a 404 from Proxima, invalid JSON) to increase robustness.

CONTRIBUTING.md (2)

30-30: Use hyphen in “up to date.”
Consider using “up-to-date” if treating it as a single adjective.

- ...not up to date. ...
+ ...not up-to-date. ...

🧰 Tools

🪛 LanguageTool

[uncategorized] ~30-~30: It appears that hyphens are missing in the adjective “up-to-date”.
Context: ...f any of the compiled artifacts are not up to date. Compiled artifacts are stored in the `...

(UP_TO_DATE_HYPHEN)

---

77-79: Simplify phrasing.
“In order to maintain” can be shortened to “To maintain” for clarity.

- ...in order to maintain...
+ ...to maintain...

🧰 Tools

🪛 LanguageTool

[style] ~79-~79: Consider a shorter alternative to avoid wordiness.
Context: ...ently supported major version branches, in order to maintain the same set of names for requ...

(IN_ORDER_TO_PREMIUM)

lib/dependency-caching.js (3)

1-1: Redundant "use strict".
This file is an ES module, so "use strict"; is unnecessary.

- "use strict";

🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

28-28: Optional chaining suggestion.
Consider using optional chaining here for cleaner code, though it’s not strictly required.

- if (mod && mod.__esModule) return mod;
+ if (mod?.__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

94-122: Restore cache loop clarity.
Your loop and log statements give good feedback about which caches are found. Might also handle potential partial hits or fallback logic (e.g., fallback to language-agnostic cache?).

lib/codeql.test.js (1)

74-74: Consider naming the boolean parameter.
Passing an inline false literal can reduce clarity. Consider using a named parameter or an options object.

-        : testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, false);
+        : testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), NO_FEATURES, /* isPinned? */ false);

.github/actions/check-codescanning-config/index.ts (1)

10-11: Enhanced error handling with better failure signaling

The change from core.info() to core.setFailed() provides clearer feedback when no expected configuration is provided, properly marking the action as failed rather than just logging a message.

However, notice that after setting the action as failed, execution continues to the assertion check on line 20-24, which will either:

1. Pass silently if actualConfig is also undefined
2. Throw a different error if actualConfig exists

Consider adding an early return after setFailed() to prevent further execution:

if (!rawExpectedConfig) {
  core.setFailed('No expected configuration provided')
+  return
} else {

.github/dependabot.yml (1)

19-22: Dependency maintenance for broken plugin

Good addition of the ignore rule for eslint-plugin-import with appropriate comments explaining the rationale.

However, there's a trailing space at the end of line 19.

Remove the trailing space:

-      # This is broken due to the way configuration files have changed. 
+      # This is broken due to the way configuration files have changed.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 19-19: trailing spaces

(trailing-spaces)

lib/fingerprints.test.js (1)

18-34: Improved module import handling with more robust property enumeration

The updated __importStar implementation introduces a more thorough approach to retrieving an object's own properties, with a proper fallback mechanism.

Consider implementing the optional chaining suggestion from the static analysis tool:

-        if (mod && mod.__esModule) return mod;
+        if (mod?.__ esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/api-client.test.js (1)

18-34: Improved module import handling for better compatibility

The updated __importStar implementation matches the changes in fingerprints.test.js, providing a more robust approach to module imports. The consistency across files is good for maintainability.

Consider implementing the optional chaining suggestion from the static analysis tool:

-        if (mod && mod.__esModule) return mod;
+        if (mod?.__ esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/diff-filtering-utils.js (4)

1-1: Remove redundant 'use strict' directive

The 'use strict' directive is redundant in ES modules as they are automatically in strict mode.

-"use strict";

🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

28-28: Use optional chaining for more concise code

Consider using optional chaining for a more modern and concise approach.

-        if (mod && mod.__esModule) return mod;
+        if (mod?.__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

44-49: Ensure error handling for file write operations

The writeDiffRangesJsonFile function doesn't handle potential errors when writing to the file system, which could fail due to permissions or disk space issues.

function writeDiffRangesJsonFile(logger, ranges) {
    const jsonContents = JSON.stringify(ranges, null, 2);
    const jsonFilePath = getDiffRangesJsonFilePath();
-    fs.writeFileSync(jsonFilePath, jsonContents);
-    logger.debug(`Wrote pr-diff-range JSON file to ${jsonFilePath}:\n${jsonContents}`);
+    try {
+        fs.writeFileSync(jsonFilePath, jsonContents);
+        logger.debug(`Wrote pr-diff-range JSON file to ${jsonFilePath}:\n${jsonContents}`);
+    } catch (error) {
+        logger.warning(`Failed to write pr-diff-range JSON file: ${error.message}`);
+    }
}

---

50-59: Add error handling for JSON parsing

The readDiffRangesJsonFile function should handle potential JSON parsing errors that could occur with malformed JSON.

function readDiffRangesJsonFile(logger) {
    const jsonFilePath = getDiffRangesJsonFilePath();
    if (!fs.existsSync(jsonFilePath)) {
        logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`);
        return undefined;
    }
    const jsonContents = fs.readFileSync(jsonFilePath, "utf8");
    logger.debug(`Read pr-diff-range JSON file from ${jsonFilePath}:\n${jsonContents}`);
-    return JSON.parse(jsonContents);
+    try {
+        return JSON.parse(jsonContents);
+    } catch (error) {
+        logger.warning(`Failed to parse pr-diff-range JSON file: ${error.message}`);
+        return undefined;
+    }
}

lib/autobuild-action.js (1)

28-28: Consider using optional chaining for better readability

The static analysis tool suggests using optional chaining here which could make the code more concise.

-        if (mod && mod.__esModule) return mod;
+        if (mod?.___esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/git-utils.test.js (3)

1-1: Remove redundant 'use strict' directive

JavaScript modules are automatically in strict mode, making this directive unnecessary.

-"use strict";

🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

28-34: Consider using optional chaining

Replace the conditional check with optional chaining for more concise code.

-        if (mod && mod.__esModule) return mod;
+        return mod?.__esModule ? mod : { ...result };

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

35-37: Consider using optional chaining

Replace the conditional check with optional chaining for more concise code.

-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return mod?.__esModule ? mod : { "default": mod };
+};

🧰 Tools

🪛 Biome (1.9.4)

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

.github/workflows/__extract-direct-to-toolcache.yml (1)

25-93: Job steps and toolcache verification logic are well-constructed.

• The matrix strategy over macOS, Ubuntu, and Windows is correctly defined.
• The step to remove any existing CodeQL installation (using fs.rmdirSync with recursive deletion) works as intended, although you may consider a try-catch block for improved robustness if the directory is absent.
• Installing the @actions/tool-cache package and verifying its state via findAllVersions is a solid approach to ensure a clean environment.
• The initialization and analysis steps correctly leverage custom actions and environment variables.

Suggestion: Consider wrapping the removal of the CodeQL directory in a try-catch (or checking for existence) to prevent potential runtime errors if the directory does not exist.

Example diff snippet:

-            fs.rmdirSync(codeqlPath, { recursive: true });
+            if (fs.existsSync(codeqlPath)) {
+              fs.rmdirSync(codeqlPath, { recursive: true });
+            }

lib/database-upload.js (1)

18-34: Refactored __importStar function

The implementation now uses a helper function ownKeys to better retrieve property names from module objects.

Consider using optional chaining for a more modern approach:

-        if (mod && mod.__esModule) return mod;
+        if (mod?.__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

.github/workflows/__zstd-bundle.yml (2)

52-61: Validate CodeQL Tool Cache Removal

In the "Remove CodeQL from toolcache" step, consider using fs.existsSync(codeqlPath) instead of checking if (codeqlPath !== undefined). This change ensures that the directory actually exists before attempting removal, reducing the risk of runtime errors.

---

83-87: Enhance Error Handling for SARIF Parsing

Wrap the JSON.parse call in a try-catch block to gracefully handle potential errors if the SARIF file is malformed or unreadable. This will improve the robustness of the diagnostic check.

.github/workflows/__test-proxy.yml (1)

41-52: GitHub CLI setup steps added for container environment

Good addition of GitHub CLI setup for containers that don't have it pre-installed. The comment explains clearly why this is needed - to find the latest CodeQL release.

However, there's an empty env section at the end that could be removed.

  apt install -y gh
- env: {}

🧰 Tools

🪛 actionlint (1.7.4)

52-52: env should not be empty. please remove this section if it's unnecessary

(syntax-check)

lib/analyze.test.js (1)

18-34: Enhanced __importStar implementation with improved property retrieval

The __importStar function has been updated with a more robust implementation for retrieving object properties. The new implementation includes a custom ownKeys function that provides a fallback when Object.getOwnPropertyNames is not available.

However, there's a potential improvement opportunity based on the static analysis hint:

- if (mod && mod.__esModule) return mod;
+ if (mod?.esModule) return mod;

This would use an optional chain which is safer and more modern.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

CHANGELOG.md (2)

7-7: Compound Adjective Consistency – Line 7
It looks like the phrase "No user facing changes." is intended to be a compound adjective modifying “changes.” Consider updating it to "No user‐facing changes." to improve clarity.
[typographical]

🧰 Tools

🪛 LanguageTool

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.10 - 21 Feb 2025 - U...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

9-14: Typographical Consistency for Date Ranges – Lines 9-14
In changelog headings such as "## 3.28.10 - 21 Feb 2025", consider using an en dash (–) rather than a hyphen (-) to separate the version and date (e.g. "## 3.28.10 – 21 Feb 2025"). This subtle typographical improvement enhances readability and aligns with best practices.
Example fix:

-## 3.28.10 - 21 Feb 2025
+## 3.28.10 – 21 Feb 2025

[typographical]

🧰 Tools

🪛 LanguageTool

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

lib/caching-utils.js (1)

1-1: Remove redundant 'use strict' directive.

Within modern JavaScript modules (including TypeScript-compiled modules), strict mode is automatically enforced. You can safely remove the 'use strict' directive without affecting functionality.

- "use strict";

🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

lib/database-upload.test.js (1)

18-34: Improved module property collection with helper function

The __importStar function has been enhanced with a new ownKeys helper function that provides a more robust way to retrieve object properties. This implementation handles cases where Object.getOwnPropertyNames might not be available.

Consider using optional chaining on line 28 for more concise code:

-        if (mod && mod.__esModule) return mod;
+        if (mod?.__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

.github/workflows/post-release-mergeback.yml (1)

120-120: Missing quotes in Python script command

The Python script command is missing quotes around arguments, which could cause issues with file paths containing spaces.

Fix by adding quotes around the arguments:

-  python .github/workflows/script/prepare_changelog.py CHANGELOG.md "$VERSION" > $PARTIAL_CHANGELOG
+  python .github/workflows/script/prepare_changelog.py "CHANGELOG.md" "$VERSION" > "$PARTIAL_CHANGELOG"

🧰 Tools

🪛 actionlint (1.7.4)

120-120: shellcheck reported issue in this script: SC2086:info:1:80: Double quote to prevent globbing and word splitting

(shellcheck)

---

120-120: shellcheck reported issue in this script: SC2086:info:4:5: Double quote to prevent globbing and word splitting

(shellcheck)

lib/config-utils.test.js (1)

27-28: Consider using optional chaining for better readability

The mod checking could be simplified using optional chaining.

-        if (mod && mod.__esModule) return mod;
+        if (mod?.esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

README.md (2)

19-37: Well-structured documentation addition for Actions

The new "Actions" section provides clear information about the different actions available in the repository, their purposes, and links to their definitions. This enhances usability by giving users a central reference for available actions.

However, there's some terminology inconsistency between "analyses" and "analyze" throughout this section.

Consider standardizing terminology by consistently using either "analyses" or "analysis" throughout the documentation:

-Actions for CodeQL analyses:
+Actions for CodeQL analysis:

-Actions for uploading analyses generated by third-party tools:
+Actions for uploading analysis generated by third-party tools:

🧰 Tools

🪛 LanguageTool

[uncategorized] ~21-~21: Do not mix variants of the same word (‘analyse’ and ‘analyze’) within a single text.
Context: ...tory also allow you to upload to GitHub analyses generated by any SARIF-producing SAST t...

(EN_WORD_COHERENCY)

---

[uncategorized] ~23-~23: Do not mix variants of the same word (‘analyse’ and ‘analyze’) within a single text.
Context: ...roducing SAST tool. Actions for CodeQL analyses: - init: Sets up CodeQL for analysis...

(EN_WORD_COHERENCY)

---

[uncategorized] ~25-~25: Loose punctuation mark.
Context: ... Actions for CodeQL analyses: - init: Sets up CodeQL for analysis. For inform...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~26-~26: Loose punctuation mark.
Context: .../blob/main/init/action.yml). - analyze: Finalizes the CodeQL database, runs the...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~28-~28: Do not mix variants of the same word (‘analyse’ and ‘analyze’) within a single text.
Context: ...yze/action.yml). Actions for uploading analyses generated by third-party tools: - `upl...

(EN_WORD_COHERENCY)

---

[uncategorized] ~30-~30: Loose punctuation mark.
Context: ... by third-party tools: - upload-sarif: Uploads a SARIF file to Code Scanning. ...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~34-~34: Loose punctuation mark.
Context: ...kely to be used directly: - autobuild: Attempts to automatically build the cod...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~35-~35: Loose punctuation mark.
Context: ...ild/action.yml). - resolve-environment: [Experimental] Attempts to infer a buil...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~36-~36: Loose punctuation mark.
Context: ...environment/action.yml). - start-proxy: [Experimental] Start the HTTP proxy ser...

(UNLIKELY_OPENING_PUNCTUATION)

---

47-47: Minor grammatical improvement opportunity

There's a split infinitive in this line that could be improved for better readability.

-The database will be created by attempting to automatically build the source code.
+The database will be created by attempting to build the source code automatically.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~47-~47: Loose punctuation mark.
Context: ...d some compiled languages. - autobuild: The database will be created by attempt...

(UNLIKELY_OPENING_PUNCTUATION)

---

[style] ~47-~47: Style-wise, it’s not ideal to insert an adverb (‘automatically’) in the middle of an infinitive construction (‘to build’). Try moving the adverb to avoid split infinitives.
Context: ...build`: The database will be created by attempting to automatically build the source code. Available for all compiled languages. ...

(SPLIT_INFINITIVE)

lib/fingerprints.js (2)

213-213: Error information is discarded in catch block

The catch block has been modified to remove the error parameter, which means error information is discarded.

While this doesn't affect functionality since the error isn't being used, it's generally good practice to capture error information for potential debugging:

-    catch {
+    catch (e) {

---

28-28: Opportunity to use optional chaining

The static analysis tool suggests using optional chaining for better readability.

Consider using optional chaining to simplify these conditionals:

-        if (mod && mod.__esModule) return mod;
+        if (mod?.__esModule) return mod;

-    return (mod && mod.__esModule) ? mod : { "default": mod };
+    return (mod?.__esModule) ? mod : { "default": mod };

Also applies to: 36-36

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/debug-artifacts.js (1)

58-58: Potential edge case in sanitizeArtifactName.
If the input is all invalid characters, it could produce an empty string. Consider adding a fallback for this scenario.

lib/init-action.js (1)

59-115: Consider splitting out large logic into smaller helper functions.
The sendCompletedStatusReport function includes significant branching and data collection. For improved readability and maintainability, consider extracting smaller helper functions or objects that handle specific logic (e.g., constructing pack objects, building the report payload, etc.).

lib/cli-errors.js (3)

143-145: Use a regular expression literal instead of the RegExp constructor.
Regular expression literals enable better static analysis and are more concise than new RegExp("pattern").

-        cliErrorMessageCandidates: [new RegExp("Could not create temp directory")],
+        cliErrorMessageCandidates: [/Could not create temp directory/],

🧰 Tools

🪛 Biome (1.9.4)

[error] 144-144: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

---

174-178: Use a regular expression literal here as well.
Following lint guidelines will aid readability and maintainability.

-            new RegExp("Specifier for external repository is invalid"),
+            /Specifier for external repository is invalid/,

🧰 Tools

🪛 Biome (1.9.4)

[error] 176-176: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

---

231-235: Replace RegExp constructors with regex literals.
Adopting regex literals is a good practice and helps static analyzers identify potential issues more reliably.

-            new RegExp("GitHub Container registry .* 403 Forbidden"),
-            new RegExp("Do you need to specify a token to authenticate to the registry?"),
+            /GitHub Container registry .* 403 Forbidden/,
+            /Do you need to specify a token to authenticate to the registry?/,

🧰 Tools

🪛 Biome (1.9.4)

[error] 232-232: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

---

[error] 233-233: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

lib/api-client.js (3)

18-34: Consider using optional chaining for improved readability.

Static analysis suggested using an optional chain to simplify checks around mod && mod.__esModule. While not strictly necessary, switching to optional chaining can make the code more concise and arguably clearer:

-if (mod && mod.__esModule) return mod;
+if (mod?.__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

95-95: Re-check the need to disable ESLint rule.

Adding // eslint-disable-next-line @typescript-eslint/no-unsafe-call might hide legitimate type issues. If feasible, consider fixing the underlying type definition instead of disabling this rule to ensure consistent type safety.

---

209-209: Extended error handling appears correct.

This additional check for rate limit and missing references is a sensible step to wrap errors. You might consider also logging the exact status code when available for more precise debugging.

lib/git-utils.js (2)

1-1: Remove redundant "use strict".

In ES modules (or transpiled TypeScript outputs), 'use strict'; is automatically applied. Removing it eliminates unnecessary clutter:

- "use strict";

🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

2-34: Optional chaining could simplify the import logic.

Similar to the behavior in lib/api-client.js, optional chaining can streamline the check around mod && mod.__esModule. If the current approach is part of a known polyfill pattern, feel free to keep it as-is. Otherwise, consider:

-if (mod && mod.__esModule) return mod;
+if (mod?.__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze-action.js (3)

124-124: Consider documenting the new function.
A brief JSDoc or code comment can help clarify the purpose and usage of this function.

---

164-171: Potential performance consideration with the 'delete' operator.
Although removing environment variables is valid, repeated usage of the delete operator in tight loops can affect performance. Consider setting them to undefined if complete removal is not strictly required.

- delete process.env.CODEQL_PROXY_HOST;
- delete process.env.CODEQL_PROXY_PORT;
- delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
+ process.env.CODEQL_PROXY_HOST = undefined;
+ process.env.CODEQL_PROXY_PORT = undefined;
+ process.env.CODEQL_PROXY_CA_CERTIFICATE = undefined;

🧰 Tools

🪛 Biome (1.9.4)

[error] 167-167: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 168-168: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 169-169: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

197-199: Optional chaining could simplify this conditional.
Using optional chaining avoids nested checks for presence of pull_request.

- const pull_request = github.context.payload.pull_request;
- const diffRangePackDir = pull_request &&
-   (await (0, analyze_1.setupDiffInformedQueryRun)(
-     pull_request.base.ref,
-     pull_request.head.label,
-     codeql,
-     logger,
-     features
-   ));
+ const pull_request = github.context.payload?.pull_request;
+ const diffRangePackDir = pull_request?.base?.ref &&
+   (await (0, analyze_1.setupDiffInformedQueryRun)(
+     pull_request.base.ref,
+     pull_request.head.label,
+     codeql,
+     logger,
+     features
+   ));

lib/codeql.js (1)

18-34: Consider using optional chaining
The static analyzer suggests replacing if (mod && mod.__esModule) with an optional chain. If this code is auto-generated or intentionally matches TypeScript output, you may safely ignore. Otherwise, here’s a possible refinement:

- if (mod && mod.__esModule) return mod;
+ if (mod?.__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze.js (3)

28-28: Consider optional chaining to simplify the condition.

The static analysis tool suggests using optional chaining here (mod?.__esModule) to reduce complexity. However, if this snippet is auto-generated code, manually modifying it might lead to unexpected side effects. If it’s under your control, you can safely adopt optional chaining.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

126-129: Consider logging the actual error object.

Catching without referencing the error prevents insights into the specific failure’s cause. Logging the exception or including it in the warning message may aid debugging.

     ...
-} catch {
+} catch (error) {
     logger.warning(\`Could not check whether database for \${language} was finalized. Assuming it is not.\`);
     return false;
 }

---

315-319: Remove the unnecessary continue statement.

The loop body does nothing after incrementing currentLine. You can safely remove the continue; to simplify the logic.

        if (diffLine.startsWith(" ")) {
            currentLine++;
-           continue;
        }

🧰 Tools

🪛 Biome (1.9.4)

[error] 318-318: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 821ab42 and 911d845.

⛔ Files ignored due to path filters (122)

• lib/actions-util.js.map is excluded by !**/*.map
• lib/actions-util.test.js.map is excluded by !**/*.map
• lib/analyze-action-env.test.js.map is excluded by !**/*.map
• lib/analyze-action-input.test.js.map is excluded by !**/*.map
• lib/analyze-action-post-helper.js.map is excluded by !**/*.map
• lib/analyze-action-post-helper.test.js.map is excluded by !**/*.map
• lib/analyze-action-post.js.map is excluded by !**/*.map
• lib/analyze-action.js.map is excluded by !**/*.map
• lib/analyze.js.map is excluded by !**/*.map
• lib/analyze.test.js.map is excluded by !**/*.map
• lib/api-client.js.map is excluded by !**/*.map
• lib/api-client.test.js.map is excluded by !**/*.map
• lib/autobuild-action.js.map is excluded by !**/*.map
• lib/autobuild.js.map is excluded by !**/*.map
• lib/caching-utils.js.map is excluded by !**/*.map
• lib/cli-errors.js.map is excluded by !**/*.map
• lib/codeql.js.map is excluded by !**/*.map
• lib/codeql.test.js.map is excluded by !**/*.map
• lib/config-utils.js.map is excluded by !**/*.map
• lib/config-utils.test.js.map is excluded by !**/*.map
• lib/database-upload.js.map is excluded by !**/*.map
• lib/database-upload.test.js.map is excluded by !**/*.map
• lib/debug-artifacts.js.map is excluded by !**/*.map
• lib/debug-artifacts.test.js.map is excluded by !**/*.map
• lib/dependency-caching.js.map is excluded by !**/*.map
• lib/diff-filtering-utils.js.map is excluded by !**/*.map
• lib/doc-url.js.map is excluded by !**/*.map
• lib/environment.js.map is excluded by !**/*.map
• lib/feature-flags.js.map is excluded by !**/*.map
• lib/feature-flags.test.js.map is excluded by !**/*.map
• lib/fingerprints.js.map is excluded by !**/*.map
• lib/fingerprints.test.js.map is excluded by !**/*.map
• lib/git-utils.js.map is excluded by !**/*.map
• lib/git-utils.test.js.map is excluded by !**/*.map
• lib/init-action-post-helper.js.map is excluded by !**/*.map
• lib/init-action-post-helper.test.js.map is excluded by !**/*.map
• lib/init-action-post.js.map is excluded by !**/*.map
• lib/init-action.js.map is excluded by !**/*.map
• lib/init.js.map is excluded by !**/*.map
• lib/init.test.js.map is excluded by !**/*.map
• lib/languages.js.map is excluded by !**/*.map
• lib/languages.test.js.map is excluded by !**/*.map
• lib/logging.js.map is excluded by !**/*.map
• lib/resolve-environment-action.js.map is excluded by !**/*.map
• lib/resolve-environment.js.map is excluded by !**/*.map
• lib/setup-codeql.js.map is excluded by !**/*.map
• lib/setup-codeql.test.js.map is excluded by !**/*.map
• lib/start-proxy-action-post.js.map is excluded by !**/*.map
• lib/start-proxy-action.js.map is excluded by !**/*.map
• lib/start-proxy.js.map is excluded by !**/*.map
• lib/start-proxy.test.js.map is excluded by !**/*.map
• lib/status-report.js.map is excluded by !**/*.map
• lib/status-report.test.js.map is excluded by !**/*.map
• lib/tar.js.map is excluded by !**/*.map
• lib/testing-utils.js.map is excluded by !**/*.map
• lib/tools-download.js.map is excluded by !**/*.map
• lib/tools-features.js.map is excluded by !**/*.map
• lib/tracer-config.js.map is excluded by !**/*.map
• lib/tracer-config.test.js.map is excluded by !**/*.map
• lib/trap-caching.js.map is excluded by !**/*.map
• lib/trap-caching.test.js.map is excluded by !**/*.map
• lib/upload-lib.js.map is excluded by !**/*.map
• lib/upload-lib.test.js.map is excluded by !**/*.map
• lib/upload-sarif-action-post-helper.js.map is excluded by !**/*.map
• lib/upload-sarif-action-post.js.map is excluded by !**/*.map
• lib/upload-sarif-action.js.map is excluded by !**/*.map
• lib/util.js.map is excluded by !**/*.map
• lib/util.test.js.map is excluded by !**/*.map
• lib/workflow.js.map is excluded by !**/*.map
• lib/workflow.test.js.map is excluded by !**/*.map
• node_modules/.bin/crc32 is excluded by !**/node_modules/**
• node_modules/.bin/dot-object is excluded by !**/node_modules/**
• node_modules/.bin/fxparser is excluded by !**/node_modules/**
• node_modules/.bin/glob is excluded by !**/node_modules/**
• node_modules/.bin/is-docker is excluded by !**/node_modules/**
• node_modules/.bin/is-inside-container is excluded by !**/node_modules/**
• node_modules/.bin/mkdirp is excluded by !**/node_modules/**
• node_modules/.bin/protoc is excluded by !**/node_modules/**
• node_modules/.bin/protoc-gen-dump is excluded by !**/node_modules/**
• node_modules/.bin/protoc-gen-ts is excluded by !**/node_modules/**
• node_modules/.bin/protoc-gen-twirp_ts is excluded by !**/node_modules/**
• node_modules/.bin/update-browserslist-db is excluded by !**/node_modules/**
• node_modules/.bin/uuid is excluded by !**/node_modules/**
• node_modules/.package-lock.json is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/LICENSE.md is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/README.md is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/artifact-client.d.ts is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/artifact-client.js is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/artifact-client.js.map is excluded by !**/node_modules/**, !**/*.map
• node_modules/@actions/artifact-legacy/lib/internal/artifact-client.d.ts is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/artifact-client.js is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/artifact-client.js.map is excluded by !**/node_modules/**, !**/*.map
• node_modules/@actions/artifact-legacy/lib/internal/config-variables.d.ts is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/config-variables.js is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/config-variables.js.map is excluded by !**/node_modules/**, !**/*.map
• node_modules/@actions/artifact-legacy/lib/internal/contracts.d.ts is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/contracts.js is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/contracts.js.map is excluded by !**/node_modules/**, !**/*.map
• node_modules/@actions/artifact-legacy/lib/internal/crc64.d.ts is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/crc64.js is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/crc64.js.map is excluded by !**/node_modules/**, !**/*.map
• node_modules/@actions/artifact-legacy/lib/internal/download-http-client.d.ts is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/download-http-client.js is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/download-http-client.js.map is excluded by !**/node_modules/**, !**/*.map
• node_modules/@actions/artifact-legacy/lib/internal/download-options.d.ts is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/download-options.js is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/download-options.js.map is excluded by !**/node_modules/**, !**/*.map
• node_modules/@actions/artifact-legacy/lib/internal/download-response.d.ts is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/download-response.js is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/download-response.js.map is excluded by !**/node_modules/**, !**/*.map
• node_modules/@actions/artifact-legacy/lib/internal/download-specification.d.ts is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/download-specification.js is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/download-specification.js.map is excluded by !**/node_modules/**, !**/*.map
• node_modules/@actions/artifact-legacy/lib/internal/http-manager.d.ts is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/http-manager.js is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/http-manager.js.map is excluded by !**/node_modules/**, !**/*.map
• node_modules/@actions/artifact-legacy/lib/internal/path-and-artifact-name-validation.d.ts is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/path-and-artifact-name-validation.js is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/path-and-artifact-name-validation.js.map is excluded by !**/node_modules/**, !**/*.map
• node_modules/@actions/artifact-legacy/lib/internal/requestUtils.d.ts is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/requestUtils.js is excluded by !**/node_modules/**
• node_modules/@actions/artifact-legacy/lib/internal/requestUtils.js.map is excluded by !**/node_modules/**, !**/*.map

📒 Files selected for processing (137)

• .eslintignore (0 hunks)
• .github/actions/check-codescanning-config/action.yml (1 hunks)
• .github/actions/check-codescanning-config/index.ts (1 hunks)
• .github/actions/prepare-test/action.yml (3 hunks)
• .github/actions/setup-swift/action.yml (2 hunks)
• .github/codeql/codeql-actions-config.yml (1 hunks)
• .github/dependabot.yml (1 hunks)
• .github/releases.ini (1 hunks)
• .github/workflows/__all-platform-bundle.yml (2 hunks)
• .github/workflows/__analyze-ref-input.yml (2 hunks)
• .github/workflows/__autobuild-action.yml (2 hunks)
• .github/workflows/__autobuild-direct-tracing-with-working-dir.yml (1 hunks)
• .github/workflows/__autobuild-direct-tracing.yml (2 hunks)
• .github/workflows/__build-mode-autobuild.yml (2 hunks)
• .github/workflows/__build-mode-manual.yml (2 hunks)
• .github/workflows/__build-mode-none.yml (2 hunks)
• .github/workflows/__build-mode-rollback.yml (2 hunks)
• .github/workflows/__cleanup-db-cluster-dir.yml (1 hunks)
• .github/workflows/__config-export.yml (4 hunks)
• .github/workflows/__config-input.yml (2 hunks)
• .github/workflows/__cpp-deptrace-disabled.yml (2 hunks)
• .github/workflows/__cpp-deptrace-enabled-on-macos.yml (2 hunks)
• .github/workflows/__cpp-deptrace-enabled.yml (2 hunks)
• .github/workflows/__diagnostics-export.yml (5 hunks)
• .github/workflows/__export-file-baseline-information.yml (4 hunks)
• .github/workflows/__extract-direct-to-toolcache.yml (1 hunks)
• .github/workflows/__extractor-ram-threads.yml (2 hunks)
• .github/workflows/__go-custom-queries.yml (2 hunks)
• .github/workflows/__go-indirect-tracing-workaround-diagnostic.yml (2 hunks)
• .github/workflows/__go-indirect-tracing-workaround-no-file-program.yml (2 hunks)
• .github/workflows/__go-indirect-tracing-workaround.yml (2 hunks)
• .github/workflows/__go-tracing-autobuilder.yml (2 hunks)
• .github/workflows/__go-tracing-custom-build-steps.yml (2 hunks)
• .github/workflows/__go-tracing-legacy-workflow.yml (2 hunks)
• .github/workflows/__init-with-registries.yml (2 hunks)
• .github/workflows/__javascript-source-root.yml (2 hunks)
• .github/workflows/__job-run-uuid-sarif.yml (1 hunks)
• .github/workflows/__language-aliases.yml (2 hunks)
• .github/workflows/__multi-language-autodetect.yml (4 hunks)
• .github/workflows/__packaging-codescanning-config-inputs-js.yml (4 hunks)
• .github/workflows/__packaging-config-inputs-js.yml (4 hunks)
• .github/workflows/__packaging-config-js.yml (4 hunks)
• .github/workflows/__packaging-inputs-js.yml (4 hunks)
• .github/workflows/__remote-config.yml (2 hunks)
• .github/workflows/__resolve-environment-action.yml (4 hunks)
• .github/workflows/__rubocop-multi-language.yml (2 hunks)
• .github/workflows/__ruby.yml (3 hunks)
• .github/workflows/__rust.yml (1 hunks)
• .github/workflows/__split-workflow.yml (3 hunks)
• .github/workflows/__start-proxy.yml (1 hunks)
• .github/workflows/__submit-sarif-failure.yml (2 hunks)
• .github/workflows/__swift-autobuild.yml (1 hunks)
• .github/workflows/__swift-custom-build.yml (2 hunks)
• .github/workflows/__test-autobuild-working-dir.yml (2 hunks)
• .github/workflows/__test-local-codeql.yml (3 hunks)
• .github/workflows/__test-proxy.yml (2 hunks)
• .github/workflows/__unset-environment.yml (2 hunks)
• .github/workflows/__upload-ref-sha-input.yml (3 hunks)
• .github/workflows/__with-checkout-path.yml (2 hunks)
• .github/workflows/__zstd-bundle-streaming.yml (1 hunks)
• .github/workflows/__zstd-bundle.yml (1 hunks)
• .github/workflows/check-expected-release-files.yml (1 hunks)
• .github/workflows/codeql.yml (4 hunks)
• .github/workflows/codescanning-config-cli.yml (1 hunks)
• .github/workflows/debug-artifacts-failure-safe.yml (1 hunks)
• .github/workflows/debug-artifacts-failure.yml (0 hunks)
• .github/workflows/debug-artifacts-safe.yml (1 hunks)
• .github/workflows/debug-artifacts.yml (0 hunks)
• .github/workflows/expected-queries-runs.yml (1 hunks)
• .github/workflows/post-release-mergeback.yml (3 hunks)
• .github/workflows/pr-checks.yml (4 hunks)
• .github/workflows/publish-immutable-action.yml (1 hunks)
• .github/workflows/python312-windows.yml (2 hunks)
• .github/workflows/query-filters.yml (1 hunks)
• .github/workflows/rebuild.yml (2 hunks)
• .github/workflows/script/check-js.sh (1 hunks)
• .github/workflows/script/prepare_changelog.py (1 hunks)
• .github/workflows/script/update-required-checks.sh (1 hunks)
• .github/workflows/test-codeql-bundle-all.yml (2 hunks)
• .github/workflows/update-bundle.yml (1 hunks)
• .github/workflows/update-dependencies.yml (1 hunks)
• .github/workflows/update-release-branch.yml (4 hunks)
• .github/workflows/update-supported-enterprise-server-versions.yml (2 hunks)
• .gitignore (1 hunks)
• .pre-commit-config.yaml (1 hunks)
• CHANGELOG.md (2 hunks)
• CONTRIBUTING.md (4 hunks)
• README.md (1 hunks)
• action.yml (1 hunks)
• actions-extractor/codeql-extractor.yml (1 hunks)
• actions-extractor/tools/autobuild-impl.ps1 (1 hunks)
• actions-extractor/tools/autobuild.cmd (1 hunks)
• actions-extractor/tools/autobuild.sh (1 hunks)
• analyze/action.yml (3 hunks)
• autobuild/action.yml (1 hunks)
• init/action.yml (1 hunks)
• justfile (1 hunks)
• lib/actions-util.js (3 hunks)
• lib/actions-util.test.js (0 hunks)
• lib/analyze-action-env.test.js (4 hunks)
• lib/analyze-action-input.test.js (4 hunks)
• lib/analyze-action-post-helper.js (0 hunks)
• lib/analyze-action-post-helper.test.js (0 hunks)
• lib/analyze-action-post.js (1 hunks)
• lib/analyze-action.js (12 hunks)
• lib/analyze.js (8 hunks)
• lib/analyze.test.js (4 hunks)
• lib/api-client.js (4 hunks)
• lib/api-client.test.js (1 hunks)
• lib/api-compatibility.json (1 hunks)
• lib/autobuild-action.js (3 hunks)
• lib/autobuild.js (5 hunks)
• lib/caching-utils.js (1 hunks)
• lib/cli-errors.js (8 hunks)
• lib/codeql.js (28 hunks)
• lib/codeql.test.js (21 hunks)
• lib/config-utils.js (11 hunks)
• lib/config-utils.test.js (5 hunks)
• lib/database-upload.js (2 hunks)
• lib/database-upload.test.js (8 hunks)
• lib/debug-artifacts.js (1 hunks)
• lib/debug-artifacts.test.js (1 hunks)
• lib/defaults.json (1 hunks)
• lib/dependency-caching.js (1 hunks)
• lib/diff-filtering-utils.js (1 hunks)
• lib/doc-url.js (1 hunks)
• lib/environment.js (2 hunks)
• lib/feature-flags.js (6 hunks)
• lib/feature-flags.test.js (4 hunks)
• lib/fingerprints.js (3 hunks)
• lib/fingerprints.test.js (1 hunks)
• lib/git-utils.js (1 hunks)
• lib/git-utils.test.js (1 hunks)
• lib/init-action-post-helper.js (4 hunks)
• lib/init-action-post-helper.test.js (4 hunks)
• lib/init-action-post.js (2 hunks)
• lib/init-action.js (12 hunks)

💤 Files with no reviewable changes (6)

• .eslintignore
• lib/actions-util.test.js
• lib/analyze-action-post-helper.test.js
• lib/analyze-action-post-helper.js
• .github/workflows/debug-artifacts.yml
• .github/workflows/debug-artifacts-failure.yml

✅ Files skipped from review due to trivial changes (14)

• .github/workflows/script/check-js.sh
• .github/codeql/codeql-actions-config.yml
• lib/defaults.json
• .github/releases.ini
• autobuild/action.yml
• actions-extractor/tools/autobuild.cmd
• .github/workflows/__cleanup-db-cluster-dir.yml
• .github/workflows/__start-proxy.yml
• .github/actions/setup-swift/action.yml
• .github/workflows/__job-run-uuid-sarif.yml
• action.yml
• .github/workflows/__zstd-bundle-streaming.yml
• .github/workflows/__swift-autobuild.yml
• .gitignore

🧰 Additional context used

🪛 Biome (1.9.4)

lib/doc-url.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

lib/analyze-action-env.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/fingerprints.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/init-action-post.js

[error] 33-33: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/api-client.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/diff-filtering-utils.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze-action-input.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/git-utils.test.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/database-upload.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/autobuild-action.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/dependency-caching.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/config-utils.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/debug-artifacts.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/api-client.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/caching-utils.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/database-upload.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze-action-post.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/init-action-post-helper.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/codeql.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/actions-util.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/debug-artifacts.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/feature-flags.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/fingerprints.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/autobuild.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/init-action-post-helper.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/codeql.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/git-utils.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze-action.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 167-167: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 168-168: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 169-169: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

lib/feature-flags.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 318-318: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

lib/init-action.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/config-utils.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/cli-errors.js

[error] 140-140: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

---

[error] 144-144: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

---

[error] 176-176: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

---

[error] 232-232: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

---

[error] 233-233: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

🪛 YAMLlint (1.35.1)

.github/dependabot.yml

[error] 19-19: trailing spaces

(trailing-spaces)

.github/workflows/test-codeql-bundle-all.yml

[error] 46-46: trailing spaces

(trailing-spaces)

🪛 actionlint (1.7.4)

.github/workflows/publish-immutable-action.yml

20-20: shellcheck reported issue in this script: SC2086:info:4:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

20-20: shellcheck reported issue in this script: SC2086:info:7:37: Double quote to prevent globbing and word splitting

(shellcheck)

.github/workflows/__test-proxy.yml

52-52: env should not be empty. please remove this section if it's unnecessary

(syntax-check)

.github/workflows/post-release-mergeback.yml

120-120: shellcheck reported issue in this script: SC2086:info:1:80: Double quote to prevent globbing and word splitting

(shellcheck)

---

120-120: shellcheck reported issue in this script: SC2086:info:4:5: Double quote to prevent globbing and word splitting

(shellcheck)

.github/workflows/__autobuild-direct-tracing-with-working-dir.yml

68-68: shellcheck reported issue in this script: SC2236:style:1:7: Use -n instead of ! -z

(shellcheck)

🪛 LanguageTool

README.md

[uncategorized] ~21-~21: Do not mix variants of the same word (‘analyse’ and ‘analyze’) within a single text.
Context: ...tory also allow you to upload to GitHub analyses generated by any SARIF-producing SAST t...

(EN_WORD_COHERENCY)

---

[uncategorized] ~23-~23: Do not mix variants of the same word (‘analyse’ and ‘analyze’) within a single text.
Context: ...roducing SAST tool. Actions for CodeQL analyses: - init: Sets up CodeQL for analysis...

(EN_WORD_COHERENCY)

---

[uncategorized] ~25-~25: Loose punctuation mark.
Context: ... Actions for CodeQL analyses: - init: Sets up CodeQL for analysis. For inform...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~26-~26: Loose punctuation mark.
Context: .../blob/main/init/action.yml). - analyze: Finalizes the CodeQL database, runs the...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~28-~28: Do not mix variants of the same word (‘analyse’ and ‘analyze’) within a single text.
Context: ...yze/action.yml). Actions for uploading analyses generated by third-party tools: - `upl...

(EN_WORD_COHERENCY)

---

[uncategorized] ~30-~30: Loose punctuation mark.
Context: ... by third-party tools: - upload-sarif: Uploads a SARIF file to Code Scanning. ...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~34-~34: Loose punctuation mark.
Context: ...kely to be used directly: - autobuild: Attempts to automatically build the cod...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~35-~35: Loose punctuation mark.
Context: ...ild/action.yml). - resolve-environment: [Experimental] Attempts to infer a buil...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~36-~36: Loose punctuation mark.
Context: ...environment/action.yml). - start-proxy: [Experimental] Start the HTTP proxy ser...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~46-~46: Loose punctuation mark.
Context: ...The available build modes are: - none: The database will be created without bu...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~47-~47: Loose punctuation mark.
Context: ...d some compiled languages. - autobuild: The database will be created by attempt...

(UNLIKELY_OPENING_PUNCTUATION)

---

[style] ~47-~47: Style-wise, it’s not ideal to insert an adverb (‘automatically’) in the middle of an infinitive construction (‘to build’). Try moving the adverb to avoid split infinitives.
Context: ...build`: The database will be created by attempting to automatically build the source code. Available for all compiled languages. ...

(SPLIT_INFINITIVE)

---

[uncategorized] ~48-~48: Loose punctuation mark.
Context: ...e for all compiled languages. - manual: The database will be created by buildin...

(UNLIKELY_OPENING_PUNCTUATION)

---

[style] ~69-~69: This is not the usual sequence for adjectives that have no special emphasis.
Context: ...Enterprise Server We typically release new minor versions of the CodeQL Action and Bundl...

(EN_ADJ_ORDER)

---

[style] ~69-~69: This is not the usual sequence for adjectives that have no special emphasis.
Context: ... of the CodeQL Action and Bundle when a new minor version of GitHub Enterprise Server (GH...

(EN_ADJ_ORDER)

CHANGELOG.md

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.10 - 21 Feb 2025 - U...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

---

[typographical] ~22-~22: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~24-~24: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~26-~26: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

---

[typographical] ~30-~30: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~34-~34: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~36-~36: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~38-~38: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~46-~46: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

---

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~60-~60: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

---

[style] ~64-~64: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

---

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

---

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~77-~77: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~81-~81: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~83-~83: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~85-~85: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~87-~87: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

---

[style] ~89-~89: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

---

[typographical] ~91-~91: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

---

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~102-~102: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~104-~104: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~106-~106: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[typographical] ~114-~114: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[typographical] ~123-~123: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

---

[style] ~125-~125: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

---

[typographical] ~127-~127: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~129-~129: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~131-~131: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~135-~135: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~139-~139: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~143-~143: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[typographical] ~147-~147: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~160-~160: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~162-~162: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~164-~164: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~169-~169: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~177-~177: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~184-~184: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~189-~189: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~194-~194: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~198-~198: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~203-~203: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~207-~207: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

CONTRIBUTING.md

[uncategorized] ~30-~30: It appears that hyphens are missing in the adjective “up-to-date”.
Context: ...f any of the compiled artifacts are not up to date. Compiled artifacts are stored in the `...

(UP_TO_DATE_HYPHEN)

---

[style] ~79-~79: Consider a shorter alternative to avoid wordiness.
Context: ...ently supported major version branches, in order to maintain the same set of names for requ...

(IN_ORDER_TO_PREMIUM)

---

[uncategorized] ~105-~105: The preposition ‘for’ seems more likely in this position.
Context: ... the release process automation listens to updates to the release branch for the n...

(AI_HYDRA_LEO_REPLACE_TO_FOR)

---

[uncategorized] ~110-~110: The preposition “of” seems more likely in this position.
Context: ... major version deprecation for examples on which parts of the documentation should...

(AI_EN_LECTOR_REPLACEMENT_PREPOSITION)

🪛 Ruff (0.8.2)

.github/workflows/script/prepare_changelog.py

20-20: Loop control variable i not used within loop body

Rename unused i to _i

(B007)

🔇 Additional comments (485)

.github/workflows/query-filters.yml (2)

23-24: Appropriate permissions restriction added.

The PR properly adds explicit content read permissions to the workflow, following security best practices by applying the principle of least privilege. This change ensures the workflow only has the necessary access to repository contents.

---

32-32: Version parameter updated from 'latest' to 'linked'.

Changing from latest to linked improves workflow stability and consistency by using a specific linked version rather than always pulling the latest version, which might introduce unexpected changes.

lib/api-compatibility.json (1)

1-1:

Details

❓ Verification inconclusive

API compatibility range updated.

The compatible API version range has been updated:

• maximumVersion increased from "3.13" to "3.17"
• minimumVersion increased from "3.9" to "3.12"

This change keeps the action compatible with newer API versions while removing support for older, potentially outdated versions.

---

🏁 Script executed:

#!/bin/bash
# Check current CodeQL API versions
echo "Checking for documentation or changelog entry for CodeQL version 3.17..."
rg -i "version 3.17|codeql 3.17" -g "**/*.md"

echo "Checking for references to new minimum version..."
rg -i "minimum.*version.*3.12|3.12.*minimum" -g "**/*.md"

Length of output: 371

---

API compatibility update – Further Manual Verification Recommended

The API compatibility range in lib/api-compatibility.json has been updated as follows:

• maximumVersion increased from "3.13" to "3.17"
• minimumVersion increased from "3.9" to "3.12"

While the intended changes align with the goal of supporting newer CodeQL API versions and deprecating older ones, our automated search for references (documentation/changelog entries) for these version changes returned no matches. Please manually verify that any related documentation or changelog entries are updated accordingly.

lib/doc-url.js (3)

1-1: Remove redundant "use strict" directive.

In ES6 modules, the "use strict" directive is unnecessary because modules are always in strict mode.

-"use strict";

🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

8-16: Documentation URL constants centralized - good practice.

Creating a centralized enum for documentation URLs is a good practice that:

1. Ensures consistency across the codebase
2. Makes it easier to update URLs if documentation paths change
3. Improves code readability by using descriptive enum names

These documentation links cover key areas like permissions, troubleshooting, and environment variables.

---

16-16: Refactor to avoid assignment within an expression.

Assignments within expressions can be confusing. Consider separating the assignment from the expression.

-})(DocUrl || (exports.DocUrl = DocUrl = {}));
+})(DocUrl || (exports.DocUrl = (DocUrl = {})));

.github/workflows/expected-queries-runs.yml (3)

25-27: Appropriate permission restrictions added.

The PR properly adds explicit permissions to the workflow, restricting it to only read access for contents and security-events. This follows the principle of least privilege, which is a security best practice for GitHub Actions workflows.

---

35-35: Version parameter updated from 'latest' to 'linked'.

Changing from latest to linked improves workflow stability and consistency by using a specific linked version rather than always pulling the latest version, which might introduce unexpected changes.

