Merge branch 'main' into actions/dep-updates

Author: felickz

.codeqlversion

@@ -1 +1 @@
-2.20.1
+2.21.1

.github/workflows/ci.yml

@@ -15,7 +15,7 @@ jobs:
         language: [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       # Conditionally run actions based on files modified by PR, feature branch or pushed commits
       - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
@@ -128,7 +128,7 @@ jobs:
             core.setFailed('Test run job failed')
 
       - name: Collect test results
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
 
       - name: Validate test results
         run: |
@@ -157,7 +157,7 @@ jobs:
         language: [ 'csharp', 'java' ]
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           submodules: true
 
@@ -190,7 +190,7 @@ jobs:
         language: [ 'csharp', 'java' ]
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           submodules: true
 
@@ -218,7 +218,7 @@ jobs:
     needs: compile-and-test
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36
         id: changes

.github/workflows/hotspots.yml

@@ -15,15 +15,15 @@ jobs:
       packages: write
     steps:
       - name: Checkout github/codeql
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           path: codeql
           repository: github/codeql
           token: ${{ secrets.GITHUB_TOKEN }}
           fetch-depth: 0
 
       - name: Checkout github/codeql-community-packs
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           path: codeql-community-packs
           repository: githubsecuritylab/codeql-community-packs

.github/workflows/publish.yml

@@ -20,7 +20,7 @@ jobs:
         language: ["cpp", "csharp", "go", "java", "javascript", "python", "ruby"] 
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Check codeql-LANG-queries (src) pack
         id: check_version
@@ -63,7 +63,7 @@ jobs:
         language: ["cpp", "csharp", "go", "java", "javascript", "python", "ruby"] 
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Check codeql-LANG-libs (lib) pack
         id: check_version
@@ -106,7 +106,7 @@ jobs:
         language: ["csharp", "java"]
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Check codeql-LANG-extensions (ext) pack
         id: check_version
@@ -149,7 +149,7 @@ jobs:
         language: ["csharp", "java"]
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Check codeql-LANG-library-sources (ext-library-sources) pack
         id: check_version

.github/workflows/update-release.yml

@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: "Checkout"
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Get Token
         id: get_workflow_token
@@ -29,7 +29,7 @@ jobs:
           private-key: ${{ secrets.SECLABS_APP_KEY }}
 
       - name: "Patch Release Me"
-        uses: 42ByteLabs/patch-release-me@63750b1c6fc917cdb605f13ad44c9e10e9d6ef5d # 0.6.0
+        uses: 42ByteLabs/patch-release-me@9ff3c04cb0802fd8dcd3100e5c0b4801e88daf3a # 0.6.1
         with:
           # Bump (patch)
           mode: ${{ inputs.mode }}

configs/quality.yml

@@ -0,0 +1,36 @@
+# Use this configuration file when looking to get the broadest coverage of code quality results from the CodeQL Built in packs and community packs.
+# WARNING: A notable amount of false positives may be found in this configuration.  If you wish to reduce the number of false positives, use the default codeql suites :)
+# NOTE: This will pull in queries that may not be compatible with Autofix.
+
+name: "CodeQL Quality Configuration"
+
+packs:
+  # Built In - Code Quality Queries for Actions
+  - codeql/actions-queries:codeql-suites/actions-code-quality-extended.qls
+
+  #  Built In - Code Quality Queries for C/C++
+  - codeql/cpp-queries:codeql-suites/cpp-code-quality-extended.qls
+
+  #  Built In - Code Quality Queries for C#
+  - codeql/csharp-queries:codeql-suites/csharp-code-quality-extended.qls
+
+  #  Built In - Code Quality Queries for Go
+  - codeql/go-queries:codeql-suites/go-code-quality-extended.qls
+
+  #  Built In - Code Quality Queries for Java/Kotlin
+  - codeql/java-queries:codeql-suites/java-code-quality-extended.qls
+
+  #  Built In - Code Quality Queries for JavaScript/TypeScript
+  - codeql/javascript-queries:codeql-suites/javascript-code-quality-extended.qls
+
+  #  Built In - Code Quality Queries for Python
+  - codeql/python-queries:codeql-suites/python-code-quality-extended.qls
+
+  #  Built In - Code Quality Queries for Ruby
+  - codeql/ruby-queries:codeql-suites/ruby-code-quality-extended.qls
+
+  #  Built In - Code Quality Queries for Rust
+  - codeql/rust-queries:codeql-suites/rust-code-quality-extended.qls
+
+  #  Built In - Code Quality Queries for Swift
+  - codeql/swift-queries:codeql-suites/swift-code-quality-extended.qls

