Merge pull request #21025 from github/oscarsj/mergeback-rc-3-20-into-main

Mergeback rc/3.20 into main
2025-12-16 16:53:25 +01:00 · 2025-12-15 11:59:58 +01:00
parent 70447c6483 d972af9ef8
commit 2824c98efb
237 changed files with 513 additions and 226 deletions
--- a/actions/ql/lib/CHANGELOG.md
+++ b/actions/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.4.24
 No user-facing changes.
 ## 0.4.23
 No user-facing changes.
--- a/actions/ql/lib/change-notes/released/0.4.24.md
+++ b/actions/ql/lib/change-notes/released/0.4.24.md
@@ -0,0 +1,3 @@
 ## 0.4.24
 No user-facing changes.
--- a/actions/ql/lib/codeql-pack.release.yml
+++ b/actions/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.23
+lastReleaseVersion: 0.4.24
--- a/actions/ql/lib/qlpack.yml
+++ b/actions/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.24-dev
+version: 0.4.25-dev
 library: true
 warnOnImplicitThis: true
 dependencies:
--- a/actions/ql/src/CHANGELOG.md
+++ b/actions/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 0.6.16
 No user-facing changes.
 ## 0.6.15
 No user-facing changes.
--- a/actions/ql/src/change-notes/released/0.6.16.md
+++ b/actions/ql/src/change-notes/released/0.6.16.md
@@ -0,0 +1,3 @@
 ## 0.6.16
 No user-facing changes.
--- a/actions/ql/src/codeql-pack.release.yml
+++ b/actions/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.15
+lastReleaseVersion: 0.6.16
--- a/actions/ql/src/qlpack.yml
+++ b/actions/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.16-dev
+version: 0.6.17-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 6.1.3
 No user-facing changes.
 ## 6.1.2
 No user-facing changes.
--- a/cpp/ql/lib/change-notes/released/6.1.3.md
+++ b/cpp/ql/lib/change-notes/released/6.1.3.md
@@ -0,0 +1,3 @@
 ## 6.1.3
 No user-facing changes.
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 6.1.2
+lastReleaseVersion: 6.1.3
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 6.1.3-dev
+version: 6.1.4-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.5.7
 No user-facing changes.
 ## 1.5.6
 No user-facing changes.
--- a/cpp/ql/src/change-notes/released/1.5.7.md
+++ b/cpp/ql/src/change-notes/released/1.5.7.md
@@ -0,0 +1,3 @@
 ## 1.5.7
 No user-facing changes.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.6
+lastReleaseVersion: 1.5.7
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.5.7-dev
+version: 1.5.8-dev
 groups:
  - cpp
  - queries
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.7.55
 No user-facing changes.
 ## 1.7.54
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.55.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.55.md
@@ -0,0 +1,3 @@
 ## 1.7.55
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.54
+lastReleaseVersion: 1.7.55
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.55-dev
+version: 1.7.56-dev
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.7.55
 No user-facing changes.
 ## 1.7.54
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.55.md
+++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.55.md
@@ -0,0 +1,3 @@
 ## 1.7.55
 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.54
+lastReleaseVersion: 1.7.55
--- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-queries
-version: 1.7.55-dev
+version: 1.7.56-dev
 groups:
  - csharp
  - solorigate
--- a/csharp/ql/lib/CHANGELOG.md
+++ b/csharp/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 5.4.3
 No user-facing changes.
 ## 5.4.2
 No user-facing changes.
--- a/csharp/ql/lib/change-notes/released/5.4.3.md
+++ b/csharp/ql/lib/change-notes/released/5.4.3.md
@@ -0,0 +1,3 @@
 ## 5.4.3
 No user-facing changes.
--- a/csharp/ql/lib/codeql-pack.release.yml
+++ b/csharp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.4.2
+lastReleaseVersion: 5.4.3
--- a/csharp/ql/lib/qlpack.yml
+++ b/csharp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-all
-version: 5.4.3-dev
+version: 5.4.4-dev
 groups: csharp
 dbscheme: semmlecode.csharp.dbscheme
 extractor: csharp
--- a/csharp/ql/src/CHANGELOG.md
+++ b/csharp/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.5.3
 No user-facing changes.
 ## 1.5.2
 No user-facing changes.
--- a/csharp/ql/src/change-notes/released/1.5.3.md
+++ b/csharp/ql/src/change-notes/released/1.5.3.md
@@ -0,0 +1,3 @@
 ## 1.5.3
 No user-facing changes.