---

40-43: Simplified analyze step configuration.

The analyze step configuration has been simplified by removing the upload-database and upload parameters, streamlining the analysis process while maintaining the necessary output specification.

.github/workflows/rebuild.yml (2)

14-16: Permissions Block Update for the Rebuild Job

The addition of the permissions block with contents: write and pull-requests: write ensures that the rebuild job can push commits and comment on the PR as intended. This explicit declaration improves clarity and aligns with the overall workflow strategy.

---

75-76: Improved Git Commit Process

Splitting the commit sequence into git add --all and git commit -m "Rebuild" enhances transparency in what is being committed compared to the compact -am form. This change makes the commit process clearer and may help in debugging unexpected file changes.

.github/workflows/update-dependencies.yml (1)

12-14: Permissions Block Update for the Update Dependencies Job

The new permissions—contents: write and pull-requests: write—enable the job to push updated dependencies and interact with the pull request. This change is consistent with similar updates across the workflows and looks well implemented.

.pre-commit-config.yaml (2)

4-8: Reintroduction of the lint-ts Hook

Reinstating the lint-ts hook with the command npm run lint -- --fix ensures TypeScript files are linted as expected, especially following the removal of the .eslintignore file. Please verify that this change does not lead to unintended lint errors in files previously excluded.

---

19-19: Updated pr-checks-sync Hook Entry

Switching the hook entry from python3 pr-checks/sync.py to pr-checks/sync.sh shifts the execution to a shell script. Confirm that the new script meets the desired behavior for synchronizing PR check workflows.

.github/workflows/update-bundle.yml (1)

20-22: Permissions Block Update for the Update Bundle Job

The added permissions (contents: write and pull-requests: write) are necessary for pushing commits and creating pull requests when updating the default CodeQL bundle. This update is in line with other workflow modifications and appears robust.

.github/workflows/__autobuild-direct-tracing.yml (3)

31-33: Matrix Strategy Update for OS Versions

Updating the matrix entries to use version: linked for both Ubuntu and Windows runners standardizes the build version for these environments. Please ensure that this change is compatible with the rest of the testing infrastructure.

---

40-41: Adjusted Security Events Permission

Changing the security-events permission from write to read adheres to the principle of least privilege. This adjustment reduces potential risk while still providing the necessary read access.

---

53-53: Addition of the setup-kotlin Parameter

Adding setup-kotlin: 'true' to the Prepare test step supports Kotlin integration in the workflow. Verify that all downstream processes correctly interpret and act upon this new parameter.

.github/workflows/python312-windows.yml (3)

17-18: Good addition of test mode environment variable.

Setting CODEQL_ACTION_TEST_MODE to true explicitly indicates that this workflow is running in test mode, improving clarity and maintainability.

---

20-21: Security improvement through explicit permissions.

Following the principle of least privilege by explicitly setting read-only permissions for repository contents is a good security practice.

---

39-39: Tools parameter changed from 'latest' to 'linked'.

This change from using "latest" to "linked" for the tools parameter aligns with the standardization effort across workflows and reflects the updated versioning strategy for CodeQL tools.

actions-extractor/codeql-extractor.yml (3)

1-4: Well-structured metadata for the GitHub Actions extractor.

The configuration properly defines the extractor's name, display name, and version, establishing a clear identity for this CodeQL component.

---

12-18: Appropriate file type configuration for GitHub Actions workflows.

The file type configuration correctly identifies GitHub Actions workflow files with their common extensions (.yml and .yaml), providing clear targeting for the extractor.

---

26-44: Well-designed TRAP cache configuration options.

The TRAP cache options are properly structured with clear descriptions, appropriate types, and validation patterns for numeric and boolean values, enabling flexible caching behavior.

actions-extractor/tools/autobuild.sh (4)

3-3: Good shell scripting practice with strict error handling.

Setting set -eu ensures the script exits immediately on errors and treats unset variables as errors, which helps prevent silent failures and makes debugging easier.

---

5-12: Well-defined default path filters for GitHub Actions files.

The default path filters appropriately target GitHub Actions workflow files and action definitions while excluding other files, which focuses the analysis on relevant content.

---

14-20: Proper handling of custom path filters.

The script checks for user-defined path filters before applying defaults, allowing for customization while providing sensible defaults when needed.

---

33-39: Effective environment variable forwarding.

The script correctly forwards all relevant environment variables from the Actions extractor to the JavaScript extractor, ensuring consistent configuration across both extractors.

.github/workflows/script/update-required-checks.sh (1)

30-31: Improved check filtering logic.

The updated logic now excludes ESLint checks and skips check runs with a "skipped" conclusion, which are good improvements. This ensures that only relevant checks are considered as required status checks.

.github/workflows/codescanning-config-cli.yml (2)

26-29: Good security practice: explicit limited permissions.

Adding explicit permission settings with read-only access follows the principle of least privilege, improving security by ensuring the job only has the minimum permissions required.

---

36-38: Version strategy changed from 'latest' to 'linked'.

The version specification has been updated from 'latest' to 'linked', which should provide more consistent test results by using a specific version linked to each OS.

.github/workflows/publish-immutable-action.yml (1)

1-36: Good implementation of a conditional immutable action publisher.

This workflow effectively handles the publishing of immutable actions only for CodeQL Action releases (those with names starting with "v"), while skipping bundle releases. The workflow has appropriate permissions and a clear conditional logic.

🧰 Tools

🪛 actionlint (1.7.4)

20-20: shellcheck reported issue in this script: SC2086:info:4:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

20-20: shellcheck reported issue in this script: SC2086:info:7:37: Double quote to prevent globbing and word splitting

(shellcheck)

actions-extractor/tools/autobuild-impl.ps1 (3)

1-14: Good implementation of default path filters.

The script sensibly checks for existing path filters before applying defaults, and the default filters are appropriately focused on GitHub Actions workflow files.

---

16-23: Robust JavaScript extractor resolution.

The script correctly resolves the JavaScript extractor path using the CodeQL CLI and includes appropriate error handling.

---

29-36: Well-structured environment variable propagation.

The script properly copies all necessary environment variables from the Actions extractor to the JavaScript extractor, ensuring consistent configuration across extractors.

lib/init-action-post.js (2)

58-59: LGTM - Restoring inputs from init Action

Good addition of a comment explaining what the function call is doing.

---

68-70: LGTM - Improved error handling for config

The improved handling for the case when config is defined looks good.

.github/workflows/test-codeql-bundle-all.yml (1)

30-30:

Details

❓ Verification inconclusive

Verify impact of changing security-events permission from write to read

The permission for security-events has been changed from write to read, which might impact the workflow's ability to write security events. Please verify that this change is intentional and doesn't break any functionality.

---

🏁 Script executed:

#!/bin/bash
# Search for uses of security-events write permission in this repository
echo "Searching for security-events write permissions in workflow files..."
grep -r "security-events: write" --include="*.yml" .github/workflows/

Length of output: 537

---

Action Required: Verify the Changed Permission for Security Events

The change in .github/workflows/test-codeql-bundle-all.yml where security-events is now set to read contrasts with other workflow files that still use write. Notably:

• .github/workflows/pr-checks.yml uses security-events: write (required for uploading ESLint results)
• .github/workflows/codeql.yml and .github/workflows/__submit-sarif-failure.yml also retain the write permission

Please confirm whether the lower permission in the test-codeql-bundle-all workflow is an intentional security hardening measure or if it might inadvertently break functionality. If writing security events is required for proper operation, consider aligning this workflow with the rest of the repository.

.github/workflows/__autobuild-direct-tracing-with-working-dir.yml (2)

1-4: LGTM - Clear warning about auto-generated file

Good inclusion of a warning that this file is generated automatically and should not be modified directly.

---

53-53: LGTM - Setup Kotlin option added

Great addition of the setup-kotlin option, which aligns with the PR's objective of improving Kotlin support.

lib/feature-flags.test.js (4)

39-39: Export statement looks good.
Exporting initializeFeatures here allows for clearer referencing externally.

---

67-67: New Proxima test detected.
Adding a test covering Proxima ensures the environment-specific behavior is tested.

---

285-285: Clearer test name.
Renaming the test to "includes tag name" broadens clarity on how it checks the tag presence.

---

347-353: Naming convention validation.
This is a good addition to ensure non-legacy feature flags follow consistent naming.

CONTRIBUTING.md (3)

64-67: Release process steps.
The clarified steps for merging “Merge main into releases/v3” and subsequent backports improve transparency.

---

103-114: Guide for adding a major version is clear.
The step-by-step outline for introducing new major versions effectively documents best practices.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~105-~105: The preposition ‘for’ seems more likely in this position.
Context: ... the release process automation listens to updates to the release branch for the n...

(AI_HYDRA_LEO_REPLACE_TO_FOR)

---

[uncategorized] ~110-~110: The preposition “of” seems more likely in this position.
Context: ... major version deprecation for examples on which parts of the documentation should...

(AI_EN_LECTOR_REPLACEMENT_PREPOSITION)

---

115-115: New deprecation section.
This additional heading helps separate the major version deprecation from the CodeQL version deprecation steps.

.github/workflows/update-release-branch.yml (6)

25-26: Read-only content permissions.
Allowing only contents: read in the prepare job reduces exposure. Good minimal permissions principle.

---

68-70: Write permissions for PR creation.
Granting contents: write and pull-requests: write is necessary for opening the release PR.

---

112-112: Automation environment.
Defining environment: Automation helps isolate sensitive operations from standard pipeline runs.

---

122-124: Sensible fail-fast strategy.
Matrix with fail-fast: false ensures each target branch attempt is independent.

---

126-130: GitHub App token usage.
Using [email protected] secures the pull request actions. Good practice.

---

133-138: Token usage for checkout.
Switching to the GitHub App token for the checkout step ensures consistent authentication with the correct permissions.

lib/dependency-caching.js (3)

129-178: Upload condition checks.
Including detailed logs to clarify why caching is skipped (e.g., zero-sized caches) is excellent. Helps future debugging.

---

186-189: Prefix-based hashing.
Combining a language-specific prefix with a dynamic hash is a robust approach to avoid collisions between languages.

---

197-205: Custom prefix for advanced usage.
Allowing ENV-based prefix expansions can be helpful for specialized builds. Good forward-thinking design.

lib/codeql.test.js (31)

18-34: No concerns for auto-generated import logic.
This block appears to be standard TypeScript/JavaScript compilation output.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

39-39: Export statement seems fine.
No issues identified.

---

42-42: New import statement is clear.
No problems found.

---

63-63: Definition of NO_FEATURES.
This provides a stubbed features config for tests. No issues.

---

95-96: Environment variable usage in tests.
No concerns here.

---

108-110: Assertions for toolcache references.
The checks appear correct.

---

112-112: Additional assertion for result.toolsSource.
No issues found.

---

120-130: Verifying semantic version caching logic.
Looks good and ensures correct version handling.

---

137-140: Installing pinned bundle.
Implementation maintains correct test flow.

---

144-150: Duration integer checks in tests.
Correct approach to verifying numeric fields.

---

153-160: EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES addition.
Well-structured tests for multiple versions.

---

163-174: Test logic for explicit bundle requests.
Implementation is consistent with the rest of the test suite.

---

189-200: Toolcache usage checks.
No new specific concerns.

---

215-220: Checking final result properties.
Implementation is valid for test coverage.

---

239-244: Ensuring defaults.bundleVersion is used.
No issues.

---

260-265: Confirming successful download for 'latest' tools.
All logic looks correct.

---

296-304: assertDurationsInteger helper.
Ensures durations are integers. Good approach.

---

316-318: Additional test coverage for getExtraOptions.
No concerns.

---

338-340: Injected config verification.
Implementation aligns with test macro usage.

---

474-475: Stubbing version for databaseInitCluster test.
This approach is valid.

---

484-490: QL config file logic.
This covers the case for undefined qlconfig. Looks good.

---

533-536: Parameter checks in runTool test.
No new issues identified.

---

548-550: Handling insufficient permissions scenario.
Clear warning logic is included.

---

572-572: Autobuilder error detection start.
No issues located here.

---

584-584: Re-throw logic for autobuilder errors.
Seems appropriate.

---

586-590: Truncating lengthy autobuild errors.
Implementation is correct.

---

601-607: Handling fatal internal errors with messages.
This robust error capturing is good.

---

608-610: Extractor resolution stubs.
All good.

---

611-613: Additional test environment stubbing.
No concerns.

---

614-619: Throws if a fatal internal error is found.
Error summarization logic is valid.

---

621-627: Outputting last line of stderr if no fatal error.
Ensures meaningful context for debugging.

analyze/action.yml (3)

22-22: Updated cleanup-level description.
Redirecting to --cache-cleanup is consistent with the modern CLI usage.

---

37-41: Deprecated input with deprecationMessage.
Clearly communicates removal timeline and status.

---

77-77: Expanded token requirements.
This clarifies practice for GitHub’s built-in token usage.

.github/workflows/update-supported-enterprise-server-versions.yml (4)

13-16: Conditional job check and permissions update.
Allowing write to contents and pull-requests is correct for the intended workflow.

---

22-22: Upgrading to Python 3.13.
Ensure the runner environment fully supports Python 3.13 as it’s relatively new.

Would you like to confirm with a web query or pinned environment doc that 3.13 is stable on GitHub Actions?

---

29-29: Switching from SSH key to token for checkout.
This simplifies authentication handling.

---

60-61: Enhancing PR body formatting.
Use of $'\n\n' is valid for line break insertion.

lib/feature-flags.js (11)

18-34: No concerns for this import logic.
Likely auto-generated code again.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

36-36: Rearranged exports.
No issues found.

---

49-49: Declaring CODEQL_VERSION_ZSTD_BUNDLE.
No concerns – consistent version naming.

---

53-54: Additional doc comment lines.
Documentation clarity is good.

---

62-73: New or updated feature enum values.
Implementation is straightforward and aligns with feature-flag approach.

---

75-77: Configuration for CleanupTrapCaches and CppBuildModeNone.
No concerns.

---

82-88: ZstdBundleStreamingExtraction config.
Implementation consistent with main code.

---

92-101: DiffInformedQueries and DisableCsharpBuildless config.
Handled consistently in feature flags.

---

130-135: PythonDefaultIsToNotExtractStdlib feature.
No issues identified.

---

136-140: RustAnalysis minimum version usage.
Declaring 2.19.3 is appropriate.

---

353-354: Excluding flags for non-dotcom variants.
Ensures consistent gating.

init/action.yml (2)

139-142: New dependency caching control option

Good addition of the dependency-caching input parameter to allow users to explicitly control caching behavior of project build dependencies.

---

146-147: Useful new output for version identification

Adding the codeql-version output is helpful for diagnostics and tracking which version was used for analysis.

.github/workflows/check-expected-release-files.yml (1)

16-18: Enhanced security through explicit permission scoping

Adding explicit permissions that follow the principle of least privilege is a security best practice. This job only needs read access to contents, so limiting it appropriately is the right approach.

justfile (2)

1-17: Well-structured task organization

The new justfile provides a clean, hierarchical organization of build tasks with clear dependencies between them. This is a good practice for managing project workflows.

---

12-13:

Details

✅ Verification successful

Verify the PR checks script exists

Make sure the referenced script pr-checks/sync.sh exists and has executable permissions.

---

🏁 Script executed:

#!/bin/bash
# Check if the PR checks script exists and is executable
if [ -f "pr-checks/sync.sh" ]; then
  if [ -x "pr-checks/sync.sh" ]; then
    echo "✅ pr-checks/sync.sh exists and is executable"
  else
    echo "❌ pr-checks/sync.sh exists but is not executable"
    ls -la pr-checks/sync.sh
  fi
else
  echo "❌ pr-checks/sync.sh does not exist"
  ls -la pr-checks/ 2>/dev/null || echo "pr-checks directory not found"
fi

Length of output: 160

---

PR Checks Script Verification Passed
The referenced script pr-checks/sync.sh exists and has executable permissions. No further action is necessary.

.github/workflows/__autobuild-action.yml (3)

30-35: Updated version from 'latest' to 'linked' in matrix configuration

The change from 'latest' to 'linked' aligns with updates to the version input parameter descriptions elsewhere in the codebase, reflecting a shift in version specification strategy.

---

51-51: Added Kotlin setup parameter

The addition of the setup-kotlin: 'true' parameter aligns with the changes to the prepare-test action mentioned in the summaries. This ensures consistent Kotlin setup across the workflow.

---

39-39:

Details

❓ Verification inconclusive

Reduced permissions for security-events

Changing the permissions from 'write' to 'read' follows the principle of least privilege, which is a security best practice. Ensure this change doesn't affect any functionality that requires write access to security events.

---

🏁 Script executed:

#!/bin/bash
# Check if any other workflow files still use write permissions for security-events
echo "Checking for workflows that still use write permissions for security-events"
rg -l "security-events:\s+write" --glob "*.yml" .github/workflows/ || echo "No workflows found with write permissions for security-events"

Length of output: 335

---

Reduced security-events permissions require further review for consistency

In .github/workflows/__autobuild-action.yml, you've changed the permission from write to read on line 39, which aligns with the principle of least privilege. However, our verification found that several other workflow files still use security-events: write:

• .github/workflows/__submit-sarif-failure.yml
• .github/workflows/codeql.yml
• .github/workflows/pr-checks.yml

Please double-check that lowering the permission in __autobuild-action.yml does not inadvertently affect any functionality relying on write access. Also, consider whether these other workflows should be audited for consistency or if their higher permissions are necessary.

.github/workflows/__language-aliases.yml (3)

31-31: Version matrix change from 'latest' to 'linked'

Changing from 'latest' to 'linked' version indicates a move towards a more deterministic build process, which helps ensure consistent behavior across different runs.

---

47-47: Addition of Kotlin setup parameter

Adding the setup-kotlin: 'true' parameter aligns with the removal of the environment variable CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN mentioned in the summary, indicating a shift towards explicit Kotlin support configuration.

---

35-35:

Details

✅ Verification successful

Security permission downgrade from write to read

Reducing the permission level from write to read for security-events follows the principle of least privilege, which is a security best practice. Ensure this doesn't break any functionality that requires write access to security events.

---

🏁 Script executed:

#!/bin/bash
# Check for patterns that might require security-events:write permission
rg -A 3 -B 3 "security-events.*write" --type yaml

Length of output: 3649

---

Security Permissions Update Verified

The change in .github/workflows/__language-aliases.yml to use security-events: read adheres to the principle of least privilege for this workflow. Our repository scan confirms that this file does not appear to depend on write access, while other workflows (e.g. in pr-checks/checks/submit-sarif-failure.yml) still specify security-events: write where required. Please double-check that no future modifications in this workflow rely on write capabilities.

.github/workflows/__go-custom-queries.yml (3)

31-31: Version matrix change from 'latest' to 'linked'

Similar to the change in __language-aliases.yml, this change to use 'linked' provides more deterministic builds.

---

37-37: Security permission downgrade from write to read

As with __language-aliases.yml, reducing the permission level from write to read for security-events follows security best practices. Verify that this doesn't break functionality that requires write access.

---

49-49: Addition of Kotlin setup parameter

The addition of the setup-kotlin: 'true' parameter here maintains consistency with the changes in other workflow files, suggesting a coordinated update to how Kotlin is handled across the entire codebase.

lib/diff-filtering-utils.js (1)

41-43: File path isolation function

Good isolation of the file path logic in a separate function that can be reused by both write and read operations.

lib/analyze-action-env.test.js (4)

18-34: Updated importStar implementation

The updated __importStar function implementation includes a more robust property enumeration approach, which should lead to more reliable module imports.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

45-45: New gitUtils import

Added import for gitUtils aligns with the subsequent change to use gitUtils.isAnalyzingDefaultBranch instead of the same function from actionsUtil, indicating a refactoring of responsibilities.

---

65-65: Function call moved to gitUtils

Shifting the isAnalyzingDefaultBranch stub from actionsUtil to gitUtils reflects an improved separation of concerns, with git-related functionality now properly located in the git utilities module.

---

91-91: ESLint disable comment added

The added ESLint disable comment for the @typescript-eslint/no-require-imports rule is appropriate here since dynamic requires are sometimes necessary in tests, especially when testing module side effects.

.github/workflows/__build-mode-rollback.yml (2)

35-35: Improved security posture by reducing permissions.

You've decreased the permission level for security-events from write to read, which aligns with the principle of least privilege. This is a good security practice that minimizes potential attack surface.

---

47-47: Kotlin setup now explicitly required.

Adding setup-kotlin: 'true' parameter complements the removal of the CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN environment variable mentioned in the PR summary. This makes Kotlin setup more explicit and configurable.

.github/workflows/__cpp-deptrace-disabled.yml (3)

31-31: Version specification changed from 'latest' to 'linked'.

Switching from latest to linked provides more deterministic builds by using a specific version rather than always using the most recent one. This improves reproducibility and stability of the workflow.

---

39-39: Improved security posture by reducing permissions.

You've decreased the permission level for security-events from write to read, which aligns with the principle of least privilege. This is a good security practice.

---

51-51: Kotlin setup now explicitly required.

Adding setup-kotlin: 'true' parameter provides better control over the test environment configuration and makes Kotlin setup explicit.

lib/analyze-action-input.test.js (3)

18-34: Enhanced property handling in __importStar implementation.

The new implementation adds an ownKeys function that retrieves property names from an object, improving how properties are accessed during module imports. The implementation now handles both Object.getOwnPropertyNames and provides a fallback mechanism to ensure comprehensive property collection.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

45-45: Added import for gitUtils module.

This addition supports the functionality change on line 81 where methods are now referenced from the gitUtils module instead of actionsUtil.

---

81-81: Function reference updated from actionsUtil to gitUtils.

The isAnalyzingDefaultBranch function is now being stubbed from gitUtils instead of actionsUtil, reflecting a refactoring where this functionality has been moved to a more appropriate module.

.github/workflows/__build-mode-none.yml (3)

31-31: Version specification changed from 'latest' to 'linked'.

Switching from latest to linked provides more deterministic builds by using a specific version rather than always using the most recent one. This improves reproducibility and stability of the workflow.

---

37-37: Improved security posture by reducing permissions.

You've decreased the permission level for security-events from write to read, which aligns with the principle of least privilege. This is a good security practice that minimizes potential attack surface.

---

49-49: Kotlin setup now explicitly required.

Adding setup-kotlin: 'true' parameter provides better control over the test environment configuration and makes Kotlin setup explicit.

lib/autobuild-action.js (4)

18-34: Implementation of __importStar has been updated with explicit property key collection

This change enhances the way object property keys are collected from imported modules by using a more explicit approach with the ownKeys helper function. The implementation now ensures proper handling of various object types.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

88-88: The features parameter has been removed from the runAutobuild call

The function call has been simplified by removing the features parameter, which aligns with the broader changes in the codebase to streamline feature management.

---

93-93: The features parameter has been removed from the endTracingForCluster call

Similar to the runAutobuild change, this function call has been simplified by removing the features parameter.

---

109-109: Improved error message handling using the getErrorMessage utility

The error message in the runWrapper catch block now uses the getErrorMessage utility, which provides more consistent error formatting.

.github/workflows/__test-autobuild-working-dir.yml (3)

31-31: Matrix version updated from latest to linked

The version parameter has been changed from latest to linked, which appears to be part of a consistent change across multiple workflow files.

---

47-47: Added Kotlin setup to the test preparation

A new parameter setup-kotlin: 'true' has been added to the test preparation step, indicating that Kotlin support is now explicitly enabled during testing.

---

35-35:

Details

❓ Verification inconclusive

Security events permission changed from write to read

The permission for security-events has been downgraded from write to read. Verify that this doesn't affect the functionality of the workflow, as some security-related operations might require write permissions.

---

🏁 Script executed:

#!/bin/bash
# Check if any steps in the workflow might require write permissions to security-events

# Look for steps that typically need write permissions
grep -r "upload-sarif\|analyze" .github/workflows/__test-autobuild-working-dir.yml

Length of output: 118

---

Security events permission change – verify potential impact on the analyze action

The workflow now uses security-events: read, but we detected that the workflow invokes the custom analyze action (via ./../action/analyze). If this action relies on write permissions for any security event operations (e.g., updating SARIF reports), then the permission downgrade could introduce issues. Please double-check the implementation of the analyze action to ensure that it functions correctly with only read permissions.

• File: .github/workflows/__test-autobuild-working-dir.yml (line 35)
• Action to verify: ./../action/analyze (confirm its requirements regarding security events permissions)

.github/workflows/__upload-ref-sha-input.yml (3)

51-51: Added Kotlin setup to the test preparation

A new parameter setup-kotlin: 'true' has been added to the test preparation step, indicating that Kotlin support is now explicitly enabled during testing.

---

61-62: Comment formatting has been adjusted before the analyze step

The formatting of the comment has been changed slightly. The content remains the same.

---

39-39:

Details

✅ Verification successful

Security events permission changed from write to read

The permission for security-events has been downgraded from write to read. This might impact the ability to upload SARIF files, as that typically requires write permissions.

---

🏁 Script executed:

#!/bin/bash
# Check if this workflow attempts to upload SARIF data which would require write permissions

# Look for upload-sarif steps
grep -r "upload-sarif" .github/workflows/__upload-ref-sha-input.yml

# Check analyze steps with upload parameters
grep -r "upload: " .github/workflows/__upload-ref-sha-input.yml

Length of output: 261

---

Security events permission downgrade confirmed as safe for this workflow

The verification shows that although the workflow now uses security-events: read, the SARIF upload action is effectively disabled (with upload: never). This means that the reduced permission does not affect the workflow's current behavior. If SARIF upload functionality is enabled in the future, please ensure to adjust the permission accordingly.

.github/workflows/__init-with-registries.yml (2)

37-41: Matrix version updated from latest to linked for all OS platforms

The version parameter has been changed from latest to linked for Ubuntu, macOS, and Windows, which appears to be part of a consistent change across multiple workflow files.

---

64-64: Added Kotlin setup to the test preparation

A new parameter setup-kotlin: 'true' has been added to the test preparation step, indicating that Kotlin support is now explicitly enabled during testing.

.github/workflows/__analyze-ref-input.yml (2)

39-39: Permissions reduced following principle of least privilege

The permission for security-events has been changed from write to read. This follows the principle of least privilege by granting only the minimum access level required.

---

51-51: Kotlin setup support added

The addition of setup-kotlin: 'true' aligns with the broader changes across workflow files to support Kotlin analysis.

lib/git-utils.test.js (4)

49-52: Good test for edge case handling

This test properly verifies that the function throws an error when given an empty string, which is important for robustness.

---

53-66: Thorough test for PR reference handling

This test comprehensively verifies the behavior when handling merge PR references with matching SHA values.

---

137-150: Input validation tests are well structured

These tests properly ensure that the function validates its inputs correctly, confirming that both 'ref' and 'sha' inputs are required together.

Also applies to: 151-164

---

238-252: Great test coverage for file path decoding

Comprehensive test cases covering both quoted and unquoted strings, including various escape sequences, which is crucial for correctly handling Git file paths.

Also applies to: 253-267

.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml (3)

31-31: Version updated to default

Changed from a specific version (stable-v2.14.6) to the more maintainable default option, which will automatically use the latest stable version.

---

35-35: Permissions reduced following principle of least privilege

The permission for security-events has been changed from write to read. This follows security best practices by granting only the minimum necessary access.

---

47-47: Kotlin setup support added

The addition of setup-kotlin: 'true' is consistent with changes across other workflow files to standardize Kotlin analysis support.

.github/workflows/__config-input.yml (3)

31-31: Version changed to linked

Changed from latest to linked version, which likely ensures consistent tool versions across different parts of the workflow.

---

35-35: Permissions reduced following principle of least privilege

The permission for security-events has been changed from write to read. This enhances security by limiting permissions to only what's necessary.

---

47-47: Kotlin setup support added

The addition of setup-kotlin: 'true' aligns with the broader standardization of Kotlin analysis support across the codebase.

.github/workflows/__extract-direct-to-toolcache.yml (4)

1-5: Auto-generated header is correctly included.
The header and instructions clearly indicate that this file is generated automatically and should not be modified directly.

---

6-9: Workflow name and environment variables set appropriately.
Defining the workflow as "PR Check - Extract directly to toolcache" along with the necessary environment variables (GITHUB_TOKEN and GO111MODULE) is clear and correct.

---

10-24: Trigger events are well-specified.
The triggers (push, pull_request, schedule, and workflow_dispatch) cover the required branches and event types. No issues detected.

---

94-97: Final environment variables for the job are set consistently.
Setting CODEQL_ACTION_EXTRACT_TOOLCACHE and CODEQL_ACTION_TEST_MODE at the job level is a proper way to ensure downstream steps receive these flags.

.github/workflows/__build-mode-autobuild.yml (5)

1-5: Auto-generated file header confirmed.
The header provides the necessary directions regarding regeneration.

---

33-35: Updated job permissions enhance security.
Changing security-events permission from a higher privilege (write) to read-only follows the principle of least privilege.

---

41-47: Inclusion of Kotlin setup is explicit.
The addition of the setup-kotlin: 'true' input in the “Prepare test” step ensures that Kotlin is now explicitly configured. This aligns with your broader CI/CD updates.

---

48-53: Test repository preparation step review.
The commands under "Set up Java test repo configuration" move files as expected. Just verify that the relative paths and source contents match the repository structure for all scenarios.

🧰 Tools

🪛 actionlint (1.7.4)

49-49: shellcheck reported issue in this script: SC2035:info:1:4: Use ./glob or -- glob so names with dashes won't become options

(shellcheck)

---

54-72: Database initialization and validation steps are properly defined.
The steps to initialize with ./../action/init, validate the database build mode via parsing the YAML file, and ensure proper error reporting are implemented correctly.

.github/workflows/__build-mode-manual.yml (4)

1-5: Header section is appropriately auto-generated.
No issues with the header and instructions; they clearly state that the file is generated from templates.

---

33-35: Security permissions updated in manual build mode.
Changing the security-events permission to read helps restrict unnecessary write access and is in line with improved security practices.

---

41-47: Kotlin setup flag added consistently.
The addition of setup-kotlin: 'true' in the “Prepare test” step guarantees that Kotlin is explicitly configured in manual build mode.

---

48-63: Database build mode validation is executed correctly.
The steps that initialize the build and subsequently validate that the build mode is “manual” by parsing and checking the configuration file are clear and effective.

.github/actions/check-codescanning-config/action.yml (2)

60-67: Using environment variables in the "Check config" step enhances clarity.
Replacing direct input passing with the environment variable EXPECTED_CONFIG_FILE_CONTENTS makes the command invocation cleaner and separates configuration from command logic.

---

67-73: Cleanup step uses consistent environment variable usage.
Updating the cleanup commands to reference $RUNNER_TEMP instead of ${{ runner.temp }} ensures consistency throughout the workflow.

.github/workflows/__rust.yml (9)

1-5: Auto-generated header for Rust analysis workflow is in order.
The header instructions clearly state that the file should not be manually modified.

---

6-9: Workflow naming and environment variables are set correctly.
The workflow is aptly named "PR Check - Rust analysis" and key environment variables like GITHUB_TOKEN and GO111MODULE are configured properly.

---

10-23: Trigger configuration is consistent with other workflows.
The triggers (push, pull_request, schedule, and manual dispatch) are appropriately defined.

---

25-35: Matrix configuration covers multiple Rust versions.
Having multiple configurations for version (linked, default, nightly-latest) ensures comprehensive Rust analysis testing.

---

37-40: Job permissions are secured.
The permissions (contents: read and security-events: read) are set with minimal necessary access.

---

43-51: Repository checkout and test preparation are correctly implemented.
The checkout step and the subsequent “Prepare test” step using the custom action (with setup-kotlin: 'true' even for Rust) appear to be leveraging a unified test preparation routine. If Kotlin setup is shared among multiple languages, this is acceptable; otherwise, ensure it does not add unnecessary overhead for Rust analysis.

---

52-57: Initialization step is tailored for Rust analysis.
Specifying languages: rust and setting the environment variable CODEQL_ACTION_RUST_ANALYSIS: true ensure the initialization is configured for Rust.

---

58-62: Analysis step and database check are robust.
The analysis action is correctly set up, and the subsequent shell step properly retrieves the Rust database location from the analysis output. The conditional check confirms that the Rust database directory exists, which is essential for validating the analysis.

---

63-72: Job-level environment variables are consistently applied.
Finalizing the job with CODEQL_ACTION_TEST_MODE: true ensures that test mode is enabled for the entire workflow.

.github/workflows/__with-checkout-path.yml (3)

31-35: Version specification changed from 'latest' to 'linked'

The change from "latest" to "linked" appears to be part of a standardization effort across workflows. This creates more deterministic builds, which is generally a good practice to avoid unexpected behavior due to version changes.

---

51-51: Kotlin setup added

The addition of the setup-kotlin parameter aligns with the PR's focus on enhancing Kotlin support throughout the codebase.

---

39-39:

Details

✅ Verification successful

Security permission downgraded

The permission for security-events has been reduced from "write" to "read". Verify that this workflow doesn't require write permissions for security-events.

---

🏁 Script executed:

#!/bin/bash
# Check if this workflow uses any actions that might require security-events write permission
grep -r "upload-sarif" .github/workflows/__with-checkout-path.yml

Length of output: 65

---

Security permission downgrade verification:

The workflow file (.github/workflows/__with-checkout-path.yml) has been updated so that the security-events permission is now set to read rather than write. Our verification scripts did not find any instances of explicitly elevated permissions (i.e. no occurrences of "security-events: write" or references to actions such as actions/upload-sarif that typically require write access) in this workflow file.

Please ensure manually that no future steps or external integrations in this workflow require write access to security events before merging.

---

🏁 Script executed:

#!/bin/bash
# Verify that the workflow doesn't contain any instance of write permission on security-events 
# or usage of actions that might require elevated permissions (such as actions/upload-sarif).

echo "Searching for any explicit 'security-events: write' entries:"
grep -R "security-events: write" .github/workflows/__with-checkout-path.yml

echo -e "\nSearching for usage of 'actions/upload-sarif':"
grep -R "actions/upload-sarif" .github/workflows/__with-checkout-path.yml

Length of output: 403

---

Security Permission Check Passed

The workflow file (.github/workflows/__with-checkout-path.yml) now sets security-events to read, and our additional searches did not reveal any references to "security-events: write" or usage of actions like actions/upload-sarif that might require write permissions. Please double-check manually to ensure that no future steps depend on write access to security-events.

lib/environment.js (3)

46-52: Added new environment variables for version deprecation and SIP status

These environment variables enhance the functionality by tracking when version deprecation errors are logged and checking System Integrity Protection status on macOS.

---

58-59: Added environment variable for SARIF results output directory

This addition improves configuration flexibility by allowing the output directory for SARIF results to be specified via an environment variable.

---

85-95: Added environment variables for dependency caching

These additions provide alternative ways to configure dependency caching, which is especially useful for testing scenarios where multiple caches are needed in the same repository.

.github/workflows/__submit-sarif-failure.yml (4)

31-31: Version specification changed from 'latest' to 'linked'

The version change aligns with the standardization effort seen in other workflow files.

---

39-40: Added clarifying comment for security-events permission

Good documentation addition explaining why write permission is needed for security-events in this workflow.

---

52-52: Kotlin setup added

Similar to other workflow files, the setup-kotlin parameter has been added for consistent Kotlin support.

---

57-57: Updated tools parameter to use prepare-test output

This change ensures consistency in tool versions used throughout the workflow.

lib/database-upload.js (4)

36-36: Fixed exports statement

Changed from exports.uploadDatabases = void 0; to properly export the function.

---

41-41: Added import for gitUtils module

Indicates refactoring to move Git-related functionality to a specialized module.

---

49-52: Added test mode check

This improvement skips database upload when in test mode, which is appropriate for testing environments.

---

59-59:

Details

✅ Verification successful

Migrated from actionsUtil to gitUtils

Git-related functions have been moved from actionsUtil to a more specialized gitUtils module, improving code organization.

Also applies to: 83-83

---

🏁 Script executed:

#!/bin/bash
# Verify that the gitUtils functions have equivalent implementations to the original actionsUtil functions
echo "Checking isAnalyzingDefaultBranch implementation:"
grep -A 10 "isAnalyzingDefaultBranch" lib/git-utils.js

echo -e "\nChecking getCommitOid implementation:"
grep -A 10 "getCommitOid" lib/git-utils.js

echo -e "\nComparing with original actionsUtil implementations:"
grep -A 10 "isAnalyzingDefaultBranch\|getCommitOid" lib/actions-util.js

Length of output: 4357

---

Migration Verified: gitUtils Functions in Place
The verification confirms that the implementations for isAnalyzingDefaultBranch and getCommitOid now reside in lib/git-utils.js and no longer appear in lib/actions-util.js. This migration correctly centralizes Git-related functionality to the specialized gitUtils module. The changes in both line 59 and 83 of lib/database-upload.js are consistent with this update.

.github/workflows/__zstd-bundle.yml (1)

45-51: Confirm Kotlin Setup Configuration

The inclusion of setup-kotlin: 'true' in the "Prepare test" step is consistent with the broader integration of Kotlin across workflows. Please verify that downstream steps (such as tool initialization) work seamlessly with this configuration.

.github/workflows/__export-file-baseline-information.yml (3)

38-39: Review Permissions Update

The change of the security-events permission to read helps tighten security. Please ensure that this lower permission level does not adversely affect any functionality that might rely on write access if such operations are expected.

---

49-51: Addition of Kotlin Setup Step

Adding setup-kotlin: 'true' in the "Prepare test" step enforces a consistent Kotlin environment. Verify that any components previously relying on a Python setup are updated accordingly.

---

57-60: Validate Swift Setup Condition

The conditional execution of the Swift setup (for macOS only) appears well implemented. Please confirm that the action path (./../action/.github/actions/setup-swift) is correct and maintained for future updates.

.github/workflows/__all-platform-bundle.yml (3)

34-35: Permissions Update Review

Updating the security-events permission to read aligns with current security best practices. Make sure that this access level is sufficient for all operations within this workflow.

---

44-47: Kotlin Setup Integration

The addition of setup-kotlin: 'true' in the "Prepare test" step ensures consistency with the new Kotlin integration strategy. Confirm that this does not unintentionally impact any previous assumptions about the test environment.

---

51-52: Languages List Exclusion Note

The explicit listing of languages—excluding Swift for non-macOS scenarios—works well here. Please review that this exclusion is intentional and matches the capabilities of the target environments.

.github/workflows/__cpp-deptrace-enabled-on-macos.yml (2)

33-35: Permissions Update for macOS Job

Changing the security-events permission to read is a sensible security improvement. Ensure that this adjustment does not affect any expected write operations within the C/C++ dependency installation process.

---

41-47: Kotlin Setup Parameter Addition

Introducing setup-kotlin: 'true' in the "Prepare test" step helps standardize the environment even for macOS jobs. Please double-check that all necessary Kotlin-related dependencies are properly initialized.

.github/workflows/__extractor-ram-threads.yml (3)

30-31: Matrix Version Update

The matrix version has been updated to linked. Verify that all dependent actions and tools are compatible with this version setting to ensure consistent behavior across runs.

---

33-35: Permissions Adjustment Review

Changing the security-events permission from write to read is a positive security-oriented change. Ensure that this level of permission continues to support any operations that might require reading security events data.

---

45-47: Addition of Kotlin Setup

The addition of setup-kotlin: 'true' in the "Prepare test" step helps unify the processing environment with the updated Kotlin integration across workflows. This change appears consistent and beneficial.

.github/workflows/__split-workflow.yml (3)

31-33: Matrix Version Update to 'linked'

The matrix entries for ubuntu-latest and macos-latest now use version: linked. This change appears intentional to direct the workflow toward a consolidated release configuration. Please verify that downstream steps and tooling correctly interpret the new version value.

---

45-45: Updated Job Permissions for Security Events

Changing the security-events permission from write to read improves security. Confirm that none of the workflow steps require write access to security events.

---

57-57: Addition of the setup-kotlin Parameter

Introducing setup-kotlin: 'true' in the Prepare test step aligns with the PR’s move toward Kotlin integration. Ensure that the corresponding action properly initializes Kotlin.

.github/workflows/__remote-config.yml (3)

30-33: Matrix Configuration Simplification

The job matrix now includes one entry with version: linked and one with version: nightly-latest for ubuntu-latest. This consolidation streamlines the configuration while still testing multiple release channels. Please confirm that this setup meets your intended test coverage.

---

37-37: Updated Job Permissions for Security Events

Modifying the permission to security-events: read enforces a more restrictive access level. Verify that this change does not conflict with any steps expecting broader permissions.

---

49-49: Inclusion of setup-kotlin in Prepare Test

Adding setup-kotlin: 'true' continues the theme of Kotlin integration. Ensure that subsequent steps are adapted to work with or without Kotlin setup as needed.

.github/workflows/__config-export.yml (4)

30-35: Matrix Version Updates for Config Export Workflow

The matrix now uses version: linked for ubuntu-latest, macos-latest, and windows-latest alongside entries for nightly versions. This dual configuration helps cover multiple release scenarios. Make sure that the testing environment and artifact management correctly handle these version types.

---

45-45: Job Permissions Adjustment

Updating security-events permission to read is a positive change for tighter access control. Confirm that all workflow tasks continue to perform as expected with the reduced permission.

---

57-57: setup-kotlin Parameter Inclusion

The addition of setup-kotlin: 'true' in the Prepare test step is consistent with the overall Kotlin integration strategy. Ensure that any dependencies on Kotlin in later steps are documented and tested.

---

68-68: Artifact Action Upgrade

The upgrade from actions/upload-artifact@v3 to @v4 is a welcome update. Verify that the new version’s behavior and syntax match your requirements, especially regarding artifact retention and path handling.

.github/actions/prepare-test/action.yml (5)

5-7: Updated Version Input Description

The version input description now clearly lists the new acceptable values (including 'linked' and 'stable-vX.Y.Z'), which improves user guidance.

---

11-14: New Input Parameter for Kotlin Setup

The addition of the setup-kotlin input parameter (defaulting to 'true' and marked as required) is well implemented, fulfilling the PR objective of enabling Kotlin setup.

---

35-41: Simplified Tools URL Determination for 'linked' and 'default'

The early exit logic for the linked and default version cases is clear and concise. Just ensure that downstream steps can handle an empty tools-url in the default case.

---

43-47: OS-specific Artifact Extension Handling

The conditional setting of the file extension to tar.zst for non-Windows runners when using nightly-latest is a good optimization. Verify that the extension choice aligns with your artifact hosting and extraction expectations.

---

76-80: Kotlin Setup Action Integration

The new step to set up Kotlin using fwilhe2/setup-kotlin@9c245a6425255f5e98ba1ce6c15d31fce7eca9da executes based on the setup-kotlin input and appears correctly integrated.

.github/workflows/__packaging-config-js.yml (4)

31-35: Matrix Version Updates for Packaging Config

Switching the version value to linked for the initial entries (across Ubuntu, macOS, and Windows) promotes consistency with other workflows. Confirm that the remaining entries (default and nightly-latest) are still being exercised as intended.

---

51-51: Updated Permissions for Security Events

The change to security-events: read reflects a move toward more restrictive permissions, enhancing security. Make sure that this does not inadvertently impact any processes expecting write permissions.

---

63-63: Inclusion of setup-kotlin in Prepare Test

Adding setup-kotlin: 'true' in the Prepare test step is in line with the overall Kotlin integration strategy and is implemented consistently with other workflow files.

---

81-83: Query Run Configuration Verification

The queries-run field now lists comma-separated query identifiers. Please verify that the order and formatting match what the subsequent SARIF check expects.

.github/workflows/__test-proxy.yml (3)

31-33: Matrix strategy updated to use specific version identifiers

The matrix has been updated to use 'linked' instead of 'latest' and added 'nightly-latest' as an additional configuration. This provides more explicit versioning control and allows testing against both stable and development builds.

---

37-37: Permission scope reduced for security-events

Changing from 'write' to 'read' follows the principle of least privilege, which is a security best practice. This ensures the workflow only has the minimum necessary permissions.

---

61-61: Kotlin setup explicitly disabled

The setup-kotlin parameter has been added and set to 'false', explicitly disabling Kotlin setup for this workflow. This aligns with other changes in the PR that seem to be making Kotlin setup more configurable.

.github/workflows/debug-artifacts-safe.yml (1)

1-98: New workflow for verifying debug artifacts is well-structured

This new workflow effectively tests that debug artifacts (logs, SARIF files, and database bundles) are correctly generated and uploaded. The implementation with matrix strategy for different versions and the verification script is well designed.

The script properly checks for artifacts across multiple language types and versions, which helps ensure robustness of the debugging capability.

.github/workflows/__packaging-inputs-js.yml (4)

31-35: Matrix strategy updated to use specific version identifiers

Consistent with other workflow changes, the version values have been changed from 'latest' to 'linked', providing more explicit versioning control.

---

51-51: Permission scope reduced for security-events

Reducing permissions from 'write' to 'read' follows the principle of least privilege, enhancing security by limiting the workflow to only what it needs.

---

63-63: Kotlin setup explicitly enabled

The setup-kotlin parameter has been added and set to 'true', enabling Kotlin setup for this workflow. This is the opposite of what was done in the test-proxy workflow, suggesting different requirements for different workflows.

---

81-82: Query formatting improved for readability

The queries-run parameter has been reformatted with proper indentation while maintaining the same content, improving readability.

lib/analyze.test.js (3)

117-117: Updated runQueries function call with additional parameter

The runQueries function call now includes an additional undefined parameter, which suggests a change in the function signature in the analyze.js file.

---

119-119: Added analysis_is_diff_informed field to status report

The status report verification now includes the "analysis_is_diff_informed" field, which indicates that diff-aware analysis capabilities have been added to the system.

---

132-315: Comprehensive test suite for diff range calculations

Excellent addition of extensive test cases for the getDiffRanges function. The tests cover various scenarios including:

• Unchanged files
• Large diffs
• Single addition/deletion ranges
• Updates
• Mixed ranges
• Multiple diff thunks
• Edge cases with malformed headers

This thorough testing approach will help ensure the diff-informed analysis works correctly across different scenarios.

CHANGELOG.md (1)

7-20: Overall Changelog Entry Quality – Lines 7-20
The new changelog entries are comprehensive and detail a diverse range of updates—from version bumps and bug fixes to feature deprecations. Please ensure that similar clarity is maintained throughout the file and that any automated formatting (if applicable) adheres to the style guidelines for typographical elements.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.10 - 21 Feb 2025 - U...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

.github/workflows/__ruby.yml (3)

31-32: Matrix Version Update – Lines 31-32
The job matrix now uses version: linked for both ubuntu-latest and macos-latest configurations. This appears to be a deliberate move to standardize the CodeQL tool version selection across platforms. Please verify that this update aligns with the intended dependency management strategy.

---

44-46: Updated Job Permissions – Lines 44-46
The change from more permissive settings to security-events: read reflects a tighter security posture. Ensure that this updated permission level is sufficient for all diagnostic and reporting functionality required by the Ruby analysis workflow.

