Move actions integration-tests to all-platforms

2026-05-27 09:31:30 +02:00 · 2025-04-08 22:42:32 +02:00
254 changed files with 1348 additions and 5741 deletions
--- a/.bazelversion
+++ b/.bazelversion
@@ -1 +1 @@
-8.1.1
+8.0.0
--- a/actions/extractor/tools/autobuild-impl.ps1
+++ b/actions/extractor/tools/autobuild-impl.ps1
@@ -1,28 +1,21 @@
-# Note: We're adding the `reusable_workflows` subdirectories to proactively
-# record workflows that were called cross-repo, check them out locally,
-# and enable an interprocedural analysis across the workflow files.
-# These workflows follow the convention `.github/reusable_workflows/<nwo>/*.ya?ml`
-$DefaultPathFilters = @(
-    'exclude:**/*',
-    'include:.github/workflows/*.yml',
-    'include:.github/workflows/*.yaml',
-    'include:.github/reusable_workflows/**/*.yml',
-    'include:.github/reusable_workflows/**/*.yaml',
-    'include:**/action.yml',
-    'include:**/action.yaml'
-)
-
-if ($null -ne $env:LGTM_INDEX_FILTERS) {
-    Write-Output 'LGTM_INDEX_FILTERS set. Using the default filters together with the user-provided filters, and passing through to the JavaScript extractor.'
-    # Begin with the default path inclusions only,
-    # followed by the user-provided filters.
-    # If the user provided `paths`, those patterns override the default inclusions
-    # (because `LGTM_INDEX_FILTERS` will begin with `exclude:**/*`).
-    # If the user provided `paths-ignore`, those patterns are excluded.
-    $PathFilters = ($DefaultPathFilters -join "`n") + "`n" + $env:LGTM_INDEX_FILTERS
-    $env:LGTM_INDEX_FILTERS = $PathFilters
+if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) -or ($null -ne $env:LGTM_INDEX_FILTERS)) {
+    Write-Output 'Path filters set. Passing them through to the JavaScript extractor.' 
 } else {
-    Write-Output 'LGTM_INDEX_FILTERS not set. Using the default filters, and passing through to the JavaScript extractor.'
+    Write-Output 'No path filters set. Using the default filters.'
+    # Note: We're adding the `reusable_workflows` subdirectories to proactively
+    # record workflows that were called cross-repo, check them out locally,
+    # and enable an interprocedural analysis across the workflow files.
+    # These workflows follow the convention `.github/reusable_workflows/<nwo>/*.ya?ml`
+    $DefaultPathFilters = @(
+        'exclude:**/*',
+        'include:.github/workflows/*.yml',
+        'include:.github/workflows/*.yaml',
+        'include:.github/reusable_workflows/**/*.yml',
+        'include:.github/reusable_workflows/**/*.yaml',
+        'include:**/action.yml',
+        'include:**/action.yaml'
+    )
+
    $env:LGTM_INDEX_FILTERS = $DefaultPathFilters -join "`n"
 }

--- a/actions/extractor/tools/autobuild.cmd
+++ b/actions/extractor/tools/autobuild.cmd
@@ -1,4 +1,3 @@
@echo off
 rem All of the work is done in the PowerShell script
-echo "Running PowerShell script at '%~dp0autobuild-impl.ps1'"
-powershell.exe -File "%~dp0autobuild-impl.ps1"
+powershell.exe "%~dp0autobuild-impl.ps1"
--- a/actions/extractor/tools/autobuild.sh
+++ b/actions/extractor/tools/autobuild.sh
@@ -17,22 +17,10 @@ include:**/action.yaml
 END
 )

