Merge remote-tracking branch 'origin/main' into michaelrfairhurst/implement-concurrency7-package

Author: MichaelRFairhurst

.github/workflows/code-scanning-pack-gen.yml

@@ -68,16 +68,20 @@ jobs:
       - name: Determine ref for external help files
         id: determine-ref
         run: |
-          if [[ $GITHUB_EVENT_NAME == "pull_request" || $GITHUB_EVENT_NAME == "merge_group" ]]; then
-            echo "EXTERNAL_HELP_REF=$GITHUB_HEAD_REF" >> "$GITHUB_ENV"
+          if [[ $GITHUB_EVENT_NAME == "pull_request" ]]; then
+            EXTERNAL_HELP_REF="${{ github.event.pull_request.base.ref }}"
+          elif [[ $GITHUB_EVENT_NAME == "merge_group" ]]; then
+            EXTERNAL_HELP_REF="${{ github.event.merge_group.base_ref }}"
           else
-            echo "EXTERNAL_HELP_REF=$GITHUB_REF" >> "$GITHUB_ENV"
+            EXTERNAL_HELP_REF="$GITHUB_REF"
           fi
+          echo "EXTERNAL_HELP_REF=$EXTERNAL_HELP_REF" >> "$GITHUB_ENV"
           echo "Using ref $EXTERNAL_HELP_REF for external help files."
 
       - name: Checkout external help files
-        continue-on-error: true
         id: checkout-external-help-files
+        # PRs from forks and dependabot do not have access to an appropriate token for cloning the help files repos
+        if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
         uses: actions/checkout@v4
         with:
           ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }}
@@ -86,7 +90,7 @@ jobs:
           path: external-help-files
 
       - name: Include external help files
-        if: steps.checkout-external-help-files.outcome == 'success'
+        if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'&& steps.checkout-external-help-files.outcome == 'success' }}
         run: |
           pushd external-help-files
           find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \;

.github/workflows/codeql_unit_tests.yml

@@ -166,7 +166,7 @@ jobs:
     steps:
       - name: Check if run-test-suites job failed to complete, if so fail
         if: ${{ needs.run-test-suites.result == 'failure' }}
-        uses: actions/github-script@v3
+        uses: actions/github-script@v7
         with:
           script: |
             core.setFailed('Test run job failed')

.github/workflows/dispatch-matrix-test-on-comment.yml

@@ -40,7 +40,7 @@ jobs:
           --json \
             -R github/codeql-coding-standards-release-engineering
 
-      - uses: actions/github-script@v6
+      - uses: actions/github-script@v7
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
         with:
           script: |

.github/workflows/dispatch-release-performance-check.yml

@@ -40,7 +40,7 @@ jobs:
           --json \
           -R github/codeql-coding-standards-release-engineering
 
-      - uses: actions/github-script@v6
+      - uses: actions/github-script@v7
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
         with:
           script: |

.github/workflows/upgrade_codeql_dependencies.yml

@@ -53,7 +53,7 @@ jobs:
           find c \( -name '*.ql' -or -name '*.qll' \) -print0 | xargs -0 --max-procs "$XARGS_MAX_PROCS" codeql query format --in-place
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
+        uses: peter-evans/create-pull-request@67ccf781d68cd99b580ae25a5c18a1cc84ffff1f # v7.0.6
         with:
           title: "Upgrade `github/codeql` dependency to ${{ github.event.inputs.codeql_cli_version }}"
           body: |