---

57-57: Explicit Kotlin Setup Parameter – Line 57
Introducing the setup-kotlin: 'true' parameter in the “Prepare test” step is a clear and beneficial change. This explicit configuration should help streamline Kotlin setup across workflows.

.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml (3)

31-32: Matrix Version Revision – Lines 31-32
The matrix now specifies version: default (instead of a value like stable-v2.14.6). This adjustment seems to simplify the configuration and should be verified against the overall versioning strategy.

---

34-35: Updated Security Permissions – Lines 34-35
Changing security-events permission from write to read reflects a move toward a more secure, least-privilege approach. Confirm that no required functionality is impaired by this permission reduction.

---

47-47: Addition of Kotlin Setup Flag – Line 47
The inclusion of setup-kotlin: 'true' in the Prepare test step clarifies the intent to perform Kotlin setup. This consistency across workflows is beneficial.

.github/workflows/codeql.yml (3)

26-28: Revised Permissions in Version Check Job – Lines 26-28
The permissions for the check-codeql-versions job now set contents: read. This more restrictive permission model is appropriate for a job that only needs to inspect the repository contents and should be consistent with your evolving security standards.

---

78-79: Expanded OS Matrix in Analyze-JavaScript – Lines 78-79
The update to the OS matrix (including entries such as macos-13 and macos-14) suggests enhanced platform coverage. Please verify that all selected operating systems and their associated tool configurations have been validated.

---

105-115: Introduction of the Analyze-Actions Job – Lines 105-115
Adding a new job (analyze-actions) dedicated to analyzing GitHub Actions (using a custom configuration file) is a positive move toward modularizing your workflows. Ensure that this new job is thoroughly tested and that its permissions (contents: read, security-events: write) are adequate for its tasks.

.github/workflows/__unset-environment.yml (4)

30-33: Matrix Configuration Refined – Lines 30-33
The matrix in this workflow now focuses on Ubuntu configurations with versions linked and nightly-latest, shifting away from multiple macOS configurations. This simplification should streamline test execution; please confirm that it meets your cross-platform testing requirements.

---

36-37: Tighter Security Permissions – Lines 36-37
Reducing security-events permissions from write to read helps to enforce a least-privilege model. Verify that proper access is maintained for all diagnostic features within this workflow.

---

49-49: New Kotlin Setup Parameter – Line 49
The addition of setup-kotlin: 'true' in the “Prepare test” step is consistent with changes in other workflows and explicitly enables Kotlin configuration. This addition is clear and seems beneficial.

---

61-63: Build Command Environment Isolation – Lines 61-63
The modified build command using env -i PATH="$PATH" HOME="$HOME" ./build.sh effectively clears the environment to prevent leakage of unintended variables. Please double-check that no necessary environment variable is omitted and that the build process remains robust in Ubuntu.

.github/workflows/__cpp-deptrace-enabled.yml (3)

31-31: Verify that the new version reference is valid.

Changing version to "linked" may require verification that this version label is supported by the environment or tooling.

---

39-39: Reduced permission is a positive security measure.

Switching security-events to read eliminates write privileges and lowers potential risk.

---

51-51: Ensure Kotlin setup is needed for C/C++ workflow.

Confirm that Kotlin is required here, as enabling Kotlin support in a C/C++ dependency workflow might introduce unnecessary overhead if it's not being utilized.

lib/caching-utils.js (1)

28-28: Ignore suggestion to use optional chain here.

The static analysis tool suggests changing this line to use an optional chain, but this appears to be standard TypeScript transpiled boilerplate. Adjusting this manually could break the generated runtime helpers.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

.github/workflows/__swift-custom-build.yml (3)

31-31: Verify correctness of 'linked' version usage.

Ensure that the linked label aligns with your intended Swift version or build environment.

---

39-39: Reducing permission is good security practice.

Switching security-events to read decreases the workflow's authorization scope.

---

51-51: Confirm Kotlin setup in Swift workflow.

Verify that Kotlin is actually needed in this Swift workflow. If not, it might be more efficient to omit the Kotlin setup step.

lib/database-upload.test.js (2)

47-47: Added new import for git utilities

This import supports the refactoring that moves Git-related functionality to a dedicated module.

---

89-89: Git functionality moved to a dedicated module

The function isAnalyzingDefaultBranch has been consistently moved from actionsUtil to gitUtils across all usages, which is a good refactoring that centralizes Git-related utilities in a dedicated module.

Also applies to: 104-104, 121-121, 135-135, 156-156, 176-176

.github/workflows/__packaging-codescanning-config-inputs-js.yml (3)

63-63: Added Kotlin setup support

A new parameter setup-kotlin: 'true' has been added, indicating that Kotlin setup is now explicitly required for this workflow.

---

31-31:

Details

✅ Verification successful

Matrix version updated from 'latest' to 'linked'

The matrix version has been changed from "latest" to "linked" for all operating systems, which may affect which version of dependencies or tools are used in the workflow.

Also applies to: 33-33, 35-35

---

🏁 Script executed:

#!/bin/bash
# Look for any documentation or code that explains the 'linked' version type
grep -r "version: linked" --include="*.yml" .github/
grep -r "linked" --include="*.md" .

Length of output: 8986

---

Matrix version update confirmed and documented

The change from "latest" to "linked" has been verified across our GitHub workflow files (e.g., in __packaging-codescanning-config-inputs-js.yml) and aligns with our documented update in the CHANGELOG. This update is intentional to ensure that the workflows use the tools distributed with the action release, which may alter dependency resolutions. No further modifications are required for this update.

• Verified usage in multiple workflow files confirms consistency.
• Refer to the changelog (commit [github#2281]) for the rationale behind the renaming.

---

51-51:

Details

✅ Verification successful

Security permission reduced from write to read

The permission for security-events has been changed from "write" to "read", making the workflow more restrictive following the principle of least privilege.

---

🏁 Script executed:

#!/bin/bash
# Check if this workflow really needs write permissions by looking for operations that might require it
grep -r "security-events: read" --include="*.yml" .github/workflows/
grep -r "upload-sarif" --include="*.yml" .github/workflows/__packaging-codescanning-config-inputs-js.yml

Length of output: 4162

---

Security permissions update verified: "read" is appropriate

The change in permission from "write" to "read" for security-events in the __packaging-codescanning-config-inputs-js.yml file now aligns with our least-privilege policy. The repository-wide search confirms that all workflows, including this one, uniformly apply security-events: read. Additionally, the absence of any upload-sarif (or similar write-dependent operations) in this file supports that no write access is needed.

• Verified that the configuration uses "read" across similar workflows.
• Confirmed no instances of write-dependent operations (e.g., upload-sarif) exist in __packaging-codescanning-config-inputs-js.yml.

.github/workflows/__go-indirect-tracing-workaround.yml (3)

35-35: Security permission reduced from write to read

The permission for security-events has been changed from "write" to "read", making the workflow more restrictive.

---

47-47: Added Kotlin setup support

A new parameter setup-kotlin: 'true' has been added, indicating that Kotlin setup is now explicitly required for this workflow.

---

31-31:

Details

❓ Verification inconclusive

Matrix version changed from specific version to 'default'

The version has been updated from a specific version string "stable-v2.14.6" to the generic "default", which may simplify maintenance but could also change the behavior of the tests.

---

🏁 Script executed:

#!/bin/bash
# Check how 'default' is defined and if there are any references to it elsewhere
grep -r "version: default" --include="*.yml" .github/
grep -r "prepare-test" --include="*.yml" .github/ | grep -A 5 "version:"

Length of output: 3863

---

I've confirmed that the change to using "default" for the version is consistent across the repository’s GitHub workflows. In multiple files—including .github/workflows/__go-indirect-tracing-workaround.yml (line 31)—the "version: default" setting is used. However, the change from the explicit version "stable-v2.14.6" to "default" could potentially alter test behavior if the definition of "default" evolves over time. Please verify that the intended and expected configuration is still active and that the tests remain valid.

• Key File: .github/workflows/__go-indirect-tracing-workaround.yml (line 31)
• Observation: The specific version string was replaced with a generic "default" that is also used in other workflow files.

.github/workflows/__diagnostics-export.yml (6)

31-31: Matrix version updated to 'linked'

The matrix version has been changed to "linked" for all operating systems, which is consistent with changes in other workflow files.

Also applies to: 33-33, 35-35

---

45-45: Security permission reduced from write to read

The permission for security-events has been changed from "write" to "read", making the workflow more restrictive.

---

57-57: Added Kotlin setup support

A new parameter setup-kotlin: 'true' has been added, consistent with other workflow files, indicating a broader focus on Kotlin integration.

---

68-74: Simplified diagnostic addition logic

The diagnostic addition code has been simplified to add a single diagnostic entry instead of using a loop for multiple diagnostics, making the code clearer and more maintainable.

---

80-80: Updated upload-artifact action to v4

The actions/upload-artifact action has been updated from v3 to v4, which is a good practice to keep dependencies updated.

---

94-94: Simplified expected message check

The expected message has been simplified to match the changes in the diagnostic addition logic, ensuring consistent testing.

.github/workflows/__packaging-config-inputs-js.yml (3)

31-35: Matrix version standardization

The matrix version has been changed from 'latest' to 'linked' for all operating systems. This provides more consistent behavior by linking the versions across different environments.

---

51-51: Security permission scope narrowed

The workflow permissions for security-events have been reduced from write to read, following the principle of least privilege. This is a good security practice.

---

63-63: Kotlin support enabled

Added explicit Kotlin setup which aligns with the removal of the CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN environment variable mentioned in the summary.

.github/workflows/__rubocop-multi-language.yml (3)

35-35: Security permission scope narrowed

The workflow permissions for security-events have been reduced from write to read, following the principle of least privilege. This is a good security practice.

---

47-47: Kotlin support enabled

Added explicit Kotlin setup which aligns with the removal of the CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN environment variable mentioned in the summary.

---

49-49: Ruby setup action pinned to specific commit

The Ruby setup action has been pinned to a specific commit hash rather than using a version tag, providing better stability and reproducibility.

.github/workflows/__javascript-source-root.yml (3)

31-31: Matrix version standardization

The matrix version has been changed from 'latest' to 'linked', providing more consistent behavior by linking the versions across different environments.

---

39-39: Security permission scope narrowed

The workflow permissions for security-events have been reduced from write to read, following the principle of least privilege. This is a good security practice.

---

51-51: Kotlin support enabled

Added explicit Kotlin setup which aligns with the removal of the CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN environment variable mentioned in the summary.

.github/workflows/post-release-mergeback.yml (4)

24-24: Environment specification added

Added 'Automation' environment which helps manage environment-specific secrets and variables.

---

30-33: Explicit permissions added

Explicit write permissions for contents and pull-requests have been added, which are required for creating tags, pushing commits, and managing PRs. This adheres to GitHub's recommended practice of declaring minimal required permissions.

---

116-125: Changelog preparation automation added

Added a step to automatically prepare a partial changelog based on the current version, improving the release process automation.

🧰 Tools

🪛 actionlint (1.7.4)

120-120: shellcheck reported issue in this script: SC2086:info:1:80: Double quote to prevent globbing and word splitting

(shellcheck)

---

120-120: shellcheck reported issue in this script: SC2086:info:4:5: Double quote to prevent globbing and word splitting

(shellcheck)

---

170-188: GitHub release automation added

Added steps to generate a GitHub App token and create a GitHub release, which streamlines the release process. The release is explicitly set not to be marked as latest, which is important for maintaining the correct latest release.

lib/config-utils.test.js (5)

18-34: Improved module import handling

The __importStar function has been refactored to use a more robust method for retrieving property names from modules. This includes fallback logic when Object.getOwnPropertyNames is not available.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

46-46: New caching utilities imported

Added import for caching utilities, which is used for new dependency caching functionality.

---

67-67: Dependency caching configuration added

Added new property for dependency caching configuration, which enhances the build pipeline efficiency.

---

301-301: Test expectation updated for dependency caching

Updated test expectation to include the new dependency caching property, ensuring tests remain in sync with implementation changes.

---

780-815: Test refactoring for better maintainability

Individual test cases for Java and C# have been refactored into a parameterized loop that tests feature flags for disabling buildless analysis. This improves code maintainability by reducing duplication and makes it easier to add similar tests for other languages in the future.

README.md (2)

42-59: Clear explanation of build modes

The new "Build Modes" section effectively explains the different build modes available and their implications. The addition of "Which build mode should I use?" subsection provides valuable guidance to users based on their language and project needs.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~46-~46: Loose punctuation mark.
Context: ...The available build modes are: - none: The database will be created without bu...

(UNLIKELY_OPENING_PUNCTUATION)

---

[uncategorized] ~47-~47: Loose punctuation mark.
Context: ...d some compiled languages. - autobuild: The database will be created by attempt...

(UNLIKELY_OPENING_PUNCTUATION)

---

[style] ~47-~47: Style-wise, it’s not ideal to insert an adverb (‘automatically’) in the middle of an infinitive construction (‘to build’). Try moving the adverb to avoid split infinitives.
Context: ...build`: The database will be created by attempting to automatically build the source code. Available for all compiled languages. ...

(SPLIT_INFINITIVE)

---

[uncategorized] ~48-~48: Loose punctuation mark.
Context: ...e for all compiled languages. - manual: The database will be created by buildin...

(UNLIKELY_OPENING_PUNCTUATION)

---

71-76: Helpful version compatibility table

The added table of minimum CodeQL Action and Bundle versions provides clear guidance on compatibility requirements, which is valuable for users on different GitHub Enterprise Server versions.

lib/fingerprints.js (3)

18-34: Enhanced module import implementation

The updated __importStar implementation adds a more robust way of retrieving property names from module objects with the ownKeys helper function. This ensures all enumerable properties are properly bound to the result object.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

39-41: Export statement style improvement

The export statements have been rearranged to directly export each function after its definition, which is a more maintainable approach.

---

252-252: Improved documentation reference

Replacing the hardcoded documentation URL with a reference from the doc_url_1 module improves maintainability by centralizing documentation references.

.github/workflows/__go-tracing-autobuilder.yml (5)

38-49: Updated matrix with newer Go versions

Good update replacing older Go versions with newer ones (stable-v2.17.6, stable-v2.18.4, stable-v2.19.4), keeping the workflow current with the latest supported versions.

---

55-57: Version reference change from "latest" to "linked"

The version reference has been changed from "latest" to "linked", which likely affects how the latest version is resolved.

Please verify that this change is intentional and that any code depending on the "latest" version reference has been updated to work with "linked" instead.

---

77-77: Added Kotlin setup

The addition of Kotlin setup is consistent with the removal of the CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN environment variable mentioned in the AI summary, suggesting improved Kotlin support.

---

80-80: Updated Go version

Good update from Go 1.22.0 to 1.24.0, keeping the workflow current with the latest Go version.

---

65-65:

Details

❓ Verification inconclusive

Security events permission change from write to read

The permissions for security-events have been downgraded from write to read.

This change could potentially impact functionality if the workflow needs to write security events. Please verify this doesn't break any required functionality.

---

🏁 Script executed:

#!/bin/bash
# Check if any actions in the workflow need write access to security-events
rg -i "security-events.*write" .github/
# Check if the analyze action documentation mentions write permissions
rg -i "security-events.*permission" action/analyze/

Length of output: 470

---

Attention: Inconsistent Security Events Permission Configuration

In .github/workflows/__go-tracing-autobuilder.yml (line 65), the permission for security-events has been downgraded from write to read. However, searches reveal that other workflows—such as those in __submit-sarif-failure.yml, codeql.yml, and pr-checks.yml—still specify security-events: write (e.g., needed to upload SARIF files or ESLint results). This inconsistency could lead to functionality issues if the tracing autobuilder workflow actually requires write access.

• Action Required: Please verify that the tracers in __go-tracing-autobuilder.yml do not rely on write access for security events. If this permission change is intentional, consider adding a code comment to clarify the difference. Otherwise, update the permissions for consistency.

.github/workflows/__test-local-codeql.yml (3)

35-35: Security events permission change from write to read

The permissions for security-events have been downgraded from write to read, similar to other workflow files.

This permission change could potentially impact functionality if the workflow needs to write security events. Please verify this is intentional and doesn't break any required functionality.

---

47-47: Added Kotlin setup

The addition of Kotlin setup is consistent with other workflow changes in this PR, suggesting improved Kotlin support across the codebase.

---

58-59: Clarified Swift support and updated tools format

The added comment about Swift not being supported on Ubuntu is helpful for clarity. The tools path has been updated to use the .tar.zst format instead of .tar.gz.

Please verify that all related scripts and documentation have been updated to handle the new .tar.zst format instead of .tar.gz.

lib/debug-artifacts.test.js (6)

18-34: Consider ignoring or refactoring auto-generated code.
The changes to __importStar within these lines appear to be compiler-generated. Modifying them may introduce merge conflicts or be overwritten in future builds.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

41-47: Good test coverage for sanitizeArtifactName.
The assertions effectively validate sanitization. No concerns identified.

---

49-63: Checks for empty artifacts list are well-handled.
The test correctly verifies the "no-artifacts-to-upload" scenario without raising errors.

---

64-73: Validation of artifact upload behavior with no CodeQL version.
This scenario ensures fallback logic is tested. Looks consistent.

---

74-83: Sufficient coverage for newer CodeQL versions.
Properly tests the upload path for “new” CodeQL versions.

---

84-91: Correct avoidance of uploads for older CodeQL versions.
The test accurately checks the “upload-not-supported” outcome.

.github/workflows/__multi-language-autodetect.yml (6)

32-61: Expanded matrix entries for multiple versions and OSes.
Ensures broader test coverage across macOS/Ubuntu with stable and nightly CodeQL versions.

---

65-65: Reduced permissions are a good security practice.
Switching security-events to read follows principle of least privilege.

---

77-77: Kotlin setup parameter added.
This flag likely helps test Kotlin projects consistently. Looks good.

---

86-87: Conditionally specifying languages for Linux.
Empty string for non-Linux runners is intentional. No issues noted.

---

91-91: Swift setup restricted to macOS.
Matches the platform constraints.

---

143-144: Swift-specific check only on macOS.
Appropriately verifies Swift DB creation in the correct environment.

lib/init-action-post-helper.test.js (6)

18-34: Auto-generated import code.
These changes to __importStar are typically generated by the TypeScript compiler. Manual edits risk being lost.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

66-69: Debug mode off test.
Correctly verifies that uploadAllAvailableDebugArtifacts is not invoked.

---

77-78: Debug mode on test.
Ensures the debug artifact upload path is triggered.

---

324-324: Updated CodeQL test version.
Raising the test version to “2.17.6” aligns with newer CodeQL releases.

---

329-329: Stubbing artifact upload.
This approach helps isolate and confirm behavior without networking.

---

346-358: Validation of export calls and upload flows.
The assertions accurately verify that diagnostics exports are called as expected, and SARIF uploads are conditionally handled.

lib/analyze-action-post.js (2)

18-34: Compiler-generated import helpers.
Edits here risk being overwritten on rebuilds if this is TypeScript transpiled code.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

42-68: Post-action logic handles optional SARIF uploads.
By restoring inputs and checking INIT_ACTION_HAS_RUN, the code selectively uploads SARIF for first-party runs. Error handling with getErrorMessage is also clear.

lib/autobuild.js (7)

18-34: No changes needed to the standard import polyfill.
This appears to be a typical helper snippet, and the static analysis suggestion to use optional chaining is likely a false positive.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

36-38: Exports look good.
These exports are straightforward and consistent with the rest of the code.

---

43-43: Import statement is fine.
No issues noted with introducing doc_url_1.

---

54-55: Logging message update is clear.
No concerns with these lines referencing the documentation URL.

---

118-118: Reference to manual build steps URL is appropriate.
No issues with the documentation link usage.

---

147-147: New runAutobuild function is consistent.
The function signature and usage fit well with the existing build logic.

---

154-154: Feature-based condition appears correct.
No concerns—feature detection is consistent with the rest of the code.

lib/actions-util.js (11)

18-34: No changes needed to the standard import polyfill.
The suggestion to use optional chaining here is likely a false positive.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

36-37: Export statement reordering is fine.
Everything looks aligned with the codebase’s export usage.

---

56-56: @actions/io import is correct.
No issues found with bringing in this module.

---

58-58: ESLint directive is acceptable.
No concerns—this comment clarifies lint exceptions.

---

222-222: Use of io.which for locating 'file' command is good.
Error handling in the surrounding code is sufficient.

---

250-252: isSelfHostedRunner check appears correct.
This logic succinctly detects self-hosted runners.

---

253-256: isDefaultSetup is straightforward.
Cleanly checks the event name.

---

257-259: prettyPrintInvocation utility is well-implemented.
Handles spaces in arguments effectively.

---

260-280: CommandInvocationError class offers clear errors.
Captures the last line from stderr and exit code for better diagnostics.

---

297-328: runTool executes commands with buffering logic.
Stderr is capped, and non-zero exit codes are suitably handled.

---

332-354: Persisting and restoring inputs is implemented cleanly.
The mechanism for saving/restoring environment variables is straightforward.

lib/debug-artifacts.js (11)

18-34: No changes needed to the standard import polyfill.
Likely a standard helper.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

39-39: Export for sanitizeArtifactName is fine.
No concerns with exporting this function.

---

47-47: Import of artifact-legacy is acceptable.
No issues noted here.

---

54-56: Multiple imports introduced.
No concerns—this appears consistent with newly added functionality.

---

62-64: Documentation comment is straightforward.
No issues with the clarifying remarks.

---

65-66: uploadCombinedSarifArtifacts looks cohesive.
Implementation logic seems consistent with the rest of the module.

---

98-117: tryPrepareSarifDebugArtifact function is clear.
Properly checks for presence of SARIF and copies it if found.

---

118-139: Comment block for bundling logic is fine.
No concerns noted with these lines describing the approach.

---

146-191: tryUploadAllAvailableDebugArtifacts covers multiple artifact types well.
Logic is well-structured and consistent with DB bundling.

---

192-225: uploadDebugArtifacts function is thorough.
Correctly handles an empty artifact list, safe upload check, and final naming.

---

226-239: getArtifactUploaderClient properly distinguishes GHES vs. dotcom.
No concerns with creating either client.

lib/init-action.js (4)

18-34: Consider ignoring the optional chain suggestion.
Static analysis suggests an optional chain for this TS helper code; however, this is a standard TypeScript runtime helper. It's usually best to leave it unmodified, as generated or boilerplate code does not benefit significantly from such manual changes.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

144-145: Persisting inputs looks good.
Storing user inputs for usage in subsequent steps is a valid approach and appears properly implemented.

---

164-168: Verify that no sensitive data is being leaked.
Exporting the job run UUID as an environment variable is convenient, but please double-check whether any sensitive or PII data might be exposed if extended to other variables.

---

232-248: Ensure collected bundle download telemetry is anonymized.
The new logic for recording CodeQL bundle download telemetry and Zstandard availability is useful for diagnostic purposes. Confirm that the diagnostic data doesn’t unintentionally expose confidential project details.

lib/cli-errors.js (1)

139-141: Use regular expression literal (duplicate of prior comment).
You've already received feedback on using a literal instead of a RegExp constructor for the string "We were unable to automatically build your code".

🧰 Tools

🪛 Biome (1.9.4)

[error] 140-140: Use a regular expression literal instead of the RegExp constructor.

Regular expression literals avoid some escaping required in a string literal, and are easier to analyze statically.
Safe fix: Use a literal notation instead.

(lint/complexity/useRegexLiterals)

.github/workflows/pr-checks.yml (4)

16-35: Minimal permissions and SARIF upload logic look good.
Granting only the necessary read access to contents and adding write access to security events for ESLint SARIF upload is a security best practice. The additional SARIF upload step further improves code scanning visibility. Nicely done.

---

41-56: Conditional checks for push vs. main branch.
These conditions prevent unnecessary workflow runs on irrelevant pushes. This helps optimize resource usage.

---

81-88: Permissions restricted to read-only for the unit test job.
Limiting the permissions scope for a test job is a good principle of least privilege measure.

---

103-111: Conditionally verifying node versions on pull requests.
Using the if: github.event.pull_request ensures this check only runs when relevant. The added read-only permission is consistent with best practices.

lib/api-client.js (1)

39-51: Export structure updates look good.

Making the exports explicit fosters clarity in maintainability and sets a clear point of reference for future contributors. The approach is straightforward and easy to follow.

lib/git-utils.js (11)

44-72: Robust error handling during Git commands.

Your runGitCommand function demonstrates helpful logging and graceful fallback when a directory is not a valid Git repository. This helps with debugging and is a good practice in CI/automation scripts.

---

76-91: Graceful fallback for commit SHA retrieval.

Falling back to environment variables if Git fails is a sensible approach. This ensures that the workflow does not break unexpectedly when the repository state is unusual.

---

99-134: Function flow for base branch detection seems solid.

The logic to parse and confirm a valid merge commit, then extract base and head shas is straightforward. Error handling with catch returning undefined provides a safe fallback.

---

142-156: Controlled shallow history extension.

Deepening the repository history by one commit is a reasonable approach when the repository is shallow, and the existing logging covers failure scenarios. No issues found here.

---

164-171: Selective fetch usage.

Fetching only the branch in question reduces unnecessary data transfers. Error handling is similarly consistent with the rest of the script.

---

179-186: Repacking the repository for efficiency.

Repacking can be beneficial for repository performance. The error logging pattern is consistent, providing a clear message if something goes wrong.

---

195-203: Merging multiple bases gracefully.

Returning an empty array for no merge base is sensible. The command usage is appropriate, and fallback logic matches the overall style.

---

215-241: Comprehensive diff header extraction.

Filtering out the relevant diff lines (---, +++, @@) is a concise way to get hunk headers. The function returns undefined on failure to suit multiple usage scenarios.

---

250-286: Accurate file path decoding.

Handling special character encodings is necessary for many languages. This approach correctly follows core.quotePath=false semantics to avoid partial Unicode issues.

---

308-356: Flexible ref detection logic.

This function elegantly handles both user-provided refs and the typical Action environment. The fallback to environment variables is robust, including the scenario of analyzing the PR head commit rather than the merge commit.

---

367-380: Effective default-branch detection.

Checking for the environment variable override and falling back to checking the actual repository default branch is practical. No concerns found.

.github/workflows/__resolve-environment-action.yml (5)

37-41: Switch to 'linked' versions.

Changing from latest to linked can help pin a more specific environment reference. This may improve reproducibility, but ensure these linked versions are consistently maintained or updated as needed.

---

51-51: Reducing permissions is recommended.

Switching security-events from write to read is a good security practice following the principle of least privilege, provided the workflow does not need write-level permission here.

---

63-63: Kotlin setup enabled.

Enabling Kotlin in the test preparation step can broaden language coverage. Verify that subsequent steps handle Kotlin-based code correctly.

---

66-66: Languages pinned to Go and JavaScript/TypeScript.

Hardcoding go,javascript-typescript is simpler than conditional logic. Confirm that no other languages are impacted by removing the script-based condition.

---

86-86: Check if skipping JavaScript/TypeScript config is intentional.

The step fails if any JavaScript/TypeScript configuration is found. Validate that your pipeline expects no JS/TS config in this environment.

lib/analyze-action.js (13)

18-34: No issues in the polyfill logic.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

44-44: New import for GitHub context.

---

49-49: Added caching-utils import.

---

53-53: Added dependency-caching import.

---

66-66: No additional concerns.

---

78-78: Adding trap cache size to status report looks good.

---

151-151: Autobuild invocation appears correct.

---

201-202: Logic appears correct.

---

204-204: Query execution is well integrated.

---

217-217: Uploading results if 'always' is set.

---

232-234: Conditional dependency caching integration.

---

255-257: Conditional error details look coherent.

---

279-279: Enhanced error message construction.

lib/init-action-post-helper.js (7)

18-34: Polyfill adjustments look fine.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

36-38: Explicit export statements help clarity.

---

87-87: Diagnostics export call looks valid.

---

90-90: Uploading SARIF on failure is consistent with naming conventions.

---

119-119: New signature for the run function is straightforward.

---

145-147: Retrieving CodeQL version for subsequent operations.

---

150-166: Self-hosted runner cleanup code.
Removal of the database cluster directory is handled with a try/catch, which is good for resilience.

lib/config-utils.js (11)

18-34: Polyfill changes are consistent with the rest of the codebase.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

36-37: Export definitions are neatly organized.

---

66-66: Added import for caching utilities.

---

227-228: New defaultConfig function.
Implementation logic to set languages and build mode is clear.

---

246-246: Dependency caching setting is integrated into config.

---

262-262: loadConfig function addition.
Logic for remote/local config handling looks solid.

---

296-296: Dependency caching setting also applied in loadConfig.

---

425-425: Syntactically empty catch is acceptable here.

---

513-518: parseRegistriesWithoutCredentials function introduction.
Clean extraction of relevant fields.

---

686-689: Fallback to autobuild for C# is clearly communicated with a warning.

---

692-692: Logic for Java fallback matches pattern used for C#.

.github/workflows/__go-tracing-custom-build-steps.yml (5)

38-49: Add stable Go versions for the job matrix
Adding new stable releases like stable-v2.17.6, stable-v2.18.4, and stable-v2.19.4 expands coverage and ensures the workflow tests the latest supported lines.

---

55-57: Use of 'linked' instead of 'latest'
Locking to 'linked' mitigates unexpected breakages from major updates, improving build stability.

---

65-65: Reduced security-events permission
Transitioning from 'write' to 'read' follows the principle of least privilege, minimizing potential security risks.

---

77-77: Added 'setup-kotlin: true'
This ensures Kotlin components are set up early, likely to enable advanced analysis. No issues found.

---

80-80: Go version upgrade
Moving from ~1.22.0 to ~1.24.0 may introduce useful new features but warrants checking for potential build or dependency conflicts.

.github/workflows/__go-tracing-legacy-workflow.yml (5)

38-49: Inclusion of newer stable Go versions
Broadening test coverage with stable-v2.17.6, stable-v2.18.4, and stable-v2.19.4 keeps the legacy workflow up-to-date.

---

55-57: Swapped 'latest' for 'linked'
Using linked ensures a more predictable environment and prevents sudden version shifts.

---

65-65: Reduced security permission
Switching security-events permission to 'read' follows best practices for minimal required access.

---

77-77: Added Kotlin setup
Enabling Kotlin might unlock additional scanning or build tasks. Looks good.

---

80-80: Upgraded Go version
Bumping to ~1.24.0 can introduce performance improvements and new language features. Validate against your current codebase.

lib/codeql.js (54)

36-45: Enhanced exports
Exposing setupCodeQL and related functions supports more flexible module usage and clearer structure.

---

53-53: Introduced doc-url import
Referencing documentation URLs from a dedicated module can improve maintainability.

---

56-57: Added git-utils and languages imports
Centralizing git interactions and language definitions promotes modular design.

---

76-76: Increased CODEQL_MINIMUM_VERSION
Requiring at least 2.15.5 ensures users benefit from recent features. Verify older environments won't break.

---

80-80: Established CODEQL_NEXT_MINIMUM_VERSION
Setting this threshold signals upcoming deprecations clearly to users.

---

84-84: Marking GHES 3.11 as most recently deprecated
Clarifies which GHES version is past official support.

---

88-88: Extended GHES deprecation date
Updates the timeline to December 19, 2024, for GHES 3.11.

---

100-101: New cache cleanup version constant
Declaring "2.17.1" clarifies the version threshold for --cache-cleanup.

---

115-115: setupCodeQL now accepts 'features'
Ensure all callers provide the new parameter to avoid missing feature toggles.

---

117-118: Capturing download status
Storing toolsDownloadStatusReport improves troubleshooting and auditing of CLI setup.

---

129-129: Returning toolsDownloadStatusReport
Surfacing additional info to the caller fosters better diagnostics.

---

132-132: Added toolsSource
No issues; helps identify where the tools originated.

---

133-133: zstdAvailability
Flagging if Zstandard compression is available can optimize performance under certain conditions.

---

136-139: Improved error classification
Treating ENOSPC as a configuration error is user-friendly and clarifies the root cause.

---

185-185: betterResolveLanguages introduced
Provides a more detailed language resolution approach with --format=betterjson.

---

238-240: JSON version parsing
Turning off stdout streaming ensures reliable JSON processing.

---

253-253: Alternative version output
Same stable approach as above for consistent version checks.

---

257-258: databaseInitCluster
Adds robust logic for cluster-based database initialization. Looks correct.

---

259-260: Conditional tracing
Enabling indirect tracing only when necessary is a good performance tradeoff.

---

264-275: Embedded Actions extractor
Supports older CodeQL versions (<2.20.6) by bundling the extractor, ensuring compatibility.

---

277-279: Generate code scanning config
Programmatically building a config helps standardize scanning across environments.

---

284-284: Support build-mode
Conditionally adding --build-mode fosters flexible and explicit build processes.

---

290-293: Selective overwrite flag
Graceful fallback to --overwrite if --force-overwrite isn't supported by older CLI versions.

---

296-296: Annotating overwrite behavior
Ensures the correct overwrite option is passed to CodeQL on initialization.

---

300-303: Expanded coverage features
Using --calculate-language-specific-baseline, --extractor-include-aliases, and --sublanguage-file-coverage yields more detailed analysis.

---

331-331: Autobuild command
Invoking runCli(autobuildCmd) centralizes logging, error handling, and environment variables.

---

333-334: Trace command for scanning
Ensures indexing is captured fully for scanned languages.

---

338-338: Applying trap-caching
Adopting trap caching can improve performance through incremental builds.

---

347-349: Use of build-mode with trace-command
Respects user-specified build strategies while collecting required instrumentation.

---

352-353: Explicit working directory
Helps commands locate necessary build artifacts correctly.

---

364-366: Improved error messaging
Providing doc links aids troubleshooting when the autobuild process fails.

---

419-422: Query resolution
Collecting queries in a structured manner, with minimal overhead. Looks solid.

---

428-428: Running queries with runCli
Ensures consistent CLI invocation strategy.

---

441-441: Resolve build environment
Key step to confirm correct compile and link settings for the selected language.

---

442-442: Extractor alias includes
Covers alternative naming for languages, preventing missed files.

---

463-463: Added intra-layer-parallelism
Potentially reduces query run time through parallel execution layers.

---

469-469: Executing run-queries
Adheres to newly introduced parallel flags for performance gains.

---

471-471: databaseInterpretResults expansion
Accepts extra parameters to fine-tune SARIF output, benefiting advanced analysis.

---

473-473: Feature-flagged diagnostics export
Allows toggling diagnostics per environment or user preference.

---

479-480: Explicit SARIF filepath
Providing an absolute file location for scanning results is clear and consistent.

---

486-488: SARIF enhancements
Exporting query help and sublanguage coverage can clarify issues for developers.

---

489-489: Attaching job run UUID
Associating results with a specific job run aids traceability and debugging.

---

491-493: Optional SARIF property
Supports custom labeling or metadata injection if needed.

---

503-503: Preserve older summaries
Backward compatibility remains by only adding --new-analysis-summary if needed.

---

505-505: Closing interpret-results
No further changes here.

---

569-572: Dynamic cleanup mode
Enables --cache-cleanup for recent CLI versions, falling back to --mode otherwise.

---

577-577: Setting cache level
Makes the cleanup depth configurable, aligning with user or environment constraints.

---

580-580: Cleanup execution
Ensures the final command is triggered gracefully.

---

593-593: databaseExportDiagnostics
Exports extra diagnostic info for deeper post-analysis insights.

---

600-600: SARIF export path
Keeping outputs explicit helps devs locate diagnostic data faster.

---

742-745: runCli wrapper
Centralizing CLI calls fosters uniform logging and error handling.

---

747-750: Refined error propagation
Wrapping the CLI invocation error clarifies misconfigurations vs. unknown failures.

---

757-757: No additional context
No apparent issues in this single-line change.

---

819-824: Conditional TRAP cache writing
Ensures caching is only performed on default branches, optimizing resource usage in less-critical branches.

lib/analyze.js (10)

39-46: Export statements look good.

Explicitly exporting the identified functions and classes here improves clarity, making them easy to discover and maintain.

---

50-62: Imports are well-organized.

Importing additional modules for I/O, utilities, logging, and diff filtering is clear and consistent with the rest of the codebase.

---

69-75: Extending CodeQLAnalysisError to store the original error is beneficial.

Storing the underlying error object helps diagnose root causes and capture detailed error information.

---

152-180: New diff-informed analysis setup is clear and well-factored.

This function neatly encapsulates the logic for enabling the diff-informed queries feature and handling fallbacks when disabled.

---

193-216: Retrieving changed diff ranges is straightforward.

Your approach to return undefined when the limit is exceeded or an error occurs conveys a clear fallback strategy. The logic looks correct and handles edge cases gracefully.

---

217-245: Verify the “compareCommitsWithBasehead” pagination.

Using per_page: 1 may not retrieve all changed files if pagination is enforced. Please confirm whether GitHub returns the entire file diff in one response or if additional requests are required for complete results.

---

323-376: Diff range extension pack writer is well-implemented.

This function is thorough in creating the extension pack and providing fallback behaviors for edge cases (e.g., empty diffs). Nice work.

---

378-443: runQueries function enhancements are cohesive.

Utilizing the analysis_is_diff_informed flag, data extension flags, and throwing a specialized error on failure provides clear control flow and troubleshooting insights.

---

478-505: Finalizing cluster tracing conditionally is appropriate.

Ending tracing only if necessary aligns with the intended workflow. No issues found here.

---

516-518: Exporting internal methods for testing is a good practice.

Making getDiffRanges available for targeted unit testing improves testability and maintainability.

[coderabbitai]

⚠️ Potential issue

Use the provided file path parameter.

The function takes changelog_file as a parameter but then opens the hardcoded 'CHANGELOG.md' instead of using the provided parameter.

- with open('CHANGELOG.md', 'r') as f:
+ with open(changelog_file, 'r') as f:

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	with open('CHANGELOG.md', 'r') as f:
	with open(changelog_file, 'r') as f:

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Fix potential shell script issues.

Static analysis hints suggest possible issues with unquoted variables in the shell script.

---

🏁 Script executed:

#!/bin/bash
# Check for potential shellcheck issues in the script
cat .github/workflows/publish-immutable-action.yml | grep -A10 '        run: |' | tail -n +2 | shellcheck -

Length of output: 1537

---

Attention: Address ShellCheck warnings in GitHub Actions workflow

Please update the shell script in .github/workflows/publish-immutable-action.yml to resolve the following issues:

• Specify the target shell:
  Add a shebang (e.g., #!/usr/bin/env bash) at the top of the script block or use a shell directive to inform ShellCheck of the intended shell. This will resolve the SC2148 warning.

• Handle GitHub expression syntax:
  The GitHub Actions expression ${{ github.event.release.name }} triggers SC2296. Either disable this specific warning using a ShellCheck disable comment (e.g., # shellcheck disable=SC2296) or acknowledge that this syntax is intentional for GitHub Actions.

• Quote file path variables:
  Update the redirect commands to quote $GITHUB_OUTPUT to prevent word splitting. For example:

  echo "is-action-release=true" >> "$GITHUB_OUTPUT"

  and

  echo "is-action-release=false" >> "$GITHUB_OUTPUT"

• Consistent variable quoting:
  Consider quoting $RELEASE_NAME in the conditional check (i.e., if [[ "$RELEASE_NAME" == v* ]]) for consistency and to avoid potential issues.

These adjustments will resolve the static analysis hints regarding unquoted variables and ensure the script behaves as intended within the GitHub Actions environment.

🧰 Tools

🪛 actionlint (1.7.4)

20-20: shellcheck reported issue in this script: SC2086:info:4:36: Double quote to prevent globbing and word splitting

(shellcheck)

---

20-20: shellcheck reported issue in this script: SC2086:info:7:37: Double quote to prevent globbing and word splitting

(shellcheck)

[coderabbitai]

⚠️ Potential issue

Missing definition for the $VERSIONS variable

The script uses a $VERSIONS variable in the for loop, but this variable isn't defined anywhere in the workflow file. This will likely cause the loop to not execute properly.

 LANGUAGES="cpp csharp go java javascript python"
+VERSIONS="stable-v2.20.3 default linked nightly-latest"
 for version in $VERSIONS; do

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	LANGUAGES="cpp csharp go java javascript python"
	for version in $VERSIONS; do
	LANGUAGES="cpp csharp go java javascript python"
	VERSIONS="stable-v2.20.3 default linked nightly-latest"
	for version in $VERSIONS; do

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

CHANGELOG.md (1)

7-914: Typographical and Formatting Consistency:
Throughout the expanded changelog, many entries describe version updates, bug fixes, feature additions, and deprecation notices. Static analysis hints recommend using en dashes (–) instead of hyphens (-) for numerical ranges (e.g. in version numbers and dates) and ensuring compound adjectives are properly hyphenated. Please review entries such as those on lines 7, 14, 18, 26, 30, etc., and consider updating the dashes to improve typographical consistency and readability.

🧰 Tools

🪛 LanguageTool

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

---

[typographical] ~22-~22: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~24-~24: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~26-~26: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

---

[typographical] ~30-~30: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~34-~34: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~36-~36: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~38-~38: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~46-~46: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

---

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~60-~60: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

---

[style] ~64-~64: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

---

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

---

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~77-~77: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~81-~81: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~83-~83: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~85-~85: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~87-~87: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

---

[style] ~89-~89: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

---

[typographical] ~91-~91: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

---

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~102-~102: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~104-~104: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~106-~106: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[typographical] ~114-~114: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[typographical] ~123-~123: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

---

[style] ~125-~125: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

---

[typographical] ~127-~127: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~129-~129: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~131-~131: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~135-~135: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~139-~139: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~143-~143: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[typographical] ~147-~147: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~160-~160: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~162-~162: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~164-~164: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~169-~169: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~177-~177: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~184-~184: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~189-~189: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~194-~194: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~198-~198: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~203-~203: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~207-~207: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~211-~211: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2306) ## 3.25.6 - 20 May 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~215-~215: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2295) ## 3.25.5 - 13 May 2024 - Add a compatibility matri...

(DASH_RULE)

---

[typographical] ~221-~221: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2281) ## 3.25.4 - 08 May 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~225-~225: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2270) ## 3.25.3 - 25 Apr 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~230-~230: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2261) ## 3.25.2 - 22 Apr 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~232-~232: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2261) ## 3.25.2 - 22 Apr 2024 No user facing changes. ## 3.25.1 - 17 Apr 2024 - We...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~234-~234: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.25.1 - 17 Apr 2024 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~239-~239: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2245) ## 3.25.0 - 15 Apr 2024 - The deprecated feature fo...

(DASH_RULE)

---

[typographical] ~253-~253: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2234) ## 3.24.10 - 05 Apr 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~260-~260: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...version of the CodeQL Action. ## 3.24.9 - 22 Mar 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~264-~264: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2203) ## 3.24.8 - 18 Mar 2024 - Improve the ease of debug...

(DASH_RULE)

---

[typographical] ~268-~268: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2195) ## 3.24.7 - 12 Mar 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~272-~272: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2185) ## 3.24.6 - 29 Feb 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~274-~274: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2185) ## 3.24.6 - 29 Feb 2024 No user facing changes. ## 3.24.5 - 23 Feb 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~276-~276: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.24.5 - 23 Feb 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~280-~280: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2156) ## 3.24.4 - 21 Feb 2024 - Fix an issue where an exi...

(DASH_RULE)

---

[typographical] ~284-~284: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2151) ## 3.24.3 - 15 Feb 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~288-~288: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2147) ## 3.24.2 - 15 Feb 2024 - Enable improved multi-thr...

(DASH_RULE)

---

[misspelling] ~290-~290: This word is normally spelled as one.
Context: ...3.24.2 - 15 Feb 2024 - Enable improved multi-threaded performance on larger runners for GitHu...

(EN_COMPOUNDS_MULTI_THREADED)

---

[typographical] ~292-~292: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2141) ## 3.24.1 - 13 Feb 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~297-~297: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2121) ## 3.24.0 - 02 Feb 2024 - CodeQL Python analysis wi...

(DASH_RULE)

---

[typographical] ~301-~301: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2106) ## 3.23.2 - 26 Jan 2024 - On Linux, the maximum pos...

(DASH_RULE)

---

[typographical] ~306-~306: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2096) ## 3.23.1 - 17 Jan 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~311-~311: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2079) ## 3.23.0 - 08 Jan 2024 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~313-~313: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...NCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in futur...

(HOWEVER_SENTENCE)

---

[typographical] ~316-~316: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2009) ## 3.22.12 - 22 Dec 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~320-~320: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2047) ## 3.22.11 - 13 Dec 2023 - [v3+ only] The CodeQL Act...

(DASH_RULE)

---

[typographical] ~324-~324: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2006) ## 2.22.10 - 12 Dec 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~328-~328: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2016) ## 2.22.9 - 07 Dec 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~330-~330: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2016) ## 2.22.9 - 07 Dec 2023 No user facing changes. ## 2.22.8 - 23 Nov 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~332-~332: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.22.8 - 23 Nov 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~336-~336: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2001) ## 2.22.7 - 16 Nov 2023 - Add a deprecation warning...

(DASH_RULE)

---

[typographical] ~342-~342: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...version of the CodeQL Action. ## 2.22.6 - 14 Nov 2023 - Customers running Python ...

(DASH_RULE)

---

[typographical] ~347-~347: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1978) ## 2.22.5 - 27 Oct 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~349-~349: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1978) ## 2.22.5 - 27 Oct 2023 No user facing changes. ## 2.22.4 - 20 Oct 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~351-~351: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.22.4 - 20 Oct 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~359-~359: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...b/codeql-action/issues/1959). ## 2.22.3 - 13 Oct 2023 - Provide an authentication...

(DASH_RULE)

---

[typographical] ~363-~363: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1945) ## 2.22.2 - 12 Oct 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~368-~368: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1927) ## 2.22.1 - 09 Oct 2023 - Add a workaround for Pyth...

(DASH_RULE)

---

[typographical] ~372-~372: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1928) ## 2.22.0 - 06 Oct 2023 - The CodeQL Action now req...

(DASH_RULE)

---

[typographical] ~378-~378: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1909) ## 2.21.9 - 27 Sep 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~382-~382: A comma may be missing after the conjunctive/linking adverb ‘Currently’.
Context: ... Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of t...

(SENT_START_CONJUNCTIVE_LINKING_ADVERB_COMMA)

---

[typographical] ~385-~385: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1901) ## 2.21.8 - 19 Sep 2023 - Add a deprecation warning...

(DASH_RULE)

---

[typographical] ~392-~392: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1883) ## 2.21.7 - 14 Sep 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~396-~396: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1882) ## 2.21.6 - 13 Sep 2023 - Better error message when...

(DASH_RULE)

---

[style] ~399-~399: ‘in proportion to’ might be wordy. Consider a shorter alternative.
Context: ...Hub Enterprise Server. This now reduces in proportion to the runner's total memory to better acc...