-if [ -n "${LGTM_INDEX_FILTERS:-}" ]; then
-    echo "LGTM_INDEX_FILTERS set. Using the default filters together with the user-provided filters, and passing through to the JavaScript extractor."
-    # Begin with the default path inclusions only,
-    # followed by the user-provided filters.
-    # If the user provided `paths`, those patterns override the default inclusions
-    # (because `LGTM_INDEX_FILTERS` will begin with `exclude:**/*`).
-    # If the user provided `paths-ignore`, those patterns are excluded.
-    PATH_FILTERS="$(cat << END
-${DEFAULT_PATH_FILTERS}
-${LGTM_INDEX_FILTERS}
-END
-)"
-    LGTM_INDEX_FILTERS="${PATH_FILTERS}"
-    export LGTM_INDEX_FILTERS
+if [ -n "${LGTM_INDEX_INCLUDE:-}" ] || [ -n "${LGTM_INDEX_EXCLUDE:-}" ] || [ -n "${LGTM_INDEX_FILTERS:-}" ] ; then
+    echo "Path filters set. Passing them through to the JavaScript extractor."
 else
-    echo "LGTM_INDEX_FILTERS not set. Using the default filters, and passing through to the JavaScript extractor."
+    echo "No path filters set. Using the default filters."
    LGTM_INDEX_FILTERS="${DEFAULT_PATH_FILTERS}"
    export LGTM_INDEX_FILTERS
 fi
--- a/actions/ql/integration-tests/all-platforms/filters-default/actions.expected
+++ b/actions/ql/integration-tests/all-platforms/filters-default/actions.expected
@@ -2,4 +2,3 @@
 | src/.github/actions/action-name/action.yml:1:1:11:32 | name: ' ... action' |
 | src/.github/workflows/workflow.yml:1:1:12:33 | name: A workflow |
 | src/action.yml:1:1:11:32 | name: ' ... action' |
-| src/included/action.yml:1:1:11:32 | name: ' ... action' |
--- a/actions/ql/integration-tests/all-platforms/filters-default/actions.ql
+++ b/actions/ql/integration-tests/all-platforms/filters-default/actions.ql
--- a/actions/ql/integration-tests/all-platforms/filters-default/src/.github/action.yaml
+++ b/actions/ql/integration-tests/all-platforms/filters-default/src/.github/action.yaml
--- a/actions/ql/integration-tests/all-platforms/filters-default/src/.github/actions/action-name/action.yml
+++ b/actions/ql/integration-tests/all-platforms/filters-default/src/.github/actions/action-name/action.yml
--- a/actions/ql/integration-tests/all-platforms/filters-default/src/.github/unreachable-workflow.yml
+++ b/actions/ql/integration-tests/all-platforms/filters-default/src/.github/unreachable-workflow.yml
--- a/actions/ql/integration-tests/all-platforms/filters-default/src/.github/workflows/workflow.yml
+++ b/actions/ql/integration-tests/all-platforms/filters-default/src/.github/workflows/workflow.yml
--- a/actions/ql/integration-tests/all-platforms/filters-default/src/action.yml
+++ b/actions/ql/integration-tests/all-platforms/filters-default/src/action.yml
--- a/actions/ql/integration-tests/all-platforms/filters-default/src/unreachable-workflow.yml
+++ b/actions/ql/integration-tests/all-platforms/filters-default/src/unreachable-workflow.yml
--- a/actions/ql/integration-tests/all-platforms/filters-default/test.py
+++ b/actions/ql/integration-tests/all-platforms/filters-default/test.py
@@ -0,0 +1,2 @@
+def test(codeql, actions):
+    codeql.database.create(source_root="src")
--- a/actions/ql/integration-tests/filters/actions.default-filters.expected
+++ b/actions/ql/integration-tests/filters/actions.default-filters.expected
@@ -1,6 +0,0 @@
-| src/.github/action.yaml:1:1:11:32 | name: ' ... action' |
-| src/.github/actions/action-name/action.yml:1:1:11:32 | name: ' ... action' |
-| src/.github/workflows/workflow.yml:1:1:12:33 | name: A workflow |
-| src/action.yml:1:1:11:32 | name: ' ... action' |
-| src/excluded/action.yml:1:1:11:32 | name: ' ... action' |
-| src/included/action.yml:1:1:11:32 | name: ' ... action' |
--- a/actions/ql/integration-tests/filters/actions.paths-and-paths-ignore.expected
+++ b/actions/ql/integration-tests/filters/actions.paths-and-paths-ignore.expected
@@ -1,2 +0,0 @@
-| src/included/action.yml:1:1:11:32 | name: ' ... action' |
-| src/included/unreachable-workflow.yml:1:1:12:33 | name: A ... orkflow |
--- a/actions/ql/integration-tests/filters/actions.paths-only.expected
+++ b/actions/ql/integration-tests/filters/actions.paths-only.expected
@@ -1,2 +0,0 @@
-| src/included/action.yml:1:1:11:32 | name: ' ... action' |
-| src/included/unreachable-workflow.yml:1:1:12:33 | name: A ... orkflow |
--- a/actions/ql/integration-tests/filters/actions.ql
+++ b/actions/ql/integration-tests/filters/actions.ql
@@ -1,5 +0,0 @@
-import actions
-
-from AstNode n
-where n instanceof Workflow or n instanceof CompositeAction
-select n
--- a/actions/ql/integration-tests/filters/codeql-config.paths-and-paths-ignore.yml