amendments.csv

@@ -9,41 +9,42 @@ c,MISRA-C-2012,Amendment3,RULE-10-4,Yes,Refine,No,Import
 c,MISRA-C-2012,Amendment3,RULE-10-5,Yes,Expand,No,Easy
 c,MISRA-C-2012,Amendment3,RULE-10-7,Yes,Refine,No,Import
 c,MISRA-C-2012,Amendment3,RULE-10-8,Yes,Refine,No,Import
-c,MISRA-C-2012,Amendment3,RULE-21-11,Yes,Clarification,No,Import
+c,MISRA-C-2012,Amendment3,RULE-21-11,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Amendment3,RULE-21-12,Yes,Replace,No,Easy
 c,MISRA-C-2012,Amendment4,RULE-11-3,Yes,Expand,No,Easy
 c,MISRA-C-2012,Amendment4,RULE-11-8,Yes,Expand,No,Easy
 c,MISRA-C-2012,Amendment4,RULE-13-2,Yes,Expand,No,Very Hard
 c,MISRA-C-2012,Amendment4,RULE-18-6,Yes,Expand,No,Medium
-c,MISRA-C-2012,Amendment4,RULE-18-8,Yes,Split,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-2-2,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-2-7,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-3-1,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-8-6,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-8-9,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-9-4,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-10-1,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-18-3,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-1-4,Yes,Replace,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-9-1,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-9-2,Yes,Refine,No,Import
-c,MISRA-C-2012,Corrigendum2,DIR-4-10,Yes,Clarification,No,Import
+c,MISRA-C-2012,Amendment4,RULE-18-8,Yes,Split,Yes,Easy
+c,MISRA-C-2012,Amendment4,RULE-2-2,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-2-7,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-3-1,Yes,Refine,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-8-6,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-8-9,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-9-4,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-10-1,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-18-3,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Amendment4,RULE-1-4,Yes,Replace,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-9-1,Yes,Refine,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-9-2,Yes,Refine,No,Import
+c,MISRA-C-2012,Corrigendum2,DIR-4-10,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-7-4,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-8-2,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-8-2,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-8-3,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-8-7,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-8-7,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-10-1,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-10-2,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-10-3,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-11-3,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-11-6,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-13-2,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-13-6,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-10-3,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-11-3,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-11-6,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-13-2,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-13-6,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-14-3,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-15-7,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-17-4,Yes,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-17-5,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-15-7,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-17-4,Yes,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-17-5,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-18-1,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-20-14,No,Clarification,No,Import
-c,MISRA-C-2012,Corrigendum2,RULE-21-19,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-20-14,No,Clarification,Yes,Import
+c,MISRA-C-2012,Corrigendum2,RULE-21-19,Yes,Clarification,Yes,Import
 c,MISRA-C-2012,Corrigendum2,RULE-21-20,Yes,Refine,No,Easy
-c,MISRA-C-2012,Corrigendum2,RULE-22-9,Yes,Clarification,No,Import
+c,MISRA-C-2012,Corrigendum2,RULE-22-9,Yes,Clarification,Yes,Import

c/cert/src/codeql-pack.lock.yml

@@ -2,17 +2,23 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.12.9
+    version: 2.1.1
   codeql/dataflow:
-    version: 0.2.3
+    version: 1.1.6
+  codeql/mad:
+    version: 1.0.12
   codeql/rangeanalysis:
-    version: 0.0.11
+    version: 1.0.12
   codeql/ssa:
-    version: 0.2.12
+    version: 1.0.12
   codeql/tutorial:
-    version: 0.2.12
+    version: 1.0.12
+  codeql/typeflow:
+    version: 1.0.12
   codeql/typetracking:
-    version: 0.2.12
+    version: 1.0.12
   codeql/util:
-    version: 0.2.12
+    version: 1.0.12
+  codeql/xml:
+    version: 1.0.12
 compiled: false

c/cert/src/qlpack.yml

@@ -1,8 +1,8 @@
 name: codeql/cert-c-coding-standards
-version: 2.38.0-dev
+version: 2.42.0-dev
 description: CERT C 2016
 suites: codeql-suites
 license: MIT
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.12.9
+  codeql/cpp-all: 2.1.1

c/cert/src/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.ql

@@ -13,7 +13,7 @@
 
 import cpp
 import codingstandards.c.cert
-import codingstandards.cpp.dataflow.DataFlow
+import semmle.code.cpp.dataflow.DataFlow
 import NonArrayPointerToArrayIndexingExprFlow::PathGraph
 
 /**

c/cert/src/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.ql

@@ -14,7 +14,7 @@
 import cpp
 import codingstandards.c.cert
 import codingstandards.cpp.Pointers
-import codingstandards.cpp.dataflow.TaintTracking
+import semmle.code.cpp.dataflow.TaintTracking
 import ScaledIntegerPointerArithmeticFlow::PathGraph
 
 /**