(EN_WORDINESS_PREMIUM_IN_PROPORTION_TO)

---

[typographical] ~403-~403: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1873) ## 2.21.5 - 28 Aug 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~409-~409: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1853) ## 2.21.4 - 14 Aug 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~417-~417: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1835) ## 2.21.3 - 08 Aug 2023 - We are rolling out a feat...

(DASH_RULE)

---

[misspelling] ~419-~419: This word is normally spelled as one.
Context: ...eature in August 2023 that will improve multi-threaded performance on larger runners. [github#1817](...

(EN_COMPOUNDS_MULTI_THREADED)

---

[typographical] ~423-~423: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1820) ## 2.21.2 - 28 Jul 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~428-~428: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1811) ## 2.21.1 - 26 Jul 2023 - Improve the handling of f...

(DASH_RULE)

---

[grammar] ~431-~431: The word ‘analyze’ is a verb. Did you mean the noun “analysis”?
Context: ... - Add the sarif-output output to the analyze action that contains the path to the di...

(PREPOSITION_VERB)

---

[typographical] ~433-~433: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1799) ## 2.21.0 - 19 Jul 2023 - CodeQL Action now require...

(DASH_RULE)

---

[typographical] ~437-~437: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1724) ## 2.20.4 - 14 Jul 2023 - This is the last release ...

(DASH_RULE)

---

[style] ~439-~439: Some style guides suggest that commas should set off the year in a month-day-year date.
Context: ... CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 ...

(MISSING_COMMA_AFTER_YEAR)

---

[style] ~442-~442: ‘in proportion to’ might be wordy. Consider a shorter alternative.
Context: ...amount of RAM used for query execution, in proportion to the runner's total memory. This will he...

(EN_WORDINESS_PREMIUM_IN_PROPORTION_TO)

---

[typographical] ~445-~445: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1762) ## 2.20.3 - 06 Jul 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~449-~449: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1743) ## 2.20.2 - 03 Jul 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~451-~451: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1743) ## 2.20.2 - 03 Jul 2023 No user facing changes. ## 2.20.1 - 21 Jun 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~453-~453: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.20.1 - 21 Jun 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~458-~458: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ubject to change at any time. ## 2.20.0 - 13 Jun 2023 - Bump the version of the A...

(DASH_RULE)

---

[typographical] ~462-~462: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1729) ## 2.3.6 - 01 Jun 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~466-~466: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1698) ## 2.3.5 - 25 May 2023 - Allow invalid URIs to be ...

(DASH_RULE)

---

[typographical] ~471-~471: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1694) ## 2.3.4 - 24 May 2023 - Updated the SARIF 2.1.0 J...

(DASH_RULE)

---

[typographical] ~481-~481: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1675) ## 2.3.3 - 04 May 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~486-~486: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1590) ## 2.3.2 - 27 Apr 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~488-~488: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1590) ## 2.3.2 - 27 Apr 2023 No user facing changes. ## 2.3.1 - 26 Apr 2023 No us...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~490-~490: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.3.1 - 26 Apr 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~492-~492: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ng changes. ## 2.3.1 - 26 Apr 2023 No user facing changes. ## 2.3.0 - 21 Apr 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~494-~494: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.3.0 - 21 Apr 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~499-~499: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1618) ## 2.2.12 - 13 Apr 2023 - Include the value of the ...

(DASH_RULE)

---

[typographical] ~504-~504: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1619) ## 2.2.11 - 06 Apr 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~506-~506: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1619) ## 2.2.11 - 06 Apr 2023 No user facing changes. ## 2.2.10 - 05 Apr 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~508-~508: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.2.10 - 05 Apr 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~512-~512: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1629) ## 2.2.9 - 27 Mar 2023 - Customers post-processing...

(DASH_RULE)

---

[typographical] ~522-~522: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...d failure-only respectively. ## 2.2.8 - 22 Mar 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~526-~526: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1585) ## 2.2.7 - 15 Mar 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~528-~528: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1585) ## 2.2.7 - 15 Mar 2023 No user facing changes. ## 2.2.6 - 10 Mar 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~530-~530: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.6 - 10 Mar 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~534-~534: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1561) ## 2.2.5 - 24 Feb 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~538-~538: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1543) ## 2.2.4 - 10 Feb 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~540-~540: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1543) ## 2.2.4 - 10 Feb 2023 No user facing changes. ## 2.2.3 - 08 Feb 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~542-~542: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.3 - 08 Feb 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~546-~546: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1518) ## 2.2.2 - 06 Feb 2023 - Fix an issue where custom...

(DASH_RULE)

---

[typographical] ~550-~550: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1517) ## 2.2.1 - 27 Jan 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~552-~552: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1517) ## 2.2.1 - 27 Jan 2023 No user facing changes. ## 2.2.0 - 26 Jan 2023 - Imp...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~554-~554: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.0 - 26 Jan 2023 - Improve stability when ch...

(DASH_RULE)

---

[typographical] ~573-~573: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1494) ## 2.1.39 - 18 Jan 2023 - CodeQL Action v1 is now d...

(DASH_RULE)

---

[uncategorized] ~578-~578: Use a comma before ‘and’ if it connects two independent clauses (unless they are closely connected and short).
Context: ... will happen in several non-error states and so we now avoid cluttering the log wi...

(COMMA_COMPOUND_SENTENCE)

---

[typographical] ~581-~581: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1485) ## 2.1.38 - 12 Jan 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~585-~585: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1466) ## 2.1.37 - 14 Dec 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~589-~589: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1433) ## 2.1.36 - 08 Dec 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~595-~595: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1419) ## 2.1.35 - 01 Dec 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~597-~597: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1419) ## 2.1.35 - 01 Dec 2022 No user facing changes. ## 2.1.34 - 25 Nov 2022 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~599-~599: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.34 - 25 Nov 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~604-~604: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1384) ## 2.1.33 - 16 Nov 2022 - Go is now analyzed in the...

(DASH_RULE)

---

[typographical] ~609-~609: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1358) ## 2.1.32 - 14 Nov 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~614-~614: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1351) ## 2.1.31 - 04 Nov 2022 - The `rb/weak-cryptographi...

(DASH_RULE)

---

[style] ~616-~616: Consider replacing ‘often’ with a more meaningful word.
Context: ...ak. These hash algorithms are used very often in non-sensitive contexts, making the q...

(VERY_RB_STYLE)

---

[typographical] ~618-~618: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1344) ## 2.1.30 - 02 Nov 2022 - Improve the error message...

(DASH_RULE)

---

[typographical] ~622-~622: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1334) ## 2.1.29 - 26 Oct 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~626-~626: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1320) ## 2.1.28 - 18 Oct 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~631-~631: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1301) ## 2.1.27 - 06 Oct 2022 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~635-~635: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...an escalation to engineering. ## 2.1.26 - 29 Sep 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~639-~639: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1267) ## 2.1.25 - 21 Sep 2022 - We will soon be rolling o...

(DASH_RULE)

---

[typographical] ~644-~644: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1258) ## 2.1.24 - 16 Sep 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~646-~646: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1258) ## 2.1.24 - 16 Sep 2022 No user facing changes. ## 2.1.23 - 14 Sep 2022 - Al...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~648-~648: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.23 - 14 Sep 2022 - Allow CodeQL packs to be ...

(DASH_RULE)

---

[typographical] ~653-~653: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1240) ## 2.1.22 - 01 Sep 2022 - Downloading CodeQL packs ...

(DASH_RULE)

---

[typographical] ~659-~659: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ry 1.1 is installed yourself. ## 2.1.21 - 25 Aug 2022 - Improve error messages wh...

(DASH_RULE)

---

[typographical] ~664-~664: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1209) ## 2.1.20 - 22 Aug 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~666-~666: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1209) ## 2.1.20 - 22 Aug 2022 No user facing changes. ## 2.1.19 - 17 Aug 2022 - Ad...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~668-~668: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.19 - 17 Aug 2022 - Add the ability to filter...

(DASH_RULE)

---

[typographical] ~675-~675: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1181) ## 2.1.18 - 03 Aug 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~679-~679: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1156) ## 2.1.17 - 28 Jul 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~683-~683: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1143) ## 2.1.16 - 13 Jul 2022 - You can now quickly debug...

(DASH_RULE)

---

[typographical] ~688-~688: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1133) ## 2.1.15 - 28 Jun 2022 - CodeQL query packs listed...

(DASH_RULE)

---

[typographical] ~694-~694: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1123) ## 2.1.14 - 22 Jun 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~696-~696: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1123) ## 2.1.14 - 22 Jun 2022 No user facing changes. ## 2.1.13 - 21 Jun 2022 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~698-~698: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.13 - 21 Jun 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~702-~702: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1100) ## 2.1.12 - 01 Jun 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~706-~706: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1084) ## 2.1.11 - 17 May 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~710-~710: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1074) ## 2.1.10 - 10 May 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~715-~715: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ssing of the analysis results. ## 2.1.9 - 27 Apr 2022 - Add working-directory i...

(DASH_RULE)

---

[typographical] ~722-~722: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1042) ## 2.1.8 - 08 Apr 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~727-~727: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1025) ## 2.1.7 - 05 Apr 2022 - A bug where additional qu...

(DASH_RULE)

---

[typographical] ~731-~731: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1018) ## 2.1.6 - 30 Mar 2022 - [v2+ only] The CodeQL Act...

(DASH_RULE)

---

[typographical] ~737-~737: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/956) ## 1.1.5 - 15 Mar 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~745-~745: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...rrors with GHES 3.3 or earlier ## 1.1.4 - 07 Mar 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~750-~750: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/955) ## 1.1.3 - 23 Feb 2022 - Fix a bug where the CLR t...

(DASH_RULE)

---

[typographical] ~754-~754: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/938) ## 1.1.2 - 17 Feb 2022 - Due to potential issues f...

(DASH_RULE)

---

[typographical] ~758-~758: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/937) ## 1.1.1 - 17 Feb 2022 - The CodeQL CLI versions u...

(DASH_RULE)

---

[style] ~760-~760: Consider using “incompatible” to avoid wordiness.
Context: ...s up to and including version 2.4.4 are not compatible with the CodeQL Action 1.1.1 and later....

(NOT_ABLE_PREMIUM)

---

[typographical] ~763-~763: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/925) ## 1.1.0 - 11 Feb 2022 - The CodeQL Action now use...

(DASH_RULE)

---

[typographical] ~768-~768: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...e fixes this incompatibility. ## 1.0.32 - 07 Feb 2022 - Add sarif-id as an outp...

(DASH_RULE)

---

[typographical] ~774-~774: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/911) ## 1.0.31 - 31 Jan 2022 - Remove experimental mes...

(DASH_RULE)

---

[typographical] ~779-~779: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/882) ## 1.0.30 - 24 Jan 2022 - Display a better error me...

(DASH_RULE)

---

[typographical] ~784-~784: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/877) ## 1.0.29 - 21 Jan 2022 - The feature to wait for S...

(DASH_RULE)

---

[typographical] ~788-~788: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ith pull requests from forks. ## 1.0.28 - 18 Jan 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[grammar] ~791-~791: The word ‘upload’ is not correct in this context. Consider using the plural form, adding a determiner like ‘the’ or ‘a’, or adding a preposition like ‘at’ or ‘in’.
Context: ...ix a bug where SARIF files were failing upload due to an invalid test for unique categ...

(BE_VBG_NN)

---

[typographical] ~793-~793: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/872) ## 1.0.27 - 11 Jan 2022 - The analyze and `upload...

(DASH_RULE)

---

[typographical] ~797-~797: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/855) ## 1.0.26 - 10 Dec 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~801-~801: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/842) ## 1.0.25 - 06 Dec 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~803-~803: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/842) ## 1.0.25 - 06 Dec 2021 No user facing changes. ## 1.0.24 - 23 Nov 2021 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~805-~805: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.24 - 23 Nov 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~809-~809: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/827) ## 1.0.23 - 16 Nov 2021 - The upload-sarif action...

(DASH_RULE)

---

[typographical] ~814-~814: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/816) ## 1.0.22 - 04 Nov 2021 - The init step of the Ac...

(DASH_RULE)

---

[typographical] ~819-~819: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/804) ## 1.0.21 - 28 Oct 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~823-~823: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/795) ## 1.0.20 - 25 Oct 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~825-~825: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/795) ## 1.0.20 - 25 Oct 2021 No user facing changes. ## 1.0.19 - 18 Oct 2021 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~827-~827: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.19 - 18 Oct 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~829-~829: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 1.0.19 - 18 Oct 2021 No user facing changes. ## 1.0.18 - 08 Oct 2021 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~831-~831: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.18 - 08 Oct 2021 - Fixed a bug where some bu...

(DASH_RULE)

---

[typographical] ~835-~835: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/766) ## 1.0.17 - 07 Oct 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~839-~839: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/761) ## 1.0.16 - 05 Oct 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~841-~841: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/761) ## 1.0.16 - 05 Oct 2021 No user facing changes. ## 1.0.15 - 22 Sep 2021 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~843-~843: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.15 - 22 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~847-~847: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/746) ## 1.0.14 - 09 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~851-~851: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/733) ## 1.0.13 - 06 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~857-~857: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/715) ## 1.0.12 - 16 Aug 2021 - Update README to include ...

(DASH_RULE)

---

[typographical] ~861-~861: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/689) ## 1.0.11 - 09 Aug 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~865-~865: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/687) ## 1.0.10 - 03 Aug 2021 - Fix an issue where a summ...

(DASH_RULE)

---

[typographical] ~869-~869: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/672) ## 1.0.9 - 02 Aug 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~871-~871: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/672) ## 1.0.9 - 02 Aug 2021 No user facing changes. ## 1.0.8 - 26 Jul 2021 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~873-~873: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.8 - 26 Jul 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~877-~877: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/631) ## 1.0.7 - 21 Jul 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~879-~879: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/631) ## 1.0.7 - 21 Jul 2021 No user facing changes. ## 1.0.6 - 19 Jul 2021 - The...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~881-~881: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.6 - 19 Jul 2021 - The init step of the Ac...

(DASH_RULE)

---

[typographical] ~886-~886: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/616) ## 1.0.5 - 12 Jul 2021 - The analyze step of the...

(DASH_RULE)

---

[typographical] ~891-~891: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/608) ## 1.0.4 - 28 Jun 2021 - Fix `RUNNER_TEMP environm...

(DASH_RULE)

---

[typographical] ~896-~896: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/586) ## 1.0.3 - 23 Jun 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~898-~898: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/586) ## 1.0.3 - 23 Jun 2021 No user facing changes. ## 1.0.2 - 17 Jun 2021 - Fix...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~900-~900: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.2 - 17 Jun 2021 - Fix out of memory in hash...

(DASH_RULE)

---

[typographical] ~906-~906: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/558) ## 1.0.1 - 07 Jun 2021 - Pass the `--sarif-group-r...

(DASH_RULE)

---

[grammar] ~909-~909: The word ‘analyze’ is a verb. Did you mean the noun “analysis”?
Context: ...tion of CodeQL databases created in the analyze step. [github#543](https://github.com/github/...

(PREPOSITION_VERB)

---

[typographical] ~911-~911: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/543) ## 1.0.0 - 31 May 2021 - Add this changelog file. ...

(DASH_RULE)

🪛 markdownlint-cli2 (0.17.2)

441-441: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

---

441-441: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 911d845 and 56b25d5.

📒 Files selected for processing (2)

• CHANGELOG.md (2 hunks)
• lib/defaults.json (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• lib/defaults.json

🧰 Additional context used

🪛 LanguageTool

CHANGELOG.md

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

---

[typographical] ~22-~22: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~24-~24: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~26-~26: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

---

[typographical] ~30-~30: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~34-~34: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~36-~36: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~38-~38: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~46-~46: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

---

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~60-~60: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

---

[style] ~64-~64: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

---

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

---

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~77-~77: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~81-~81: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~83-~83: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~85-~85: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~87-~87: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

---

[style] ~89-~89: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

---

[typographical] ~91-~91: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

---

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~102-~102: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~104-~104: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~106-~106: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[typographical] ~114-~114: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[typographical] ~123-~123: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

---

[style] ~125-~125: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

---

[typographical] ~127-~127: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~129-~129: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~131-~131: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~135-~135: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~139-~139: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~143-~143: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[typographical] ~147-~147: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~160-~160: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~162-~162: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~164-~164: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~169-~169: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~177-~177: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~184-~184: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~189-~189: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~194-~194: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~198-~198: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~203-~203: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~207-~207: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

🔇 Additional comments (5)

CHANGELOG.md (5)

1-8: Comprehensive "UNRELEASED" Section Update:
The unreleased section now clearly documents upcoming changes (e.g. “Update default CodeQL bundle version to 2.20.6” on line 7) with proper PR references. This provides helpful context for users tracking imminent modifications.

---

9-13: Version 3.28.10 Details Check:
The entry for version 3.28.10 (lines 9–13) correctly documents both the version update (to 2.20.5) and a bug fix (decompression on macOS). Please verify that the dates and version numbers match the official release notes.

🧰 Tools

🪛 LanguageTool

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

18-21: Kotlin Support Addition Verification:
The update in version 3.28.8 (lines 18–21) that enables support for Kotlin 2.1.10 with CodeQL CLI v2.20.3 is clearly noted. Ensure that the linked PR #2744 is up to date and that the documentation elsewhere has been updated accordingly.

🧰 Tools

🪛 LanguageTool

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

---

26-32: Re-enable & Update Bundle Version Entries:
Entries for versions 3.28.6 and 3.28.5 (lines 26–32) document the re-enabling of debug artifact uploads and the subsequent bundle version update. The information is concise and uniformly formatted. A final check on the validity of the PR links (e.g. #2726 and #2717) is recommended.

🧰 Tools

🪛 LanguageTool

[typographical] ~26-~26: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

---

[typographical] ~30-~30: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

7-914: Reference and Consistency Verification:
The changelog is very detailed and methodically documents updates from version 3.28.10 down to version 1.0.0. It is important to double-check that all PR links are correct and that version numbers, dates, and descriptive texts are consistent across the file. This will further enhance reliability for users referencing the changelog for release history.

🧰 Tools

🪛 LanguageTool

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

---

[typographical] ~22-~22: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~24-~24: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~26-~26: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

---

[typographical] ~30-~30: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~34-~34: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~36-~36: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~38-~38: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~44-~44: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~46-~46: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~48-~48: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

---

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~58-~58: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~60-~60: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

---

[style] ~64-~64: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

---

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

---

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~77-~77: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~81-~81: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~83-~83: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~85-~85: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~87-~87: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

---

[style] ~89-~89: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

---

[typographical] ~91-~91: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

---

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~102-~102: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~104-~104: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~106-~106: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[typographical] ~114-~114: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[typographical] ~123-~123: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

---

[style] ~125-~125: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

---

[typographical] ~127-~127: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~129-~129: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~131-~131: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~135-~135: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~139-~139: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~143-~143: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[typographical] ~147-~147: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~160-~160: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~162-~162: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~164-~164: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~169-~169: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~177-~177: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~184-~184: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~189-~189: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~194-~194: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~198-~198: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~203-~203: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~207-~207: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~211-~211: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2306) ## 3.25.6 - 20 May 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~215-~215: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2295) ## 3.25.5 - 13 May 2024 - Add a compatibility matri...

(DASH_RULE)

---

[typographical] ~221-~221: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2281) ## 3.25.4 - 08 May 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~225-~225: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2270) ## 3.25.3 - 25 Apr 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~230-~230: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2261) ## 3.25.2 - 22 Apr 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~232-~232: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2261) ## 3.25.2 - 22 Apr 2024 No user facing changes. ## 3.25.1 - 17 Apr 2024 - We...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~234-~234: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.25.1 - 17 Apr 2024 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~239-~239: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2245) ## 3.25.0 - 15 Apr 2024 - The deprecated feature fo...

(DASH_RULE)

---

[typographical] ~253-~253: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2234) ## 3.24.10 - 05 Apr 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~260-~260: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...version of the CodeQL Action. ## 3.24.9 - 22 Mar 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~264-~264: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2203) ## 3.24.8 - 18 Mar 2024 - Improve the ease of debug...

(DASH_RULE)

---

[typographical] ~268-~268: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2195) ## 3.24.7 - 12 Mar 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~272-~272: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2185) ## 3.24.6 - 29 Feb 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~274-~274: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2185) ## 3.24.6 - 29 Feb 2024 No user facing changes. ## 3.24.5 - 23 Feb 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~276-~276: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.24.5 - 23 Feb 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~280-~280: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2156) ## 3.24.4 - 21 Feb 2024 - Fix an issue where an exi...

(DASH_RULE)

---

[typographical] ~284-~284: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2151) ## 3.24.3 - 15 Feb 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~288-~288: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2147) ## 3.24.2 - 15 Feb 2024 - Enable improved multi-thr...

(DASH_RULE)

---

[misspelling] ~290-~290: This word is normally spelled as one.
Context: ...3.24.2 - 15 Feb 2024 - Enable improved multi-threaded performance on larger runners for GitHu...

(EN_COMPOUNDS_MULTI_THREADED)

---

[typographical] ~292-~292: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2141) ## 3.24.1 - 13 Feb 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~297-~297: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2121) ## 3.24.0 - 02 Feb 2024 - CodeQL Python analysis wi...

(DASH_RULE)

---

[typographical] ~301-~301: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2106) ## 3.23.2 - 26 Jan 2024 - On Linux, the maximum pos...

(DASH_RULE)

---

[typographical] ~306-~306: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2096) ## 3.23.1 - 17 Jan 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~311-~311: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2079) ## 3.23.0 - 08 Jan 2024 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~313-~313: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...NCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in futur...

(HOWEVER_SENTENCE)

---

[typographical] ~316-~316: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2009) ## 3.22.12 - 22 Dec 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~320-~320: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2047) ## 3.22.11 - 13 Dec 2023 - [v3+ only] The CodeQL Act...

(DASH_RULE)

---

[typographical] ~324-~324: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2006) ## 2.22.10 - 12 Dec 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~328-~328: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2016) ## 2.22.9 - 07 Dec 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~330-~330: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2016) ## 2.22.9 - 07 Dec 2023 No user facing changes. ## 2.22.8 - 23 Nov 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~332-~332: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.22.8 - 23 Nov 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~336-~336: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2001) ## 2.22.7 - 16 Nov 2023 - Add a deprecation warning...

(DASH_RULE)

---

[typographical] ~342-~342: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...version of the CodeQL Action. ## 2.22.6 - 14 Nov 2023 - Customers running Python ...

(DASH_RULE)

---

[typographical] ~347-~347: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1978) ## 2.22.5 - 27 Oct 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~349-~349: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1978) ## 2.22.5 - 27 Oct 2023 No user facing changes. ## 2.22.4 - 20 Oct 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~351-~351: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.22.4 - 20 Oct 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~359-~359: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...b/codeql-action/issues/1959). ## 2.22.3 - 13 Oct 2023 - Provide an authentication...

(DASH_RULE)

---

[typographical] ~363-~363: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1945) ## 2.22.2 - 12 Oct 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~368-~368: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1927) ## 2.22.1 - 09 Oct 2023 - Add a workaround for Pyth...

(DASH_RULE)

---

[typographical] ~372-~372: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1928) ## 2.22.0 - 06 Oct 2023 - The CodeQL Action now req...

(DASH_RULE)

---

[typographical] ~378-~378: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1909) ## 2.21.9 - 27 Sep 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~382-~382: A comma may be missing after the conjunctive/linking adverb ‘Currently’.
Context: ... Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of t...

(SENT_START_CONJUNCTIVE_LINKING_ADVERB_COMMA)

---

[typographical] ~385-~385: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1901) ## 2.21.8 - 19 Sep 2023 - Add a deprecation warning...

(DASH_RULE)

---

[typographical] ~392-~392: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1883) ## 2.21.7 - 14 Sep 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~396-~396: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1882) ## 2.21.6 - 13 Sep 2023 - Better error message when...

(DASH_RULE)

---

[style] ~399-~399: ‘in proportion to’ might be wordy. Consider a shorter alternative.
Context: ...Hub Enterprise Server. This now reduces in proportion to the runner's total memory to better acc...

(EN_WORDINESS_PREMIUM_IN_PROPORTION_TO)

---

[typographical] ~403-~403: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1873) ## 2.21.5 - 28 Aug 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~409-~409: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1853) ## 2.21.4 - 14 Aug 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~417-~417: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1835) ## 2.21.3 - 08 Aug 2023 - We are rolling out a feat...

(DASH_RULE)

---

[misspelling] ~419-~419: This word is normally spelled as one.
Context: ...eature in August 2023 that will improve multi-threaded performance on larger runners. [github#1817](...

(EN_COMPOUNDS_MULTI_THREADED)

---

[typographical] ~423-~423: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1820) ## 2.21.2 - 28 Jul 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~428-~428: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1811) ## 2.21.1 - 26 Jul 2023 - Improve the handling of f...

(DASH_RULE)

---

[grammar] ~431-~431: The word ‘analyze’ is a verb. Did you mean the noun “analysis”?
Context: ... - Add the sarif-output output to the analyze action that contains the path to the di...

(PREPOSITION_VERB)

---

[typographical] ~433-~433: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1799) ## 2.21.0 - 19 Jul 2023 - CodeQL Action now require...

(DASH_RULE)

---

[typographical] ~437-~437: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1724) ## 2.20.4 - 14 Jul 2023 - This is the last release ...

(DASH_RULE)

---

[style] ~439-~439: Some style guides suggest that commas should set off the year in a month-day-year date.
Context: ... CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 ...

(MISSING_COMMA_AFTER_YEAR)

---

[style] ~442-~442: ‘in proportion to’ might be wordy. Consider a shorter alternative.
Context: ...amount of RAM used for query execution, in proportion to the runner's total memory. This will he...

(EN_WORDINESS_PREMIUM_IN_PROPORTION_TO)

---

[typographical] ~445-~445: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1762) ## 2.20.3 - 06 Jul 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~449-~449: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1743) ## 2.20.2 - 03 Jul 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~451-~451: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1743) ## 2.20.2 - 03 Jul 2023 No user facing changes. ## 2.20.1 - 21 Jun 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~453-~453: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.20.1 - 21 Jun 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~458-~458: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ubject to change at any time. ## 2.20.0 - 13 Jun 2023 - Bump the version of the A...

(DASH_RULE)

---

[typographical] ~462-~462: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1729) ## 2.3.6 - 01 Jun 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~466-~466: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1698) ## 2.3.5 - 25 May 2023 - Allow invalid URIs to be ...

(DASH_RULE)

---

[typographical] ~471-~471: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1694) ## 2.3.4 - 24 May 2023 - Updated the SARIF 2.1.0 J...

(DASH_RULE)

---

[typographical] ~481-~481: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1675) ## 2.3.3 - 04 May 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~486-~486: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1590) ## 2.3.2 - 27 Apr 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~488-~488: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1590) ## 2.3.2 - 27 Apr 2023 No user facing changes. ## 2.3.1 - 26 Apr 2023 No us...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~490-~490: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.3.1 - 26 Apr 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~492-~492: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ng changes. ## 2.3.1 - 26 Apr 2023 No user facing changes. ## 2.3.0 - 21 Apr 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~494-~494: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.3.0 - 21 Apr 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~499-~499: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1618) ## 2.2.12 - 13 Apr 2023 - Include the value of the ...

(DASH_RULE)

---

[typographical] ~504-~504: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1619) ## 2.2.11 - 06 Apr 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~506-~506: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1619) ## 2.2.11 - 06 Apr 2023 No user facing changes. ## 2.2.10 - 05 Apr 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~508-~508: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.2.10 - 05 Apr 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~512-~512: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1629) ## 2.2.9 - 27 Mar 2023 - Customers post-processing...

(DASH_RULE)

---

[typographical] ~522-~522: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...d failure-only respectively. ## 2.2.8 - 22 Mar 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~526-~526: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1585) ## 2.2.7 - 15 Mar 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~528-~528: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1585) ## 2.2.7 - 15 Mar 2023 No user facing changes. ## 2.2.6 - 10 Mar 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~530-~530: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.6 - 10 Mar 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~534-~534: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1561) ## 2.2.5 - 24 Feb 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~538-~538: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1543) ## 2.2.4 - 10 Feb 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~540-~540: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1543) ## 2.2.4 - 10 Feb 2023 No user facing changes. ## 2.2.3 - 08 Feb 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~542-~542: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.3 - 08 Feb 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~546-~546: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1518) ## 2.2.2 - 06 Feb 2023 - Fix an issue where custom...

(DASH_RULE)

---

[typographical] ~550-~550: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1517) ## 2.2.1 - 27 Jan 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~552-~552: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1517) ## 2.2.1 - 27 Jan 2023 No user facing changes. ## 2.2.0 - 26 Jan 2023 - Imp...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~554-~554: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.0 - 26 Jan 2023 - Improve stability when ch...

(DASH_RULE)

---

[typographical] ~573-~573: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1494) ## 2.1.39 - 18 Jan 2023 - CodeQL Action v1 is now d...

(DASH_RULE)

---

[uncategorized] ~578-~578: Use a comma before ‘and’ if it connects two independent clauses (unless they are closely connected and short).
Context: ... will happen in several non-error states and so we now avoid cluttering the log wi...

(COMMA_COMPOUND_SENTENCE)

---

[typographical] ~581-~581: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1485) ## 2.1.38 - 12 Jan 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~585-~585: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1466) ## 2.1.37 - 14 Dec 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~589-~589: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1433) ## 2.1.36 - 08 Dec 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~595-~595: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1419) ## 2.1.35 - 01 Dec 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~597-~597: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1419) ## 2.1.35 - 01 Dec 2022 No user facing changes. ## 2.1.34 - 25 Nov 2022 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~599-~599: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.34 - 25 Nov 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~604-~604: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1384) ## 2.1.33 - 16 Nov 2022 - Go is now analyzed in the...

(DASH_RULE)

---

[typographical] ~609-~609: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1358) ## 2.1.32 - 14 Nov 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~614-~614: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1351) ## 2.1.31 - 04 Nov 2022 - The `rb/weak-cryptographi...

(DASH_RULE)

---

[style] ~616-~616: Consider replacing ‘often’ with a more meaningful word.
Context: ...ak. These hash algorithms are used very often in non-sensitive contexts, making the q...

(VERY_RB_STYLE)

---

[typographical] ~618-~618: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1344) ## 2.1.30 - 02 Nov 2022 - Improve the error message...

(DASH_RULE)

---

[typographical] ~622-~622: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1334) ## 2.1.29 - 26 Oct 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~626-~626: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1320) ## 2.1.28 - 18 Oct 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~631-~631: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1301) ## 2.1.27 - 06 Oct 2022 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~635-~635: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...an escalation to engineering. ## 2.1.26 - 29 Sep 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~639-~639: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1267) ## 2.1.25 - 21 Sep 2022 - We will soon be rolling o...

(DASH_RULE)

---

[typographical] ~644-~644: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1258) ## 2.1.24 - 16 Sep 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~646-~646: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1258) ## 2.1.24 - 16 Sep 2022 No user facing changes. ## 2.1.23 - 14 Sep 2022 - Al...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~648-~648: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.23 - 14 Sep 2022 - Allow CodeQL packs to be ...

(DASH_RULE)

---

[typographical] ~653-~653: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1240) ## 2.1.22 - 01 Sep 2022 - Downloading CodeQL packs ...

(DASH_RULE)

---

[typographical] ~659-~659: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ry 1.1 is installed yourself. ## 2.1.21 - 25 Aug 2022 - Improve error messages wh...

(DASH_RULE)

---

[typographical] ~664-~664: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1209) ## 2.1.20 - 22 Aug 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~666-~666: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1209) ## 2.1.20 - 22 Aug 2022 No user facing changes. ## 2.1.19 - 17 Aug 2022 - Ad...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~668-~668: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.19 - 17 Aug 2022 - Add the ability to filter...

(DASH_RULE)

---

[typographical] ~675-~675: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1181) ## 2.1.18 - 03 Aug 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~679-~679: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1156) ## 2.1.17 - 28 Jul 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~683-~683: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1143) ## 2.1.16 - 13 Jul 2022 - You can now quickly debug...

(DASH_RULE)

---

[typographical] ~688-~688: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1133) ## 2.1.15 - 28 Jun 2022 - CodeQL query packs listed...

(DASH_RULE)

---

[typographical] ~694-~694: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1123) ## 2.1.14 - 22 Jun 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~696-~696: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1123) ## 2.1.14 - 22 Jun 2022 No user facing changes. ## 2.1.13 - 21 Jun 2022 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~698-~698: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.13 - 21 Jun 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~702-~702: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1100) ## 2.1.12 - 01 Jun 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~706-~706: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1084) ## 2.1.11 - 17 May 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~710-~710: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1074) ## 2.1.10 - 10 May 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~715-~715: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ssing of the analysis results. ## 2.1.9 - 27 Apr 2022 - Add working-directory i...

(DASH_RULE)

---

[typographical] ~722-~722: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1042) ## 2.1.8 - 08 Apr 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~727-~727: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1025) ## 2.1.7 - 05 Apr 2022 - A bug where additional qu...

(DASH_RULE)

---

[typographical] ~731-~731: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1018) ## 2.1.6 - 30 Mar 2022 - [v2+ only] The CodeQL Act...

(DASH_RULE)

---

[typographical] ~737-~737: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/956) ## 1.1.5 - 15 Mar 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~745-~745: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...rrors with GHES 3.3 or earlier ## 1.1.4 - 07 Mar 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~750-~750: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/955) ## 1.1.3 - 23 Feb 2022 - Fix a bug where the CLR t...

(DASH_RULE)

---

[typographical] ~754-~754: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/938) ## 1.1.2 - 17 Feb 2022 - Due to potential issues f...

(DASH_RULE)

---

[typographical] ~758-~758: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/937) ## 1.1.1 - 17 Feb 2022 - The CodeQL CLI versions u...

(DASH_RULE)

---

[style] ~760-~760: Consider using “incompatible” to avoid wordiness.
Context: ...s up to and including version 2.4.4 are not compatible with the CodeQL Action 1.1.1 and later....

(NOT_ABLE_PREMIUM)

---

[typographical] ~763-~763: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/925) ## 1.1.0 - 11 Feb 2022 - The CodeQL Action now use...

(DASH_RULE)

---

[typographical] ~768-~768: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...e fixes this incompatibility. ## 1.0.32 - 07 Feb 2022 - Add sarif-id as an outp...

(DASH_RULE)

---

[typographical] ~774-~774: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/911) ## 1.0.31 - 31 Jan 2022 - Remove experimental mes...

(DASH_RULE)

---

[typographical] ~779-~779: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/882) ## 1.0.30 - 24 Jan 2022 - Display a better error me...

(DASH_RULE)

---

[typographical] ~784-~784: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/877) ## 1.0.29 - 21 Jan 2022 - The feature to wait for S...

(DASH_RULE)

---

[typographical] ~788-~788: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ith pull requests from forks. ## 1.0.28 - 18 Jan 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[grammar] ~791-~791: The word ‘upload’ is not correct in this context. Consider using the plural form, adding a determiner like ‘the’ or ‘a’, or adding a preposition like ‘at’ or ‘in’.
Context: ...ix a bug where SARIF files were failing upload due to an invalid test for unique categ...

(BE_VBG_NN)

---

[typographical] ~793-~793: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/872) ## 1.0.27 - 11 Jan 2022 - The analyze and `upload...

(DASH_RULE)

---

[typographical] ~797-~797: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/855) ## 1.0.26 - 10 Dec 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~801-~801: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/842) ## 1.0.25 - 06 Dec 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~803-~803: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/842) ## 1.0.25 - 06 Dec 2021 No user facing changes. ## 1.0.24 - 23 Nov 2021 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~805-~805: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.24 - 23 Nov 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~809-~809: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/827) ## 1.0.23 - 16 Nov 2021 - The upload-sarif action...

(DASH_RULE)

---

[typographical] ~814-~814: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/816) ## 1.0.22 - 04 Nov 2021 - The init step of the Ac...

(DASH_RULE)

---

[typographical] ~819-~819: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/804) ## 1.0.21 - 28 Oct 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~823-~823: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/795) ## 1.0.20 - 25 Oct 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~825-~825: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/795) ## 1.0.20 - 25 Oct 2021 No user facing changes. ## 1.0.19 - 18 Oct 2021 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~827-~827: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.19 - 18 Oct 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~829-~829: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 1.0.19 - 18 Oct 2021 No user facing changes. ## 1.0.18 - 08 Oct 2021 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~831-~831: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.18 - 08 Oct 2021 - Fixed a bug where some bu...

(DASH_RULE)

---

[typographical] ~835-~835: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/766) ## 1.0.17 - 07 Oct 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~839-~839: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/761) ## 1.0.16 - 05 Oct 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~841-~841: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/761) ## 1.0.16 - 05 Oct 2021 No user facing changes. ## 1.0.15 - 22 Sep 2021 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~843-~843: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.15 - 22 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~847-~847: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/746) ## 1.0.14 - 09 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~851-~851: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/733) ## 1.0.13 - 06 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~857-~857: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/715) ## 1.0.12 - 16 Aug 2021 - Update README to include ...

(DASH_RULE)

---

[typographical] ~861-~861: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/689) ## 1.0.11 - 09 Aug 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~865-~865: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/687) ## 1.0.10 - 03 Aug 2021 - Fix an issue where a summ...

(DASH_RULE)

---

[typographical] ~869-~869: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/672) ## 1.0.9 - 02 Aug 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~871-~871: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/672) ## 1.0.9 - 02 Aug 2021 No user facing changes. ## 1.0.8 - 26 Jul 2021 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~873-~873: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.8 - 26 Jul 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~877-~877: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/631) ## 1.0.7 - 21 Jul 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~879-~879: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/631) ## 1.0.7 - 21 Jul 2021 No user facing changes. ## 1.0.6 - 19 Jul 2021 - The...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~881-~881: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.6 - 19 Jul 2021 - The init step of the Ac...

(DASH_RULE)

---

[typographical] ~886-~886: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/616) ## 1.0.5 - 12 Jul 2021 - The analyze step of the...

(DASH_RULE)

---

[typographical] ~891-~891: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/608) ## 1.0.4 - 28 Jun 2021 - Fix `RUNNER_TEMP environm...

(DASH_RULE)

---

[typographical] ~896-~896: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/586) ## 1.0.3 - 23 Jun 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~898-~898: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/586) ## 1.0.3 - 23 Jun 2021 No user facing changes. ## 1.0.2 - 17 Jun 2021 - Fix...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~900-~900: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.2 - 17 Jun 2021 - Fix out of memory in hash...

(DASH_RULE)

---

[typographical] ~906-~906: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/558) ## 1.0.1 - 07 Jun 2021 - Pass the `--sarif-group-r...

(DASH_RULE)

---

[grammar] ~909-~909: The word ‘analyze’ is a verb. Did you mean the noun “analysis”?
Context: ...tion of CodeQL databases created in the analyze step. [github#543](https://github.com/github/...

(PREPOSITION_VERB)

---

[typographical] ~911-~911: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/543) ## 1.0.0 - 31 May 2021 - Add this changelog file. ...

(DASH_RULE)

🪛 markdownlint-cli2 (0.17.2)

441-441: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

---

441-441: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

[coderabbitai]

Caution

Inline review comments failed to post. This is likely due to GitHub's limits when posting large numbers of comments. If you are seeing this consistently it is likely a permissions issue. Please check "Moderation" -> "Code review limits" under your organization settings.

Actionable comments posted: 1

🔭 Outside diff range comments (1)

src/init-action.ts (1)

608-620: ⚠️ Potential issue

Remove duplicated code block for Rust analysis.

This code block appears to be an exact duplicate of the previous Rust analysis configuration block (lines 591-603), which will cause syntax errors and logic issues.

-      if (process.env[envVar] !== "true") {
-        throw new ConfigurationError(
-          `Experimental and not officially supported Rust analysis requires setting ${envVar}=true in the environment`,
-        );
-      }
-      const actualVer = (await codeql.getVersion()).version;
-      if (semver.lt(actualVer, minVer)) {
-        throw new ConfigurationError(
-          `Experimental rust analysis is supported by CodeQL CLI version ${minVer} or higher, but found version ${actualVer}`,
-        );
-      }
-      logger.info("Experimental rust analysis enabled");

🧹 Nitpick comments (6)

lib/overlay-database-utils.js (1)

1-1: Consider removing redundant "use strict" directive

JavaScript modules are automatically in strict mode, so this directive is unnecessary.

-"use strict";

🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

src/init.ts (1)

88-127: Consider validating the environment variable’s value further.
The function correctly falls back to None if conditions fail. However, it relies on the environment variable matching known modes exactly. If needed, you could add a check to log or ignore unrecognized environment values (e.g., typos). Otherwise, this logic is sound as is.

lib/analyze.js (4)

376-376: Remove duplicate assignment to statusReport.analysis_is_diff_informed

The same property is assigned twice with identical expressions at lines 376 and 384.

-statusReport.analysis_is_diff_informed = diffRangePackDir !== undefined;
 const queryFlags = [memoryFlag, threadsFlag];
 if (cleanupLevel !== "overlay") {
     queryFlags.push("--expect-discarded-cache");
 }
-statusReport.analysis_is_diff_informed = diffRangePackDir !== undefined;

Also applies to: 384-384

---

318-318: Remove unnecessary continue statement

The continue statement at the end of the loop body is unnecessary since there's no code after it within the loop.

 if (diffLine.startsWith(" ")) {
     // An unchanged context line advances the current line number.
     currentLine++;
-    continue;
 }

🧰 Tools

🪛 Biome (1.9.4)

[error] 318-318: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

---

323-324: Remove duplicate comment line

There's a duplicated comment line that should be removed.

/**
 * Create an extension pack in the temporary directory that contains the file
-* Create an extension pack in the temporary directory that contains the file
 * line ranges that were added or modified in the pull request.

---

363-364: Remove another duplicate comment line

There's another duplicated comment line that should be removed.

if (!data) {
    // Ensure that the data extension is not empty, so that a pull request with
-    // Ensure that the data extension is not empty, so that a pull request with
    // no edited lines would exclude (instead of accepting) all alerts.
    data = '      - ["", 0, 0]\n';
}

🛑 Comments failed to post (1)

lib/analyze.js (1)

512-514: ⚠️ Potential issue

Redundant exportedForTesting definition

There appear to be two definitions of exports.exportedForTesting in the file (lines 512-514 and 517-519). One of them should be removed.

-exports.exportedForTesting = {
-    getDiffRanges,
-};

Committable suggestion skipped: line range outside the PR's diff.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

lib/git-utils.js (3)

1-1: Remove redundant "use strict" directive.

As this file is an ECMAScript module (ESM) or is transpiled in strict mode by default, the "use strict" directive is already implied and can be safely removed to satisfy lint checks and reduce clutter.

- "use strict";

🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

28-28: Consider using optional chaining for clarity.

Line 28 checks mod && mod.__esModule. You could use optional chaining for concise modern syntax, albeit this may be automatically generated code. If you maintain it directly, here's how it might look:

- if (mod && mod.__esModule) return mod;
+ if (mod?.__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

44-72: Validate or sanitize git command arguments to prevent injection risks.

The runGitCommand function forms git commands based on user-supplied arguments. While this is likely internal usage, consider adding validations or sanitization steps, especially if these arguments could be influenced by external inputs. This helps reduce potential injection vulnerabilities in future usage scenarios.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7254660 and f338ec8.

⛔ Files ignored due to path filters (1)

• lib/git-utils.js.map is excluded by !**/*.map

📒 Files selected for processing (1)

• lib/git-utils.js (1 hunks)

🧰 Additional context used

🪛 Biome (1.9.4)

lib/git-utils.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

🔇 Additional comments (2)

lib/git-utils.js (2)

188-232: Ensure thorough testing of special character handling.

The decodeGitFilePath function correctly handles many escape sequences, but multi-byte Unicode characters may need additional verification. Consider adding tests that confirm correct decoding of paths containing complex Unicode sequences (e.g., accented letters or emoji).

Would you like me to propose additional tests or a verification script to ensure correct decoding?

---

322-342: Verify default branch detection in complex scenarios.

isAnalyzingDefaultBranch() relies on environment variables and events for logic. While this is sensible, please ensure it correctly handles dynamic workflow triggers or unusual repository defaults (e.g., a default branch name other than "master" or "main").

[coderabbitai]

🛠️ Refactor suggestion

Add or confirm test coverage for new ref-handling logic.

The getRef function performs important checks and transformations (e.g. rewriting merge refs to head refs). Ensure that your tests cover all edge cases:

• No inputs for both ref and sha
• Providing ref but not sha
• Pull request merges vs. direct pushes
  This will help maintain robust and predictable behavior.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (10)

lib/analyze-action-post.js (1)

54-67: Enhanced workflow for SARIF artifact handling

Good implementation of the conditional upload of SARIF artifacts for first-party analysis runs. The addition of GitHub version checking and configuration retrieval provides better validation before processing.

Consider adding a brief comment explaining what constitutes a "first-party analysis run" versus a "third-party run" for future maintainers who might not be familiar with these concepts.

lib/analyze.js (1)

280-356: Consider removing unnecessary continue statement.

The diff range parsing function is well-implemented, but there's an unnecessary continue statement that could be removed.

-        if (diffLine.startsWith(" ")) {
-            // An unchanged context line advances the current line number.
-            currentLine++;
-            continue;
-        }
+        if (diffLine.startsWith(" ")) {
+            // An unchanged context line advances the current line number.
+            currentLine++;
+        }

🧰 Tools

🪛 Biome (1.9.4)

[error] 352-352: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

justfile (2)

24-25: Consider consistent naming convention for commands

While most targets use kebab-case (like update-pr-checks), this target uses snake_case (test_file). Consider standardizing the naming convention for consistency.

- test_file filename: build
+ test-file filename: build

---

4-7: Add documentation strings to all targets

Only refresh-lib has a documentation string. Consider adding documentation to all targets for consistency and improved user experience, similar to what's done for refresh-lib.

Example for the build target:

+ [doc("Transpile typescript code into javascript")]
  build:
      npm run build

Also applies to: 8-10, 11-14, 15-18, 19-22, 23-26

lib/analyze-action.js (2)

18-34: Code looks good, but consider using optional chaining

The updated __importStar function looks good, adding an ownKeys function to retrieve property names from an object. This enhances module imports and is consistent with TypeScript's module interop pattern.

Consider using optional chaining in line 28 to simplify the null check:

-        if (mod && mod.__esModule) return mod;
+        if (mod?..__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

162-169: Good cleanup of proxy environment variables

The addition of code to unset empty CODEQL_PROXY_* environment variables is a good fix to prevent issues with the CodeQL CLI.

Consider avoiding delete operations on process.env as they can impact performance. Use assignment to undefined instead:

-        delete process.env.CODEQL_PROXY_HOST;
-        delete process.env.CODEQL_PROXY_PORT;
-        delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
+        process.env.CODEQL_PROXY_HOST = undefined;
+        process.env.CODEQL_PROXY_PORT = undefined;
+        process.env.CODEQL_PROXY_CA_CERTIFICATE = undefined;

🧰 Tools

🪛 Biome (1.9.4)

[error] 166-166: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 167-167: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 168-168: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

lib/dependency-caching.js (1)

1-56: Well-structured module for dependency caching

This new file adds dependency caching functionality with a clean structure. The getJavaTempDependencyDir function provides a clear way to manage Java dependencies.