+++ b/actions/ql/integration-tests/filters/codeql-config.paths-and-paths-ignore.yml
@@ -1,4 +0,0 @@
-paths:
-  - 'included'
-paths-ignore:
-  - 'excluded'
--- a/actions/ql/integration-tests/filters/codeql-config.paths-ignore-only.yml
+++ b/actions/ql/integration-tests/filters/codeql-config.paths-ignore-only.yml
@@ -1,2 +0,0 @@
-paths-ignore:
-  - 'excluded'
--- a/actions/ql/integration-tests/filters/codeql-config.paths-only.yml
+++ b/actions/ql/integration-tests/filters/codeql-config.paths-only.yml
@@ -1,2 +0,0 @@
-paths:
-  - 'included'
--- a/actions/ql/integration-tests/filters/source_archive.default-filters.expected
+++ b/actions/ql/integration-tests/filters/source_archive.default-filters.expected
@@ -1,6 +0,0 @@
-src/.github/action.yaml
-src/.github/actions/action-name/action.yml
-src/.github/workflows/workflow.yml
-src/action.yml
-src/excluded/action.yml
-src/included/action.yml
--- a/actions/ql/integration-tests/filters/source_archive.paths-and-paths-ignore.expected
+++ b/actions/ql/integration-tests/filters/source_archive.paths-and-paths-ignore.expected
@@ -1,3 +0,0 @@
-src/included/action.yml
-src/included/not-an-action.yml
-src/included/unreachable-workflow.yml
--- a/actions/ql/integration-tests/filters/source_archive.paths-ignore-only.expected
+++ b/actions/ql/integration-tests/filters/source_archive.paths-ignore-only.expected
@@ -1,5 +0,0 @@
-src/.github/action.yaml
-src/.github/actions/action-name/action.yml
-src/.github/workflows/workflow.yml
-src/action.yml
-src/included/action.yml
--- a/actions/ql/integration-tests/filters/source_archive.paths-only.expected
+++ b/actions/ql/integration-tests/filters/source_archive.paths-only.expected
@@ -1,3 +0,0 @@
-src/included/action.yml
-src/included/not-an-action.yml
-src/included/unreachable-workflow.yml
--- a/actions/ql/integration-tests/filters/src/excluded/action.yml
+++ b/actions/ql/integration-tests/filters/src/excluded/action.yml
@@ -1,11 +0,0 @@
-name: 'A composite action'
-description: 'Do something'
-runs:
-  using: "composite"
-  steps:
-    - name: Print
-      run: echo "Hello world"
-      shell: bash
-
-    - name: Checkout
-      uses: actions/checkout@v4
--- a/actions/ql/integration-tests/filters/src/included/action.yml
+++ b/actions/ql/integration-tests/filters/src/included/action.yml
@@ -1,11 +0,0 @@
-name: 'A composite action'
-description: 'Do something'
-runs:
-  using: "composite"
-  steps:
-    - name: Print
-      run: echo "Hello world"
-      shell: bash
-
-    - name: Checkout
-      uses: actions/checkout@v4
--- a/actions/ql/integration-tests/filters/src/included/not-an-action.yml
+++ b/actions/ql/integration-tests/filters/src/included/not-an-action.yml
@@ -1 +0,0 @@
-name: 'Not an action, just a YAML file'
--- a/actions/ql/integration-tests/filters/src/included/unreachable-workflow.yml
+++ b/actions/ql/integration-tests/filters/src/included/unreachable-workflow.yml
@@ -1,12 +0,0 @@
-name: An unreachable workflow
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  job:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
--- a/actions/ql/integration-tests/filters/src/unreachable-workflow.yml
+++ b/actions/ql/integration-tests/filters/src/unreachable-workflow.yml
@@ -1,12 +0,0 @@
-name: An unreachable workflow
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  job:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
--- a/actions/ql/integration-tests/filters/test.py
+++ b/actions/ql/integration-tests/filters/test.py
@@ -1,18 +0,0 @@
-import pytest
-
-@pytest.mark.ql_test(expected=".default-filters.expected")
-def test_default_filters(codeql, actions, check_source_archive):
-    check_source_archive.expected_suffix = ".default-filters.expected"
-    codeql.database.create(source_root="src")
-
-@pytest.mark.ql_test(expected=".paths-only.expected")
-def test_config_paths_only(codeql, actions):
-    codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-only.yml")
-
-@pytest.mark.ql_test(expected=".paths-ignore-only.expected")
-def test_config_paths_ignore_only(codeql, actions):
-    codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-ignore-only.yml")
-
-@pytest.mark.ql_test(expected=".paths-and-paths-ignore.expected")
-def test_config_paths_and_paths_ignore(codeql, actions):
-    codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-and-paths-ignore.yml")
--- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
+++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll
@@ -465,7 +465,7 @@ private predicate isFunctionConstructedFrom(Function f, Function templateFunc) {
 }