--- a/csharp/ql/src/codeql-pack.release.yml
+++ b/csharp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.2
+lastReleaseVersion: 1.5.3
--- a/csharp/ql/src/qlpack.yml
+++ b/csharp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-queries
-version: 1.5.3-dev
+version: 1.5.4-dev
 groups:
  - csharp
  - queries
--- a/go/ql/consistency-queries/CHANGELOG.md
+++ b/go/ql/consistency-queries/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.0.38
 No user-facing changes.
 ## 1.0.37
 No user-facing changes.
--- a/go/ql/consistency-queries/change-notes/released/1.0.38.md
+++ b/go/ql/consistency-queries/change-notes/released/1.0.38.md
@@ -0,0 +1,3 @@
 ## 1.0.38
 No user-facing changes.
--- a/go/ql/consistency-queries/codeql-pack.release.yml
+++ b/go/ql/consistency-queries/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.0.37
+lastReleaseVersion: 1.0.38
--- a/go/ql/consistency-queries/qlpack.yml
+++ b/go/ql/consistency-queries/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql-go-consistency-queries
-version: 1.0.38-dev
+version: 1.0.39-dev
 groups:
  - go
  - queries
--- a/go/ql/lib/CHANGELOG.md
+++ b/go/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 5.0.5
 No user-facing changes.
 ## 5.0.4
 No user-facing changes.
--- a/go/ql/lib/change-notes/released/5.0.5.md
+++ b/go/ql/lib/change-notes/released/5.0.5.md
@@ -0,0 +1,3 @@
 ## 5.0.5
 No user-facing changes.
--- a/go/ql/lib/codeql-pack.release.yml
+++ b/go/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 5.0.4
+lastReleaseVersion: 5.0.5
--- a/go/ql/lib/qlpack.yml
+++ b/go/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-all
-version: 5.0.5-dev
+version: 5.0.6-dev
 groups: go
 dbscheme: go.dbscheme
 extractor: go
--- a/go/ql/src/CHANGELOG.md
+++ b/go/ql/src/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 1.5.2
 No user-facing changes.
 ## 1.5.1
 No user-facing changes.
--- a/go/ql/src/change-notes/released/1.5.2.md
+++ b/go/ql/src/change-notes/released/1.5.2.md
@@ -0,0 +1,3 @@
 ## 1.5.2
 No user-facing changes.
--- a/go/ql/src/codeql-pack.release.yml
+++ b/go/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.5.1
+lastReleaseVersion: 1.5.2
--- a/go/ql/src/qlpack.yml
+++ b/go/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/go-queries
-version: 1.5.2-dev
+version: 1.5.3-dev
 groups:
  - go
  - queries
--- a/java/ql/lib/CHANGELOG.md
+++ b/java/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 7.8.2
 No user-facing changes.
 ## 7.8.1
 No user-facing changes.
--- a/java/ql/lib/change-notes/released/7.8.2.md
+++ b/java/ql/lib/change-notes/released/7.8.2.md
@@ -0,0 +1,3 @@
 ## 7.8.2
 No user-facing changes.
--- a/java/ql/lib/codeql-pack.release.yml
+++ b/java/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 7.8.1
+lastReleaseVersion: 7.8.2
--- a/java/ql/lib/qlpack.yml
+++ b/java/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-all
-version: 7.8.2-dev
+version: 7.8.3-dev
 groups: java
 dbscheme: config/semmlecode.dbscheme
 extractor: java
--- a/java/ql/src/CHANGELOG.md
+++ b/java/ql/src/CHANGELOG.md
@@ -1,3 +1,9 @@
 ## 1.10.3
 ### Minor Analysis Improvements
 * Java analysis no longer forces `--source` and `--target` compiler flags for Maven builds. This allows Maven to use the project's own compiler configuration, improving build compatibility.
 ## 1.10.2
 No user-facing changes.
--- a/java/ql/src/change-notes/2025-12-08-maven-no-source-target-flags.md
+++ b/java/ql/src/change-notes/2025-12-08-maven-no-source-target-flags.md
@@ -1,4 +1,5 @@
---
+## 1.10.3
-category: minorAnalysis
+
---
+### Minor Analysis Improvements
 * Java analysis no longer forces `--source` and `--target` compiler flags for Maven builds. This allows Maven to use the project's own compiler configuration, improving build compatibility.