The "use strict" directive on line 1 is redundant for ES modules. Modern JavaScript modules are automatically in strict mode.

Also, consider using optional chaining on line 28 for a more concise null check:

-        if (mod && mod.__esModule) return mod;
+        if (mod?..__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

CHANGELOG.md (3)

9-13: Version 3.28.12 Update Overview
The entry for version 3.28.12 is well-documented and provides clear information about dependency caching improvements and the bundle version update. One minor stylistic suggestion: for date or numerical ranges, you might consider using en dashes (–) instead of hyphens for consistency—for example, “3.28.12 – 19 Mar 2025” rather than “3.28.12 - 19 Mar 2025.”

🧰 Tools

🪛 LanguageTool

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.12 - 19 Mar 2025 - Dependency caching should...

(DASH_RULE)

---

12-12: Article Consistency Suggestion
For improved clarity and consistency, consider revising the sentence on line 12 from:

- Update default CodeQL bundle version to 2.20.7. [#2810](...)

to

+ Update the default CodeQL bundle version to 2.20.7. [#2810](...)

This small change helps maintain a uniform tone throughout the document.

-Update default CodeQL bundle version to 2.20.7.
+Update the default CodeQL bundle version to 2.20.7.

---

7-925: General Typographical and Style Improvements
Throughout the changelog, several minor typographical and style adjustments could improve overall readability without changing the meaning of the entries:

• Use of Punctuation: Consider replacing hyphens (-) with en dashes (–) for numerical or date ranges (e.g., “3.28.12 - 19 Mar 2025” → “3.28.12 – 19 Mar 2025”).
• Article Consistency: Add the definite article “the” where appropriate (e.g., “default CodeQL bundle version” → “the default CodeQL bundle version”).
• Compound Adjectives: Ensure that compound adjectives modifying a noun are hyphenated when needed for clarity (e.g., if “default CodeQL bundle version” is considered a compound modifier, revisiting its styling might be helpful).

These are purely stylistic refinements that can enhance the professional appearance of the changelog.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.12 - 19 Mar 2025 - D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.12 - 19 Mar 2025 - Dependency caching should...

(DASH_RULE)

---

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2810) ## 3.28.11 - 07 Mar 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~20-~20: You might be missing the article “the” here.
Context: ...93) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bundle version to 2.20.5. [github#2772...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~23-~23: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~25-~25: You might be missing the article “the” here.
Context: ...768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bundle version to 2.20.4. [github#2753...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~27-~27: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

---

[typographical] ~31-~31: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~33-~33: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~35-~35: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

---

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~41-~41: You might be missing the article “the” here.
Context: ...726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bundle version to 2.20.3. [github#2717...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~43-~43: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~45-~45: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~47-~47: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~49-~49: You might be missing the article “the” here.
Context: ...ges. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bundle version to 2.20.2. [github#2707...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~55-~55: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~57-~57: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~67-~67: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~69-~69: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

---

[style] ~73-~73: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

---

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

---

[typographical] ~80-~80: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~82-~82: You might be missing the article “the” here.
Context: ...636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bundle version to 2.19.4. [github#2626...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~84-~84: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~86-~86: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~88-~88: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~90-~90: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~92-~92: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~94-~94: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

---

[style] ~98-~98: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

---

[typographical] ~100-~100: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

---

[typographical] ~105-~105: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~111-~111: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~113-~113: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~115-~115: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[typographical] ~123-~123: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[uncategorized] ~130-~130: You might be missing the article “the” here.
Context: ... not yet compatible with GHES. - Update default CodeQL bundle version to 2.19.1. [github#2519...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~132-~132: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

---

[style] ~134-~134: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

---

[typographical] ~136-~136: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~138-~138: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~140-~140: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~142-~142: You might be missing the article “the” here.
Context: ...ges. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bundle version to 2.19.0. [github#2483...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~144-~144: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~146-~146: You might be missing the article “the” here.
Context: ...483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bundle version to 2.18.4. [github#2471...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~148-~148: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~150-~150: You might be missing the article “the” here.
Context: ...471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bundle version to 2.18.3. [github#2449...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[typographical] ~161-~161: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~165-~165: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~167-~167: You might be missing the article “the” here.
Context: ...430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bundle version to 2.18.2. [github#2417...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~169-~169: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~171-~171: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~178-~178: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~182-~182: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~186-~186: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~193-~193: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~198-~198: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~203-~203: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~205-~205: You might be missing the article “the” here.
Context: ...52) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bundle version to 2.17.5. [github#2327...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~207-~207: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~212-~212: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~214-~214: You might be missing the article “the” here.
Context: ...332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bundle version to 2.17.4. [github#2321...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~216-~216: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~220-~220: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2306) ## 3.25.6 - 20 May 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~222-~222: You might be missing the article “the” here.
Context: ...306) ## 3.25.6 - 20 May 2024 - Update default CodeQL bundle version to 2.17.3. [github#2295...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~224-~224: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2295) ## 3.25.5 - 13 May 2024 - Add a compatibility matri...

(DASH_RULE)

---

[typographical] ~230-~230: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2281) ## 3.25.4 - 08 May 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~232-~232: You might be missing the article “the” here.
Context: ...281) ## 3.25.4 - 08 May 2024 - Update default CodeQL bundle version to 2.17.2. [github#2270...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~234-~234: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2270) ## 3.25.3 - 25 Apr 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~236-~236: You might be missing the article “the” here.
Context: ...270) ## 3.25.3 - 25 Apr 2024 - Update default CodeQL bundle version to 2.17.1. [github#2247...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~239-~239: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2261) ## 3.25.2 - 22 Apr 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~241-~241: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2261) ## 3.25.2 - 22 Apr 2024 No user facing changes. ## 3.25.1 - 17 Apr 2024 - We...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~243-~243: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.25.1 - 17 Apr 2024 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~248-~248: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2245) ## 3.25.0 - 15 Apr 2024 - The deprecated feature fo...

(DASH_RULE)

---

[typographical] ~262-~262: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2234) ## 3.24.10 - 05 Apr 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~264-~264: You might be missing the article “the” here.
Context: ...34) ## 3.24.10 - 05 Apr 2024 - Update default CodeQL bundle version to 2.17.0. [github#2219...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~269-~269: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...version of the CodeQL Action. ## 3.24.9 - 22 Mar 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~271-~271: You might be missing the article “the” here.
Context: ...ion. ## 3.24.9 - 22 Mar 2024 - Update default CodeQL bundle version to 2.16.5. [github#2203...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~273-~273: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2203) ## 3.24.8 - 18 Mar 2024 - Improve the ease of debug...

(DASH_RULE)

---

[typographical] ~277-~277: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2195) ## 3.24.7 - 12 Mar 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~279-~279: You might be missing the article “the” here.
Context: ...195) ## 3.24.7 - 12 Mar 2024 - Update default CodeQL bundle version to 2.16.4. [github#2185...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~281-~281: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2185) ## 3.24.6 - 29 Feb 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~283-~283: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2185) ## 3.24.6 - 29 Feb 2024 No user facing changes. ## 3.24.5 - 23 Feb 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~285-~285: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.24.5 - 23 Feb 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~287-~287: You might be missing the article “the” here.
Context: ...ges. ## 3.24.5 - 23 Feb 2024 - Update default CodeQL bundle version to 2.16.3. [github#2156...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~289-~289: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2156) ## 3.24.4 - 21 Feb 2024 - Fix an issue where an exi...

(DASH_RULE)

---

[typographical] ~293-~293: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2151) ## 3.24.3 - 15 Feb 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~297-~297: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2147) ## 3.24.2 - 15 Feb 2024 - Enable improved multi-thr...

(DASH_RULE)

---

[misspelling] ~299-~299: This word is normally spelled as one.
Context: ...3.24.2 - 15 Feb 2024 - Enable improved multi-threaded performance on larger runners for GitHu...

(EN_COMPOUNDS_MULTI_THREADED)

---

[typographical] ~301-~301: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2141) ## 3.24.1 - 13 Feb 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~303-~303: You might be missing the article “the” here.
Context: ...141) ## 3.24.1 - 13 Feb 2024 - Update default CodeQL bundle version to 2.16.2. [github#2124...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~306-~306: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2121) ## 3.24.0 - 02 Feb 2024 - CodeQL Python analysis wi...

(DASH_RULE)

---

[typographical] ~310-~310: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2106) ## 3.23.2 - 26 Jan 2024 - On Linux, the maximum pos...

(DASH_RULE)

---

[uncategorized] ~313-~313: You might be missing the article “the” here.
Context: ...ithub/codeql-action/pull/2083) - Update default CodeQL bundle version to 2.16.1. [github#2096...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~315-~315: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2096) ## 3.23.1 - 17 Jan 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~317-~317: You might be missing the article “the” here.
Context: ...096) ## 3.23.1 - 17 Jan 2024 - Update default CodeQL bundle version to 2.16.0. [github#2073...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~320-~320: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2079) ## 3.23.0 - 08 Jan 2024 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~322-~322: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...NCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in futur...

(HOWEVER_SENTENCE)

---

[typographical] ~325-~325: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2009) ## 3.22.12 - 22 Dec 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~327-~327: You might be missing the article “the” here.
Context: ...09) ## 3.22.12 - 22 Dec 2023 - Update default CodeQL bundle version to 2.15.5. [github#2047...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~329-~329: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2047) ## 3.22.11 - 13 Dec 2023 - [v3+ only] The CodeQL Act...

(DASH_RULE)

---

[typographical] ~333-~333: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2006) ## 2.22.10 - 12 Dec 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~335-~335: You might be missing the article “the” here.
Context: ...06) ## 2.22.10 - 12 Dec 2023 - Update default CodeQL bundle version to 2.15.4. [github#2016...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~337-~337: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2016) ## 2.22.9 - 07 Dec 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~339-~339: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2016) ## 2.22.9 - 07 Dec 2023 No user facing changes. ## 2.22.8 - 23 Nov 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~341-~341: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.22.8 - 23 Nov 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~343-~343: You might be missing the article “the” here.
Context: ...ges. ## 2.22.8 - 23 Nov 2023 - Update default CodeQL bundle version to 2.15.3. [github#2001...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~345-~345: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2001) ## 2.22.7 - 16 Nov 2023 - Add a deprecation warning...

(DASH_RULE)

---

[typographical] ~351-~351: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...version of the CodeQL Action. ## 2.22.6 - 14 Nov 2023 - Customers running Python ...

(DASH_RULE)

---

[uncategorized] ~354-~354: You might be missing the article “the” here.
Context: ...s github/codeql-action/init. - Update default CodeQL bundle version to 2.15.2. [github#1978...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~356-~356: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1978) ## 2.22.5 - 27 Oct 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~358-~358: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1978) ## 2.22.5 - 27 Oct 2023 No user facing changes. ## 2.22.4 - 20 Oct 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~360-~360: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.22.4 - 20 Oct 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~362-~362: You might be missing the article “the” here.
Context: ...ges. ## 2.22.4 - 20 Oct 2023 - Update default CodeQL bundle version to 2.15.1. [github#1953...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~368-~368: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...b/codeql-action/issues/1959). ## 2.22.3 - 13 Oct 2023 - Provide an authentication...

(DASH_RULE)

---

[typographical] ~372-~372: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1945) ## 2.22.2 - 12 Oct 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~374-~374: You might be missing the article “the” here.
Context: ...945) ## 2.22.2 - 12 Oct 2023 - Update default CodeQL bundle version to 2.15.0. [github#1938...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~377-~377: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1927) ## 2.22.1 - 09 Oct 2023 - Add a workaround for Pyth...

(DASH_RULE)

---

[typographical] ~381-~381: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1928) ## 2.22.0 - 06 Oct 2023 - The CodeQL Action now req...

(DASH_RULE)

---

[typographical] ~387-~387: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1909) ## 2.21.9 - 27 Sep 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~389-~389: You might be missing the article “the” here.
Context: ...909) ## 2.21.9 - 27 Sep 2023 - Update default CodeQL bundle version to 2.14.6. [github#1897...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[uncategorized] ~391-~391: A comma may be missing after the conjunctive/linking adverb ‘Currently’.
Context: ... Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of t...

(SENT_START_CONJUNCTIVE_LINKING_ADVERB_COMMA)

---

[typographical] ~394-~394: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1901) ## 2.21.8 - 19 Sep 2023 - Add a deprecation warning...

(DASH_RULE)

---

[typographical] ~401-~401: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1883) ## 2.21.7 - 14 Sep 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~403-~403: You might be missing the article “the” here.
Context: ...883) ## 2.21.7 - 14 Sep 2023 - Update default CodeQL bundle version to 2.14.5. [github#1882...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~405-~405: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1882) ## 2.21.6 - 13 Sep 2023 - Better error message when...

(DASH_RULE)

---

[uncategorized] ~408-~408: You might be missing the article “the” here.
Context: ...pull/1860) - Improve the calculation of default amount of RAM used for query execution ...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[style] ~408-~408: ‘in proportion to’ might be wordy. Consider a shorter alternative.
Context: ...Hub Enterprise Server. This now reduces in proportion to the runner's total memory to better acc...

(EN_WORDINESS_PREMIUM_IN_PROPORTION_TO)

---

[uncategorized] ~410-~410: You might be missing the article “the” here.
Context: ...ithub/codeql-action/pull/1867) - Update default CodeQL bundle version to 2.14.4. [github#1873...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~412-~412: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1873) ## 2.21.5 - 28 Aug 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~418-~418: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1853) ## 2.21.4 - 14 Aug 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~420-~420: You might be missing the article “the” here.
Context: ...853) ## 2.21.4 - 14 Aug 2023 - Update default CodeQL bundle version to 2.14.2. [github#1831...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~426-~426: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1835) ## 2.21.3 - 08 Aug 2023 - We are rolling out a feat...

(DASH_RULE)

---

[misspelling] ~428-~428: This word is normally spelled as one.
Context: ...eature in August 2023 that will improve multi-threaded performance on larger runners. [github#1817](...

(EN_COMPOUNDS_MULTI_THREADED)

---

[typographical] ~432-~432: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1820) ## 2.21.2 - 28 Jul 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~434-~434: You might be missing the article “the” here.
Context: ...820) ## 2.21.2 - 28 Jul 2023 - Update default CodeQL bundle version to 2.14.1. [github#1797...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~437-~437: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1811) ## 2.21.1 - 26 Jul 2023 - Improve the handling of f...

(DASH_RULE)

---

[grammar] ~440-~440: The word ‘analyze’ is a verb. Did you mean the noun “analysis”?
Context: ... - Add the sarif-output output to the analyze action that contains the path to the di...

(PREPOSITION_VERB)

---

[typographical] ~442-~442: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1799) ## 2.21.0 - 19 Jul 2023 - CodeQL Action now require...

(DASH_RULE)

---

[typographical] ~446-~446: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1724) ## 2.20.4 - 14 Jul 2023 - This is the last release ...

(DASH_RULE)

---

[style] ~448-~448: Some style guides suggest that commas should set off the year in a month-day-year date.
Context: ... CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 ...

(MISSING_COMMA_AFTER_YEAR)

---

[style] ~451-~451: ‘in proportion to’ might be wordy. Consider a shorter alternative.
Context: ...amount of RAM used for query execution, in proportion to the runner's total memory. This will he...

(EN_WORDINESS_PREMIUM_IN_PROPORTION_TO)

---

[typographical] ~454-~454: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1762) ## 2.20.3 - 06 Jul 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~456-~456: You might be missing the article “the” here.
Context: ...762) ## 2.20.3 - 06 Jul 2023 - Update default CodeQL bundle version to 2.13.5. [github#1743...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~458-~458: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1743) ## 2.20.2 - 03 Jul 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~460-~460: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1743) ## 2.20.2 - 03 Jul 2023 No user facing changes. ## 2.20.1 - 21 Jun 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~462-~462: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.20.1 - 21 Jun 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~464-~464: You might be missing the article “the” here.
Context: ...ges. ## 2.20.1 - 21 Jun 2023 - Update default CodeQL bundle version to 2.13.4. [github#1721...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~467-~467: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ubject to change at any time. ## 2.20.0 - 13 Jun 2023 - Bump the version of the A...

(DASH_RULE)

---

[typographical] ~471-~471: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1729) ## 2.3.6 - 01 Jun 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~473-~473: You might be missing the article “the” here.
Context: ...1729) ## 2.3.6 - 01 Jun 2023 - Update default CodeQL bundle version to 2.13.3. [github#1698...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~475-~475: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1698) ## 2.3.5 - 25 May 2023 - Allow invalid URIs to be ...

(DASH_RULE)

---

[uncategorized] ~478-~478: This verb does not appear to agree with the subject. Consider using a different form.
Context: ...b/codeql-action/pull/1705) - Gracefully handle invalid URIs when fingerprinting. [github#169...

(AI_EN_LECTOR_REPLACEMENT_VERB_AGREEMENT)

---

[typographical] ~480-~480: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1694) ## 2.3.4 - 24 May 2023 - Updated the SARIF 2.1.0 J...

(DASH_RULE)

---

[typographical] ~490-~490: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1675) ## 2.3.3 - 04 May 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~492-~492: You might be missing the article “the” here.
Context: ...1675) ## 2.3.3 - 04 May 2023 - Update default CodeQL bundle version to 2.13.1. [github#1664...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~495-~495: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1590) ## 2.3.2 - 27 Apr 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~497-~497: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1590) ## 2.3.2 - 27 Apr 2023 No user facing changes. ## 2.3.1 - 26 Apr 2023 No us...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~499-~499: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.3.1 - 26 Apr 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~501-~501: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ng changes. ## 2.3.1 - 26 Apr 2023 No user facing changes. ## 2.3.0 - 21 Apr 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~503-~503: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.3.0 - 21 Apr 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~505-~505: You might be missing the article “the” here.
Context: ...nges. ## 2.3.0 - 21 Apr 2023 - Update default CodeQL bundle version to 2.13.0. [github#1649...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~508-~508: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1618) ## 2.2.12 - 13 Apr 2023 - Include the value of the ...

(DASH_RULE)

---

[uncategorized] ~511-~511: You might be missing the article “the” here.
Context: ...nning from failed runs configured using default setup. You can view this diagnostic inf...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~513-~513: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1619) ## 2.2.11 - 06 Apr 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~515-~515: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1619) ## 2.2.11 - 06 Apr 2023 No user facing changes. ## 2.2.10 - 05 Apr 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~517-~517: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.2.10 - 05 Apr 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~519-~519: You might be missing the article “the” here.
Context: ...ges. ## 2.2.10 - 05 Apr 2023 - Update default CodeQL bundle version to 2.12.6. [github#1629...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~521-~521: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1629) ## 2.2.9 - 27 Mar 2023 - Customers post-processing...

(DASH_RULE)

---

[typographical] ~531-~531: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...d failure-only respectively. ## 2.2.8 - 22 Mar 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~533-~533: You might be missing the article “the” here.
Context: ...vely. ## 2.2.8 - 22 Mar 2023 - Update default CodeQL bundle version to 2.12.5. [github#1585...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~535-~535: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1585) ## 2.2.7 - 15 Mar 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~537-~537: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1585) ## 2.2.7 - 15 Mar 2023 No user facing changes. ## 2.2.6 - 10 Mar 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~539-~539: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.6 - 10 Mar 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~541-~541: You might be missing the article “the” here.
Context: ...nges. ## 2.2.6 - 10 Mar 2023 - Update default CodeQL bundle version to 2.12.4. [github#1561...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~543-~543: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1561) ## 2.2.5 - 24 Feb 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~545-~545: You might be missing the article “the” here.
Context: ...1561) ## 2.2.5 - 24 Feb 2023 - Update default CodeQL bundle version to 2.12.3. [github#1543...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~547-~547: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1543) ## 2.2.4 - 10 Feb 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~549-~549: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1543) ## 2.2.4 - 10 Feb 2023 No user facing changes. ## 2.2.3 - 08 Feb 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~551-~551: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.3 - 08 Feb 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~553-~553: You might be missing the article “the” here.
Context: ...nges. ## 2.2.3 - 08 Feb 2023 - Update default CodeQL bundle version to 2.12.2. [github#1518...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~555-~555: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1518) ## 2.2.2 - 06 Feb 2023 - Fix an issue where custom...

(DASH_RULE)

---

[typographical] ~559-~559: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1517) ## 2.2.1 - 27 Jan 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~561-~561: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1517) ## 2.2.1 - 27 Jan 2023 No user facing changes. ## 2.2.0 - 26 Jan 2023 - Imp...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~563-~563: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.0 - 26 Jan 2023 - Improve stability when ch...

(DASH_RULE)

---

[uncategorized] ~579-~579: You might be missing the article “the” here.
Context: ...se Server as part of GHES 3.9. - Update default CodeQL bundle version to 2.12.1. [github#1498...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~582-~582: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1494) ## 2.1.39 - 18 Jan 2023 - CodeQL Action v1 is now d...

(DASH_RULE)

---

[uncategorized] ~587-~587: Use a comma before ‘and’ if it connects two independent clauses (unless they are closely connected and short).
Context: ... will happen in several non-error states and so we now avoid cluttering the log wi...

(COMMA_COMPOUND_SENTENCE)

---

[typographical] ~590-~590: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1485) ## 2.1.38 - 12 Jan 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~592-~592: You might be missing the article “the” here.
Context: ...485) ## 2.1.38 - 12 Jan 2023 - Update default CodeQL bundle version to 2.12.0. [github#1466...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~594-~594: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1466) ## 2.1.37 - 14 Dec 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~596-~596: You might be missing the article “the” here.
Context: ...466) ## 2.1.37 - 14 Dec 2022 - Update default CodeQL bundle version to 2.11.6. [github#1433...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~598-~598: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1433) ## 2.1.36 - 08 Dec 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~600-~600: You might be missing the article “the” here.
Context: ...433) ## 2.1.36 - 08 Dec 2022 - Update default CodeQL bundle version to 2.11.5. [github#1412...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~604-~604: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1419) ## 2.1.35 - 01 Dec 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~606-~606: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1419) ## 2.1.35 - 01 Dec 2022 No user facing changes. ## 2.1.34 - 25 Nov 2022 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~608-~608: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.34 - 25 Nov 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~610-~610: You might be missing the article “the” here.
Context: ...ges. ## 2.1.34 - 25 Nov 2022 - Update default CodeQL bundle version to 2.11.4. [github#1391...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~613-~613: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1384) ## 2.1.33 - 16 Nov 2022 - Go is now analyzed in the...

(DASH_RULE)

---

[typographical] ~618-~618: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1358) ## 2.1.32 - 14 Nov 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~620-~620: You might be missing the article “the” here.
Context: ...358) ## 2.1.32 - 14 Nov 2022 - Update default CodeQL bundle version to 2.11.3. [github#1348...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~623-~623: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1351) ## 2.1.31 - 04 Nov 2022 - The `rb/weak-cryptographi...

(DASH_RULE)

---

[style] ~625-~625: Consider replacing ‘often’ with a more meaningful word.
Context: ...ak. These hash algorithms are used very often in non-sensitive contexts, making the q...

(VERY_RB_STYLE)

---

[typographical] ~627-~627: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1344) ## 2.1.30 - 02 Nov 2022 - Improve the error message...

(DASH_RULE)

---

[typographical] ~631-~631: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1334) ## 2.1.29 - 26 Oct 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~633-~633: You might be missing the article “the” here.
Context: ...334) ## 2.1.29 - 26 Oct 2022 - Update default CodeQL bundle version to 2.11.2. [github#1320...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~635-~635: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1320) ## 2.1.28 - 18 Oct 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~637-~637: You might be missing the article “the” here.
Context: ...320) ## 2.1.28 - 18 Oct 2022 - Update default CodeQL bundle version to 2.11.1. [github#1294...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~640-~640: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1301) ## 2.1.27 - 06 Oct 2022 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~644-~644: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...an escalation to engineering. ## 2.1.26 - 29 Sep 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~646-~646: You might be missing the article “the” here.
Context: ...ing. ## 2.1.26 - 29 Sep 2022 - Update default CodeQL bundle version to 2.11.0. [github#1267...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~648-~648: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1267) ## 2.1.25 - 21 Sep 2022 - We will soon be rolling o...

(DASH_RULE)

---

[typographical] ~653-~653: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1258) ## 2.1.24 - 16 Sep 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~655-~655: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1258) ## 2.1.24 - 16 Sep 2022 No user facing changes. ## 2.1.23 - 14 Sep 2022 - Al...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~657-~657: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.23 - 14 Sep 2022 - Allow CodeQL packs to be ...

(DASH_RULE)

---

[typographical] ~662-~662: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1240) ## 2.1.22 - 01 Sep 2022 - Downloading CodeQL packs ...

(DASH_RULE)

---

[uncategorized] ~665-~665: You might be missing the article “the” here.
Context: ...ithub/codeql-action/pull/1218) - Update default CodeQL bundle version to 2.10.4. [github#1224...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[uncategorized] ~666-~666: A comma might be missing here.
Context: ...try 1.1 on its own. However, in certain cases such as with self-hosted runners, you m...

(AI_EN_LECTOR_MISSING_PUNCTUATION_COMMA)

---

[typographical] ~668-~668: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ry 1.1 is installed yourself. ## 2.1.21 - 25 Aug 2022 - Improve error messages wh...

(DASH_RULE)

---

[typographical] ~673-~673: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1209) ## 2.1.20 - 22 Aug 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~675-~675: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1209) ## 2.1.20 - 22 Aug 2022 No user facing changes. ## 2.1.19 - 17 Aug 2022 - Ad...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~677-~677: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.19 - 17 Aug 2022 - Add the ability to filter...

(DASH_RULE)

---

[uncategorized] ~681-~681: You might be missing the article “the” here.
Context: ...ithub/codeql-action/pull/1159) - Update default CodeQL bundle version to 2.10.3. [github#1178...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~684-~684: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1181) ## 2.1.18 - 03 Aug 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~686-~686: You might be missing the article “the” here.
Context: ...181) ## 2.1.18 - 03 Aug 2022 - Update default CodeQL bundle version to 2.10.2. [github#115...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~688-~688: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1156) ## 2.1.17 - 28 Jul 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~690-~690: You might be missing the article “the” here.
Context: ...156) ## 2.1.17 - 28 Jul 2022 - Update default CodeQL bundle version to 2.10.1. [github#114...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~692-~692: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1143) ## 2.1.16 - 13 Jul 2022 - You can now quickly debug...

(DASH_RULE)

---

[typographical] ~697-~697: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1133) ## 2.1.15 - 28 Jun 2022 - CodeQL query packs listed...

(DASH_RULE)

---

[typographical] ~703-~703: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1123) ## 2.1.14 - 22 Jun 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~705-~705: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1123) ## 2.1.14 - 22 Jun 2022 No user facing changes. ## 2.1.13 - 21 Jun 2022 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~707-~707: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.13 - 21 Jun 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~709-~709: You might be missing the article “the” here.
Context: ...ges. ## 2.1.13 - 21 Jun 2022 - Update default CodeQL bundle version to 2.9.4. [github#1100]...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~711-~711: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1100) ## 2.1.12 - 01 Jun 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~713-~713: You might be missing the article “the” here.
Context: ...100) ## 2.1.12 - 01 Jun 2022 - Update default CodeQL bundle version to 2.9.3. [github#1084]...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~715-~715: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1084) ## 2.1.11 - 17 May 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~717-~717: You might be missing the article “the” here.
Context: ...084) ## 2.1.11 - 17 May 2022 - Update default CodeQL bundle version to 2.9.2. [github#1074]...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~719-~719: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1074) ## 2.1.10 - 10 May 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~721-~721: You might be missing the article “the” here.
Context: ...074) ## 2.1.10 - 10 May 2022 - Update default CodeQL bundle version to 2.9.1. [github#1056]...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~724-~724: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ssing of the analysis results. ## 2.1.9 - 27 Apr 2022 - Add working-directory i...

(DASH_RULE)

---

[typographical] ~731-~731: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1042) ## 2.1.8 - 08 Apr 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~733-~733: You might be missing the article “the” here.
Context: ...1042) ## 2.1.8 - 08 Apr 2022 - Update default CodeQL bundle version to 2.8.5. [github#1014]...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~736-~736: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1025) ## 2.1.7 - 05 Apr 2022 - A bug where additional qu...

(DASH_RULE)

---

[typographical] ~740-~740: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1018) ## 2.1.6 - 30 Mar 2022 - [v2+ only] The CodeQL Act...

(DASH_RULE)

---

[typographical] ~746-~746: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/956) ## 1.1.5 - 15 Mar 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~748-~748: You might be missing the article “the” here.
Context: .../956) ## 1.1.5 - 15 Mar 2022 - Update default CodeQL bundle version to 2.8.3. - The C...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~754-~754: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...rrors with GHES 3.3 or earlier ## 1.1.4 - 07 Mar 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~756-~756: You might be missing the article “the” here.
Context: ...rlier ## 1.1.4 - 07 Mar 2022 - Update default CodeQL bundle version to 2.8.2. [github#950](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~759-~759: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/955) ## 1.1.3 - 23 Feb 2022 - Fix a bug where the CLR t...

(DASH_RULE)

---

[typographical] ~763-~763: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/938) ## 1.1.2 - 17 Feb 2022 - Due to potential issues f...

(DASH_RULE)

---

[typographical] ~767-~767: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/937) ## 1.1.1 - 17 Feb 2022 - The CodeQL CLI versions u...

(DASH_RULE)

---

[style] ~769-~769: Consider using “incompatible” to avoid wordiness.
Context: ...s up to and including version 2.4.4 are not compatible with the CodeQL Action 1.1.1 and later....

(NOT_ABLE_PREMIUM)

---

[uncategorized] ~770-~770: You might be missing the article “the” here.
Context: ...github/pull/931) - Update default CodeQL bundle version to 2.8.1. [github#925](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~772-~772: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/925) ## 1.1.0 - 11 Feb 2022 - The CodeQL Action now use...

(DASH_RULE)

---

[typographical] ~777-~777: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...e fixes this incompatibility. ## 1.0.32 - 07 Feb 2022 - Add sarif-id as an outp...

(DASH_RULE)

---

[typographical] ~783-~783: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/911) ## 1.0.31 - 31 Jan 2022 - Remove experimental mes...

(DASH_RULE)

---

[uncategorized] ~785-~785: You might be missing the article “the” here.
Context: ...911) ## 1.0.31 - 31 Jan 2022 - Remove experimental message when using custom ...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~788-~788: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/882) ## 1.0.30 - 24 Jan 2022 - Display a better error me...

(DASH_RULE)

---

[typographical] ~793-~793: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/877) ## 1.0.29 - 21 Jan 2022 - The feature to wait for S...

(DASH_RULE)

---

[typographical] ~797-~797: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ith pull requests from forks. ## 1.0.28 - 18 Jan 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~799-~799: You might be missing the article “the” here.
Context: ...rks. ## 1.0.28 - 18 Jan 2022 - Update default CodeQL bundle version to 2.7.5. [github#866](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[grammar] ~800-~800: The word ‘upload’ is not correct in this context. Consider using the plural form, adding a determiner like ‘the’ or ‘a’, or adding a preposition like ‘at’ or ‘in’.
Context: ...ix a bug where SARIF files were failing upload due to an invalid test for unique categ...

(BE_VBG_NN)

---

[typographical] ~802-~802: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/872) ## 1.0.27 - 11 Jan 2022 - The analyze and `upload...

(DASH_RULE)

---

[typographical] ~806-~806: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/855) ## 1.0.26 - 10 Dec 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~808-~808: You might be missing the article “the” here.
Context: ...855) ## 1.0.26 - 10 Dec 2021 - Update default CodeQL bundle version to 2.7.3. [github#842](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~810-~810: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/842) ## 1.0.25 - 06 Dec 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~812-~812: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/842) ## 1.0.25 - 06 Dec 2021 No user facing changes. ## 1.0.24 - 23 Nov 2021 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~814-~814: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.24 - 23 Nov 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~816-~816: You might be missing the article “the” here.
Context: ...ges. ## 1.0.24 - 23 Nov 2021 - Update default CodeQL bundle version to 2.7.2. [github#827](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~818-~818: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/827) ## 1.0.23 - 16 Nov 2021 - The upload-sarif action...

(DASH_RULE)

---

[uncategorized] ~821-~821: You might be missing the article “the” here.
Context: ...github/pull/801) - Update default CodeQL bundle version to 2.7.1. [github#816](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~823-~823: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/816) ## 1.0.22 - 04 Nov 2021 - The init step of the Ac...

(DASH_RULE)

---

[typographical] ~828-~828: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/804) ## 1.0.21 - 28 Oct 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~830-~830: You might be missing the article “the” here.
Context: ...804) ## 1.0.21 - 28 Oct 2021 - Update default CodeQL bundle version to 2.7.0. [github#795](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~832-~832: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/795) ## 1.0.20 - 25 Oct 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~834-~834: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/795) ## 1.0.20 - 25 Oct 2021 No user facing changes. ## 1.0.19 - 18 Oct 2021 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~836-~836: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.19 - 18 Oct 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~838-~838: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 1.0.19 - 18 Oct 2021 No user facing changes. ## 1.0.18 - 08 Oct 2021 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~840-~840: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.18 - 08 Oct 2021 - Fixed a bug where some bu...

(DASH_RULE)

---

[typographical] ~844-~844: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/766) ## 1.0.17 - 07 Oct 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~846-~846: You might be missing the article “the” here.
Context: ...766) ## 1.0.17 - 07 Oct 2021 - Update default CodeQL bundle version to 2.6.3. [github#761](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~848-~848: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/761) ## 1.0.16 - 05 Oct 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~850-~850: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/761) ## 1.0.16 - 05 Oct 2021 No user facing changes. ## 1.0.15 - 22 Sep 2021 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~852-~852: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.15 - 22 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~854-~854: You might be missing the article “the” here.
Context: ...ges. ## 1.0.15 - 22 Sep 2021 - Update default CodeQL bundle version to 2.6.2. [github#746](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~856-~856: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/746) ## 1.0.14 - 09 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~858-~858: You might be missing the article “the” here.
Context: ...746) ## 1.0.14 - 09 Sep 2021 - Update default CodeQL bundle version to 2.6.1. [github#733](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~860-~860: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/733) ## 1.0.13 - 06 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~862-~862: You might be missing the article “the” here.
Context: ...733) ## 1.0.13 - 06 Sep 2021 - Update default CodeQL bundle version to 2.6.0. [github#712](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~866-~866: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/715) ## 1.0.12 - 16 Aug 2021 - Update README to include ...

(DASH_RULE)

---

[typographical] ~870-~870: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/689) ## 1.0.11 - 09 Aug 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~872-~872: You might be missing the article “the” here.
Context: ...689) ## 1.0.11 - 09 Aug 2021 - Update default CodeQL bundle version to 2.5.9. [github#687](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~874-~874: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/687) ## 1.0.10 - 03 Aug 2021 - Fix an issue where a summ...

(DASH_RULE)

---

[typographical] ~878-~878: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/672) ## 1.0.9 - 02 Aug 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~880-~880: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/672) ## 1.0.9 - 02 Aug 2021 No user facing changes. ## 1.0.8 - 26 Jul 2021 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~882-~882: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.8 - 26 Jul 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~884-~884: You might be missing the article “the” here.
Context: ...nges. ## 1.0.8 - 26 Jul 2021 - Update default CodeQL bundle version to 2.5.8. [github#631](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~886-~886: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/631) ## 1.0.7 - 21 Jul 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~888-~888: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/631) ## 1.0.7 - 21 Jul 2021 No user facing changes. ## 1.0.6 - 19 Jul 2021 - The...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~890-~890: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.6 - 19 Jul 2021 - The init step of the Ac...

(DASH_RULE)

---

[typographical] ~895-~895: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/616) ## 1.0.5 - 12 Jul 2021 - The analyze step of the...

(DASH_RULE)

---

[typographical] ~900-~900: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/608) ## 1.0.4 - 28 Jun 2021 - Fix `RUNNER_TEMP environm...

(DASH_RULE)

---

[typographical] ~905-~905: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/586) ## 1.0.3 - 23 Jun 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~907-~907: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/586) ## 1.0.3 - 23 Jun 2021 No user facing changes. ## 1.0.2 - 17 Jun 2021 - Fix...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~909-~909: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.2 - 17 Jun 2021 - Fix out of memory in hash...

(DASH_RULE)

---

[typographical] ~915-~915: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/558) ## 1.0.1 - 07 Jun 2021 - Pass the `--sarif-group-r...

(DASH_RULE)

---

[grammar] ~918-~918: The word ‘analyze’ is a verb. Did you mean the noun “analysis”?
Context: ...tion of CodeQL databases created in the analyze step. [github#543](https://github.com/github/...

(PREPOSITION_VERB)

---

[typographical] ~920-~920: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/543) ## 1.0.0 - 31 May 2021 - Add this changelog file. ...

(DASH_RULE)

🪛 markdownlint-cli2 (0.17.2)

450-450: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

---

450-450: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6a151cd and ac67cff.

⛔ Files ignored due to path filters (5)

• lib/analyze-action-post.js.map is excluded by !**/*.map
• lib/analyze-action.js.map is excluded by !**/*.map
• lib/analyze.js.map is excluded by !**/*.map
• lib/dependency-caching.js.map is excluded by !**/*.map
• node_modules/.package-lock.json is excluded by !**/node_modules/**

📒 Files selected for processing (7)

• CHANGELOG.md (2 hunks)
• justfile (1 hunks)
• lib/analyze-action-post.js (1 hunks)
• lib/analyze-action.js (12 hunks)
• lib/analyze.js (9 hunks)
• lib/defaults.json (1 hunks)
• lib/dependency-caching.js (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• lib/defaults.json

🧰 Additional context used

🧬 Code Definitions (3)

lib/analyze-action.js (3)

lib/codeql.js (6) (6)

• util (62-62)
• languages_1 (57-57)
• core (48-48)
• environment_1 (54-54)
• feature_flags_1 (55-55)
• codeql (232-672)

lib/init-action.js (8) (8)

• caching_utils_1 (44-44)
• dependency_caching_1 (46-46)
• config (147-147)
• languages_1 (51-51)
• core (38-38)
• environment_1 (48-48)
• feature_flags_1 (49-49)
• codeql (148-148)

lib/analyze.js (7) (7)

• dependency_caching_1 (58-58)
• util (68-68)
• languages_1 (63-63)
• environment_1 (61-61)
• feature_flags_1 (62-62)
• codeql (426-426)
• codeql (545-545)

lib/analyze-action-post.js (5)

lib/debug-artifacts.js (6) (6)

• fs (44-44)
• core (48-48)
• codeql_1 (53-53)
• environment_1 (54-54)
• logging_1 (55-55)
• util_1 (57-57)

lib/feature-flags.js (2) (2)

• fs (37-37)
• api_client_1 (40-40)

lib/init-action-post-helper.js (9) (9)

• fs (39-39)
• core (40-40)
• actionsUtil (42-42)
• api_client_1 (43-43)
• codeql_1 (44-44)
• environment_1 (45-45)
• util_1 (50-50)
• codeql (78-78)
• codeql (145-145)

lib/upload-sarif-action-post.js (7) (7)

• core (41-41)
• actionsUtil (42-42)
• api_client_1 (43-43)
• debugArtifacts (44-44)
• environment_1 (45-45)
• logging_1 (46-46)
• util_1 (47-47)

lib/start-proxy-action-post.js (5) (5)

• core (41-41)
• actionsUtil (42-42)
• api_client_1 (43-43)
• logging_1 (46-46)
• util_1 (47-47)

lib/analyze.js (2)

lib/codeql.js (6) (6)

• result (688-688)
• result (818-818)
• path (47-47)
• util (62-62)
• language (797-797)
• codeql (232-672)

src/analyze.ts (3) (3)

• setupDiffInformedQueryRun (295-334)
• runQueries (587-728)
• CodeQLAnalysisError (32-41)

🪛 LanguageTool

CHANGELOG.md

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.12 - 19 Mar 2025 - D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.12 - 19 Mar 2025 - Dependency caching should...

(DASH_RULE)

---

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2810) ## 3.28.11 - 07 Mar 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~20-~20: You might be missing the article “the” here.
Context: ...93) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bundle version to 2.20.5. [github#2772...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~23-~23: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~25-~25: You might be missing the article “the” here.
Context: ...768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bundle version to 2.20.4. [github#2753...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~27-~27: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

---

[typographical] ~31-~31: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~33-~33: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~35-~35: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

---

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~41-~41: You might be missing the article “the” here.
Context: ...726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bundle version to 2.20.3. [github#2717...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~43-~43: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~45-~45: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~47-~47: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~49-~49: You might be missing the article “the” here.
Context: ...ges. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bundle version to 2.20.2. [github#2707...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~55-~55: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~57-~57: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~67-~67: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~69-~69: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

---

[style] ~73-~73: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

---

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

---

[typographical] ~80-~80: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~82-~82: You might be missing the article “the” here.
Context: ...636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bundle version to 2.19.4. [github#2626...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~84-~84: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~86-~86: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~88-~88: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~90-~90: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~92-~92: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~94-~94: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

---

[style] ~98-~98: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

---

[typographical] ~100-~100: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

---

[typographical] ~105-~105: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~111-~111: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~113-~113: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~115-~115: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[typographical] ~123-~123: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[uncategorized] ~130-~130: You might be missing the article “the” here.
Context: ... not yet compatible with GHES. - Update default CodeQL bundle version to 2.19.1. [github#2519...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~132-~132: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

---

[style] ~134-~134: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

---

[typographical] ~136-~136: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~138-~138: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~140-~140: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~142-~142: You might be missing the article “the” here.
Context: ...ges. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bundle version to 2.19.0. [github#2483...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~144-~144: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~146-~146: You might be missing the article “the” here.
Context: ...483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bundle version to 2.18.4. [github#2471...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~148-~148: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~150-~150: You might be missing the article “the” here.
Context: ...471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bundle version to 2.18.3. [github#2449...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[typographical] ~161-~161: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~165-~165: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~167-~167: You might be missing the article “the” here.
Context: ...430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bundle version to 2.18.2. [github#2417...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~169-~169: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~171-~171: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~178-~178: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~182-~182: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~186-~186: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~193-~193: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~198-~198: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~203-~203: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~205-~205: You might be missing the article “the” here.
Context: ...52) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bundle version to 2.17.5. [github#2327...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~207-~207: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~212-~212: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~214-~214: You might be missing the article “the” here.
Context: ...332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bundle version to 2.17.4. [github#2321...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~216-~216: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

🪛 Biome (1.9.4)

lib/analyze-action.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 166-166: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 167-167: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 168-168: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

lib/dependency-caching.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze-action-post.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 352-352: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

🔇 Additional comments (31)

lib/analyze-action-post.js (4)

18-34: Updated __importStar implementation looks good

The implementation now includes an ownKeys function to determine the best method for retrieving property names from modules, making it more robust for handling different module types.

Regarding the static analysis hint suggesting an optional chain on line 28: since this is a standard TypeScript helper pattern likely used across the codebase, modifying it could create inconsistencies with other files. If you decide to implement the optional chain, ensure it's done consistently across all files using this pattern.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

41-50: Improved module imports

The refactoring from helper aggregator modules to direct imports from specific utility modules is a good practice. This makes dependencies more explicit and focused, potentially improving maintainability and making it easier to track dependencies.

---

68-79: Good addition of Java dependency cleanup

The cleanup of temporary Java dependencies is an excellent improvement for self-hosted runners where disk space might be a concern. The error handling for the cleanup process is also well implemented, ensuring that failures during cleanup don't affect the overall workflow.

---

82-82: Improved error message formatting

Using getErrorMessage instead of the previous error wrapping approach provides a more consistent error handling pattern across the codebase.

lib/analyze.js (11)

18-34: Module import helper implementation looks good.

The __importStar helper function has been implemented correctly to handle module imports. It properly manages the object property keys and creates bindings for all exports.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

70-77: Improved error handling with error wrapping.

The CodeQLAnalysisError constructor now accepts and stores the original error, which is a good practice for preserving the complete error context and stack trace. This enhancement will make debugging and error diagnosis easier.

---

107-114: Good addition of Java dependency caching.

The implementation correctly sets up a stable directory for Java dependencies when using build mode "none". This allows for caching these dependencies between workflow runs, which should improve performance.

---

136-136: Simplified error handling in catch block.

The error parameter has been removed from the catch clause since it wasn't being used, making the code more concise.

---

162-186: Good implementation of PR branch detection.

The getPullRequestBranches function correctly handles both standard PR contexts and Default Setup scenarios by checking for the presence of pull_request payload or environment variables. The function properly extracts base and head branch information needed for diff analysis.

---

193-216: Well-structured diff-informed analysis setup.

The setupDiffInformedQueryRun function properly implements feature flag checking and only enables diff-informed analysis for pull requests. The group logging makes the execution flow clear and the error handling is robust.

---

227-279: Robust implementation for retrieving PR diff ranges.

The implementation correctly handles GitHub API limitations (300 file maximum) and provides appropriate warnings. The error handling for API responses is thorough, with detailed debug logging that will be helpful for troubleshooting.

---

367-410: Good implementation of diff range extension pack.

The function correctly creates a CodeQL extension pack containing the diff ranges. The inclusion of a fallback for empty diffs is a nice touch to ensure correct behavior when there are no edited lines. Exporting the ranges to a JSON file for action-side filtering is also a good approach.

---

412-426: Well-implemented query execution with diff-informed analysis support.

The changes to runQueries properly integrate the diff-informed analysis feature by:

1. Adding support for the cleanup level parameter
2. Conditionally adding the --expect-discarded-cache flag
3. Setting up the appropriate flags and properties for diff-informed analysis

These changes will enable more efficient analysis focused on modified code.

---

471-471: Improved error reporting with wrapped error.

The error thrown now includes the original error object, which will preserve the full error context and stack trace, making debugging easier.

---

551-553: Good practice exposing function for testing.

Exporting the getDiffRanges function for testing purposes allows for proper unit testing of this internal function without exposing it in the public API.

justfile (2)

1-31: Well-structured task automation with Just

This new justfile provides a clean and organized automation interface for common development tasks. The defined targets cover essential operations like linting, building, testing, and PR update processes.

---

11-14:

Details

✅ Verification successful

Verify the availability of the PR checks script

This task executes an external shell script (pr-checks/sync.sh). Ensure this script exists and has executable permissions.

---

🏁 Script executed:

#!/bin/bash
# Check if the PR checks script exists and is executable
if [ -f "pr-checks/sync.sh" ]; then
  if [ -x "pr-checks/sync.sh" ]; then
    echo "✅ pr-checks/sync.sh exists and is executable"
  else
    echo "❌ pr-checks/sync.sh exists but is not executable"
  fi
else
  echo "❌ pr-checks/sync.sh does not exist"
fi

Length of output: 160

---

PR Checks Script Verified
The executed script confirms that pr-checks/sync.sh exists and has the correct executable permissions. No further changes are required.

lib/analyze-action.js (8)

48-52: LGTM - New dependency caching imports

The added imports from caching modules correctly prepare for the new dependency caching functionality.