configs/synthetics.yml

@@ -119,6 +119,8 @@ paths-ignore:
     - "**/wwwroot/lib/**"
     - "**/deps/**"
     - "**/third_party/**"
+    - "**/wp-includes/**"
+    - "**/wp-admin/**"
 
     # Ruby
     - "**/gems/**"

cpp/lib/codeql-pack.lock.yml

@@ -2,23 +2,23 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 3.1.0
+    version: 4.2.0
   codeql/dataflow:
-    version: 1.1.8
+    version: 2.0.5
   codeql/mad:
-    version: 1.0.14
+    version: 1.0.21
   codeql/rangeanalysis:
-    version: 1.0.14
+    version: 1.0.21
   codeql/ssa:
-    version: 1.0.14
+    version: 1.1.0
   codeql/tutorial:
-    version: 1.0.14
+    version: 1.0.21
   codeql/typeflow:
-    version: 1.0.14
+    version: 1.0.21
   codeql/typetracking:
-    version: 1.0.14
+    version: 2.0.5
   codeql/util:
-    version: 2.0.1
+    version: 2.0.8
   codeql/xml:
-    version: 1.0.14
+    version: 1.0.21
 compiled: false

cpp/src/codeql-pack.lock.yml

@@ -2,27 +2,27 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 3.1.0
+    version: 4.2.0
   codeql/cpp-queries:
-    version: 1.3.1
+    version: 1.3.8
   codeql/dataflow:
-    version: 1.1.8
+    version: 2.0.5
   codeql/mad:
-    version: 1.0.14
+    version: 1.0.21
   codeql/rangeanalysis:
-    version: 1.0.14
+    version: 1.0.21
   codeql/ssa:
-    version: 1.0.14
+    version: 1.1.0
   codeql/suite-helpers:
-    version: 1.0.14
+    version: 1.0.21
   codeql/tutorial:
-    version: 1.0.14
+    version: 1.0.21
   codeql/typeflow:
-    version: 1.0.14
+    version: 1.0.21
   codeql/typetracking:
-    version: 1.0.14
+    version: 2.0.5
   codeql/util:
-    version: 2.0.1
+    version: 2.0.8
   codeql/xml:
-    version: 1.0.14
+    version: 1.0.21
 compiled: false

cpp/test/codeql-pack.lock.yml

@@ -2,27 +2,27 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 3.1.0
+    version: 4.2.0
   codeql/cpp-queries:
-    version: 1.3.1
+    version: 1.3.8
   codeql/dataflow:
-    version: 1.1.8
+    version: 2.0.5
   codeql/mad:
-    version: 1.0.14
+    version: 1.0.21
   codeql/rangeanalysis:
-    version: 1.0.14
+    version: 1.0.21
   codeql/ssa:
-    version: 1.0.14
+    version: 1.1.0
   codeql/suite-helpers:
-    version: 1.0.14
+    version: 1.0.21
   codeql/tutorial:
-    version: 1.0.14
+    version: 1.0.21
   codeql/typeflow:
-    version: 1.0.14
+    version: 1.0.21
   codeql/typetracking:
-    version: 1.0.14
+    version: 2.0.5
   codeql/util:
-    version: 2.0.1
+    version: 2.0.8
   codeql/xml:
-    version: 1.0.14
+    version: 1.0.21
 compiled: false