--- a/java/ql/src/codeql-pack.release.yml
+++ b/java/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.10.2
+lastReleaseVersion: 1.10.3
--- a/java/ql/src/qlpack.yml
+++ b/java/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/java-queries
-version: 1.10.3-dev
+version: 1.10.4-dev
 groups:
  - java
  - queries
--- a/javascript/ql/lib/CHANGELOG.md
+++ b/javascript/ql/lib/CHANGELOG.md
@@ -1,3 +1,7 @@
 ## 2.6.18
 No user-facing changes.
 ## 2.6.17
 No user-facing changes.
--- a/javascript/ql/lib/Expressions/ExprHasNoEffect.qll
+++ b/javascript/ql/lib/Expressions/ExprHasNoEffect.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes and predicates for the 'js/useless-expression' query.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/LanguageFeatures/UnusedIndexVariable.qll
+++ b/javascript/ql/lib/LanguageFeatures/UnusedIndexVariable.qll
@@ -1,7 +1,7 @@
 /**
 * Provides a predicate for identifying unused index variables in loops.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/change-notes/released/2.6.18.md
+++ b/javascript/ql/lib/change-notes/released/2.6.18.md
@@ -0,0 +1,3 @@
 ## 2.6.18
 No user-facing changes.
--- a/javascript/ql/lib/codeql-pack.release.yml
+++ b/javascript/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 2.6.17
+lastReleaseVersion: 2.6.18
--- a/javascript/ql/lib/qlpack.yml
+++ b/javascript/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/javascript-all
-version: 2.6.18-dev
+version: 2.6.19-dev
 groups: javascript
 dbscheme: semmlecode.javascript.dbscheme
 extractor: javascript
--- a/javascript/ql/lib/semmle/javascript/AMD.qll
+++ b/javascript/ql/lib/semmle/javascript/AMD.qll
@@ -2,7 +2,7 @@
 * Provides classes for working with
 * [Asynchronous Module Definitions](https://github.com/amdjs/amdjs-api/wiki/AMD).
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/AST.qll
+++ b/javascript/ql/lib/semmle/javascript/AST.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with the AST-based representation of JavaScript programs.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
@@ -477,7 +477,7 @@ module AST {
    DataFlow::AnalyzedNode analyze() { result = DataFlow::valueNode(this).analyze() }
    /** Gets the data flow node associated with this program element. */
-    overlay[caller]
+    overlay[caller?]
    pragma[inline]
    DataFlow::ValueNode flow() { result = DataFlow::valueNode(this) }
--- a/javascript/ql/lib/semmle/javascript/CFG.qll
+++ b/javascript/ql/lib/semmle/javascript/CFG.qll
@@ -272,7 +272,7 @@
 * Note that the `import` statement as a whole is part of the CFG of the body, while its single
 * import specifier `x as y` forms part of the preamble.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Classes.qll
+++ b/javascript/ql/lib/semmle/javascript/Classes.qll
@@ -4,7 +4,7 @@
 * Class declarations and class expressions are modeled by (QL) classes `ClassDeclaration`
 * and `ClassExpression`, respectively, which are both subclasses of `ClassDefinition`.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Closure.qll
+++ b/javascript/ql/lib/semmle/javascript/Closure.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with the Closure-Library module system.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Comments.qll
+++ b/javascript/ql/lib/semmle/javascript/Comments.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with JavaScript comments. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Constants.qll
+++ b/javascript/ql/lib/semmle/javascript/Constants.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with expressions that evaluate to constant values.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/DefUse.qll
+++ b/javascript/ql/lib/semmle/javascript/DefUse.qll
@@ -1,5 +1,5 @@
 /** Provides classes and predicates for working with variable definitions and uses. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/E4X.qll
+++ b/javascript/ql/lib/semmle/javascript/E4X.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with E4X.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/ES2015Modules.qll
+++ b/javascript/ql/lib/semmle/javascript/ES2015Modules.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with ECMAScript 2015 modules. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Errors.qll
+++ b/javascript/ql/lib/semmle/javascript/Errors.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with syntax errors. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Expr.qll
+++ b/javascript/ql/lib/semmle/javascript/Expr.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with expressions.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
@@ -253,7 +253,7 @@ class Expr extends @expr, ExprOrStmt, ExprOrType, AST::ValueNode {
   * Gets the data-flow node where exceptions thrown by this expression will
   * propagate if this expression causes an exception to be thrown.