---

65-65: LGTM - Enhanced logging in disk usage checks

Good improvement to pass the logger to util.checkDiskUsage(), ensuring consistent logging during disk usage checks.

---

123-123: Function signature simplification

The function signature has been simplified by removing the unused features parameter, which streamlines the interface.

---

171-172: LGTM - Input persistence for post steps

Good enhancement to make inputs accessible in the post step using actionsUtil.persistInputs().

---

200-206: Improved cleanup configuration handling

The addition of cleanupLevel configuration with a default value of "brutal" improves the flexibility of the cleanup process, allowing users to control cleanup behavior through input parameters.

---

215-215: Updated upload method

The code now calls uploadLib.uploadFiles instead of uploadLib.uploadFromActions, which likely reflects a refactoring in the upload library.

---

230-232: LGTM - New dependency caching functionality

Good addition of conditional code to upload dependency caches when enabled, enhancing the performance of subsequent runs.

---

253-255: Consolidated error handling

The error handling has been consolidated into a single call to sendStatusReport using a ternary operator for parameter determination, which improves code maintainability.

lib/dependency-caching.js (4)

60-95: Comprehensive caching configuration for multiple languages

The default caching configurations for Java, C#, and Go are well-structured with appropriate paths and hash patterns for cache key calculation.

---

106-134: Well-implemented cache download functionality

The downloadDependencyCaches function has good error handling and logging, skipping languages without configurations or when hash patterns can't be found.

---

141-190: Robust cache upload implementation

The uploadDependencyCaches function is well-implemented with:

• Checks to skip languages without configurations
• Size calculation to avoid empty caches
• Proper error handling for existing cache keys

---

198-217: Good cache key generation

The cache key generation functions are well-designed, incorporating:

• Project-specific hash values
• Versioning for cache invalidation
• OS-specific prefixes
• Support for custom prefixes via environment variables

CHANGELOG.md (2)

7-8: Clarity in the Unreleased Section
The “No user facing changes.” note is clear and succinct. Consider adding a brief note or reminder in case future unexpected changes occur, though this is entirely optional.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.12 - 19 Mar 2025 - D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

7-925: Overall Quality and Comprehensiveness
The changelog is remarkably comprehensive, clearly detailing version updates, bug fixes, deprecations, and new feature enhancements. It serves as a valuable reference for users tracking the evolution of the CodeQL Action. Excellent work in maintaining detailed and transparent documentation!

🧰 Tools

🪛 LanguageTool

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.12 - 19 Mar 2025 - D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.12 - 19 Mar 2025 - Dependency caching should...

(DASH_RULE)

---

[typographical] ~14-~14: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2810) ## 3.28.11 - 07 Mar 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~20-~20: You might be missing the article “the” here.
Context: ...93) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bundle version to 2.20.5. [github#2772...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~23-~23: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~25-~25: You might be missing the article “the” here.
Context: ...768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bundle version to 2.20.4. [github#2753...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~27-~27: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

---

[typographical] ~31-~31: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~33-~33: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~35-~35: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

---

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~41-~41: You might be missing the article “the” here.
Context: ...726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bundle version to 2.20.3. [github#2717...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~43-~43: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~45-~45: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~47-~47: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~49-~49: You might be missing the article “the” here.
Context: ...ges. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bundle version to 2.20.2. [github#2707...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~53-~53: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~55-~55: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~57-~57: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

---

[typographical] ~62-~62: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~67-~67: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~69-~69: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

---

[style] ~73-~73: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

---

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

---

[typographical] ~80-~80: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~82-~82: You might be missing the article “the” here.
Context: ...636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bundle version to 2.19.4. [github#2626...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~84-~84: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~86-~86: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~88-~88: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~90-~90: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~92-~92: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~94-~94: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

---

[style] ~98-~98: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

---

[typographical] ~100-~100: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

---

[typographical] ~105-~105: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~111-~111: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~113-~113: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~115-~115: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[typographical] ~123-~123: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[uncategorized] ~130-~130: You might be missing the article “the” here.
Context: ... not yet compatible with GHES. - Update default CodeQL bundle version to 2.19.1. [github#2519...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~132-~132: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

---

[style] ~134-~134: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

---

[typographical] ~136-~136: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~138-~138: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~140-~140: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~142-~142: You might be missing the article “the” here.
Context: ...ges. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bundle version to 2.19.0. [github#2483...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~144-~144: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~146-~146: You might be missing the article “the” here.
Context: ...483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bundle version to 2.18.4. [github#2471...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~148-~148: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~150-~150: You might be missing the article “the” here.
Context: ...471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bundle version to 2.18.3. [github#2449...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[typographical] ~161-~161: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~165-~165: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~167-~167: You might be missing the article “the” here.
Context: ...430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bundle version to 2.18.2. [github#2417...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~169-~169: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~171-~171: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~178-~178: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~182-~182: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~186-~186: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~193-~193: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~198-~198: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~203-~203: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~205-~205: You might be missing the article “the” here.
Context: ...52) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bundle version to 2.17.5. [github#2327...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~207-~207: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~212-~212: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~214-~214: You might be missing the article “the” here.
Context: ...332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bundle version to 2.17.4. [github#2321...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~216-~216: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~220-~220: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2306) ## 3.25.6 - 20 May 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~222-~222: You might be missing the article “the” here.
Context: ...306) ## 3.25.6 - 20 May 2024 - Update default CodeQL bundle version to 2.17.3. [github#2295...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~224-~224: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2295) ## 3.25.5 - 13 May 2024 - Add a compatibility matri...

(DASH_RULE)

---

[typographical] ~230-~230: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2281) ## 3.25.4 - 08 May 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~232-~232: You might be missing the article “the” here.
Context: ...281) ## 3.25.4 - 08 May 2024 - Update default CodeQL bundle version to 2.17.2. [github#2270...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~234-~234: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2270) ## 3.25.3 - 25 Apr 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~236-~236: You might be missing the article “the” here.
Context: ...270) ## 3.25.3 - 25 Apr 2024 - Update default CodeQL bundle version to 2.17.1. [github#2247...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~239-~239: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2261) ## 3.25.2 - 22 Apr 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~241-~241: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2261) ## 3.25.2 - 22 Apr 2024 No user facing changes. ## 3.25.1 - 17 Apr 2024 - We...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~243-~243: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.25.1 - 17 Apr 2024 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~248-~248: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2245) ## 3.25.0 - 15 Apr 2024 - The deprecated feature fo...

(DASH_RULE)

---

[typographical] ~262-~262: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2234) ## 3.24.10 - 05 Apr 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~264-~264: You might be missing the article “the” here.
Context: ...34) ## 3.24.10 - 05 Apr 2024 - Update default CodeQL bundle version to 2.17.0. [github#2219...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~269-~269: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...version of the CodeQL Action. ## 3.24.9 - 22 Mar 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~271-~271: You might be missing the article “the” here.
Context: ...ion. ## 3.24.9 - 22 Mar 2024 - Update default CodeQL bundle version to 2.16.5. [github#2203...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~273-~273: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2203) ## 3.24.8 - 18 Mar 2024 - Improve the ease of debug...

(DASH_RULE)

---

[typographical] ~277-~277: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2195) ## 3.24.7 - 12 Mar 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~279-~279: You might be missing the article “the” here.
Context: ...195) ## 3.24.7 - 12 Mar 2024 - Update default CodeQL bundle version to 2.16.4. [github#2185...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~281-~281: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2185) ## 3.24.6 - 29 Feb 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~283-~283: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2185) ## 3.24.6 - 29 Feb 2024 No user facing changes. ## 3.24.5 - 23 Feb 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~285-~285: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.24.5 - 23 Feb 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~287-~287: You might be missing the article “the” here.
Context: ...ges. ## 3.24.5 - 23 Feb 2024 - Update default CodeQL bundle version to 2.16.3. [github#2156...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~289-~289: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2156) ## 3.24.4 - 21 Feb 2024 - Fix an issue where an exi...

(DASH_RULE)

---

[typographical] ~293-~293: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2151) ## 3.24.3 - 15 Feb 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~297-~297: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2147) ## 3.24.2 - 15 Feb 2024 - Enable improved multi-thr...

(DASH_RULE)

---

[misspelling] ~299-~299: This word is normally spelled as one.
Context: ...3.24.2 - 15 Feb 2024 - Enable improved multi-threaded performance on larger runners for GitHu...

(EN_COMPOUNDS_MULTI_THREADED)

---

[typographical] ~301-~301: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2141) ## 3.24.1 - 13 Feb 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~303-~303: You might be missing the article “the” here.
Context: ...141) ## 3.24.1 - 13 Feb 2024 - Update default CodeQL bundle version to 2.16.2. [github#2124...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~306-~306: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2121) ## 3.24.0 - 02 Feb 2024 - CodeQL Python analysis wi...

(DASH_RULE)

---

[typographical] ~310-~310: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2106) ## 3.23.2 - 26 Jan 2024 - On Linux, the maximum pos...

(DASH_RULE)

---

[uncategorized] ~313-~313: You might be missing the article “the” here.
Context: ...ithub/codeql-action/pull/2083) - Update default CodeQL bundle version to 2.16.1. [github#2096...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~315-~315: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2096) ## 3.23.1 - 17 Jan 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~317-~317: You might be missing the article “the” here.
Context: ...096) ## 3.23.1 - 17 Jan 2024 - Update default CodeQL bundle version to 2.16.0. [github#2073...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~320-~320: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2079) ## 3.23.0 - 08 Jan 2024 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~322-~322: The word “however” is an adverb that can’t be used like a conjunction, and therefore needs to be separated from the sentence.
Context: ...NCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in futur...

(HOWEVER_SENTENCE)

---

[typographical] ~325-~325: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2009) ## 3.22.12 - 22 Dec 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~327-~327: You might be missing the article “the” here.
Context: ...09) ## 3.22.12 - 22 Dec 2023 - Update default CodeQL bundle version to 2.15.5. [github#2047...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~329-~329: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2047) ## 3.22.11 - 13 Dec 2023 - [v3+ only] The CodeQL Act...

(DASH_RULE)

---

[typographical] ~333-~333: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2006) ## 2.22.10 - 12 Dec 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~335-~335: You might be missing the article “the” here.
Context: ...06) ## 2.22.10 - 12 Dec 2023 - Update default CodeQL bundle version to 2.15.4. [github#2016...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~337-~337: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2016) ## 2.22.9 - 07 Dec 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~339-~339: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2016) ## 2.22.9 - 07 Dec 2023 No user facing changes. ## 2.22.8 - 23 Nov 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~341-~341: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.22.8 - 23 Nov 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~343-~343: You might be missing the article “the” here.
Context: ...ges. ## 2.22.8 - 23 Nov 2023 - Update default CodeQL bundle version to 2.15.3. [github#2001...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~345-~345: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2001) ## 2.22.7 - 16 Nov 2023 - Add a deprecation warning...

(DASH_RULE)

---

[typographical] ~351-~351: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...version of the CodeQL Action. ## 2.22.6 - 14 Nov 2023 - Customers running Python ...

(DASH_RULE)

---

[uncategorized] ~354-~354: You might be missing the article “the” here.
Context: ...s github/codeql-action/init. - Update default CodeQL bundle version to 2.15.2. [github#1978...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~356-~356: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1978) ## 2.22.5 - 27 Oct 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~358-~358: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1978) ## 2.22.5 - 27 Oct 2023 No user facing changes. ## 2.22.4 - 20 Oct 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~360-~360: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.22.4 - 20 Oct 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~362-~362: You might be missing the article “the” here.
Context: ...ges. ## 2.22.4 - 20 Oct 2023 - Update default CodeQL bundle version to 2.15.1. [github#1953...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~368-~368: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...b/codeql-action/issues/1959). ## 2.22.3 - 13 Oct 2023 - Provide an authentication...

(DASH_RULE)

---

[typographical] ~372-~372: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1945) ## 2.22.2 - 12 Oct 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~374-~374: You might be missing the article “the” here.
Context: ...945) ## 2.22.2 - 12 Oct 2023 - Update default CodeQL bundle version to 2.15.0. [github#1938...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~377-~377: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1927) ## 2.22.1 - 09 Oct 2023 - Add a workaround for Pyth...

(DASH_RULE)

---

[typographical] ~381-~381: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1928) ## 2.22.0 - 06 Oct 2023 - The CodeQL Action now req...

(DASH_RULE)

---

[typographical] ~387-~387: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1909) ## 2.21.9 - 27 Sep 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~389-~389: You might be missing the article “the” here.
Context: ...909) ## 2.21.9 - 27 Sep 2023 - Update default CodeQL bundle version to 2.14.6. [github#1897...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[uncategorized] ~391-~391: A comma may be missing after the conjunctive/linking adverb ‘Currently’.
Context: ... Kotlin, and JavaScript and TypeScript. Currently file coverage information for each of t...

(SENT_START_CONJUNCTIVE_LINKING_ADVERB_COMMA)

---

[typographical] ~394-~394: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1901) ## 2.21.8 - 19 Sep 2023 - Add a deprecation warning...

(DASH_RULE)

---

[typographical] ~401-~401: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1883) ## 2.21.7 - 14 Sep 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~403-~403: You might be missing the article “the” here.
Context: ...883) ## 2.21.7 - 14 Sep 2023 - Update default CodeQL bundle version to 2.14.5. [github#1882...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~405-~405: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1882) ## 2.21.6 - 13 Sep 2023 - Better error message when...

(DASH_RULE)

---

[uncategorized] ~408-~408: You might be missing the article “the” here.
Context: ...pull/1860) - Improve the calculation of default amount of RAM used for query execution ...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[style] ~408-~408: ‘in proportion to’ might be wordy. Consider a shorter alternative.
Context: ...Hub Enterprise Server. This now reduces in proportion to the runner's total memory to better acc...

(EN_WORDINESS_PREMIUM_IN_PROPORTION_TO)

---

[uncategorized] ~410-~410: You might be missing the article “the” here.
Context: ...ithub/codeql-action/pull/1867) - Update default CodeQL bundle version to 2.14.4. [github#1873...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~412-~412: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1873) ## 2.21.5 - 28 Aug 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~418-~418: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1853) ## 2.21.4 - 14 Aug 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~420-~420: You might be missing the article “the” here.
Context: ...853) ## 2.21.4 - 14 Aug 2023 - Update default CodeQL bundle version to 2.14.2. [github#1831...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~426-~426: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1835) ## 2.21.3 - 08 Aug 2023 - We are rolling out a feat...

(DASH_RULE)

---

[misspelling] ~428-~428: This word is normally spelled as one.
Context: ...eature in August 2023 that will improve multi-threaded performance on larger runners. [github#1817](...

(EN_COMPOUNDS_MULTI_THREADED)

---

[typographical] ~432-~432: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1820) ## 2.21.2 - 28 Jul 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~434-~434: You might be missing the article “the” here.
Context: ...820) ## 2.21.2 - 28 Jul 2023 - Update default CodeQL bundle version to 2.14.1. [github#1797...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~437-~437: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1811) ## 2.21.1 - 26 Jul 2023 - Improve the handling of f...

(DASH_RULE)

---

[grammar] ~440-~440: The word ‘analyze’ is a verb. Did you mean the noun “analysis”?
Context: ... - Add the sarif-output output to the analyze action that contains the path to the di...

(PREPOSITION_VERB)

---

[typographical] ~442-~442: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1799) ## 2.21.0 - 19 Jul 2023 - CodeQL Action now require...

(DASH_RULE)

---

[typographical] ~446-~446: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1724) ## 2.20.4 - 14 Jul 2023 - This is the last release ...

(DASH_RULE)

---

[style] ~448-~448: Some style guides suggest that commas should set off the year in a month-day-year date.
Context: ... CodeQL CLI were deprecated on June 20, 2023 alongside GitHub Enterprise Server 3.5 ...

(MISSING_COMMA_AFTER_YEAR)

---

[style] ~451-~451: ‘in proportion to’ might be wordy. Consider a shorter alternative.
Context: ...amount of RAM used for query execution, in proportion to the runner's total memory. This will he...

(EN_WORDINESS_PREMIUM_IN_PROPORTION_TO)

---

[typographical] ~454-~454: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1762) ## 2.20.3 - 06 Jul 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~456-~456: You might be missing the article “the” here.
Context: ...762) ## 2.20.3 - 06 Jul 2023 - Update default CodeQL bundle version to 2.13.5. [github#1743...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~458-~458: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1743) ## 2.20.2 - 03 Jul 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~460-~460: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1743) ## 2.20.2 - 03 Jul 2023 No user facing changes. ## 2.20.1 - 21 Jun 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~462-~462: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.20.1 - 21 Jun 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~464-~464: You might be missing the article “the” here.
Context: ...ges. ## 2.20.1 - 21 Jun 2023 - Update default CodeQL bundle version to 2.13.4. [github#1721...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~467-~467: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ubject to change at any time. ## 2.20.0 - 13 Jun 2023 - Bump the version of the A...

(DASH_RULE)

---

[typographical] ~471-~471: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1729) ## 2.3.6 - 01 Jun 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~473-~473: You might be missing the article “the” here.
Context: ...1729) ## 2.3.6 - 01 Jun 2023 - Update default CodeQL bundle version to 2.13.3. [github#1698...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~475-~475: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1698) ## 2.3.5 - 25 May 2023 - Allow invalid URIs to be ...

(DASH_RULE)

---

[uncategorized] ~478-~478: This verb does not appear to agree with the subject. Consider using a different form.
Context: ...b/codeql-action/pull/1705) - Gracefully handle invalid URIs when fingerprinting. [github#169...

(AI_EN_LECTOR_REPLACEMENT_VERB_AGREEMENT)

---

[typographical] ~480-~480: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1694) ## 2.3.4 - 24 May 2023 - Updated the SARIF 2.1.0 J...

(DASH_RULE)

---

[typographical] ~490-~490: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1675) ## 2.3.3 - 04 May 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~492-~492: You might be missing the article “the” here.
Context: ...1675) ## 2.3.3 - 04 May 2023 - Update default CodeQL bundle version to 2.13.1. [github#1664...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~495-~495: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1590) ## 2.3.2 - 27 Apr 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~497-~497: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1590) ## 2.3.2 - 27 Apr 2023 No user facing changes. ## 2.3.1 - 26 Apr 2023 No us...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~499-~499: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.3.1 - 26 Apr 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~501-~501: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ng changes. ## 2.3.1 - 26 Apr 2023 No user facing changes. ## 2.3.0 - 21 Apr 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~503-~503: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.3.0 - 21 Apr 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~505-~505: You might be missing the article “the” here.
Context: ...nges. ## 2.3.0 - 21 Apr 2023 - Update default CodeQL bundle version to 2.13.0. [github#1649...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~508-~508: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1618) ## 2.2.12 - 13 Apr 2023 - Include the value of the ...

(DASH_RULE)

---

[uncategorized] ~511-~511: You might be missing the article “the” here.
Context: ...nning from failed runs configured using default setup. You can view this diagnostic inf...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~513-~513: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1619) ## 2.2.11 - 06 Apr 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~515-~515: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1619) ## 2.2.11 - 06 Apr 2023 No user facing changes. ## 2.2.10 - 05 Apr 2023 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~517-~517: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2023 No user facing changes. ## 2.2.10 - 05 Apr 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~519-~519: You might be missing the article “the” here.
Context: ...ges. ## 2.2.10 - 05 Apr 2023 - Update default CodeQL bundle version to 2.12.6. [github#1629...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~521-~521: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1629) ## 2.2.9 - 27 Mar 2023 - Customers post-processing...

(DASH_RULE)

---

[typographical] ~531-~531: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...d failure-only respectively. ## 2.2.8 - 22 Mar 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~533-~533: You might be missing the article “the” here.
Context: ...vely. ## 2.2.8 - 22 Mar 2023 - Update default CodeQL bundle version to 2.12.5. [github#1585...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~535-~535: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1585) ## 2.2.7 - 15 Mar 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~537-~537: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1585) ## 2.2.7 - 15 Mar 2023 No user facing changes. ## 2.2.6 - 10 Mar 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~539-~539: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.6 - 10 Mar 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~541-~541: You might be missing the article “the” here.
Context: ...nges. ## 2.2.6 - 10 Mar 2023 - Update default CodeQL bundle version to 2.12.4. [github#1561...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~543-~543: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1561) ## 2.2.5 - 24 Feb 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~545-~545: You might be missing the article “the” here.
Context: ...1561) ## 2.2.5 - 24 Feb 2023 - Update default CodeQL bundle version to 2.12.3. [github#1543...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~547-~547: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1543) ## 2.2.4 - 10 Feb 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~549-~549: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1543) ## 2.2.4 - 10 Feb 2023 No user facing changes. ## 2.2.3 - 08 Feb 2023 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~551-~551: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.3 - 08 Feb 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~553-~553: You might be missing the article “the” here.
Context: ...nges. ## 2.2.3 - 08 Feb 2023 - Update default CodeQL bundle version to 2.12.2. [github#1518...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~555-~555: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1518) ## 2.2.2 - 06 Feb 2023 - Fix an issue where custom...

(DASH_RULE)

---

[typographical] ~559-~559: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1517) ## 2.2.1 - 27 Jan 2023 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~561-~561: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/1517) ## 2.2.1 - 27 Jan 2023 No user facing changes. ## 2.2.0 - 26 Jan 2023 - Imp...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~563-~563: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2023 No user facing changes. ## 2.2.0 - 26 Jan 2023 - Improve stability when ch...

(DASH_RULE)

---

[uncategorized] ~579-~579: You might be missing the article “the” here.
Context: ...se Server as part of GHES 3.9. - Update default CodeQL bundle version to 2.12.1. [github#1498...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~582-~582: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1494) ## 2.1.39 - 18 Jan 2023 - CodeQL Action v1 is now d...

(DASH_RULE)

---

[uncategorized] ~587-~587: Use a comma before ‘and’ if it connects two independent clauses (unless they are closely connected and short).
Context: ... will happen in several non-error states and so we now avoid cluttering the log wi...

(COMMA_COMPOUND_SENTENCE)

---

[typographical] ~590-~590: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1485) ## 2.1.38 - 12 Jan 2023 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~592-~592: You might be missing the article “the” here.
Context: ...485) ## 2.1.38 - 12 Jan 2023 - Update default CodeQL bundle version to 2.12.0. [github#1466...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~594-~594: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1466) ## 2.1.37 - 14 Dec 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~596-~596: You might be missing the article “the” here.
Context: ...466) ## 2.1.37 - 14 Dec 2022 - Update default CodeQL bundle version to 2.11.6. [github#1433...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~598-~598: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1433) ## 2.1.36 - 08 Dec 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~600-~600: You might be missing the article “the” here.
Context: ...433) ## 2.1.36 - 08 Dec 2022 - Update default CodeQL bundle version to 2.11.5. [github#1412...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~604-~604: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1419) ## 2.1.35 - 01 Dec 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~606-~606: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1419) ## 2.1.35 - 01 Dec 2022 No user facing changes. ## 2.1.34 - 25 Nov 2022 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~608-~608: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.34 - 25 Nov 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~610-~610: You might be missing the article “the” here.
Context: ...ges. ## 2.1.34 - 25 Nov 2022 - Update default CodeQL bundle version to 2.11.4. [github#1391...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~613-~613: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1384) ## 2.1.33 - 16 Nov 2022 - Go is now analyzed in the...

(DASH_RULE)

---

[typographical] ~618-~618: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1358) ## 2.1.32 - 14 Nov 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~620-~620: You might be missing the article “the” here.
Context: ...358) ## 2.1.32 - 14 Nov 2022 - Update default CodeQL bundle version to 2.11.3. [github#1348...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~623-~623: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1351) ## 2.1.31 - 04 Nov 2022 - The `rb/weak-cryptographi...

(DASH_RULE)

---

[style] ~625-~625: Consider replacing ‘often’ with a more meaningful word.
Context: ...ak. These hash algorithms are used very often in non-sensitive contexts, making the q...

(VERY_RB_STYLE)

---

[typographical] ~627-~627: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1344) ## 2.1.30 - 02 Nov 2022 - Improve the error message...

(DASH_RULE)

---

[typographical] ~631-~631: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1334) ## 2.1.29 - 26 Oct 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~633-~633: You might be missing the article “the” here.
Context: ...334) ## 2.1.29 - 26 Oct 2022 - Update default CodeQL bundle version to 2.11.2. [github#1320...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~635-~635: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1320) ## 2.1.28 - 18 Oct 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~637-~637: You might be missing the article “the” here.
Context: ...320) ## 2.1.28 - 18 Oct 2022 - Update default CodeQL bundle version to 2.11.1. [github#1294...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~640-~640: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1301) ## 2.1.27 - 06 Oct 2022 - We are rolling out a feat...

(DASH_RULE)

---

[typographical] ~644-~644: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...an escalation to engineering. ## 2.1.26 - 29 Sep 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~646-~646: You might be missing the article “the” here.
Context: ...ing. ## 2.1.26 - 29 Sep 2022 - Update default CodeQL bundle version to 2.11.0. [github#1267...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~648-~648: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1267) ## 2.1.25 - 21 Sep 2022 - We will soon be rolling o...

(DASH_RULE)

---

[typographical] ~653-~653: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1258) ## 2.1.24 - 16 Sep 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~655-~655: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1258) ## 2.1.24 - 16 Sep 2022 No user facing changes. ## 2.1.23 - 14 Sep 2022 - Al...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~657-~657: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.23 - 14 Sep 2022 - Allow CodeQL packs to be ...

(DASH_RULE)

---

[typographical] ~662-~662: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1240) ## 2.1.22 - 01 Sep 2022 - Downloading CodeQL packs ...

(DASH_RULE)

---

[uncategorized] ~665-~665: You might be missing the article “the” here.
Context: ...ithub/codeql-action/pull/1218) - Update default CodeQL bundle version to 2.10.4. [github#1224...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[uncategorized] ~666-~666: A comma might be missing here.
Context: ...try 1.1 on its own. However, in certain cases such as with self-hosted runners, you m...

(AI_EN_LECTOR_MISSING_PUNCTUATION_COMMA)

---

[typographical] ~668-~668: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ry 1.1 is installed yourself. ## 2.1.21 - 25 Aug 2022 - Improve error messages wh...

(DASH_RULE)

---

[typographical] ~673-~673: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1209) ## 2.1.20 - 22 Aug 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~675-~675: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1209) ## 2.1.20 - 22 Aug 2022 No user facing changes. ## 2.1.19 - 17 Aug 2022 - Ad...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~677-~677: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.19 - 17 Aug 2022 - Add the ability to filter...

(DASH_RULE)

---

[uncategorized] ~681-~681: You might be missing the article “the” here.
Context: ...ithub/codeql-action/pull/1159) - Update default CodeQL bundle version to 2.10.3. [github#1178...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~684-~684: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1181) ## 2.1.18 - 03 Aug 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~686-~686: You might be missing the article “the” here.
Context: ...181) ## 2.1.18 - 03 Aug 2022 - Update default CodeQL bundle version to 2.10.2. [github#115...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~688-~688: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1156) ## 2.1.17 - 28 Jul 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~690-~690: You might be missing the article “the” here.
Context: ...156) ## 2.1.17 - 28 Jul 2022 - Update default CodeQL bundle version to 2.10.1. [github#114...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~692-~692: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1143) ## 2.1.16 - 13 Jul 2022 - You can now quickly debug...

(DASH_RULE)

---

[typographical] ~697-~697: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1133) ## 2.1.15 - 28 Jun 2022 - CodeQL query packs listed...

(DASH_RULE)

---

[typographical] ~703-~703: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1123) ## 2.1.14 - 22 Jun 2022 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~705-~705: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/1123) ## 2.1.14 - 22 Jun 2022 No user facing changes. ## 2.1.13 - 21 Jun 2022 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~707-~707: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2022 No user facing changes. ## 2.1.13 - 21 Jun 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~709-~709: You might be missing the article “the” here.
Context: ...ges. ## 2.1.13 - 21 Jun 2022 - Update default CodeQL bundle version to 2.9.4. [github#1100]...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~711-~711: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1100) ## 2.1.12 - 01 Jun 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~713-~713: You might be missing the article “the” here.
Context: ...100) ## 2.1.12 - 01 Jun 2022 - Update default CodeQL bundle version to 2.9.3. [github#1084]...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~715-~715: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1084) ## 2.1.11 - 17 May 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~717-~717: You might be missing the article “the” here.
Context: ...084) ## 2.1.11 - 17 May 2022 - Update default CodeQL bundle version to 2.9.2. [github#1074]...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~719-~719: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/1074) ## 2.1.10 - 10 May 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~721-~721: You might be missing the article “the” here.
Context: ...074) ## 2.1.10 - 10 May 2022 - Update default CodeQL bundle version to 2.9.1. [github#1056]...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~724-~724: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ssing of the analysis results. ## 2.1.9 - 27 Apr 2022 - Add working-directory i...

(DASH_RULE)

---

[typographical] ~731-~731: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1042) ## 2.1.8 - 08 Apr 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~733-~733: You might be missing the article “the” here.
Context: ...1042) ## 2.1.8 - 08 Apr 2022 - Update default CodeQL bundle version to 2.8.5. [github#1014]...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~736-~736: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1025) ## 2.1.7 - 05 Apr 2022 - A bug where additional qu...

(DASH_RULE)

---

[typographical] ~740-~740: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/1018) ## 2.1.6 - 30 Mar 2022 - [v2+ only] The CodeQL Act...

(DASH_RULE)

---

[typographical] ~746-~746: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/956) ## 1.1.5 - 15 Mar 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~748-~748: You might be missing the article “the” here.
Context: .../956) ## 1.1.5 - 15 Mar 2022 - Update default CodeQL bundle version to 2.8.3. - The C...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~754-~754: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...rrors with GHES 3.3 or earlier ## 1.1.4 - 07 Mar 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~756-~756: You might be missing the article “the” here.
Context: ...rlier ## 1.1.4 - 07 Mar 2022 - Update default CodeQL bundle version to 2.8.2. [github#950](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~759-~759: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/955) ## 1.1.3 - 23 Feb 2022 - Fix a bug where the CLR t...

(DASH_RULE)

---

[typographical] ~763-~763: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/938) ## 1.1.2 - 17 Feb 2022 - Due to potential issues f...

(DASH_RULE)

---

[typographical] ~767-~767: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/937) ## 1.1.1 - 17 Feb 2022 - The CodeQL CLI versions u...

(DASH_RULE)

---

[style] ~769-~769: Consider using “incompatible” to avoid wordiness.
Context: ...s up to and including version 2.4.4 are not compatible with the CodeQL Action 1.1.1 and later....

(NOT_ABLE_PREMIUM)

---

[uncategorized] ~770-~770: You might be missing the article “the” here.
Context: ...github/pull/931) - Update default CodeQL bundle version to 2.8.1. [github#925](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~772-~772: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/925) ## 1.1.0 - 11 Feb 2022 - The CodeQL Action now use...

(DASH_RULE)

---

[typographical] ~777-~777: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...e fixes this incompatibility. ## 1.0.32 - 07 Feb 2022 - Add sarif-id as an outp...

(DASH_RULE)

---

[typographical] ~783-~783: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/911) ## 1.0.31 - 31 Jan 2022 - Remove experimental mes...

(DASH_RULE)

---

[uncategorized] ~785-~785: You might be missing the article “the” here.
Context: ...911) ## 1.0.31 - 31 Jan 2022 - Remove experimental message when using custom ...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~788-~788: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/882) ## 1.0.30 - 24 Jan 2022 - Display a better error me...

(DASH_RULE)

---

[typographical] ~793-~793: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/877) ## 1.0.29 - 21 Jan 2022 - The feature to wait for S...

(DASH_RULE)

---

[typographical] ~797-~797: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ith pull requests from forks. ## 1.0.28 - 18 Jan 2022 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~799-~799: You might be missing the article “the” here.
Context: ...rks. ## 1.0.28 - 18 Jan 2022 - Update default CodeQL bundle version to 2.7.5. [github#866](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[grammar] ~800-~800: The word ‘upload’ is not correct in this context. Consider using the plural form, adding a determiner like ‘the’ or ‘a’, or adding a preposition like ‘at’ or ‘in’.
Context: ...ix a bug where SARIF files were failing upload due to an invalid test for unique categ...

(BE_VBG_NN)

---

[typographical] ~802-~802: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/872) ## 1.0.27 - 11 Jan 2022 - The analyze and `upload...

(DASH_RULE)

---

[typographical] ~806-~806: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/855) ## 1.0.26 - 10 Dec 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~808-~808: You might be missing the article “the” here.
Context: ...855) ## 1.0.26 - 10 Dec 2021 - Update default CodeQL bundle version to 2.7.3. [github#842](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~810-~810: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/842) ## 1.0.25 - 06 Dec 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~812-~812: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/842) ## 1.0.25 - 06 Dec 2021 No user facing changes. ## 1.0.24 - 23 Nov 2021 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~814-~814: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.24 - 23 Nov 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~816-~816: You might be missing the article “the” here.
Context: ...ges. ## 1.0.24 - 23 Nov 2021 - Update default CodeQL bundle version to 2.7.2. [github#827](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~818-~818: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/827) ## 1.0.23 - 16 Nov 2021 - The upload-sarif action...

(DASH_RULE)

---

[uncategorized] ~821-~821: You might be missing the article “the” here.
Context: ...github/pull/801) - Update default CodeQL bundle version to 2.7.1. [github#816](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~823-~823: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/816) ## 1.0.22 - 04 Nov 2021 - The init step of the Ac...

(DASH_RULE)

---

[typographical] ~828-~828: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/804) ## 1.0.21 - 28 Oct 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~830-~830: You might be missing the article “the” here.
Context: ...804) ## 1.0.21 - 28 Oct 2021 - Update default CodeQL bundle version to 2.7.0. [github#795](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~832-~832: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/795) ## 1.0.20 - 25 Oct 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~834-~834: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/795) ## 1.0.20 - 25 Oct 2021 No user facing changes. ## 1.0.19 - 18 Oct 2021 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~836-~836: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.19 - 18 Oct 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~838-~838: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 1.0.19 - 18 Oct 2021 No user facing changes. ## 1.0.18 - 08 Oct 2021 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~840-~840: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.18 - 08 Oct 2021 - Fixed a bug where some bu...

(DASH_RULE)

---

[typographical] ~844-~844: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/766) ## 1.0.17 - 07 Oct 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~846-~846: You might be missing the article “the” here.
Context: ...766) ## 1.0.17 - 07 Oct 2021 - Update default CodeQL bundle version to 2.6.3. [github#761](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~848-~848: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/761) ## 1.0.16 - 05 Oct 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~850-~850: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...github/pull/761) ## 1.0.16 - 05 Oct 2021 No user facing changes. ## 1.0.15 - 22 Sep 2021 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~852-~852: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2021 No user facing changes. ## 1.0.15 - 22 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~854-~854: You might be missing the article “the” here.
Context: ...ges. ## 1.0.15 - 22 Sep 2021 - Update default CodeQL bundle version to 2.6.2. [github#746](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~856-~856: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/746) ## 1.0.14 - 09 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~858-~858: You might be missing the article “the” here.
Context: ...746) ## 1.0.14 - 09 Sep 2021 - Update default CodeQL bundle version to 2.6.1. [github#733](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~860-~860: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/733) ## 1.0.13 - 06 Sep 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~862-~862: You might be missing the article “the” here.
Context: ...733) ## 1.0.13 - 06 Sep 2021 - Update default CodeQL bundle version to 2.6.0. [github#712](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~866-~866: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/715) ## 1.0.12 - 16 Aug 2021 - Update README to include ...

(DASH_RULE)

---

[typographical] ~870-~870: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/689) ## 1.0.11 - 09 Aug 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~872-~872: You might be missing the article “the” here.
Context: ...689) ## 1.0.11 - 09 Aug 2021 - Update default CodeQL bundle version to 2.5.9. [github#687](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~874-~874: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ithub/codeql-action/pull/687) ## 1.0.10 - 03 Aug 2021 - Fix an issue where a summ...

(DASH_RULE)

---

[typographical] ~878-~878: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/672) ## 1.0.9 - 02 Aug 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~880-~880: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/672) ## 1.0.9 - 02 Aug 2021 No user facing changes. ## 1.0.8 - 26 Jul 2021 - Upd...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~882-~882: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.8 - 26 Jul 2021 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~884-~884: You might be missing the article “the” here.
Context: ...nges. ## 1.0.8 - 26 Jul 2021 - Update default CodeQL bundle version to 2.5.8. [github#631](...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~886-~886: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/631) ## 1.0.7 - 21 Jul 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~888-~888: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/631) ## 1.0.7 - 21 Jul 2021 No user facing changes. ## 1.0.6 - 19 Jul 2021 - The...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~890-~890: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.6 - 19 Jul 2021 - The init step of the Ac...

(DASH_RULE)

---

[typographical] ~895-~895: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/616) ## 1.0.5 - 12 Jul 2021 - The analyze step of the...

(DASH_RULE)

---

[typographical] ~900-~900: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/608) ## 1.0.4 - 28 Jun 2021 - Fix `RUNNER_TEMP environm...

(DASH_RULE)

---

[typographical] ~905-~905: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/586) ## 1.0.3 - 23 Jun 2021 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~907-~907: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...n/pull/586) ## 1.0.3 - 23 Jun 2021 No user facing changes. ## 1.0.2 - 17 Jun 2021 - Fix...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~909-~909: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ... 2021 No user facing changes. ## 1.0.2 - 17 Jun 2021 - Fix out of memory in hash...

(DASH_RULE)

---

[typographical] ~915-~915: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/558) ## 1.0.1 - 07 Jun 2021 - Pass the `--sarif-group-r...

(DASH_RULE)

---

[grammar] ~918-~918: The word ‘analyze’ is a verb. Did you mean the noun “analysis”?
Context: ...tion of CodeQL databases created in the analyze step. [github#543](https://github.com/github/...

(PREPOSITION_VERB)

---

[typographical] ~920-~920: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/543) ## 1.0.0 - 31 May 2021 - Add this changelog file. ...

(DASH_RULE)

🪛 markdownlint-cli2 (0.17.2)

450-450: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

---

450-450: Emphasis style
Expected: underscore; Actual: asterisk

(MD049, emphasis-style)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

lib/git-utils.js (1)

1-1: Remove redundant 'use strict'.

This directive is unnecessary in ES modules (or TypeScript-compiled output).

Apply this diff to safely remove the redundant directive:

-"use strict";

🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

lib/git-utils.test.js (1)

1-1: Redundant use strict directive.

The "use strict"; directive is unnecessary in JavaScript modules as they automatically operate in strict mode. This directive can be safely removed.

-"use strict";

🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ac67cff and bd1d9ab.

⛔ Files ignored due to path filters (5)

• lib/codeql.js.map is excluded by !**/*.map
• lib/git-utils.js.map is excluded by !**/*.map
• lib/git-utils.test.js.map is excluded by !**/*.map
• lib/overlay-database-utils.js.map is excluded by !**/*.map
• lib/overlay-database-utils.test.js.map is excluded by !**/*.map

📒 Files selected for processing (3)

• lib/codeql.js (28 hunks)
• lib/git-utils.js (1 hunks)
• lib/git-utils.test.js (1 hunks)

🧰 Additional context used

🧬 Code Definitions (3)

lib/git-utils.test.js (5)

lib/analyze.js (2) (2)

• actionsUtil (54-54)
• util_1 (69-69)

lib/actions-util.js (2) (2)

• core (54-54)
• util_1 (57-57)

lib/database-upload.js (3) (3)

• actionsUtil (38-38)
• gitUtils (41-41)
• util_1 (43-43)

lib/git-utils.js (3) (3)

• core (39-39)
• util_1 (43-43)
• sha (324-324)

lib/actions-util.test.js (3) (3)

• ava_1 (6-6)
• testing_utils_1 (9-9)
• util_1 (10-10)

lib/codeql.js (1)

src/codeql.ts (9) (9)

• setupCodeQL (329-398)
• getCodeQL (403-408)
• setCodeQL (433-490)
• getCachedCodeQL (498-504)
• getCodeQLForCmd (525-1137)
• getExtraOptions (1190-1205)
• getTrapCachingExtractorConfigArgs (1291-1300)
• getTrapCachingExtractorConfigArgsForLang (1302-1314)
• getGeneratedCodeScanningConfigPath (1321-1323)

lib/git-utils.js (1)

src/git-utils.ts (9) (9)

• runGitCommand (12-43)
• getCommitOid (48-69)
• determineBaseBranchHeadCommitOid (77-123)
• deepenGitHistory (131-148)
• gitFetch (156-166)
• gitRepack (174-184)
• decodeGitFilePath (193-232)
• getGitRoot (240-254)
• getFileOidsUnderPath (266-295)

🪛 Biome (1.9.4)

lib/git-utils.test.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/codeql.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/git-utils.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

🔇 Additional comments (37)

lib/git-utils.js (2)

28-28: Avoid modifying auto-generated code.

Static analysis suggests using the optional chain here, but this block appears to be a TypeScript helper. It's safer to modify the original TypeScript source rather than the compiled output.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

306-354: Add or confirm test coverage for new ref-handling logic.

The getRef function performs important checks for both ref and sha inputs (e.g., rewriting merge refs to head refs). Ensure that all edge cases, such as omitted inputs and pull request merges vs. direct pushes, are exercised by unit tests.

lib/git-utils.test.js (12)

49-52: LGTM: Good test for empty GITHUB_REF.

This test correctly verifies that getRef() throws an exception when the GITHUB_REF environment variable is empty.

---

53-66: LGTM: Well-structured test for merge PR reference.

This test effectively verifies that getRef() returns the merge PR reference when the GITHUB_SHA is still checked out. Good use of Sinon for stubbing the getCommitOid function.

---

67-81: LGTM: Good test for handling SHA changes with checkout@v1.

This test properly validates the behavior of getRef() when the SHA has changed but the reference is still valid.

---

82-94: LGTM: Effective test for PR head reference fallback.

This test correctly verifies that getRef() falls back to the PR head reference when the merge reference is no longer checked out.

---

95-112: LGTM: Good test for input parameters.

This test validates that getRef() uses the ref and sha provided as inputs, ignoring the environment variables.

---

113-136: LGTM: Comprehensive tests for environment variable precedence.

These two tests effectively verify the precedence rules between GITHUB_REF and CODE_SCANNING_REF environment variables.

---

137-165: LGTM: Good validation of required paired inputs.

These tests correctly verify that getRef() throws an error when only one of ref or sha inputs is provided, ensuring both are specified together.

---

166-205: LGTM: Comprehensive tests for default branch analysis.

These tests effectively verify all possible scenarios for isAnalyzingDefaultBranch(), including environment variable checks, default branch comparison, and scheduled events.

---

206-237: LGTM: Good error handling tests for determineBaseBranchHeadCommitOid.

These tests thoroughly validate error handling cases when determining the base branch head commit, including non-pull request events and repository errors.

---

238-267: LGTM: Thorough tests for path decoding.

These tests comprehensively verify the decodeGitFilePath() function, covering both quoted and unquoted strings with various escape sequences.

---

268-308: LGTM: Good tests for file OID mapping.

These tests verify that getFileOidsUnderPath() correctly handles regular paths, quoted paths, and properly maps file paths to their object IDs.

---

309-338: LGTM: Good edge case testing for getFileOidsUnderPath.

These tests properly verify edge cases for getFileOidsUnderPath(), including empty output and error handling for unexpected output formats.

lib/codeql.js (23)

18-34: Well-refactored __importStar implementation.

The updated implementation of __importStar provides a more robust way to retrieve property names from modules by first using Object.getOwnPropertyNames and falling back to iterating over properties with hasOwnProperty checks. This improves handling of module imports.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

36-45: Good refactoring of exports for better readability.

Exports have been reorganized from a single line to individual export statements, improving code readability and making the exported function list more explicit. This is a good practice for maintainability.

---

77-89: Updated version constants to reflect newer requirements.

CodeQL version constants have been updated to reflect newer minimum versions and GHES deprecation information:

• CODEQL_MINIMUM_VERSION and CODEQL_NEXT_MINIMUM_VERSION both updated to "2.15.5"
• GHES_VERSION_MOST_RECENTLY_DEPRECATED updated to "3.11"
• GHES_MOST_RECENT_DEPRECATION_DATE set to "2024-12-19"

This ensures compatibility with newer versions of CodeQL.

---

102-102: Updated constant for cache cleanup support.

The CODEQL_VERSION_CACHE_CLEANUP constant has been updated to reference CodeQL version 2.17.1+ which supports the --cache-cleanup option.

---

116-119: Added features parameter and enhanced setupCodeQL function.

The setupCodeQL function signature has been updated to include a features parameter, which allows for feature enablement checks. The function also now logs the bundle download status report for better debugging visibility.

---

130-133: Added zstdAvailability to return object.

The return object from setupCodeQL now includes zstdAvailability, which provides information about the availability of zstd compression, likely used for optimizing artifact storage or transfer.

---

137-141: Improved error handling for disk space issues.

The error handling has been enhanced to specifically detect disk space issues (ENOSPC errors) and provide a more appropriate error class (ConfigurationError), making the error messages more helpful to users.

---

239-241: Standardized command execution with runCli.

The code has been refactored to use the runCli function for CodeQL command execution, replacing direct toolrunner calls. This standardizes command execution across the module and allows for centralized error handling.

---

258-258: Updated databaseInitCluster to support overlay database modes.

The databaseInitCluster function signature has been updated to replace the features parameter with overlayDatabaseMode, which controls how database initialization is handled.

---

265-277: Added compatibility code for Actions extractor.

Support has been added for the Actions language extractor, with specific handling for CLI versions before 2.20.6. This ensures backwards compatibility while the newer CLI version is deployed to runner images.

---

294-300: Added support for overlay database modes.

New conditional logic has been added to handle different overlay database modes:

• For Overlay mode: Adds an --overlay-changes flag with a changes file path
• For OverlayBase mode: Adds an --overlay-base flag

This enhances the flexibility of database initialization for different analysis scenarios.

---

301-307: Updated database init arguments based on overlay mode.

The database init command now conditionally includes the overwrite flag based on the overlay database mode, making it more adaptable to different initialization scenarios.

---

318-320: Added post-initialization step for OverlayBase mode.

When in OverlayBase mode, the function now writes a base database OIDs file after initialization, which is necessary for proper functioning of the overlay database system.

---

419-419: Added extractor alias support across multiple commands.

The --extractor-include-aliases flag has been added to various commands including betterResolveLanguages, resolveBuildEnvironment, and resolveExtractor. This ensures consistent handling of language aliases when resolving languages and extractors.

Also applies to: 454-454, 645-645

---

474-474: Added intra-layer parallelism to improve query performance.

