github
diff --git a/‎.github/actions/cache-query-compilation/action.yml
Lines changed: 4 additions & 5 deletions b/‎.github/actions/cache-query-compilation/action.yml
Lines changed: 4 additions & 5 deletions
diff --git a/‎.github/workflows/atm-check-query-suite.yml
Lines changed: 10 additions & 1 deletion b/‎.github/workflows/atm-check-query-suite.yml
Lines changed: 10 additions & 1 deletion
diff --git a/‎.github/workflows/check-change-note.yml
Lines changed: 6 additions & 0 deletions b/‎.github/workflows/check-change-note.yml
Lines changed: 6 additions & 0 deletions
diff --git a/‎.github/workflows/close-stale.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/close-stale.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/ruby-build.yml
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/ruby-build.yml
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/swift.yml
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/swift.yml
Lines changed: 1 addition & 0 deletions
diff --git a/‎config/identical-files.json
Lines changed: 5 additions & 23 deletions b/‎config/identical-files.json
Lines changed: 5 additions & 23 deletions
diff --git a/‎cpp/downgrades/23f7cbb88a4eb29f30c3490363dc201bc054c5ff/exprs.ql
Lines changed: 1 addition & 1 deletion b/‎cpp/downgrades/23f7cbb88a4eb29f30c3490363dc201bc054c5ff/exprs.ql
Lines changed: 1 addition & 1 deletion
diff --git a/‎cpp/downgrades/73af5058c6899dcdb05754c27ca966aeb3a68c94/exprs.ql
Lines changed: 1 addition & 1 deletion b/‎cpp/downgrades/73af5058c6899dcdb05754c27ca966aeb3a68c94/exprs.ql
Lines changed: 1 addition & 1 deletion
diff --git a/‎cpp/downgrades/a5bb28ed29f73855d64cc5f939cef977fa8fd19a/builtintypes.ql
Lines changed: 11 additions & 0 deletions b/‎cpp/downgrades/a5bb28ed29f73855d64cc5f939cef977fa8fd19a/builtintypes.ql
Lines changed: 11 additions & 0 deletions
@@ -23,20 +23,19 @@ runs:
       run: |
         MERGE_BASE=$(git cat-file commit $GITHUB_SHA | grep '^parent ' | head -1 | cut -f 2 -d " ")
         echo "merge_base=$MERGE_BASE" >> $GITHUB_ENV
-    - name: Restore read-only cache (PR)
+    - name: Restore cache (PR)
       if: ${{ github.event_name == 'pull_request' }}
-      uses: erik-krogh/actions-cache@a88d0603fe5fb5606db9f002dfcadeb32b5f84c6
+      uses: actions/cache/restore@v3
       with:
         path: '**/.cache'
-        read-only: true
         key: codeql-compile-${{ inputs.key }}-pr-${{ github.sha }}
         restore-keys: |
           codeql-compile-${{ inputs.key }}-${{ github.base_ref }}-${{ env.merge_base }}
           codeql-compile-${{ inputs.key }}-${{ github.base_ref }}-
           codeql-compile-${{ inputs.key }}-main-
-    - name: Fill cache (push)
+    - name: Fill cache (only branch push)
       if: ${{ github.event_name != 'pull_request' }}
-      uses: erik-krogh/actions-cache@a88d0603fe5fb5606db9f002dfcadeb32b5f84c6
+      uses: actions/cache@v3
       with:
         path: '**/.cache'
         key: codeql-compile-${{ inputs.key }}-${{ github.ref_name }}-${{ github.sha }} # just fill on main
 
@@ -13,7 +13,7 @@ on:
 
 jobs:
   atm-check-query-suite:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-xl
 
     steps:
       - uses: actions/checkout@v3
@@ -23,6 +23,12 @@ jobs:
         with:
           channel: release
 
+      - name: Cache compilation cache
+        id: query-cache
+        uses: ./.github/actions/cache-query-compilation
+        with: 
+          key: atm-suite
+
       - name: Install ATM model
         run: |
           set -exu
@@ -50,10 +56,13 @@ jobs:
           echo "SARIF_PATH=${SARIF_PATH}" >> "${GITHUB_ENV}"
 
           codeql database analyze \
+            --threads=0 \
+            --ram 50000 \
             --format sarif-latest \
             --output "${SARIF_PATH}" \
             --sarif-group-rules-by-pack \
             -vv \
+            --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \
             -- \
             "${DB_PATH}" \
             "${QUERY_PACK}/${QUERY_SUITE}"
 
@@ -26,3 +26,9 @@ jobs:
         run: |
           gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq 'any(.[].filename ; test("/change-notes/.*[.]md$"))' |
           grep true -c
+      - name: Fail if the change note filename doesn't match the expected format. The file name must be of the form 'YYYY-MM-DD.md' or 'YYYY-MM-DD-{title}.md', where '{title}' is arbitrary text.
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh api 'repos/${{github.repository}}/pulls/${{github.event.number}}/files' --paginate --jq '[.[].filename | select(test("/change-notes/.*[.]md$"))] | all(test("/change-notes/[0-9]{4}-[0-9]{2}-[0-9]{2}.*[.]md$"))' |
+          grep true -c
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/stale@v6
+    - uses: actions/stale@v7
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Comment or remove the `Stale` label in order to avoid having this issue closed in 7 days.'
 