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getExceptionTarget() {
    result = getCatchParameterFromStmt(getRawEnclosingStmt(this))
@@ -271,7 +271,7 @@ private DataFlow::Node getCatchParameterFromStmt(Stmt stmt) {
    DataFlow::parameterNode(stmt.getEnclosingTryCatchStmt().getACatchClause().getAParameter())
 }
-overlay[caller]
+overlay[caller?]
 pragma[inline]
 private Stmt getRawEnclosingStmt(Expr e) {
  // For performance reasons, we need the enclosing statement without overrides
--- a/javascript/ql/lib/semmle/javascript/Extend.qll
+++ b/javascript/ql/lib/semmle/javascript/Extend.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for reasoning about `extend`-like functions.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Externs.qll
+++ b/javascript/ql/lib/semmle/javascript/Externs.qll
@@ -36,7 +36,7 @@
 * Array.prototype.length;
 * </pre>
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Files.qll
+++ b/javascript/ql/lib/semmle/javascript/Files.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with files and folders. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Functions.qll
+++ b/javascript/ql/lib/semmle/javascript/Functions.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with functions. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/GlobalAccessPaths.qll
+++ b/javascript/ql/lib/semmle/javascript/GlobalAccessPaths.qll
@@ -1,7 +1,7 @@
 /**
 * Provides predicates for associating qualified names with data flow nodes.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
@@ -357,7 +357,7 @@ module AccessPath {
     * Gets a variable that is relevant for the computations in the `GetLaterAccess` module.
     * This predicate restricts as much as it can, but without depending on `getAVariableRef`.
     */
-    overlay[caller]
+    overlay[caller?]
    pragma[inline]
    private SsaVariable getARelevantVariableSimple() {
      // The variable might be used where `getLaterBaseAccess()` is called.
@@ -409,7 +409,7 @@ module AccessPath {
   * }
   * ```
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getAReferenceTo(Root root, string path) {
    path = fromReference(result, root) and
@@ -433,7 +433,7 @@ module AccessPath {
   * })(NS = NS || {});
   * ```
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getAReferenceTo(string path) {
    path = fromReference(result, DataFlow::globalAccessPathRootPseudoNode())
@@ -455,7 +455,7 @@ module AccessPath {
   * }
   * ```
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getAnAssignmentTo(Root root, string path) {
    path = fromRhs(result, root) and
@@ -477,7 +477,7 @@ module AccessPath {
   *  })(foo = foo || {});
   * ```
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getAnAssignmentTo(string path) {
    path = fromRhs(result, DataFlow::globalAccessPathRootPseudoNode())
@@ -488,7 +488,7 @@ module AccessPath {
   *
   * See `getAReferenceTo` and `getAnAssignmentTo` for more details.
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getAReferenceOrAssignmentTo(string path) {
    result = getAReferenceTo(path)
@@ -501,7 +501,7 @@ module AccessPath {
   *
   * See `getAReferenceTo` and `getAnAssignmentTo` for more details.
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::Node getAReferenceOrAssignmentTo(Root root, string path) {
    result = getAReferenceTo(root, path)
@@ -530,7 +530,7 @@ module AccessPath {
  /**
   * Gets a `SourceNode` that refers to the same value or access path as the given node.
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  DataFlow::SourceNode getAnAliasedSourceNode(DataFlow::Node node) {
    exists(DataFlow::SourceNode root, string accessPath |
--- a/javascript/ql/lib/semmle/javascript/HTML.qll
+++ b/javascript/ql/lib/semmle/javascript/HTML.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with HTML documents. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/JSDoc.qll
+++ b/javascript/ql/lib/semmle/javascript/JSDoc.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with JSDoc comments. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/JSON.qll
+++ b/javascript/ql/lib/semmle/javascript/JSON.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with JSON data.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/JSX.qll
+++ b/javascript/ql/lib/semmle/javascript/JSX.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with JSX code.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Lines.qll
+++ b/javascript/ql/lib/semmle/javascript/Lines.qll
@@ -4,7 +4,7 @@
 * This information is only available for snapshots that have been extracted with
 * the `--extract-program-text` flag.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Locations.qll
+++ b/javascript/ql/lib/semmle/javascript/Locations.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with locations and program elements that have locations. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
@@ -32,7 +32,7 @@ final class Location extends @location_default {
  int getNumLines() { result = this.getEndLine() - this.getStartLine() + 1 }
  /** Holds if this location starts before location `that`. */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  predicate startsBefore(Location that) {
    exists(string f, int sl1, int sc1, int sl2, int sc2 |
@@ -46,7 +46,7 @@ final class Location extends @location_default {
  }
  /** Holds if this location ends after location `that`. */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  predicate endsAfter(Location that) {
    exists(string f, int el1, int ec1, int el2, int ec2 |
--- a/javascript/ql/lib/semmle/javascript/Modules.qll
+++ b/javascript/ql/lib/semmle/javascript/Modules.qll
@@ -3,7 +3,7 @@
 * ECMAScript 2015-style modules, and the older CommonJS and AMD-style
 * modules.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/NodeJS.qll
+++ b/javascript/ql/lib/semmle/javascript/NodeJS.qll
@@ -17,7 +17,7 @@ private import semmle.javascript.dataflow.internal.DataFlowNode
 *   process.stdout.write(fs.readFileSync(process.argv[i], 'utf8'));
 * ```
 */
-overlay[local]
+overlay[local?]