 /** Gets the fully templated version of `f`. */
-Function getFullyTemplatedFunction(Function f) {
+private Function getFullyTemplatedFunction(Function f) {
  not f.isFromUninstantiatedTemplate(_) and
  (
    exists(Class c, Class templateClass, int i |
@@ -559,15 +559,12 @@ private string getTypeName(Type t, boolean needsSpace) {

 /**
 * Gets a type name for the `n`'th parameter of `f` without any template
- * arguments.
- *
- * If `canonical = false` then the result may be a string representing a type
- * for which the typedefs have been resolved. If `canonical = true` then the
- * result will be a string representing a type without resolving `typedefs`.
+ * arguments. The result may be a string representing a type for which the
+ * typedefs have been resolved.
 */
 bindingset[f]
 pragma[inline_late]
-string getParameterTypeWithoutTemplateArguments(Function f, int n, boolean canonical) {
+string getParameterTypeWithoutTemplateArguments(Function f, int n) {
  exists(string s, string base, string specifiers, Type t |
    t = f.getParameter(n).getType() and
    // The name of the string can either be the possibly typedefed name
@@ -575,19 +572,14 @@ string getParameterTypeWithoutTemplateArguments(Function f, int n, boolean canon
    // `getTypeName(t, _)` is almost equal to `t.resolveTypedefs().getName()`,
    // except that `t.resolveTypedefs()` doesn't have a result when the
    // resulting type doesn't appear in the database.
-    (
-      s = t.getName() and canonical = true
-      or
-      s = getTypeName(t, _) and canonical = false
-    ) and
+    s = [t.getName(), getTypeName(t, _)] and
    parseAngles(s, base, _, specifiers) and
    result = base + specifiers
  )
  or
  f.isVarargs() and
  n = f.getNumberOfParameters() and
-  result = "..." and
-  canonical = true
+  result = "..."
 }

 /**
@@ -598,7 +590,7 @@ private string getTypeNameWithoutFunctionTemplates(Function f, int n, int remain
  exists(Function templateFunction |
    templateFunction = getFullyTemplatedFunction(f) and
    remaining = templateFunction.getNumberOfTemplateArguments() and
-    result = getParameterTypeWithoutTemplateArguments(templateFunction, n, _)
+    result = getParameterTypeWithoutTemplateArguments(templateFunction, n)
  )
  or
  exists(string mid, TypeTemplateParameter tp, Function templateFunction |
@@ -635,7 +627,7 @@ private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining
 }

 /** Gets the string representation of the `i`'th parameter of `c`. */
-string getParameterTypeName(Function c, int i) {
+private string getParameterTypeName(Function c, int i) {
  result = getTypeNameWithoutClassTemplates(c, i, 0)
 }

--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
@@ -371,7 +371,7 @@ private class PrimaryArgumentNode extends ArgumentNode, OperandNode {
  PrimaryArgumentNode() { exists(CallInstruction call | op = call.getAnArgumentOperand()) }

  override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) {
-    op = call.getArgumentOperand(pos.(DirectPosition).getArgumentIndex())
+    op = call.getArgumentOperand(pos.(DirectPosition).getIndex())
  }
 }

@@ -410,16 +410,8 @@ class ParameterPosition = Position;
 class ArgumentPosition = Position;

 abstract class Position extends TPosition {
-  /** Gets a textual representation of this position. */
  abstract string toString();

-  /**
-   * Gets the argument index of this position. The qualifier of a call has
-   * argument index `-1`.
-   */
-  abstract int getArgumentIndex();
-
-  /** Gets the indirection index of this position. */
  abstract int getIndirectionIndex();
 }