The --intra-layer-parallelism flag has been added to the database run-queries command, which can improve performance by enabling parallel processing within query evaluation layers.

---

483-483: Updated databaseInterpretResults to accept features parameter.

The databaseInterpretResults function now accepts a features parameter, allowing it to conditionally enable functionality based on feature flags.

---

498-500: Enhanced SARIF output with more detailed information.

Added flags to improve the quality of SARIF output:

• --sarif-include-query-help=always ensures query help is always included
• --sublanguage-file-coverage provides better coverage information
• Added job run UUID to SARIF options for traceability in CI/CD systems

These improvements enhance the usefulness of the analysis results.

---

503-505: Added support for custom SARIF run properties.

The function now conditionally includes sarifRunPropertyFlag when provided, allowing for custom properties to be added to the SARIF output.

---

515-517: Added compatibility for analysis summary format.

The code now checks if the CLI version supports AnalysisSummaryV2IsDefault and conditionally adds the --new-analysis-summary flag for older versions, ensuring consistent output format across different CLI versions.

---

582-590: Updated database cleanup command for newer CLI versions.

The code now dynamically selects between --cache-cleanup (for newer CLI versions) and --mode (for older versions) based on the CLI version, maintaining backward compatibility while supporting newer functionality.

---

754-764: Introduced centralized runCli function for better error handling.

A new runCli function has been added that wraps runTool with improved error handling, specifically handling CommandInvocationError and wrapping them as CliError. This centralized approach ensures consistent error handling across all CLI invocations.

---

831-831: Updated TRAP caching to respect default branch analysis.

The isAnalyzingDefaultBranch() function is now used to determine whether to write to the TRAP cache, which ensures that caches are only updated when analyzing the default branch, preventing cache pollution from feature branches.

---

866-872: Added support for job run UUID in SARIF output.

A new function getJobRunUuidSarifOptions has been added that retrieves the job run UUID from environment variables and adds it to SARIF output options when supported by the CLI. This improves traceability by linking analysis results to specific CI/CD job runs.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

lib/analyze.js (2)

70-77: Consider capturing the stack trace for detailed debugging.

Storing the original error is excellent. For richer debugging, you could use Error.captureStackTrace(this, CodeQLAnalysisError); inside the constructor.

---

280-355: Possible redundant continue statement.

The continue at the end of the loop may be unnecessary since the loop proceeds to the next iteration regardless. You could remove it to simplify the logic:

-            continue;

🧰 Tools

🪛 Biome (1.9.4)

[error] 352-352: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bd1d9ab and e0ea141.

⛔ Files ignored due to path filters (1)

• lib/analyze.js.map is excluded by !**/*.map

📒 Files selected for processing (1)

• lib/analyze.js (9 hunks)

🧰 Additional context used

🪛 Biome (1.9.4)

lib/analyze.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 352-352: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

🔇 Additional comments (15)

lib/analyze.js (15)

18-34: Avoid manual edits to auto-generated TS helper code.

These lines appear to be TypeScript’s runtime helpers, typically auto-generated. Manually modifying them could introduce inconsistencies with the compiler’s output.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

39-46: Export statements look good.

All newly introduced export assignments are coherent and do not raise any issues.

---

50-60: New imports are properly organized.

These imports from @actions/* and related modules look correct and facilitate the added functionalities.

---

64-64: No concerns with the additional logging import.

Importing logging_1 aligns well with the other modules.

---

107-113: Environment variable setup for Java dependency caching is appropriate.

This ensures stable paths for caching when buildMode is none. Implementation looks consistent.

---

162-186: Branch detection logic is well-structured.

Handling both PR context and environment variables covers typical scenarios.

---

187-216: Diff-informed analysis setup is clear.

Good job checking feature flags and grouping the extension pack generation.

---

227-250: Pull request diff ranges approach is valid.

Limiting handling to fewer than 300 changed files prevents incomplete data.

---

251-279: Safe handling of base-head commit comparison.

Robust error handling is in place.

---

357-418: Extension pack creation logic is sound.

The pack generation, YAML writing, and fallback to an empty diff set all look correct.

---

414-506: Query execution flow appears correct.

Conditional flags and error handling for each language are well-structured.

---

508-525: Finalizing database creation is properly orchestrated.

Deleting old outputs, finalizing each language’s database, and capturing timings works well.

---

526-549: Go version check is handled correctly.

The diagnostic approach ensures necessary warnings and prevents unexpected toolchain overrides.

---

550-558: Cleanup routine is straightforward.

Databases are cleaned up as expected for each language.

---

559-561: Exporting internal functions for testing is fine.

Provides test-only access while keeping the main API surface minimal.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (11)

CHANGELOG.md (11)

7-8: Typographical Note: Compound Adjective
The phrase “No user facing changes.” appears several times. For clarity and consistency, please use “user‐facing” (with a hyphen) throughout the document.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.13 - 24 Mar 2025 No ...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

9-12: Suggestion: Date Range Formatting
For version headers such as “## [UNRELEASED]” and “## 3.28.13 - 24 Mar 2025”, consider using a proper en dash (–) instead of a hyphen for the date range (for example, “3.28.13 – 24 Mar 2025”). This improves typographic clarity.

🧰 Tools

🪛 LanguageTool

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.13 - 24 Mar 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~11-~11: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ... changes. ## 3.28.13 - 24 Mar 2025 No user facing changes. ## 3.28.12 - 19 Mar 2025 - D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

36-38: Version 3.28.7: No User‐Facing Changes
This entry simply states “No user facing changes.” Again, please update “user facing” to “user‐facing” to match recommended style.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~37-~37: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

47-50: Version 3.28.4: No User‐Facing Changes
This entry is minimal. Please apply the “user‐facing” hyphenation as suggested.

🧰 Tools

🪛 LanguageTool

[typographical] ~47-~47: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~49-~49: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

57-60: Version 3.28.2: No User‐Facing Changes
A routine “No user facing changes” entry; please update the hyphenation for consistency.

🧰 Tools

🪛 LanguageTool

[typographical] ~57-~57: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~59-~59: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

71-74: Version 3.27.9: No User‐Facing Changes
No functional change; apply “user‐facing” consistency.

🧰 Tools

🪛 LanguageTool

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~73-~73: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

88-91: Version 3.27.5: No User‐Facing Changes
Again, ensure that “user‐facing” is hyphenated consistently.

🧰 Tools

🪛 LanguageTool

[typographical] ~88-~88: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~90-~90: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

92-95: Version 3.27.4: No User‐Facing Changes
Minor/no change; please update the hyphenation.

🧰 Tools

🪛 LanguageTool

[typographical] ~92-~92: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~94-~94: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

96-99: Version 3.27.3: No User‐Facing Changes
No further issues.

🧰 Tools

🪛 LanguageTool

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

115-117: Version 3.26.13: No User‐Facing Changes
Routine entry; please update “user‐facing” as noted.

🧰 Tools

🪛 LanguageTool

[typographical] ~115-~115: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~117-~117: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

118-125: Version 3.26.12: Upcoming Breaking Change Notice
This version provides a well‐detailed deprecation warning for older CodeQL versions and clear instructions on how customers can continue using their versions if needed. Please confirm that your migration guides and release notes also cover these upcoming changes.

🧰 Tools

🪛 LanguageTool

[typographical] ~119-~119: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e0ea141 and f15aac3.

⛔ Files ignored due to path filters (1)

• node_modules/.package-lock.json is excluded by !**/node_modules/**

📒 Files selected for processing (1)

• CHANGELOG.md (2 hunks)

🧰 Additional context used

🪛 LanguageTool

CHANGELOG.md

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.13 - 24 Mar 2025 No ...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.13 - 24 Mar 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~11-~11: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ... changes. ## 3.28.13 - 24 Mar 2025 No user facing changes. ## 3.28.12 - 19 Mar 2025 - D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~13-~13: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...025 No user facing changes. ## 3.28.12 - 19 Mar 2025 - Dependency caching should...

(DASH_RULE)

---

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2810) ## 3.28.11 - 07 Mar 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~22-~22: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~24-~24: You might be missing the article “the” here.
Context: ...93) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bundle version to 2.20.5. [github#2772...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~27-~27: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~29-~29: You might be missing the article “the” here.
Context: ...768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bundle version to 2.20.4. [github#2753...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~31-~31: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

---

[typographical] ~35-~35: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~37-~37: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

---

[typographical] ~43-~43: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~45-~45: You might be missing the article “the” here.
Context: ...726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bundle version to 2.20.3. [github#2717...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~47-~47: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~49-~49: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~51-~51: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~53-~53: You might be missing the article “the” here.
Context: ...ges. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bundle version to 2.20.2. [github#2707...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~57-~57: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~59-~59: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~61-~61: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

---

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~71-~71: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~73-~73: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

---

[style] ~77-~77: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

---

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

---

[typographical] ~84-~84: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~86-~86: You might be missing the article “the” here.
Context: ...636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bundle version to 2.19.4. [github#2626...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~88-~88: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~90-~90: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~92-~92: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~94-~94: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~100-~100: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

---

[style] ~102-~102: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

---

[typographical] ~104-~104: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

---

[typographical] ~109-~109: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~115-~115: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~117-~117: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~119-~119: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[typographical] ~127-~127: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[uncategorized] ~134-~134: You might be missing the article “the” here.
Context: ... not yet compatible with GHES. - Update default CodeQL bundle version to 2.19.1. [github#2519...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~136-~136: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

---

[style] ~138-~138: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

---

[typographical] ~140-~140: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~142-~142: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~144-~144: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~146-~146: You might be missing the article “the” here.
Context: ...ges. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bundle version to 2.19.0. [github#2483...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~148-~148: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~150-~150: You might be missing the article “the” here.
Context: ...483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bundle version to 2.18.4. [github#2471...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~154-~154: You might be missing the article “the” here.
Context: ...471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bundle version to 2.18.3. [github#2449...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[typographical] ~160-~160: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[typographical] ~165-~165: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~169-~169: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~171-~171: You might be missing the article “the” here.
Context: ...430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bundle version to 2.18.2. [github#2417...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~175-~175: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~177-~177: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~182-~182: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~186-~186: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~190-~190: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[typographical] ~197-~197: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~202-~202: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~207-~207: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~209-~209: You might be missing the article “the” here.
Context: ...52) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bundle version to 2.17.5. [github#2327...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~211-~211: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~216-~216: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~218-~218: You might be missing the article “the” here.
Context: ...332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bundle version to 2.17.4. [github#2321...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~220-~220: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

🔇 Additional comments (22)

CHANGELOG.md (22)

13-17: Version 3.28.12: Dependency Caching and Bundle Update
The new entry about caching more dependencies for Java “build-mode: none” extractions and the update of the default CodeQL bundle version to 2.20.7 are clearly documented. Please ensure these improvements have adequate performance tests and that any downstream documentation explains the impact.

🧰 Tools

🪛 LanguageTool

[typographical] ~13-~13: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...025 No user facing changes. ## 3.28.12 - 19 Mar 2025 - Dependency caching should...

(DASH_RULE)

---

18-21: Version 3.28.11: Bundle Version Update
Updating the default CodeQL bundle version to 2.20.6 is a straightforward change. No issues noted.

🧰 Tools

🪛 LanguageTool

[typographical] ~18-~18: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2810) ## 3.28.11 - 07 Mar 2025 - Update default CodeQL bun...

(DASH_RULE)

---

22-26: Version 3.28.10: macOS Decompression Fix
This entry not only updates the bundle version to 2.20.5 but also addresses an issue where the CodeQL Bundle would sometimes fail to decompress on macOS. Please verify that there are tests covering this macOS edge case.

🧰 Tools

🪛 LanguageTool

[typographical] ~22-~22: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~24-~24: You might be missing the article “the” here.
Context: ...93) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bundle version to 2.20.5. [github#2772...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

27-30: Version 3.28.9: Bundle Version Update
The update to 2.20.4 appears routine. Ensure that this change is coordinated with any related configurations.

🧰 Tools

🪛 LanguageTool

[typographical] ~27-~27: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~29-~29: You might be missing the article “the” here.
Context: ...768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bundle version to 2.20.4. [github#2753...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

31-35: Version 3.28.8: Kotlin Support Enhancement
Enabling support for Kotlin 2.1.10 (when using CodeQL CLI v2.20.3) is an important upgrade. Please double-check that integration tests verify this new support.

🧰 Tools

🪛 LanguageTool

[typographical] ~31-~31: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

---

[typographical] ~35-~35: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

39-42: Version 3.28.6: Debug Artifact Upload Re-enabled
Re-enabling debug artifact uploads for CLI versions 2.20.3 or greater is clear. It might be helpful to confirm that any configuration changes suggested by this re‐enablement are documented.

🧰 Tools

🪛 LanguageTool

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

---

43-46: Version 3.28.5: Bundle Version Update
A simple update to the default bundle version (2.20.3) with no additional notes. This is acceptable.

🧰 Tools

🪛 LanguageTool

[typographical] ~43-~43: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~45-~45: You might be missing the article “the” here.
Context: ...726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bundle version to 2.20.3. [github#2717...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

51-56: Version 3.28.3: Diagnostic and Bundle Updates
This version update not only moves the default bundle version to 2.20.2 but also fixes a download issue for GitHub Enterprise Server and notes that uploading debug artifacts is temporarily disabled. The content is clear; just ensure that the temporary disablement is communicated to customers (e.g. in release notes).

🧰 Tools

🪛 LanguageTool

[typographical] ~51-~51: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~53-~53: You might be missing the article “the” here.
Context: ...ges. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bundle version to 2.20.2. [github#2707...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

61-65: Version 3.28.1: Deprecation Notice and Bundle Update
This entry deprecates CodeQL Action v2 and updates the bundle version to 2.20.1. The deprecation message is informative; please verify that migration guidance is available in your external documentation.

🧰 Tools

🪛 LanguageTool

[typographical] ~61-~61: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

---

66-70: Version 3.28.0: Minimum Bundle Version & Edge Case Handling
Bumping the minimum CodeQL bundle version to 2.15.5 and ensuring that workflows do not fail when a file is on the search path are excellent defensive improvements. Confirm that this non‐failure behavior is robustly tested.

🧰 Tools

🪛 LanguageTool

[typographical] ~66-~66: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

75-78: Version 3.27.8: Proxy Settings Fix
Fixing the issue where streaming the download and extraction did not respect proxy settings is an important stability improvement. Please verify that tests simulate various network proxy configurations.

🧰 Tools

🪛 LanguageTool

[typographical] ~75-~75: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

---

[style] ~77-~77: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

---

79-83: Version 3.27.7: Toolcache Optimization and Bundle Update
Introducing extraction of the CodeQL bundle directly to the toolcache (improving performance) together with updating the bundle version to 2.20.0 is a valuable improvement. I recommend running performance benchmarks to validate the benefit.

🧰 Tools

🪛 LanguageTool

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

---

84-87: Version 3.27.6: Bundle Version Update
The update to 2.19.4 is noted without further comment. This looks fine.

🧰 Tools

🪛 LanguageTool

[typographical] ~84-~84: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[uncategorized] ~86-~86: You might be missing the article “the” here.
Context: ...636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bundle version to 2.19.4. [github#2626...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

100-103: Version 3.27.2: Fixing Authorization Setup
The note about fixing an issue with an “Invalid value ‘undefined’ for header ‘authorization’” is clear and specific.

🧰 Tools

🪛 LanguageTool

[typographical] ~100-~100: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

---

[style] ~102-~102: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

---

104-108: Version 3.27.1: Bundle Compression Enhancement
Introducing the use of Zstandard‑compressed bundles for GitHub Enterprise Server on Linux and macOS (and updating to 2.19.3) is a significant performance improvement. Ensure that compatibility and fallback behavior are well verified.

🧰 Tools

🪛 LanguageTool

[typographical] ~104-~104: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

---

109-114: Version 3.27.0: Token and Bundle Updates
This entry includes a bump in the minimum bundle version, a fix for an “upload‑sarif” step error (related to missing token input), and an update to 2.19.2. Please verify that composite actions using “upload‑sarif” are now robust.

🧰 Tools

🪛 LanguageTool

[typographical] ~109-~109: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

126-131: Version 3.26.11: Changes to Debug Artifact Downloads
The update signals an upcoming change to use actions/download-artifact@v4 and includes instructions for upgrading. It would be beneficial to cross‑check that all documentation (and sample workflows) is updated accordingly.

🧰 Tools

🪛 LanguageTool

[typographical] ~127-~127: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

132-136: Version 3.26.10: Zstandard Bundle Setup Feature
Using a bundle compressed with Zstandard to improve setup performance is an innovative change. Please ensure that any issues with decompressing or fallback are fully tested.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~134-~134: You might be missing the article “the” here.
Context: ... not yet compatible with GHES. - Update default CodeQL bundle version to 2.19.1. [github#2519...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~136-~136: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

---

137-140: Version 3.26.9: Bundle Version Update
An update to the default CodeQL bundle version to 2.18.2 is noted; no further issues.

🧰 Tools

🪛 LanguageTool

[style] ~138-~138: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

---

[typographical] ~140-~140: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

---

141-144: Version 3.26.8: Bundle Version Update
The update to 2.18.1 is clear.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~142-~142: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~144-~144: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

145-148: Version 3.26.7: Proxy Settings Fix (Continued)
The fix to ensure that streaming respects proxy settings is very useful. Please perform additional tests under proxy conditions.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~146-~146: You might be missing the article “the” here.
Context: ...ges. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bundle version to 2.19.0. [github#2483...

(AI_EN_LECTOR_MISSING_DETERMINER_THE)

---

[typographical] ~148-~148: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

924-929: Version 1.0.0: Initial Changelog Addition and Log Grouping Improvements
The initial changelog entry documents the file’s introduction and improvements in log grouping and metric summaries. This foundational change is well captured.

🧰 Tools

🪛 LanguageTool

[typographical] ~924-~924: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...github/pull/543) ## 1.0.0 - 31 May 2021 - Add this changelog file. ...

(DASH_RULE)

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.github/workflows/post-release-mergeback.yml (3)

30-33: Expand Job Permissions for Release Automation
The updated permissions grant contents: write and pull-requests: write, which are necessary for tag creation and commit pushing. Ensure these expanded permissions are carefully controlled and monitored to prevent inadvertent operations.

---

116-125: Partial Changelog Preparation Step
A new step to prepare a partial changelog is added using a Python script. It captures the changelog snippet and groups its output. Consider enhancing error handling within the script or the step (e.g., by checking the exit status) so that workflow failures are caught early if the script encounters an issue.

---

170-189: Token Generation and GitHub Release Creation
The workflow now generates a GitHub App token via actions/create-github-app-token and uses it to create a release with a partial changelog. Please ensure that:

• The app credentials (AUTOMATION_APP_ID and AUTOMATION_PRIVATE_KEY) are securely managed.
• The token is used only in the intended scope.
• Adequate error handling is in place for both the token generation and the release creation steps (e.g., capturing non-zero exit statuses).

This addition bolsters automation but would benefit from integration tests to confirm proper behavior under failure scenarios.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f15aac3 and be853de.

📒 Files selected for processing (3)

• .github/workflows/__rubocop-multi-language.yml (2 hunks)
• .github/workflows/post-release-mergeback.yml (3 hunks)
• .github/workflows/update-release-branch.yml (4 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/update-release-branch.yml

🔇 Additional comments (4)

.github/workflows/__rubocop-multi-language.yml (3)

33-35: Update Permissions: Limit Security Events to Read-Only
The permission for security-events has been changed from write to read. This shift toward least privilege is good practice. Please verify that read-only access adequately supports all later steps that rely on security events data.

---

45-47: Introduce the Kotlin Setup Parameter
A new parameter setup-kotlin: 'true' has been added to the "Prepare test" step. Ensure that this setting integrates as expected with your testing process and that it doesn’t conflict with any remaining Python-related logic.

---

48-50: Ruby Setup Version Pin Update
The Ruby setup action is now pinned to ruby/setup-ruby@1a615958ad9d422dd932dc1d5823942ee002799f (v1.227.0), which is a positive step toward reproducibility. Please verify that this commit hash version is compatible with your project’s Ruby requirements and that no breaking changes have been introduced.

.github/workflows/post-release-mergeback.yml (1)

23-25: Assign Environment for Merge-Back Job
The merge-back job now explicitly runs in the Automation environment. This clarifies the context in which the job executes and supports later release automation tasks.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

lib/analyze-action.js (1)

162-169: Replace delete operator with undefined assignment

While the logic for unsetting empty proxy environment variables is sound, using the delete operator on process.env properties can impact performance.

 if (process.env.CODEQL_PROXY_HOST === "") {
-    delete process.env.CODEQL_PROXY_HOST;
-    delete process.env.CODEQL_PROXY_PORT;
-    delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
+    process.env.CODEQL_PROXY_HOST = undefined;
+    process.env.CODEQL_PROXY_PORT = undefined;
+    process.env.CODEQL_PROXY_CA_CERTIFICATE = undefined;
 }

🧰 Tools

🪛 Biome (1.9.4)

[error] 166-166: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 167-167: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 168-168: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

lib/analyze.js (3)

18-34: Consider using optional chaining for safer property access
The code here appears to be part of a TypeScript helper for __importStar. Static analysis suggests using optional chaining at line 28, e.g. mod?.__esModule, to reduce verbosity and potential runtime errors. However, if this is compiler-generated code, you may opt to ignore it.

-        if (mod && mod.__esModule) return mod;
+        if (mod?.__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

72-77: Consider using the Error cause feature
Storing the original error in this.error is good for debugging. If your Node.js environment supports it, you might consider using the { cause: error } option to preserve stack traces automatically.

---

350-364: Remove the unnecessary continue statement
Static analysis reports that the final continue; is redundant after incrementing currentLine. Eliminating it will not affect logic and might improve readability.

-        currentLine++;
-        continue;
+        currentLine++;

🧰 Tools

🪛 Biome (1.9.4)

[error] 353-353: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between be853de and 9bd18b4.

⛔ Files ignored due to path filters (12)

• lib/analyze-action.js.map is excluded by !**/*.map
• lib/analyze.js.map is excluded by !**/*.map
• lib/api-client.js.map is excluded by !**/*.map
• lib/autobuild.js.map is excluded by !**/*.map
• lib/init-action-post-helper.js.map is excluded by !**/*.map
• lib/init-action-post.js.map is excluded by !**/*.map
• lib/init-action.js.map is excluded by !**/*.map
• lib/repository.js.map is excluded by !**/*.map
• lib/status-report.js.map is excluded by !**/*.map
• lib/upload-lib.js.map is excluded by !**/*.map
• lib/upload-sarif-action.js.map is excluded by !**/*.map
• node_modules/.package-lock.json is excluded by !**/node_modules/**

📒 Files selected for processing (6)

• lib/analyze-action.js (12 hunks)
• lib/analyze.js (9 hunks)
• lib/api-client.js (4 hunks)
• lib/autobuild.js (4 hunks)
• lib/init-action-post-helper.js (4 hunks)
• lib/init-action-post.js (2 hunks)

🧰 Additional context used

🧬 Code Definitions (6)

lib/init-action-post.js (4)

lib/api-client.js (4)

• actions_util_1 (56-56)
• util_1 (58-58)
• repository_1 (57-57)
• core (52-52)

lib/status-report.js (5)

• actions_util_1 (44-44)
• api_client_1 (45-45)
• util_1 (50-50)
• repository_1 (49-49)
• core (43-43)

lib/init-action-post-helper.js (5)

• api_client_1 (43-43)
• util_1 (50-50)
• repository_1 (47-47)
• core (40-40)
• status_report_1 (48-48)

lib/repository.js (1)

• util_1 (6-6)

lib/init-action-post-helper.js (1)

src/init-action-post-helper.ts (3)

• tryUploadSarifIfRunFailed (119-158)
• run (160-243)
• getFinalJobStatus (323-332)

lib/analyze-action.js (3)

lib/analyze.js (4)

• dependency_caching_1 (58-58)
• util (69-69)
• repository_1 (65-65)
• logging_1 (64-64)

lib/api-client.js (1)

• repository_1 (57-57)

lib/status-report.js (1)

• repository_1 (49-49)

lib/analyze.js (6)

lib/codeql.js (12)

• fs (46-46)
• path (47-47)
• yaml (50-50)
• environment_1 (54-54)
• feature_flags_1 (55-55)
• languages_1 (57-57)
• tools_features_1 (60-60)
• tracer_config_1 (61-61)
• util (62-62)
• util_1 (63-63)
• language (801-801)
• codeql (232-676)

lib/util.js (5)

• path (85-85)
• io (89-89)
• yaml (93-93)
• environment_1 (96-96)
• databasePath (548-548)

lib/actions-util.js (4)

• fs (52-52)
• path (53-53)
• io (56-56)
• util_1 (57-57)

lib/diff-filtering-utils.js (3)

• fs (38-38)
• path (39-39)
• actionsUtil (40-40)

lib/dependency-caching.js (2)

• environment_1 (45-45)
• util_1 (46-46)

lib/api-client.js (4)

• repository_1 (57-57)
• util_1 (58-58)
• repositoryNwo (188-188)
• repositoryNwo (198-198)

lib/api-client.js (1)

src/api-client.ts (12)

• getApiDetails (57-63)
• getApiClient (65-67)
• getApiClientWithExternalAuth (69-73)
• getGitHubVersionFromApi (77-103)
• getGitHubVersion (112-120)
• getWorkflowRelativePath (125-152)
• getAnalysisKey (161-175)
• getAutomationID (177-182)
• computeAutomationID (184-205)
• listActionsCaches (215-230)
• deleteActionsCache (233-241)
• wrapApiConfigurationError (243-254)

lib/autobuild.js (5)

lib/init-action-post-helper.js (2)

• feature_flags_1 (46-46)
• repository_1 (47-47)

lib/api-client.js (1)

• repository_1 (57-57)

lib/analyze-action.js (2)

• feature_flags_1 (54-54)
• repository_1 (57-57)

lib/init-action-post.js (2)

• feature_flags_1 (46-46)
• repository_1 (49-49)

lib/status-report.js (2)

• doc_url_1 (46-46)
• repository_1 (49-49)

🪛 Biome (1.9.4)

lib/init-action-post.js

[error] 33-33: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/init-action-post-helper.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze-action.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 166-166: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 167-167: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 168-168: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

lib/analyze.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 353-353: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

lib/api-client.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/autobuild.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

🔇 Additional comments (48)

lib/analyze-action.js (12)

18-34: Enhanced module import structure

The __importStar function has been improved to better handle property enumeration in imported modules through the new ownKeys helper function. This is a standard pattern for ensuring all properties are correctly imported.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

48-48: LGTM: New caching modules imported

Added imports for caching utilities which will be used later in the file for dependency caching functionality.

Also applies to: 52-52

---

65-65: Good enhancement: Added logger parameter to disk usage check

The util.checkDiskUsage() call now receives the logger parameter, ensuring consistent logging during disk usage checks.

---

77-77: LGTM: Cache size calculation is now properly awaited

This change correctly awaits the asynchronous getTotalCacheSize function call.

---

123-123: Simplified interface for runAutobuildIfLegacyGoWorkflow

The features parameter has been removed from the function signature, simplifying the interface. This is a good change that removes an unused parameter.

Also applies to: 150-150, 198-198

---

170-172: LGTM: Input persistence for post step

This change makes inputs accessible in the post step, which is important for maintaining state between steps.

---

189-189: LGTM: Improved API usage and variable exports

These changes use appropriate helper functions for repository name retrieval, variable exporting, and process waiting, making the code more consistent.

Also applies to: 191-191, 196-196, 239-239

---

200-202: LGTM: Added cleanup level configuration

Good addition of the cleanup-level input with a sensible default. The parameter is consistently passed to both runQueries and runCleanup functions, allowing for more flexible cleanup behavior.

Also applies to: 204-206

---

230-232: LGTM: Added dependency caching functionality

Good implementation of dependency caching, which is conditionally executed only when caching is enabled.

---

253-255: LGTM: Improved error handling

The error handling has been consolidated using a ternary operator, making the code more concise while maintaining the same functionality.

---

277-277: LGTM: Standardized error message

Using util.getErrorMessage(error) provides a more consistent way to extract error messages.

---

215-215:

Details

✅ Verification successful

Verify impact of changing upload method

The code now calls uploadLib.uploadFiles instead of uploadLib.uploadFromActions. Make sure this change is intentional and that the function signatures are compatible.

---

🏁 Script executed:

#!/bin/bash
# Check the signatures of both upload functions

echo "Checking uploadLib functions:"
rg -A 3 "uploadFiles|uploadFromActions" --type js

Length of output: 3121

---

Confirmed Upload Method Change — Signatures are Compatible

I reviewed the call sites and the definition of uploadFiles across the codebase. The function now consistently accepts the parameters (sarifPath, checkoutPath, category, features, logger) and is used in lib/analyze-action.js, lib/init-action-post-helper.js, and elsewhere. There’s no evidence of a signature mismatch with the previous uploadFromActions implementation.

lib/api-client.js (5)

18-34: Enhanced module import handling with robust property retrieval.

The improved __importStar implementation adds a custom ownKeys function that efficiently retrieves all property names from modules, including non-enumerable ones. This ensures more reliable module imports by properly binding all properties to the result object.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

39-51: Improved code organization through explicit exports.

The export statements have been reorganized to explicitly list each exported entity. This enhances code clarity and maintainability by making the public API surface obvious to consumers.

---

95-95: ESLint directive added to handle TypeScript safety check.

The added ESLint directive properly addresses type safety concerns when calling the GitHub API meta endpoint.

---

125-140: Enhanced workflow path retrieval with robust fallback handling.

The implementation now uses a dedicated repository utility function and adds special handling for required workflows. The regex check ensures that if the workflow URL is invalid or relates to required workflows, the function correctly falls back to using the path from the original response.

---

188-188: Consistent repository information retrieval.

Updated to use the dedicated getRepositoryNwo() utility across the codebase, improving consistency and maintainability.

Also applies to: 198-198

lib/init-action-post.js (4)

23-39: Enhanced module import handling with robust property retrieval.

The improved __importStar implementation adds a custom ownKeys function that efficiently retrieves all property names from modules, including non-enumerable ones. This ensures more reliable module imports by properly binding all properties to the result object.

🧰 Tools

🪛 Biome (1.9.4)

[error] 33-33: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

58-60: Added input restoration from init Action.

This change ensures that the post-action phase has access to the same inputs that were provided to the main action, maintaining consistency throughout the workflow execution.

---

69-70: Consolidated debug artifact upload approach.

The implementation now uses a unified method for uploading all available debug artifacts rather than separate methods for different artifact types. This improves code maintainability and ensures consistent artifact handling.

---

75-76: Improved disk usage reporting in status reports.

The logger parameter is now passed to the disk usage check function, enabling better contextual logging during both error handling and success paths.

Also applies to: 83-83

lib/autobuild.js (4)

18-34: Enhanced module import handling with robust property retrieval.

The improved __importStar implementation adds a custom ownKeys function that efficiently retrieves all property names from modules, including non-enumerable ones. This ensures more reliable module imports by properly binding all properties to the result object.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

36-38: Improved code organization through explicit exports.

The export statements have been reorganized to explicitly list each exported entity, improving code clarity and maintainability.

---

43-43: Enhanced user guidance with documentation links.

The implementation now uses centralized documentation URLs instead of hardcoded links, improving both user experience and code maintainability. The log messages include helpful links to relevant documentation sections, particularly for build modes and environment variable configuration.

Also applies to: 54-56, 118-118, 134-134, 138-138

---

147-154: Simplified function signature and improved feature detection.

The runAutobuild function now has a cleaner signature without the redundant features parameter. It properly uses CodeQL's native feature detection via supportsFeature() instead of checking feature flags directly, making the code more maintainable.

lib/init-action-post-helper.js (6)

18-34: Enhanced module import handling with robust property retrieval.

The improved __importStar implementation adds a custom ownKeys function that efficiently retrieves all property names from modules, including non-enumerable ones. This ensures more reliable module imports by properly binding all properties to the result object.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

36-38: Improved code organization through explicit exports.

The explicit export statements for key functions enhance code clarity and maintainability by making the public API surface obvious to consumers.

---

87-87: Improved SARIF diagnostics export and upload.

The implementation now uses a simpler interface for database diagnostics export and enhanced file upload with feature flag support, streamlining the error reporting process.

Also applies to: 90-90

---

119-119: Enhanced debug artifact uploading with version information.

The function parameter has been updated to reflect its broader scope, and the implementation now includes CodeQL version information in the artifact upload, providing better context for debugging.

Also applies to: 145-148

---

150-166: Added database cleanup for self-hosted runners.

This new functionality properly cleans up database cluster directories on self-hosted runners, preventing disk space issues over time. The implementation includes robust error handling and detailed logging.

---

176-176: Consistent repository information retrieval.

Updated to use the dedicated getRepositoryNwo() utility, improving consistency and maintainability across the codebase.

lib/analyze.js (17)

39-46: Re-export statements look good
No issues found in these exports.

---

50-50: New imports are fine
These imports improve modularity and clarity.

Also applies to: 54-54, 58-58, 60-60, 64-65

---

108-115: Dependency directory handling looks correct
Assigning a stable directory for Java dependencies in buildless mode is a solid approach for caching.

---

137-137: Graceful fallback on unknown database status
Catching without an error parameter is acceptable here, as you simply log a warning and continue.

---

163-187: Logic to identify pull request branches is well-structured
This implementation provides a clear fallback to environment variables when pull_request context is absent.

---

188-218: Feature gating for diff-informed queries
Good job wrapping this logic in a feature flag check. Nicely structured fallback for non-PR contexts.

---

219-251: Efficient retrieval of diff ranges
No issues found. The logic gracefully handles edge cases like too many changed files.

---

252-280: Compare Commits API usage
Retrieving file diffs with basehead is straightforward, and the fallback for errors looks appropriate.

---

281-357: Accurate parsing of patch content
The approach to parse each hunk and handle missing patches seems correct.

🧰 Tools

🪛 Biome (1.9.4)

[error] 353-353: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

---

421-435: Adding incremental diff analysis flags
Attaching incremental flags like --extension-packs=codeql-action/pr-diff-range is a clean way to integrate diff-based scanning.

---

480-481: Improved error reporting
Throwing a CodeQLAnalysisError with a detailed message and wrapped error is beneficial for debugging.

---

486-486: Refined interpretation call
Passing the newly introduced sarifRunPropertyFlag is a nice addition that helps indicate incremental (diff-informed) analysis.

---

509-509: Well-organized finalize step
This refactor looks straightforward and aligns the finalize step with your extraction logic.

---

522-522: Conditional end tracing is logical
Ending tracing only when autobuild did not complete successfully prevents duplicate cleanups.

---

536-536: Ensuring correct Go binary
Verifying that the Go binary location hasn’t changed since init helps detect misconfigurations.

---

552-559: Cleanup logic is clear
The loop systematically cleans multiple languages’ databases. Straightforward and consistent.

---

560-562: Exporting internal utilities
Exporting getDiffRanges under exportedForTesting is a good practice for targeted unit testing.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (8)

lib/codeql.js (1)

812-818: Enhanced query filters handling.

The code now properly merges default query filters with user-provided ones, ensuring that essential filters are always applied while still respecting user customizations.

Regarding the static analysis hint about line 817, consider replacing the delete operation with an assignment to undefined for potentially better performance:

-    if (augmentedConfig["query-filters"]?.length === 0) {
-        delete augmentedConfig["query-filters"];
-    }
+    if (augmentedConfig["query-filters"]?.length === 0) {
+        augmentedConfig["query-filters"] = undefined;
+    }

🧰 Tools

🪛 Biome (1.9.4)

[error] 817-817: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

lib/config-utils.test.js (1)

18-34: Refactor to use optional chaining for better null handling.

The __importStar implementation should use optional chaining in line 28 for safer handling of potential null values. This would improve robustness when importing modules.

-        if (mod && mod.__esModule) return mod;
+        if (mod?..__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze-action.js (2)

18-34: Refactor to use optional chaining for better null handling.

The __importStar implementation should use optional chaining in line 28 for safer handling of potential null values when importing modules.

-        if (mod && mod.__esModule) return mod;
+        if (mod?..__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

163-170: Improve performance when clearing environment variables.

The use of the delete operator on process.env properties can impact performance. Consider using undefined assignment instead.

if (process.env.CODEQL_PROXY_HOST === "") {
-    delete process.env.CODEQL_PROXY_HOST;
-    delete process.env.CODEQL_PROXY_PORT;
-    delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
+    process.env.CODEQL_PROXY_HOST = undefined;
+    process.env.CODEQL_PROXY_PORT = undefined;
+    process.env.CODEQL_PROXY_CA_CERTIFICATE = undefined;
}

🧰 Tools

🪛 Biome (1.9.4)

[error] 167-167: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 168-168: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 169-169: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

lib/diff-informed-analysis-utils.js (2)

1-1: Remove redundant 'use strict' directive.

The 'use strict' directive is redundant in JavaScript modules as they are automatically in strict mode.

-"use strict";

🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

18-34: Refactor to use optional chaining for better null handling.

The __importStar implementation should use optional chaining in line 28 for safer handling of potential null values.

-        if (mod && mod.__esModule) return mod;
+        if (mod?..__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/config-utils.js (1)

18-34: Refactor to use optional chaining for better null handling.

The __importStar implementation should use optional chaining in line 28 for safer handling of potential null values.

-        if (mod && mod.__esModule) return mod;
+        if (mod?..__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze.js (1)

318-318: Remove unnecessary continue statement

The continue statement at the end of this condition block is unnecessary since it's the last check in the loop.

 if (diffLine.startsWith(" ")) {
     // An unchanged context line advances the current line number.
     currentLine++;
-    continue;
 }

🧰 Tools

🪛 Biome (1.9.4)

[error] 318-318: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9f45e74 and efffb48.

⛔ Files ignored due to path filters (7)

• lib/analyze-action.js.map is excluded by !**/*.map
• lib/analyze.js.map is excluded by !**/*.map
• lib/codeql.js.map is excluded by !**/*.map
• lib/config-utils.js.map is excluded by !**/*.map
• lib/config-utils.test.js.map is excluded by !**/*.map
• lib/diff-informed-analysis-utils.js.map is excluded by !**/*.map
• lib/upload-lib.js.map is excluded by !**/*.map

📒 Files selected for processing (6)

• lib/analyze-action.js (12 hunks)
• lib/analyze.js (9 hunks)
• lib/codeql.js (29 hunks)
• lib/config-utils.js (13 hunks)
• lib/config-utils.test.js (7 hunks)
• lib/diff-informed-analysis-utils.js (1 hunks)

🧰 Additional context used

🧬 Code Definitions (6)

lib/config-utils.js (1)

lib/diff-informed-analysis-utils.js (2)

• path (41-41)
• feature_flags_1 (44-44)

lib/config-utils.test.js (5)

lib/codeql.js (2)

• feature_flags_1 (55-55)
• language (801-801)

lib/analyze-action.js (2)

• caching_utils_1 (48-48)
• feature_flags_1 (55-55)

lib/config-utils.js (8)

• caching_utils_1 (66-66)
• languages (137-137)
• languages (159-159)
• languages (230-230)
• languages (280-280)
• feature_flags_1 (68-68)
• buildMode (231-231)
• buildMode (281-281)

lib/analyze.js (1)

• feature_flags_1 (61-61)

lib/diff-informed-analysis-utils.js (1)

• feature_flags_1 (44-44)

lib/diff-informed-analysis-utils.js (6)

lib/codeql.js (4)

• fs (46-46)
• path (47-47)
• feature_flags_1 (55-55)
• codeql (232-676)

lib/upload-lib.js (3)

• fs (48-48)
• path (49-49)
• actionsUtil (55-55)

lib/analyze-action.js (4)

• fs (40-40)
• actionsUtil (44-44)
• feature_flags_1 (55-55)
• codeql (184-184)

lib/analyze.js (6)

• fs (47-47)
• path (48-48)
• actionsUtil (53-53)
• feature_flags_1 (61-61)
• codeql (400-400)
• codeql (519-519)

lib/config-utils.js (3)

• fs (60-60)
• path (61-61)
• feature_flags_1 (68-68)

lib/config-utils.test.js (4)

• fs (39-39)
• path (40-40)
• github (41-41)
• feature_flags_1 (49-49)

lib/codeql.js (1)

src/codeql.ts (9)

• setupCodeQL (329-398)
• getCodeQL (403-408)
• setCodeQL (433-490)
• getCodeQLForTesting (511-515)
• getCodeQLForCmd (525-1137)
• getExtraOptions (1190-1205)
• getTrapCachingExtractorConfigArgs (1300-1309)
• getTrapCachingExtractorConfigArgsForLang (1311-1323)
• getGeneratedCodeScanningConfigPath (1330-1332)

lib/analyze.js (2)

lib/util.js (6)

• result (160-160)
• path (85-85)
• io (89-89)
• message (829-830)
• error (136-136)
• databasePath (548-548)

lib/analyze-action.js (10)

• util (63-63)
• error (252-252)
• config (157-157)
• branches (197-197)
• logger (174-174)
• cleanupLevel (204-204)
• diffRangePackDir (198-200)
• features (195-195)
• statusReport (59-59)
• codeql (184-184)

lib/analyze-action.js (4)

lib/upload-lib.js (4)

• status (488-488)
• util (68-68)
• actionsUtil (55-55)
• environment_1 (62-62)

lib/analyze.js (7)

• dependency_caching_1 (57-57)
• util (68-68)
• autobuild_1 (55-55)
• languages_1 (62-62)
• actionsUtil (53-53)
• environment_1 (60-60)
• feature_flags_1 (61-61)

lib/diff-informed-analysis-utils.js (3)

• actionsUtil (43-43)
• feature_flags_1 (44-44)
• branches (88-88)

lib/status-report.js (1)

• environment_1 (47-47)

🪛 Biome (1.9.4)

lib/config-utils.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/config-utils.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/diff-informed-analysis-utils.js

[error] 1-1: Redundant use strict directive.

The entire contents of JavaScript modules are automatically in strict mode, with no statement needed to initiate it.
Safe fix: Remove the redundant use strict directive.

(lint/suspicious/noRedundantUseStrict)

---

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/codeql.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 817-817: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

lib/analyze.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 318-318: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

lib/analyze-action.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 167-167: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 168-168: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

---

[error] 169-169: Avoid the delete operator which can impact performance.

Unsafe fix: Use an undefined assignment instead.

(lint/performance/noDelete)

🔇 Additional comments (66)

lib/codeql.js (23)

18-34: Improved module property retrieval logic.

The __importStar function has been refactored to enhance property name retrieval from modules. The new implementation adds a dedicated ownKeys function that cleanly handles property retrieval, making the code more maintainable and robust.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

36-45: Enhanced export clarity through individual exports.

Export statements have been reorganized to use individual exports rather than a group export, which improves code readability and makes the exported functionality more explicit and easier to track.

---

77-89: Updated version constants for compatibility.

The minimum required CodeQL version has been updated from 2.12.6 to 2.15.5, and the GHES deprecation information has been updated to reflect new timelines. This change ensures the Action remains compatible with supported versions of CodeQL CLI and GitHub Enterprise Server.

---

102-102: Added support for cache cleanup feature.

A new version constant was added to check for cache cleanup feature support in CodeQL CLI 2.17.1+, which allows for more optimal handling of database cleanup operations.

---

116-119: Enhanced setupCodeQL with features parameter and logging.

The function signature now includes a features parameter and adds logging for bundle download status, improving debugging capabilities and enabling feature-based functionality.

---

130-134: Added zstdAvailability to setupCodeQL return value.

The return object now includes zstdAvailability, which allows consumers to check whether zstd compression is available for database operations, enabling optimized database handling.

---

137-142: Improved error handling for disk space issues.

The error handling has been enhanced to detect disk space issues specifically, which provides more helpful error messages when the CLI fails due to insufficient disk space.

---

186-186: Enhanced betterResolveLanguages default implementation.

The default implementation for betterResolveLanguages now returns a properly structured object with empty aliases and extractors collections, ensuring consistent API behavior when the method is not fully implemented.

---

239-241: Standardized command execution with runCli.

The code has been refactored to use the new runCli wrapper function consistently throughout the codebase, which provides better error handling and centralizes command execution logic.

Also applies to: 253-253, 301-317, 343-343, 346-354, 361-371, 396-396, 405-406, 422-423, 441-442, 460-461, 481-481, 524-526, 535-535, 563-564, 592-592, 674-674

---

258-277: Added support for Actions language and overlay database modes.

The databaseInitCluster method has been enhanced to support:

1. The Actions language extractor with fallback for older CLI versions
2. Different overlay database modes for incremental analysis

These improvements enable more flexible and efficient analysis configurations.

---

291-320: Implemented overlay database capabilities.

Added conditional logic for overlay database operations, including:

1. Support for different overwrite flag formats based on CLI version
2. Different initialization approaches based on overlay mode
3. Generation of base database OIDs file when necessary

This enables more efficient incremental analysis by focusing only on changed files.

---

365-366: Added working directory specification for build mode extraction.

The code now explicitly sets the working directory for build mode extraction to the current process working directory, ensuring consistent behavior across different environments.

---

377-378: Improved error message with documentation link.

Error messages for automatic build failures now include a link to documentation, helping users understand how to resolve build issues more effectively.

---

419-419: Added extractor alias support to multiple commands.

The --extractor-include-aliases flag has been added to several CLI commands, enabling better language detection and improved support for language variants and aliases.

Also applies to: 454-454, 645-645

---

474-474: Added intra-layer parallelism for query execution.

The --intra-layer-parallelism flag has been added to the database run-queries command, which can improve performance by executing queries in parallel within the same layer.

---

483-527: Enhanced SARIF output configuration.

The databaseInterpretResults method has been updated with:

1. New flags for improved SARIF output quality
2. Support for query help inclusion
3. Support for sublanguage file coverage
4. Support for job run UUID SARIF options

These improvements enhance the usefulness of SARIF results for security analysis.

---

498-500: Improved query results with better documentation and tracking.

Added the following flags to SARIF output:

1. --sarif-include-query-help=always ensures query explanations are always included
2. --sublanguage-file-coverage provides better tracking of file coverage
3. Job run UUID options enable traceability between CI runs and results

These additions improve the quality and usefulness of security scan results.

---

503-505: Added conditional SARIF run property support.

The code now conditionally adds SARIF run property flag if provided, enabling better integration with CI/CD systems through custom run properties.

---

515-517: Ensured consistent analysis summary format.

Added condition to check if the CLI version supports AnalysisSummaryV2 as default, falling back to explicitly requesting the new analysis summary format for older versions. This ensures consistent output format across different CLI versions.

---

582-590: Dynamic cache cleanup flag selection.

The database cleanup command now dynamically selects between --cache-cleanup and --mode flags based on the CLI version, ensuring compatibility with both newer and older CLI versions.

---

754-764: Added robust CLI execution wrapper.

The new runCli function centralizes command execution and error handling, ensuring that CLI errors are properly wrapped and categorized. This improves error diagnostics and allows for more consistent error handling throughout the codebase.