 class NodeModule extends Module {
  NodeModule() {
    is_module(this) and
@@ -234,7 +234,7 @@ predicate findNodeModulesFolder(Folder f, Folder nodeModules, int distance) {
 /**
 * A Node.js `require` variable.
 */
-overlay[local]
+overlay[local?]
 private class RequireVariable extends Variable {
  RequireVariable() {
    this = any(ModuleScope m).getVariable("require")
@@ -247,7 +247,7 @@ private class RequireVariable extends Variable {
  }
 }
-overlay[local]
+overlay[local?]
 private predicate isModuleModule(EarlyStageNode nd) {
  exists(ImportDeclaration imp | imp.getRawImportPath() = "module" |
    nd = TDestructuredModuleImportNode(imp)
@@ -261,7 +261,7 @@ private predicate isModuleModule(EarlyStageNode nd) {
  )
 }
-overlay[local]
+overlay[local?]
 private predicate isCreateRequire(EarlyStageNode nd) {
  exists(PropAccess prop |
    isModuleModule(TValueNode(prop.getBase())) and
@@ -291,7 +291,7 @@ private predicate isCreateRequire(EarlyStageNode nd) {
 /**
 * Holds if `nd` may refer to `require`, either directly or modulo local data flow.
 */
-overlay[local]
+overlay[local?]
 cached
 private predicate isRequire(EarlyStageNode nd) {
  exists(VarAccess access |
@@ -334,7 +334,7 @@ private predicate isRequire(EarlyStageNode nd) {
 * require('fs')
 * ```
 */
-overlay[local]
+overlay[local?]
 class Require extends CallExpr, Import {
  Require() { isRequire(TValueNode(this.getCallee())) }
--- a/javascript/ql/lib/semmle/javascript/Promises.qll
+++ b/javascript/ql/lib/semmle/javascript/Promises.qll
@@ -186,13 +186,13 @@ module Promises {
  /**
   * Gets the pseudo-field used to describe resolved values in a promise.
   */
-  overlay[local]
+  overlay[local?]
  string valueProp() { result = "$PromiseResolveField$" }
  /**
   * Gets the pseudo-field used to describe rejected values in a promise.
   */
-  overlay[local]
+  overlay[local?]
  string errorProp() { result = "$PromiseRejectField$" }
  /** A property set containing the pseudo-properites of a promise object. */
--- a/javascript/ql/lib/semmle/javascript/Regexp.qll
+++ b/javascript/ql/lib/semmle/javascript/Regexp.qll
@@ -4,7 +4,7 @@
 * Regular expression literals are represented as an abstract syntax tree of regular expression
 * terms.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/SSA.qll
+++ b/javascript/ql/lib/semmle/javascript/SSA.qll
@@ -73,7 +73,7 @@
 * expression in `k` induces a re-capture of `x` to reflect the fact that `x`
 * is incremented between the two `console.log` calls.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Stmt.qll
+++ b/javascript/ql/lib/semmle/javascript/Stmt.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with statements. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Templates.qll
+++ b/javascript/ql/lib/semmle/javascript/Templates.qll
@@ -1,5 +1,5 @@
 /** Provides classes for working with ECMAScript 2015-style template expressions. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Tokens.qll
+++ b/javascript/ql/lib/semmle/javascript/Tokens.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for working with the token-based representation of JavaScript programs.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/TypeAnnotations.qll
+++ b/javascript/ql/lib/semmle/javascript/TypeAnnotations.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes for reasoning about type annotations independently of dialect.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/TypeScript.qll
+++ b/javascript/ql/lib/semmle/javascript/TypeScript.qll
@@ -1,4 +1,4 @@
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/Variables.qll
+++ b/javascript/ql/lib/semmle/javascript/Variables.qll
@@ -1,5 +1,5 @@
 /** Provides classes for modeling program variables. */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/XML.qll
+++ b/javascript/ql/lib/semmle/javascript/XML.qll
@@ -1,7 +1,7 @@
 /**
 * Provides classes and predicates for working with XML files and their content.