@@ -436,7 +428,7 @@ class DirectPosition extends Position, TDirectPosition {
    result = index.toString()
  }

-  override int getArgumentIndex() { result = index }
+  int getIndex() { result = index }

  final override int getIndirectionIndex() { result = 0 }
 }
@@ -453,29 +445,16 @@ class IndirectionPosition extends Position, TIndirectionPosition {
    else result = repeatStars(indirectionIndex) + argumentIndex.toString()
  }

-  override int getArgumentIndex() { result = argumentIndex }
+  int getArgumentIndex() { result = argumentIndex }

  final override int getIndirectionIndex() { result = indirectionIndex }
 }

 newtype TPosition =
-  TDirectPosition(int argumentIndex) {
-    exists(any(CallInstruction c).getArgument(argumentIndex))
-    or
-    // Handle the rare case where there is a function definition but no call to
-    // the function.
-    exists(any(Cpp::Function f).getParameter(argumentIndex))
-  } or
+  TDirectPosition(int argumentIndex) { exists(any(CallInstruction c).getArgument(argumentIndex)) } or
  TIndirectionPosition(int argumentIndex, int indirectionIndex) {
    Ssa::hasIndirectOperand(any(CallInstruction call).getArgumentOperand(argumentIndex),
      indirectionIndex)
-    or
-    // Handle the rare case where there is a function definition but no call to
-    // the function.
-    exists(Cpp::Function f, Cpp::Parameter p |
-      p = f.getParameter(argumentIndex) and
-      indirectionIndex = [1 .. Ssa::getMaxIndirectionsForType(p.getUnspecifiedType()) - 1]
-    )
  }

 private newtype TReturnKind =
@@ -522,15 +501,6 @@ class ReturnKind extends TReturnKind {

  /** Gets a textual representation of this return kind. */
  abstract string toString();
-
-  /** Holds if this `ReturnKind` is generated from a `return` statement. */
-  abstract predicate isNormalReturn();
-
-  /**
-   * Holds if this `ReturnKind` is generated from a write to the parameter with
-   * index `argumentIndex`
-   */
-  abstract predicate isIndirectReturn(int argumentIndex);
 }

 /**
@@ -544,10 +514,6 @@ class NormalReturnKind extends ReturnKind, TNormalReturnKind {
  override int getIndirectionIndex() { result = indirectionIndex }

  override string toString() { result = "indirect return" }
-
-  override predicate isNormalReturn() { any() }
-
-  override predicate isIndirectReturn(int argumentIndex) { none() }
 }

 /**
@@ -562,10 +528,6 @@ private class IndirectReturnKind extends ReturnKind, TIndirectReturnKind {
  override int getIndirectionIndex() { result = indirectionIndex }

  override string toString() { result = "indirect outparam[" + argumentIndex.toString() + "]" }
-
-  override predicate isNormalReturn() { none() }
-
-  override predicate isIndirectReturn(int argumentIndex_) { argumentIndex_ = argumentIndex }
 }

 /** A data flow node that occurs as the result of a `ReturnStmt`. */
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
@@ -1445,7 +1445,7 @@ private class ExplicitParameterInstructionNode extends AbstractExplicitParameter
  ExplicitParameterInstructionNode() { exists(instr.getParameter()) }

  override predicate isSourceParameterOf(Function f, ParameterPosition pos) {
-    f.getParameter(pos.(DirectPosition).getArgumentIndex()) = instr.getParameter()
+    f.getParameter(pos.(DirectPosition).getIndex()) = instr.getParameter()
  }

  override string toStringImpl() { result = instr.getParameter().toString() }
@@ -1460,7 +1460,7 @@ class ThisParameterInstructionNode extends AbstractExplicitParameterNode,
  ThisParameterInstructionNode() { instr.getIRVariable() instanceof IRThisVariable }

  override predicate isSourceParameterOf(Function f, ParameterPosition pos) {
-    pos.(DirectPosition).getArgumentIndex() = -1 and
+    pos.(DirectPosition).getIndex() = -1 and
    instr.getEnclosingFunction() = f
  }