@@ -115,9 +115,10 @@ jobs:
       - name: Build Query Pack
         run: |
           rm -rf target/packs
-          codeql pack create ../shared/ssa --output target/packs
           codeql pack create ../misc/suite-helpers --output target/packs
           codeql pack create ../shared/regex --output target/packs
+          codeql pack create ../shared/ssa --output target/packs
+          codeql pack create ../shared/tutorial --output target/packs
           codeql pack create ql/lib --output target/packs
           codeql pack create -j0 ql/src --output target/packs --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
           PACK_FOLDER=$(readlink -f target/packs/codeql/ruby-queries/*)
 
@@ -65,6 +65,7 @@ jobs:
     if : ${{ github.event_name == 'pull_request' }}
     needs: build-and-test-macos
     runs-on: macos-12-xl
+    timeout-minutes: 60
     steps:
       - uses: actions/checkout@v3
       - uses: ./swift/actions/run-integration-tests
 
@@ -402,16 +402,6 @@
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/ControlFlowReachability.qll",
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/ControlFlowReachability.qll"
   ],
-  "Inline Test Expectations": [
-    "cpp/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "csharp/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "java/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "python/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "ruby/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "ql/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "go/ql/test/TestUtilities/InlineExpectationsTest.qll",
-    "swift/ql/test/TestUtilities/InlineExpectationsTest.qll"
-  ],
   "C++ ExternalAPIs": [
     "cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll",
     "cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll"
@@ -505,14 +495,6 @@
     "python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll",
     "ruby/ql/lib/codeql/ruby/typetracking/TypeTracker.qll"
   ],
-  "CodeQL Tutorial": [
-    "cpp/ql/lib/tutorial.qll",
-    "csharp/ql/lib/tutorial.qll",
-    "java/ql/lib/tutorial.qll",
-    "javascript/ql/lib/tutorial.qll",
-    "python/ql/lib/tutorial.qll",
-    "ruby/ql/lib/tutorial.qll"
-  ],
   "AccessPathSyntax": [
     "csharp/ql/lib/semmle/code/csharp/dataflow/internal/AccessPathSyntax.qll",
     "go/ql/lib/semmle/go/dataflow/internal/AccessPathSyntax.qll",
@@ -531,16 +513,16 @@
     "ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll",
     "javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll"
   ],
-  "Hostname Regexp queries": [
-    "javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll",
-    "python/ql/src/Security/CWE-020/HostnameRegexpShared.qll",
-    "ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll"
-  ],
   "ApiGraphModels": [
     "javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll",
     "ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll",
     "python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModels.qll"
   ],
+  "ApiGraphModelsExtensions": [
+    "javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsExtensions.qll",
+    "ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsExtensions.qll",
+    "python/ql/lib/semmle/python/frameworks/data/internal/ApiGraphModelsExtensions.qll"
+  ],
   "TaintedFormatStringQuery Ruby/JS": [
     "javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll",
     "ruby/ql/lib/codeql/ruby/security/TaintedFormatStringQuery.qll"
 
@@ -13,5 +13,5 @@ predicate isExprWithNewBuiltin(Expr expr) {
 from Expr expr, int kind, int kind_new, Location location
 where
   exprs(expr, kind, location) and
-  if isExprWithNewBuiltin(expr) then kind_new = 0 else kind_new = kind
+  if isExprWithNewBuiltin(expr) then kind_new = 1 else kind_new = kind
 select expr, kind_new, location
@@ -9,5 +9,5 @@ class Location extends @location_expr {
 from Expr expr, int kind, int kind_new, Location location
 where
   exprs(expr, kind, location) and
-  if expr instanceof @blockassignexpr then kind_new = 0 else kind_new = kind
+  if expr instanceof @blockassignexpr then kind_new = 1 else kind_new = kind
 select expr, kind_new, location
@@ -0,0 +1,11 @@
+class BuiltinType extends @builtintype {
+  string toString() { none() }
+}
+
+from BuiltinType type, string name, int kind, int kind_new, int size, int sign, int alignment
+where
+  builtintypes(type, name, kind, size, sign, alignment) and
+  if type instanceof @float16 or type instanceof @complex_float16
+  then kind_new = 2
+  else kind_new = kind
+select type, name, kind_new, size, sign, alignment