 */
-overlay[local]
+overlay[local?]
 module;
 import semmle.files.FileSystem
--- a/javascript/ql/lib/semmle/javascript/YAML.qll
+++ b/javascript/ql/lib/semmle/javascript/YAML.qll
@@ -4,7 +4,7 @@
 * YAML documents are represented as abstract syntax trees whose nodes
 * are either YAML values or alias nodes referring to another YAML value.
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/AbstractValues.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/AbstractValues.qll
@@ -37,7 +37,7 @@
 * they represent; additionally, indefinite abstract values record
 * the source of imprecision that caused them to arise.
 */
-overlay[local]
+overlay[local?]
 module;
 private import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll
@@ -33,7 +33,7 @@ private import semmle.javascript.internal.CachedStages
 * Note: For performance reasons, all subclasses of this class should be part
 * of the standard library. Use `isAdditionalFlowStep` for query-specific flow steps.
 */
-overlay[local]
+overlay[local?]
 class AdditionalFlowStep extends Unit {
  /**
   * Holds if `pred` &rarr; `succ` should be considered a value-preserving data flow edge.f
--- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll
@@ -625,19 +625,19 @@ abstract deprecated class LabeledBarrierGuardNode extends BarrierGuardNode {
 *
 * For use with load/store steps in `DataFlow::SharedFlowStep` and TypeTracking.
 */
-overlay[local]
+overlay[local?]
 module PseudoProperties {
  /** Holds if `s` is a pseudo-property. */
  bindingset[s]
-  overlay[caller]
+  overlay[caller?]
  predicate isPseudoProperty(string s) { s.matches("$%$") }
  bindingset[s]
-  overlay[caller]
+  overlay[caller?]
  private string pseudoProperty(string s) { result = "$" + s + "$" }
  bindingset[s, v]
-  overlay[caller]
+  overlay[caller?]
  private string pseudoProperty(string s, string v) { result = "$" + s + "|" + v + "$" }
  /**
@@ -684,7 +684,7 @@ module PseudoProperties {
   * Gets a pseudo-property for the location of a map value where the key is `key`.
   * The string value of the `key` is encoded in the result, and there is only a result if the string value of `key` is known.
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  string mapValueKnownKey(DataFlow::Node key) {
    result = mapValueKey(any(string s | key.mayHaveStringValue(s)))
@@ -694,20 +694,20 @@ module PseudoProperties {
   * Gets a pseudo-property for the location of a map value where the key is `key`.
   */
  bindingset[key]
-  overlay[caller]
+  overlay[caller?]
  string mapValueKey(string key) { result = pseudoProperty("mapValue", key) }
  /**
   * Holds if `prop` equals `mapValueKey(key)` for some value of `key`.
   */
  bindingset[prop]
-  overlay[caller]
+  overlay[caller?]
  predicate isMapValueKey(string prop) { prop.matches("$mapValue|%$") }
  /**
   * Gets a pseudo-property for the location of a map value where the key is `key`.
   */
-  overlay[caller]
+  overlay[caller?]
  pragma[inline]
  string mapValue(DataFlow::Node key) {
    result = mapValueKnownKey(key)
--- a/javascript/ql/lib/semmle/javascript/dataflow/CustomAbstractValueDefinitions.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/CustomAbstractValueDefinitions.qll
@@ -7,7 +7,7 @@
 * For performance reasons, all subclasses of `CustomAbstractValueDefinition`
 * should be part of the standard library.
 */
-overlay[local]
+overlay[local?]
 module;
 private import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll
@@ -17,7 +17,7 @@
 * Flow through global variables, object properties or function calls is not
 * modeled (except for immediately invoked functions as explained above).
 */
-overlay[local]
+overlay[local?]
 module;
 import javascript
--- a/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll
+++ b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll
@@ -1,5 +1,5 @@
 /** Provides classes and predicates for defining flow summaries. */
-overlay[local]
+overlay[local?]
 module;
 private import javascript
--- a/Show More
+++ b/Show More
`@@ -1,2 +1,2 @@`
	`---`	`---`
	`lastReleaseVersion: 0.4.23`	`lastReleaseVersion: 0.4.24`