- Make registerExtractorExtension protected (called from subclass)
- Change codeQlExtensionReceiver from var to val (setter unused)
- Update integration test expected files for K2 behavior:
- Add DB-CHECK.expected for known K2 cross-extractor consistency errors
- Update result expectations for K2 type resolution differences
- Update language test expected files (pathsanitizer, CWE-312):
- K2 resolves Path.toString() and CharSequence.toString() with
different callable IDs than the Java extractor, causing
callableBinding consistency errors and lost taint flow results
These are pre-existing K2 issues documented in
github/codeql-kotlin-team#196, originally worked around by pinning
tests to -language-version 1.9 in PR #16554 (May 2024). Kotlin 2.4.0
drops 1.9 support, forcing us to accept these known K2 differences.
Verified: the same DB-CHECK errors occur with the released CodeQL CLI
(v2.23.9) and Kotlin 2.3.20 when using -language-version 2.0,
confirming these are K2 behavioral differences unrelated to our 2.4.0
extractor changes.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Kotlin 2.4.0 no longer supports -language-version 1.9. Update all
integration tests that explicitly pass this flag to use 2.0 instead.
Also update the extractor_information_kotlin1 expected output since
-language-version 2.0 causes the extractor to report 'Uses Kotlin 2: true'.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Kotlin 2.4.0 no longer supports -language-version 1.9 (the last 1.x
version). Clamp get_language_version() in versions.bzl to minimum 2.0
for extractor builds, and update the supported versions documentation.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Raise the acceptable version limit to 2.4.10 and update documentation
to reflect Kotlin 2.4.x support.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Use BUILD_REPO/DIST_REPO split so zip contains only runtime deps
(build-lifecycle plugins, test jars, etc. stay in throwaway BUILD_REPO)
- Minimal inline stub pom.xml (no deps) instead of archetype:generate
to avoid polluting DIST_REPO with stub project's own dependencies
- Replace grep -oP (PCRE, unavailable on macOS BSD grep) with Python re
- Use version-aware Python version_key() for max POM version selection
(lexicographic sort fails for e.g. 2.18.10 vs 2.18.6; release > snapshot)
- Write zip to caller's working directory; keep cleanup trap active;
remove `trap - EXIT` which was leaving WORK_DIR behind