---

838-838: Updated trap cache write condition.

The trap cache write condition now uses the imported isAnalyzingDefaultBranch function from git-utils, which provides more accurate determination of when to write to the cache based on the git branch being analyzed.

---

873-879: Added job run UUID tracking for SARIF output.

This new function enables tracking analysis runs through the CI/CD system by conditionally adding job run UUID to SARIF output, which improves traceability of scan results back to their originating CI job.

lib/config-utils.test.js (7)

46-46: LGTM: New cache utilities dependency.

Adding the caching utilities import properly supports the new dependency caching functionality being introduced.

---

67-67: LGTM: Dependency caching configuration for tests.

The addition of dependencyCachingEnabled with a default of None properly configures the test environment for the new caching functionality.

---

301-301: LGTM: Consistent expected configuration.

The expected configuration properly includes the dependency caching setting, maintaining test validity.

---

785-796: Excellent refactoring of test cases.

Using a loop with an array of test configurations is a great improvement that reduces code duplication and makes the tests more maintainable. This pattern will make it easier to add support for additional languages in the future.

---

797-802: LGTM: Well-structured test for build mode override.

This test correctly verifies that build mode is not overridden when the relevant feature flag is disabled.

---

803-808: LGTM: Proper isolation of language-specific behavior.

This test correctly verifies that build mode override only applies to the targeted language, not affecting other languages.

---

809-819: LGTM: Proper fallback behavior verification.

This test correctly validates the fallback to autobuild mode when analyzing code with a disabled buildless feature flag, including verification of the appropriate warning message.

lib/analyze-action.js (11)

48-53: LGTM: New utility imports for enhanced functionality.

Adding imports for caching utilities, dependency caching, and diff-informed analysis properly supports the new features being introduced.

---

78-78: LGTM: Updated cache size calculation.

Using the improved getTotalCacheSize function provides a more accurate measurement for status reporting.

---

124-152: Code simplification by removing unused parameter.

The runAutobuildIfLegacyGoWorkflow function has been improved by removing the unused features parameter, making the function signature cleaner and more focused.

---

171-173: LGTM: Improved accessibility of inputs.

Calling persistInputs() ensures inputs are accessible in the post step, which improves workflow reliability.

---

190-190: LGTM: Exporting output directory variable.

Properly exporting the output directory as an environment variable makes it accessible to other parts of the workflow.

---

197-200: LGTM: Added support for diff-informed analysis.

Using the new diff-informed analysis utilities to set up branch information for targeted analysis is a valuable addition.

---

204-204: LGTM: Customizable cleanup level.

Adding a configurable cleanup level with a sensible default improves flexibility for users.

---

206-210: LGTM: Consistent use of cleanup level.

The cleanup level is properly passed to both the query and cleanup operations, ensuring consistent behavior.

---

219-219: LGTM: Updated upload method.

The change to use uploadFiles instead of uploadFromActions reflects an improvement in the upload functionality.

---

233-236: LGTM: Added dependency cache storage.

The addition of dependency cache storage is a valuable optimization that will improve performance in subsequent runs.

---

257-259: LGTM: Consolidated error handling.

Using a ternary operator to determine the appropriate parameters based on error type is a clean way to consolidate error handling logic.

lib/diff-informed-analysis-utils.js (7)

40-44: LGTM: Proper imports for core functionality.

The file imports the necessary modules to support diff-informed analysis functionality.

---

45-69: LGTM: Well-implemented PR branches detection.

The getPullRequestBranches function correctly handles both standard PR context and Default Setup scenarios, with clear comments explaining the different cases.

---

73-76: LGTM: Clear feature status check.

The shouldPerformDiffInformedAnalysis function provides a simple way to determine if diff-informed analysis should be performed.

---

84-94: LGTM: Feature flag check before enabling functionality.

Properly checking the feature flag before proceeding with diff-informed analysis ensures the feature can be safely controlled.

---

95-97: LGTM: Clear path construction.

The getDiffRangesJsonFilePath function creates a consistent path for storing diff range information.

---

98-103: LGTM: Proper file writing with logging.

The writeDiffRangesJsonFile function handles the JSON serialization and file writing with appropriate debug logging.

---

104-113: LGTM: Robust file reading with error handling.

The readDiffRangesJsonFile function includes proper existence checks and debug logging for transparency.

lib/config-utils.js (10)

36-59: LGTM: Expanded and organized exports.

The reorganized exports with individual export statements improve clarity and make the module structure more explicit.

---

66-67: LGTM: New utility imports.

Adding imports for caching utilities and diff-informed analysis properly supports the new features being introduced.

---

83-83: LGTM: Default query filter preparation.

Adding the defaultQueryFilters property to the augmentation properties sets up the foundation for diff-informed analysis filtering.

---

169-169: LGTM: Using the improved language resolver.

Updating to use betterResolveLanguages() for language alias resolution improves the robustness of language detection.

---

229-229: LGTM: Updated function signatures for dependency caching.

Adding the dependencyCachingEnabled parameter to getDefaultConfig and loadConfig supports the new caching functionality.

Also applies to: 264-264

---

248-248: LGTM: Proper caching kind resolution.

Using getCachingKind ensures consistent handling of the dependency caching configuration.

Also applies to: 298-298

---

323-338: LGTM: Enhanced augmentation with diff-informed query filtering.

The updated calculateAugmentation function now properly adds filters to exclude queries tagged with "exclude-from-incremental" when performing diff-informed analysis.

---

434-437: Simplified error handling in parsePacksSpecification.

The error handling has been improved by directly throwing a new error without capturing the original error, which is cleaner and more concise since the caught error is not used.

---

522-527: LGTM: Security improvement for registry handling.

The new parseRegistriesWithoutCredentials function enhances security by extracting only the non-sensitive information from registries, which is useful for situations where credentials should not be exposed.

---

697-701: LGTM: Consistent language-specific build mode handling.

Adding support for C# in the parseBuildModeInput function ensures consistent behavior with Java when buildless scanning is temporarily unavailable.

lib/analyze.js (8)

70-77: Improved error handling in CodeQLAnalysisError

The updated constructor now captures the original error object, which provides better context for debugging and error reporting. This improvement will make troubleshooting issues easier.

---

107-114: Good improvement for Java dependency caching

This enhancement properly sets up Java dependency caching by placing dependencies in a stable path rather than the default scratch directory that gets removed. This ensures dependencies can be effectively cached between workflow runs, improving performance for Java projects.

---

136-139: Simplified error handling

Good cleanup by removing the unused error parameter in the catch block. This makes the code cleaner and follows best practices for exception handling in JavaScript.

---

162-182: Well-implemented diff-informed analysis setup

The new setupDiffInformedQueryRun function is well structured with proper error handling, clear logging, and graceful fallback to full analysis when needed. This feature should improve performance by focusing analysis only on changed code in pull requests.

---

389-400: Well-integrated query configuration for diff-informed analysis

The updated query configuration logic appropriately handles both the cleanup level and diff-informed analysis settings. Good job adding the necessary flags and setting the status report based on the new parameters.

---

445-445: Updated error handling consistent with constructor changes

This line correctly passes the wrapped error to the CodeQLAnalysisError constructor, consistent with the earlier constructor changes for improved error handling.

---

193-216: Comprehensive implementation of diff-informed analysis utilities

The suite of new functions for diff-informed analysis is well-designed and thorough:

1. getPullRequestEditedDiffRanges - Handles API limits and edge cases appropriately
2. getFileDiffsWithBasehead - Good error handling and repository determination
3. getDiffRanges - Robust parsing of diff patches with handling for special cases
4. writeDiffRangeDataExtensionPack - Properly creates extension packs with handling for edge cases

The code is well-documented with clear JSDoc comments explaining purpose and parameters.

Also applies to: 217-245, 246-322, 333-384

---

525-527: Good testing support

Exporting the getDiffRanges function for testing is good practice, especially given its complexity. This will facilitate thorough unit testing of this critical component.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

lib/api-client.test.js (1)

18-34: Improved module import handling implementation

The updated __importStar function now uses a more robust method to retrieve object properties through Object.getOwnPropertyNames with a fallback to manual enumeration. This ensures all module properties are correctly processed during imports.

Consider using optional chaining to simplify the condition on line 28:

-        if (mod && mod.__esModule) return mod;
+        if (mod?.__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/api-client.js (1)

18-34: Improved module import handling implementation

The updated __importStar function now uses a more robust method to retrieve object properties through Object.getOwnPropertyNames with a fallback to manual enumeration. This ensures all module properties are correctly processed during imports.

Consider using optional chaining to simplify the condition on line 28:

-        if (mod && mod.__esModule) return mod;
+        if (mod?.__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dab8a02 and e13fe0d.

⛔ Files ignored due to path filters (7)

• lib/api-client.js.map is excluded by !**/*.map
• lib/api-client.test.js.map is excluded by !**/*.map
• lib/status-report.js.map is excluded by !**/*.map
• lib/status-report.test.js.map is excluded by !**/*.map
• lib/upload-lib.js.map is excluded by !**/*.map
• lib/upload-lib.test.js.map is excluded by !**/*.map
• lib/upload-sarif-action.js.map is excluded by !**/*.map

📒 Files selected for processing (2)

• lib/api-client.js (4 hunks)
• lib/api-client.test.js (2 hunks)

🧰 Additional context used

🧬 Code Definitions (1)

lib/api-client.js (1)

src/api-client.ts (12)

• getApiDetails (57-63)
• getApiClient (65-67)
• getApiClientWithExternalAuth (69-73)
• getGitHubVersionFromApi (77-103)
• getGitHubVersion (112-120)
• getWorkflowRelativePath (125-152)
• getAnalysisKey (161-175)
• getAutomationID (177-182)
• computeAutomationID (184-205)
• listActionsCaches (215-230)
• deleteActionsCache (233-241)
• wrapApiConfigurationError (243-262)

🪛 Biome (1.9.4)

lib/api-client.test.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/api-client.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

🔇 Additional comments (5)

lib/api-client.test.js (1)

123-158: Good test coverage for error handling scenarios

These new test cases thoroughly validate the wrapApiConfigurationError function's behavior across various error scenarios, including arbitrary errors, configuration errors, and HTTP errors with specific messages. The coverage is comprehensive and ensures the function correctly wraps API errors as configuration errors when appropriate.

lib/api-client.js (4)

39-51: Improved code organization with explicit exports

The exports have been reorganized to explicitly list each exported entity, which improves code readability and maintainability by making the module's public API clear.

---

125-131: Good refactoring using repository utility

Using getRepositoryNwo() instead of string splitting is a good improvement that centralizes repository identification logic and makes the code more maintainable.

---

134-140: Improved handling for required workflows

The added regex check and conditional logic for required workflows enhances robustness by handling cases where the workflow URL is invalid or missing. The informative comments clearly explain the rationale.

---

207-216: Enhanced error handling with specific error messages

The expanded conditions for identifying specific error types improve user experience by providing more helpful error messages. The error handling now covers more HTTP error scenarios with clear guidance for users.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Consider addressing the type safety issue instead of disabling the check

The ESLint directive disables a TypeScript type safety check when calling apiClient.rest.meta.get(). While sometimes necessary, it would be better to properly type the API client or use a type assertion if possible.

---

🌐 Web query:

What are the best practices for handling TypeScript unsafe calls in Octokit?

💡 Result:

To handle TypeScript unsafe calls in Octokit effectively, follow these best practices based on industry standards and Octokit-specific patterns:

Type-Safe Error Handling

Use Octokit's official error types like RequestError from @octokit/types to handle API errors safely[9]. Example implementation:

import { RequestError } from '@octokit/types';

try {
  await octokit.rest.search.commits({ q: 'fix' });
} catch (error) {
  if (error instanceof RequestError) {
    // Type-safe access to error properties
    console.error(`GitHub API error: ${error.status} - ${error.message}`);
    if (error.errors) {
      error.errors.forEach(err => console.log(err.field, err.message));
    }
  }
}

ESLint Configuration

Enable these critical TypeScript ESLint rules in your config:

{
  "@typescript-eslint/no-unsafe-call": "error",
  "@typescript-eslint/no-unsafe-argument": "error",
  "@typescript-eslint/no-unsafe-member-access": "error",
  "@typescript-eslint/strict-boolean-expressions": "error"
}

These rules prevent[1][5][6][10]:

• Calling any-typed values as functions
• Passing unsafe arguments to Octokit methods
• Accessing potentially undefined properties

Response Validation

Use Zod for runtime validation of API responses:

import { z } from 'zod';

const commitSchema = z.object({
  sha: z.string(),
  author: z.object({
    login: z.string()
  })
});

// Validate Octokit response
const safeData = commitSchema.parse(await octokit.rest.search.commits());
console.log(safeData.author.login); // Type-safe access

Type Assertions

When necessary, use explicit type assertions with ESLint overrides:

// eslint-disable-next-line @typescript-eslint/no-unsafe-argument
octokit.rest.issues.createComment({
  owner: 'github',
  repo: 'docs',
  issue_number: 123,
  body: userInput as string
});

Configuration Best Practices

1. Enable strict mode in tsconfig.json:

   {
     "compilerOptions": {
       "strict": true
     }
   }

2. Use @typescript-eslint/recommended-type-checked preset[4][8]
3. Avoid any in favor of unknown with type guards[4][7]

These practices help maintain type safety while working with Octokit's API surface[3][9][10]. For legacy codebases, incrementally adopt stricter rules using targeted ESLint disable comments[2][6].

Citations:

• 1: https://dev.to/samabaasi/avoiding-unsafe-calls-in-javascript-and-react-projects-with-eslint-4gko
• 2: https://cmdcolin.github.io/posts/2023-08-20-typescriptlint
• 3: https://snyk.io/blog/best-practices-react-typescript-security/
• 4: https://typescript-eslint.io/blog/avoiding-anys/
• 5: https://typescript-eslint.io/rules/no-unsafe-argument/
• 6: https://typescript-eslint.io/rules/no-unsafe-call
• 7: https://typescript-eslint.io/rules/no-unsafe-call/
• 8: https://www.npmjs.com/package/@typescript-eslint/eslint-plugin/v/5.29.1-alpha.3
• 9: Improve error handling by adding types for Octokit error octokit/core.js#156
• 10: https://hackernoon.com/making-typescript-truly-strongly-typed

---

Type Safety Update Requested: Use Explicit Type Assertions or Update API Types Instead of Disabling Type Checks

Rather than disabling the ESLint rule for unsafe calls at line 95 in lib/api-client.js, consider one of the following improvements:

• Explicit Type Assertion: If you're confident about the expected return structure of apiClient.rest.meta.get(), use an explicit type assertion (e.g., as YourExpectedType) to safely bypass the warning.
• Enhanced Typing for API Client: Update the API client’s type definitions so that TypeScript can correctly infer and check the types without relying on ESLint overrides.
• Improved Error Handling: Adopt Octokit’s best practices by using its official error types (e.g., RequestError) to wrap and handle API calls in try/catch blocks. This will help ensure that any type-unsafe behavior is caught and managed appropriately.

Implementing either approach will maintain type safety without sacrificing the benefits of static analysis.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (11)

lib/init-action-post.js (1)

33-33: Consider using optional chaining for null safety.

The static analysis tool suggests using optional chaining here, which would make the code more resilient to potential null/undefined values.

-        if (mod && mod.__esModule) return mod;
+        if (mod?..__esModule) return mod;

🧰 Tools

🪛 Biome (1.9.4)

[error] 33-33: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/debug-artifacts.js (1)

202-211: Consider handling JSON parse errors more specifically.

While the current implementation correctly catches and handles JSON parsing errors, it would be more informative to log the specific error message rather than providing a generic message.

    try {
        for (const [, matrixVal] of Object.entries(JSON.parse(matrix)).sort())
            suffix += `-${matrixVal}`;
    }
-    catch {
-        core.info("Could not parse user-specified `matrix` input into JSON. The debug artifact will not be named with the user's `matrix` input.");
+    catch (error) {
+        core.info(`Could not parse user-specified 'matrix' input into JSON: ${error.message}. The debug artifact will not be named with the user's 'matrix' input.`);
    }

CHANGELOG.md (5)

5-8: UNRELEASED section entry.
The changelog’s [UNRELEASED] section now includes a "No user facing changes." entry (lines 7–8). This is clear; however, ensure that this message accurately reflects the upcoming changes.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.15 - 07 Apr 2025 - F...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

9-17: New entries for versions 3.28.15 and 3.28.14.
Entries for versions 3.28.15 and 3.28.14 (lines 9–17) are detailed and include bug fixes and a default bundle version update. Please check that the version descriptions and links (e.g. [github#2842], [github#2838]) are correct. Also, consider ensuring that any compound adjectives follow your team’s punctuation style (e.g. hyphenation) as suggested by static analysis.

🧰 Tools

🪛 LanguageTool

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.15 - 07 Apr 2025 - Fix bug where the action ...

(DASH_RULE)

---

[typographical] ~13-~13: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2842) ## 3.28.14 - 07 Apr 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~17-~17: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2838) ## 3.28.13 - 24 Mar 2025 No user facing changes. ##...

(DASH_RULE)

---

35-43: Entries for versions 3.28.9 to 3.28.7.
The changelog entries from version 3.28.9 up through 3.28.7 (lines 35–43) are consistent with previous versions. They include version updates and note when no user facing changes occur. Minor typographical improvements (such as consistent use of en-dashes) might be considered.

🧰 Tools

🪛 LanguageTool

[typographical] ~35-~35: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

---

[typographical] ~43-~43: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

79-83: Versions 3.27.9 to 3.27.8 entries.
These entries (lines 79–83) communicate that there are either no user facing changes or minor adjustments (including proxy-related fixes). Consider a brief review of the formatting (e.g. hyphen usage) if your team follows a strict style guide.

🧰 Tools

🪛 LanguageTool

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~81-~81: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~83-~83: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

---

149-155: Versions 3.26.9 and 3.26.8 entries.
These entries (lines 149–155) indicate that there are no user facing changes or contain minimal version updates. Minor formatting improvements (e.g. en-dash usage) could be applied if desired.

🧰 Tools

🪛 LanguageTool

[uncategorized] ~150-~150: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

lib/analyze.js (4)

69-70: Avoid redundant dual imports from the same file
The code is importing from "./util" both with __importStar and with a named import. This can introduce confusion. Consider consolidating them into a single import style.

-const util = __importStar(require("./util"));
-const util_1 = require("./util");
+// For example:
+const util = require("./util");

---

71-76: Remove redundant reassignment of this.message
Since super(message) already sets the error message, there's no need to manually reassign this.message.

 constructor(queriesStatusReport, message, error) {
   super(message);
-  this.message = message;
   this.error = error;
   this.name = "CodeQLAnalysisError";
 }

---

219-241: Double-check logging of potentially sensitive data
The debug log includes the entire response object, which might contain sensitive data. Consider redacting or conditionally omitting potentially sensitive fields in logs to avoid accidental PII or secrets leakage.

---

273-321: Remove unnecessary continue statement
The continue statement in this loop appears to be redundant. Omitting it after incrementing currentLine will not change the logic.

-  currentLine++;
-  continue;
+  currentLine++;

🧰 Tools

🪛 Biome (1.9.4)

[error] 318-318: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e13fe0d and c7dbb20.

⛔ Files ignored due to path filters (5)

• lib/analyze.js.map is excluded by !**/*.map
• lib/debug-artifacts.js.map is excluded by !**/*.map
• lib/feature-flags.js.map is excluded by !**/*.map
• lib/init-action-post.js.map is excluded by !**/*.map
• node_modules/.package-lock.json is excluded by !**/node_modules/**

📒 Files selected for processing (8)

• .github/actions/prepare-test/action.yml (2 hunks)
• .github/actions/release-branches/action.yml (1 hunks)
• CHANGELOG.md (2 hunks)
• lib/analyze.js (9 hunks)
• lib/debug-artifacts.js (2 hunks)
• lib/defaults.json (1 hunks)
• lib/feature-flags.js (6 hunks)
• lib/init-action-post.js (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• lib/defaults.json

🧰 Additional context used

🧬 Code Graph Analysis (3)

lib/debug-artifacts.js (1)

src/debug-artifacts.ts (5)

• sanitizeArtifactName (30-32)
• uploadCombinedSarifArtifacts (38-88)
• tryUploadAllAvailableDebugArtifacts (168-243)
• uploadDebugArtifacts (245-303)
• getArtifactUploaderClient (309-324)

lib/init-action-post.js (5)

lib/debug-artifacts.js (3)

• actions_util_1 (51-51)
• util_1 (57-57)
• core (48-48)

lib/status-report.js (5)

• actions_util_1 (45-45)
• api_client_1 (46-46)
• util_1 (51-51)
• repository_1 (50-50)
• core (44-44)

lib/api-client.js (4)

• actions_util_1 (56-56)
• util_1 (58-58)
• repository_1 (57-57)
• core (52-52)

lib/init-action-post-helper.js (5)

• api_client_1 (43-43)
• util_1 (50-50)
• repository_1 (47-47)
• feature_flags_1 (46-46)
• core (40-40)

lib/actions-util.js (1)

• core (54-54)

lib/feature-flags.js (9)

lib/upload-lib.js (2)

• tools_features_1 (69-69)
• util (70-70)

lib/codeql.js (2)

• tools_features_1 (60-60)
• util (62-62)

lib/setup-codeql.js (1)

• util (62-62)

lib/analyze.js (2)

• tools_features_1 (65-65)
• util (68-68)

lib/debug-artifacts.js (1)

• tools_features_1 (56-56)

lib/init-action.js (1)

• tools_features_1 (57-57)

lib/codeql.test.js (2)

• tools_features_1 (59-59)
• util (60-60)

lib/init.js (2)

• tools_features_1 (54-54)
• util (56-56)

lib/feature-flags.test.js (1)

• tools_features_1 (48-48)

🪛 Biome (1.9.4)

lib/debug-artifacts.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/init-action-post.js

[error] 33-33: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

lib/analyze.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 36-36: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

[error] 318-318: Unnecessary continue statement

Unsafe fix: Delete the unnecessary continue statement

(lint/correctness/noUnnecessaryContinue)

lib/feature-flags.js

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

🪛 LanguageTool

CHANGELOG.md

[uncategorized] ~7-~7: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...nd language packs. ## [UNRELEASED] No user facing changes. ## 3.28.15 - 07 Apr 2025 - F...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~9-~9: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ED] No user facing changes. ## 3.28.15 - 07 Apr 2025 - Fix bug where the action ...

(DASH_RULE)

---

[typographical] ~13-~13: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2842) ## 3.28.14 - 07 Apr 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~17-~17: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2838) ## 3.28.13 - 24 Mar 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~19-~19: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2838) ## 3.28.13 - 24 Mar 2025 No user facing changes. ## 3.28.12 - 19 Mar 2025 - D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~21-~21: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...025 No user facing changes. ## 3.28.12 - 19 Mar 2025 - Dependency caching should...

(DASH_RULE)

---

[typographical] ~26-~26: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2810) ## 3.28.11 - 07 Mar 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~30-~30: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~35-~35: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2768) ## 3.28.9 - 07 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~39-~39: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2753) ## 3.28.8 - 29 Jan 2025 - Enable support for Kotlin...

(DASH_RULE)

---

[typographical] ~43-~43: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~45-~45: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2744) ## 3.28.7 - 29 Jan 2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~47-~47: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

---

[typographical] ~51-~51: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~55-~55: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~57-~57: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2717) ## 3.28.4 - 23 Jan 2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~59-~59: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~65-~65: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~67-~67: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~69-~69: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

---

[typographical] ~74-~74: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~79-~79: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~81-~81: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2660). ## 3.27.9 - 12 Dec 2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~83-~83: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where stre...

(DASH_RULE)

---

[style] ~85-~85: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.8 - 12 Dec 2024 - Fixed an issue where streaming the download a...

(FIX_RESOLVE)

---

[typographical] ~87-~87: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

---

[typographical] ~92-~92: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~100-~100: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~102-~102: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~104-~104: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~106-~106: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~108-~108: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

---

[style] ~110-~110: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

---

[typographical] ~112-~112: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

---

[typographical] ~117-~117: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

[typographical] ~123-~123: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~125-~125: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~127-~127: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[style] ~133-~133: Consider using a more polite wording.
Context: ...ult version. - Alternatively, if you want to continue using a version of the Code...

(IF_YOU_WANT)

---

[typographical] ~135-~135: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[typographical] ~144-~144: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

---

[style] ~146-~146: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

---

[typographical] ~148-~148: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~150-~150: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Up...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~152-~152: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.8 - 19 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~160-~160: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~164-~164: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[typographical] ~168-~168: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

[typographical] ~177-~177: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~181-~181: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~183-~183: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~185-~185: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

[typographical] ~190-~190: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~194-~194: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

[typographical] ~198-~198: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[style] ~203-~203: Consider using a more polite wording.
Context: ...ault version. - Alternatively, if you want to continue using a version of the Code...

(IF_YOU_WANT)

---

[typographical] ~205-~205: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

[typographical] ~210-~210: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

[typographical] ~215-~215: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~219-~219: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

[typographical] ~224-~224: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~228-~228: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

🔇 Additional comments (82)

lib/init-action-post.js (6)

23-39: The __importStar function has been refactored to be more robust.

The updated implementation now uses a custom ownKeys function to retrieve all property names from an object, ensuring that both enumerable and non-enumerable properties are properly imported from modules. This is a more comprehensive approach than the previous implementation.

🧰 Tools

🪛 Biome (1.9.4)

[error] 33-33: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

58-59: Good addition - restores inputs from the init Action.

This new line ensures that inputs from the initial Action are properly restored, maintaining state between Action steps. This is crucial for the proper functioning of this post-hook.

---

68-70: Improved debug artifact handling.

The function now attempts to upload all available debug artifacts rather than just the database bundle. This provides more comprehensive debugging capabilities.

---

75-75: Logger parameter added to checkDiskUsage call.

The checkDiskUsage function now receives the logger parameter, enabling better visibility into disk usage operations during error handling.

---

83-83: Consistent usage of logger in checkDiskUsage call.

This change ensures consistent usage of the logger parameter in checkDiskUsage calls throughout the file.

---

90-92: Enhanced logging for status report actions.

Adding logging before and after sending the status report improves the observability of this process, making it easier to diagnose issues.

lib/debug-artifacts.js (11)

18-34: Updated __importStar implementation with improved property retrieval.

The refactored implementation now correctly handles property retrieval from modules by using a more robust implementation of ownKeys. This approach properly extracts all properties from imported modules, ensuring no properties are missed during the import process.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

39-43: Updated exports to include new debugging artifact functions.

The exports have been reorganized to fix a typo (sanitizeArifactName → sanitizeArtifactName) and to include several new functions that enhance the debugging artifact capabilities: uploadCombinedSarifArtifacts, tryUploadAllAvailableDebugArtifacts, and getArtifactUploaderClient.

---

58-60: Fixed function name typo: sanitizeArifactName → sanitizeArtifactName

The function name has been corrected from the misspelled sanitizeArifactName to the correctly spelled sanitizeArtifactName, maintaining consistent naming conventions throughout the codebase.

---

65-92: New function to upload combined SARIF files as debug artifacts.

This new function leverages environment variables to conditionally upload combined SARIF files for debugging purposes. The implementation gracefully handles errors and provides clear logging throughout the process.

---

98-117: Well-implemented helper function to prepare SARIF debug artifacts.

This function properly checks for the existence of SARIF files, copies them to the appropriate location, and handles errors gracefully with informative warning messages.

---

123-140: Robust function for database bundling with fallback mechanisms.

The implementation includes proper error handling and a fallback to partial bundling when full bundling via CLI fails. This ensures that debug artifacts are still available even in cases where the database hasn't been fully finalized.

---

146-191: Comprehensive implementation for collecting and uploading debug artifacts.

This function systematically collects various debug artifacts (SARIF results, database logs, cluster logs) for each language, with proper error handling and logging at each step. The structured approach with logging groups improves readability and debugging capabilities.

---

192-200: Improved error handling in uploadDebugArtifacts function.

The function now properly checks for empty artifact arrays and CLI compatibility before attempting to upload, returning appropriate status messages. This prevents unnecessary processing and provides clearer feedback to users.

---

212-225: Well-structured artifact upload with proper error handling.

The implementation correctly determines the appropriate artifact client, handles normalization of file paths, and sets a reasonable retention period for debug artifacts. The error handling prevents failures from affecting the entire action.

---

230-239: Cross-environment compatibility with clear logging.

The function intelligently selects the appropriate artifact client based on the GitHub environment, ensuring compatibility with different GitHub variants. The informative log messages also guide users on how to consume the artifacts.

---

253-267: Improved zip file creation with proper error handling.

The implementation uses the archiver library with appropriate event handlers for errors and warnings. The code correctly distinguishes between ignorable ENOENT warnings and other errors that should be propagated.

lib/feature-flags.js (8)

18-34: No issues: utility function for ES module imports
This helper logic is a standard TypeScript/JavaScript pattern for importing all module properties. It looks correct and poses no immediate issues.

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

36-36: Reassignment of exports
This single-line export assignment is harmless and remains consistent with typical TypeScript transpiled output.

---

61-61: New feature flags added to the enum
The newly introduced enum members (CppBuildModeNone, DiffInformedQueries, DisableCsharpBuildless, RustAnalysis, ZstdBundleStreamingExtraction) follow a clear naming pattern and do not conflict with existing entries.

Also applies to: 63-64, 71-72

---

75-90: Feature configuration updates for C++ build options and zstd streaming
The updated default values, environment variables, and minimum versions for CleanupTrapCaches, CppBuildModeNone, ZstdBundleStreamingExtraction, and CppDependencyInstallation are consistent with the rest of the configuration.

---

96-104: Addition of DiffInformedQueries and DisableCsharpBuildless configurations
Both features have clearly defined default values, environment variables, and version requirements.

---

124-139: Configs for ExtractToToolcache, Python stdlib extraction, and RustAnalysis
These new features introduce straightforward default values, environment variables, and optional minimum versions. Notably, PythonDefaultIsToNotExtractStdlib references a toolsFeature to ensure CLI support, which is handled properly.

---

262-262: Refined filtering logic
Using .filter((f) => f !== undefined) is a clear way to exclude empty mappings. No issues found.

---

351-352: Expanded GitHub variant check
Including GHE_DOTCOM in the condition is logical to identify environments beyond standard DOTCOM. This ensures consistent feature flag fallback behavior in these environments.

.github/actions/prepare-test/action.yml (7)

11-14: Addition of the setup-kotlin input.
The new required input setup-kotlin (lines 11–14) has been added with a default value of 'true'. This clearly supports the PR objective to optionally set up Kotlin.

---

32-34: Environment variable assignment for get-url step.
Defining VERSION and USE_ALL_PLATFORM_BUNDLE in the env: block clarifies parameter usage. Please verify that these are passed correctly to the shell commands.

---

38-44: Handling of special version keywords.
The conditional checks for handling the special cases 'linked' and 'default' (lines 38–44) are logical. Confirm that echoing an empty tools URL for the 'default' case is the desired behavior.

---

46-50: Determining the file extension.
The logic to assign extension based on whether $VERSION equals "nightly-latest" and the runner isn’t Windows (lines 46–50) is clear and concise.

---

52-63: Artifact name construction based on platform.
The conditional block (lines 52–63) that sets the variable artifact_name depending on both the USE_ALL_PLATFORM_BUNDLE flag and the value of $RUNNER_OS is well structured. Make sure that the values of $RUNNER_OS (e.g. "Linux", "macOS", "Windows") exactly match what’s provided by the runtime environment.

---

65-77: Building the tools URL.
The series of conditions to generate the final tools-url based on different $VERSION inputs (lines 65–77) is correctly implemented. No issues were found here.

---

79-83: Integration of Kotlin setup action.
The new step that calls the fwilhe2/setup-kotlin@9c245a6425255f5e98ba1ce6c15d31fce7eca9da action (lines 79–83) properly uses an if: condition to check that inputs.setup-kotlin equals 'true'. Verify that the hardcoded version (1.8.21) is the intended version for your workflows.

.github/actions/release-branches/action.yml (1)

21-28: Refactored parameter passing using environment variables.
Assigning MAJOR_VERSION and LATEST_TAG to environment variables (lines 21–24) and then using them as arguments when calling release-branches.py (lines 25–27) improves clarity and consistency. This change makes it easier to manage version information for release/branch determination.

CHANGELOG.md (29)

21-25: Version 3.28.12 updates.
The details provided for version 3.28.12 (lines 21–25) are informative, mentioning improvements in dependency caching and the default bundle version bump to 2.20.7.

🧰 Tools

🪛 LanguageTool

[typographical] ~21-~21: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...025 No user facing changes. ## 3.28.12 - 19 Mar 2025 - Dependency caching should...

(DASH_RULE)

---

26-29: Version 3.28.11 entry.
The changelog for version 3.28.11 (lines 26–29) documents a bundle version update to 2.20.6. The entry is clear and concise.

🧰 Tools

🪛 LanguageTool

[typographical] ~26-~26: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2810) ## 3.28.11 - 07 Mar 2025 - Update default CodeQL bun...

(DASH_RULE)

---

30-34: Version 3.28.10 updates.
The entry for version 3.28.10 (lines 30–34) details the bundle version bump to 2.20.5 and addresses a decompression issue on macOS. This dual update is clearly written.

🧰 Tools

🪛 LanguageTool

[typographical] ~30-~30: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2793) ## 3.28.10 - 21 Feb 2025 - Update default CodeQL bun...

(DASH_RULE)

---

47-51: Version 3.28.6 and 3.28.5 entries.
The updates for versions 3.28.6 and 3.28.5 (lines 47–51) correctly document the re-enabling of debug artifact uploads and a bundle version update to 2.20.3.

🧰 Tools

🪛 LanguageTool

[typographical] ~47-~47: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.6 - 27 Jan 2025 - Re-enable debug artifact ...

(DASH_RULE)

---

[typographical] ~51-~51: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2726) ## 3.28.5 - 24 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

59-64: Detailed entries for version 3.28.3.
The listing for version 3.28.3 (lines 59–64) covers several fixes—including updating the default bundle version to 2.20.2 and resolving issues with GitHub Enterprise Server downloads—and is detailed and clear.

🧰 Tools

🪛 LanguageTool

[typographical] ~59-~59: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.3 - 22 Jan 2025 - Update default CodeQL bun...

(DASH_RULE)

---

65-73: Versions 3.28.2 and 3.28.1 entries.
The changelog notes for versions 3.28.2 and 3.28.1 (lines 65–73) are succinct. In particular, the deprecation of CodeQL Action v2 and related upgrade guidance in version 3.28.1 are important for users and are well explained.

🧰 Tools

🪛 LanguageTool

[typographical] ~65-~65: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~67-~67: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2712) ## 3.28.2 - 21 Jan 2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - Co...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~69-~69: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2025 No user facing changes. ## 3.28.1 - 10 Jan 2025 - CodeQL Action v2 is now d...

(DASH_RULE)

---

74-78: Version 3.28.0 entry.
The 3.28.0 entry (lines 74–78) describes a minimum bundle version bump and a special case for failing on a file on the search path. The message is clear and concise.

🧰 Tools

🪛 LanguageTool

[typographical] ~74-~74: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2678) ## 3.28.0 - 20 Dec 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

87-91: Version 3.27.7 update.
The updates in version 3.27.7 (lines 87–91) reflect performance improvements and a bundle version bump. The information is precise and helpful.

🧰 Tools

🪛 LanguageTool

[typographical] ~87-~87: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2624) ## 3.27.7 - 10 Dec 2024 - We are rolling out a chan...

(DASH_RULE)

---

92-99: Versions 3.27.6 to 3.27.4 updates.
The changelog entries for versions 3.27.6 through 3.27.4 (lines 92–99) cover necessary fixes and version increments; the entries note when there are no user facing changes.

🧰 Tools

🪛 LanguageTool

[typographical] ~92-~92: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2636) ## 3.27.6 - 03 Dec 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~96-~96: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~98-~98: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2626) ## 3.27.5 - 19 Nov 2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

100-107: Versions 3.27.3 and 3.27.2 updates.
These entries (lines 100–107) detail further version updates and a fix regarding authorization header issues. The messaging is clear.

🧰 Tools

🪛 LanguageTool

[typographical] ~100-~100: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~102-~102: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.4 - 14 Nov 2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No u...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~104-~104: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~106-~106: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...g changes. ## 3.27.3 - 12 Nov 2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fi...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

108-116: Version 3.27.1 entry.
The 3.27.1 entry (lines 108–116) highlights the use of Zstandard-compressed bundles on GitHub Enterprise Server and an update to 2.19.3. This is well noted and should help users understand the performance benefits.

🧰 Tools

🪛 LanguageTool

[typographical] ~108-~108: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where sett...

(DASH_RULE)

---

[style] ~110-~110: Consider using a different verb for a more formal wording.
Context: ...ng changes. ## 3.27.2 - 12 Nov 2024 - Fixed an issue where setting up the CodeQL to...

(FIX_RESOLVE)

---

[typographical] ~112-~112: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2590) ## 3.27.1 - 08 Nov 2024 - The CodeQL Action now dow...

(DASH_RULE)

---

117-122: Version 3.27.0 entry.
The entry for version 3.27.0 (lines 117–122) includes branch-related fixes for the upload-sarif action and another bundle version bump. The explanation is straight-forward.

🧰 Tools

🪛 LanguageTool

[typographical] ~117-~117: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2576) ## 3.27.0 - 22 Oct 2024 - Bump the minimum CodeQL b...

(DASH_RULE)

---

123-134: Versions 3.26.13 and 3.26.12 entries.
These entries (lines 123–134) provide thoughtful deprecation warnings and highlight breaking change prerequisites. They are detailed and useful for users planning upgrades.

🧰 Tools

🪛 LanguageTool

[typographical] ~123-~123: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~125-~125: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...ull/2552) ## 3.26.13 - 14 Oct 2024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

[typographical] ~127-~127: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...024 No user facing changes. ## 3.26.12 - 07 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

[style] ~133-~133: Consider using a more polite wording.
Context: ...ult version. - Alternatively, if you want to continue using a version of the Code...

(IF_YOU_WANT)

---

135-143: Version 3.26.11 entry.
This entry (lines 135–143) covers an upcoming breaking change regarding debug artifact consumption via actions/download-artifact@v4 and is clearly communicated with links to additional context.

🧰 Tools

🪛 LanguageTool

[typographical] ~135-~135: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.26.11 - 03 Oct 2024 - _Upcoming breaking change...

(DASH_RULE)

---

144-148: Version 3.26.10 entry.
The update on setting up CodeQL using a Zstandard-compressed bundle (lines 144–148) clearly states the performance goals.

🧰 Tools

🪛 LanguageTool

[typographical] ~144-~144: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2519) ## 3.26.10 - 30 Sep 2024 - We are rolling out a feat...

(DASH_RULE)

---

[style] ~146-~146: This phrase might be unnecessarily wordy.
Context: ...dard](http://facebook.github.io/zstd/). Our aim is to improve the performance of setting u...

(MY_HOPE_IS)

---

[typographical] ~148-~148: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2502) ## 3.26.9 - 24 Sep 2024 No user facing changes. ##...

(DASH_RULE)

---

156-163: Versions 3.26.7 and 3.26.6 entries.
The updates in these entries (lines 156–163) neatly log default bundle version bumps and are consistent with previous entries.

🧰 Tools

🪛 LanguageTool

[typographical] ~156-~156: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2483) ## 3.26.7 - 13 Sep 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~160-~160: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2471) ## 3.26.6 - 29 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

164-168: Versions 3.26.5 and 3.26.4 entries.
These entries (lines 164–168) document fixes affecting telemetry calls and deprecations. The changelog is clear and concise.

🧰 Tools

🪛 LanguageTool

[typographical] ~164-~164: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2449) ## 3.26.5 - 23 Aug 2024 - Fix an issue where the `c...

(DASH_RULE)

---

[typographical] ~168-~168: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2441) ## 3.26.4 - 21 Aug 2024 - Deprecation: The `add-s...

(DASH_RULE)

---

169-176: Versions 3.26.3 and 3.26.2 entries.
The details (lines 169–176) outlining diagnostic message fixes and bundle version updates are well presented.

🧰 Tools

🪛 LanguageTool

[typographical] ~173-~173: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2434) ## 3.26.3 - 19 Aug 2024 - Fix an issue where the Co...

(DASH_RULE)

---

177-183: Version 3.26.1 entry.
This entry (lines 177–183) notes that there are no user facing changes and is clear.

🧰 Tools

🪛 LanguageTool

[typographical] ~177-~177: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2430) ## 3.26.2 - 14 Aug 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~181-~181: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ##...

(DASH_RULE)

---

[uncategorized] ~183-~183: If this is a compound adjective that modifies the following noun, use a hyphen.
Context: ...pull/2417) ## 3.26.1 - 13 Aug 2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - _D...

(EN_COMPOUND_ADJECTIVE_INTERNAL)

---

184-189: Version 3.26.0 entry.
The changelog for version 3.26.0 (lines 184–189) includes a deprecation note for Swift analysis on Ubuntu and a bump in the minimum bundle version. The entry is thorough and clear.

🧰 Tools

🪛 LanguageTool

[typographical] ~185-~185: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...2024 No user facing changes. ## 3.26.0 - 06 Aug 2024 - Deprecation: Swift anal...

(DASH_RULE)

---

190-197: Versions 3.25.15 to 3.25.13 entries.
These entries (lines 190–197) cover updates from bundle version bumps to the introduction of an experimental start-proxy action and the addition of outputs (e.g. codeql-version). The level of detail is appropriate.

🧰 Tools

🪛 LanguageTool

[typographical] ~190-~190: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2408) ## 3.25.15 - 26 Jul 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~194-~194: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2385) ## 3.25.14 - 25 Jul 2024 - Experimental: add a new `...

(DASH_RULE)

---

198-204: Additional deprecation warnings and compatibility guidance.
The notes (lines 198–204) provide useful upgrade instructions for customers using older CodeQL versions. This detailed guidance is excellent for informing users of required changes.

🧰 Tools

🪛 LanguageTool

[typographical] ~198-~198: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2376) ## 3.25.13 - 19 Jul 2024 - Add codeql-version to o...

(DASH_RULE)

---

[style] ~203-~203: Consider using a more polite wording.
Context: ...ault version. - Alternatively, if you want to continue using a version of the Code...

(IF_YOU_WANT)

---

205-209: Version 3.25.12 entry.
The improvements (lines 205–209) regarding autobuild performance and the updated bundle version are well detailed.

🧰 Tools

🪛 LanguageTool

[typographical] ~205-~205: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...ersion of the CodeQL Action. ## 3.25.12 - 12 Jul 2024 - Improve the reliability a...

(DASH_RULE)

---

210-214: Version 3.25.11 entry.
The entry (lines 210–214) clearly describes enhancements in error handling during debug artifact uploads and updates the default bundle version.

🧰 Tools

🪛 LanguageTool

[typographical] ~210-~210: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2364) ## 3.25.11 - 28 Jun 2024 - Avoid failing the workflo...

(DASH_RULE)

---

215-218: Version 3.25.10 entry.
The one-line update (lines 215–218) regarding the bundle version bump is concise and effective.

🧰 Tools

🪛 LanguageTool

[typographical] ~215-~215: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...hub/codeql-action/pull/2352) ## 3.25.10 - 13 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

219-223: Version 3.25.9 entry.
The entry (lines 219–223) addresses critical changes in database handling by avoiding failures when unexpected files are present and describes additional cleanup steps.

🧰 Tools

🪛 LanguageTool

[typographical] ~219-~219: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2327) ## 3.25.9 - 12 Jun 2024 - Avoid failing database cr...

(DASH_RULE)

---

224-227: Version 3.25.8 entry.
A short entry (lines 224–227) updating the default bundle version is clear and sufficient.

🧰 Tools

🪛 LanguageTool

[typographical] ~224-~224: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2332) ## 3.25.8 - 04 Jun 2024 - Update default CodeQL bun...

(DASH_RULE)

---

228-231: Version 3.25.7 entry.
The changelog (lines 228–231) describes a new feature that reduces Actions cache usage by keeping only the newest TRAP cache for each language. This is a valuable update.

🧰 Tools

🪛 LanguageTool

[typographical] ~228-~228: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2321) ## 3.25.7 - 31 May 2024 - We are rolling out a feat...

(DASH_RULE)

---

232-236: Versions 3.25.6 and 3.25.5 entries.
The updates (lines 232–236) include a bundle version bump and reference additional documentation (compatibility matrix). The details are accurate.

🧰 Tools

🪛 LanguageTool

[typographical] ~232-~232: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2306) ## 3.25.6 - 20 May 2024 - Update default CodeQL bun...

(DASH_RULE)

---

[typographical] ~236-~236: If you want to indicate numerical ranges or time ranges, consider using an en dash.
Context: ...thub/codeql-action/pull/2295) ## 3.25.5 - 13 May 2024 - Add a compatibility matri...

(DASH_RULE)

lib/analyze.js (20)

18-34: No further remarks

🧰 Tools

🪛 Biome (1.9.4)

[error] 28-28: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

---

39-39: No further remarks

---

40-46: No further remarks

---

50-50: No further remarks

---

53-53: No further remarks

---

57-57: No further remarks

---

59-59: No further remarks

---

63-64: No further remarks

---

106-110: No further remarks

---

112-113: No further remarks

---

136-136: No further remarks

---

162-182: Consider unit tests for the new diff-informed feature
The setupDiffInformedQueryRun function is well-structured. Consider adding or expanding unit or integration tests that cover both the successful creation of the diff range extension pack and the fallback path when the pack directory is undefined.

---

183-216: No further remarks

---

246-271: No further remarks

---

323-385: No further remarks

---

387-387: No further remarks

---

390-397: No further remarks

---

445-447: No further remarks

---

502-502: No further remarks

---

526-528: No further remarks

[coderabbitai]

💡 Verification agent

❓ Verification inconclusive

Missing closing quote in version description.
The description for the version input on line 5 appears to be missing its terminating double quote. This could lead to a YAML parsing error.

Proposed diff:

-    description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'nightly-latest', 'nightly-YYYYMMDD', or 'stable-vX.Y.Z
+    description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'nightly-latest', 'nightly-YYYYMMDD', or 'stable-vX.Y.Z"

---

Action Required: Fix YAML Parsing Issue by Adding the Missing Closing Quote

The description for the version input in the file .github/actions/prepare-test/action.yml is missing its terminating double quote on line 5. This syntax error could potentially cause YAML parsing issues. Please update the code as follows:

• File: .github/actions/prepare-test/action.yml
• Line: 5

Proposed diff:

-    description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'nightly-latest', 'nightly-YYYYMMDD', or 'stable-vX.Y.Z
+    description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'nightly-latest', 'nightly-YYYYMMDD', or 'stable-vX.Y.Z"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'nightly-latest', 'nightly-YYYYMMDD', or 'stable-vX.Y.Z"
	description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'nightly-latest', 'nightly-YYYYMMDD', or 'stable-vX.Y.Z"