@@ -1494,7 +1494,7 @@ private class DirectBodyLessParameterNode extends AbstractExplicitParameterNode,

  override predicate isSourceParameterOf(Function f, ParameterPosition pos) {
    this.getFunction() = f and
-    f.getParameter(pos.(DirectPosition).getArgumentIndex()) = p
+    f.getParameter(pos.(DirectPosition).getIndex()) = p
  }

  override Parameter getParameter() { result = p }
--- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll
@@ -229,11 +229,11 @@ private module SpeculativeTaintFlow {
      not exists(DataFlowDispatch::viableCallable(call)) and
      src.(DataFlowPrivate::ArgumentNode).argumentOf(call, argpos)
    |
-      not argpos.(DirectPosition).getArgumentIndex() = -1 and
+      not argpos.(DirectPosition).getIndex() = -1 and
      sink.(PostUpdateNode)
          .getPreUpdateNode()
          .(DataFlowPrivate::ArgumentNode)
-          .argumentOf(call, any(DirectPosition qualpos | qualpos.getArgumentIndex() = -1))
+          .argumentOf(call, any(DirectPosition qualpos | qualpos.getIndex() = -1))
      or
      sink.(DataFlowPrivate::OutNode).getCall() = call
    )
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs
@@ -424,7 +424,8 @@ namespace Semmle.Autobuild.CSharp.Tests
            return new CSharpAutobuilder(actions, options);
        }

-        private void SetupActionForDotnet()
+        [Fact]
+        public void TestDefaultCSharpAutoBuilder()
        {
            actions.RunProcess["cmd.exe /C dotnet --info"] = 0;
            actions.RunProcess[@"cmd.exe /C dotnet clean C:\Project\test.csproj"] = 0;
@@ -437,80 +438,20 @@ namespace Semmle.Autobuild.CSharp.Tests
            actions.GetEnvironmentVariable["CODEQL_EXTRACTOR_CSHARP_SCRATCH_DIR"] = "scratch";
            actions.EnumerateFiles[@"C:\Project"] = "foo.cs\nbar.cs\ntest.csproj";
            actions.EnumerateDirectories[@"C:\Project"] = "";
-        }
+            var xml = new XmlDocument();
+            xml.LoadXml(@"<Project Sdk=""Microsoft.NET.Sdk"">
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFramework>netcoreapp2.1</TargetFramework>
+  </PropertyGroup>

-        private void CreateAndVerifyDotnetScript(XmlDocument xml)
-        {
+</Project>");
            actions.LoadXml[@"C:\Project\test.csproj"] = xml;

            var autobuilder = CreateAutoBuilder(true);
            TestAutobuilderScript(autobuilder, 0, 4);
        }

-        [Fact]
-        public void TestDefaultCSharpAutoBuilder1()
-        {
-            SetupActionForDotnet();
-            var xml = new XmlDocument();
-            xml.LoadXml(
-            """
-            <Project Sdk="Microsoft.NET.Sdk">
-              <PropertyGroup>
-                <OutputType>Exe</OutputType>
-                <TargetFramework>netcoreapp2.1</TargetFramework>
-              </PropertyGroup>
-            </Project>
-            """);
-            CreateAndVerifyDotnetScript(xml);
-        }
-
-        [Fact]
-        public void TestDefaultCSharpAutoBuilder2()
-        {
-            SetupActionForDotnet();
-            var xml = new XmlDocument();
-
-            xml.LoadXml(
-            """
-            <Project>
-              <Sdk Name="Microsoft.NET.Sdk" />
-
-              <PropertyGroup>
-                <OutputType>Exe</OutputType>
-                <TargetFramework>net9.0</TargetFramework>
-                <ImplicitUsings>enable</ImplicitUsings>
-                <Nullable>enable</Nullable>
-              </PropertyGroup>
-            </Project>
-            """
-            );
-            CreateAndVerifyDotnetScript(xml);
-        }
-
-        [Fact]
-        public void TestDefaultCSharpAutoBuilder3()
-        {
-            SetupActionForDotnet();
-            var xml = new XmlDocument();
-
-            xml.LoadXml(
-            """
-            <Project>
-              <Import Project="Sdk.props" Sdk="Microsoft.NET.Sdk" />
-
-              <PropertyGroup>
-                <OutputType>Exe</OutputType>
-                <TargetFramework>net9.0</TargetFramework>
-                <ImplicitUsings>enable</ImplicitUsings>
-                <Nullable>enable</Nullable>
-              </PropertyGroup>
-              <Import Project="Sdk.targets" Sdk="Microsoft.NET.Sdk" />
-            </Project>
-            """
-            );
-            CreateAndVerifyDotnetScript(xml);
-        }
-
        [Fact]
        public void TestLinuxCSharpAutoBuilder()
        {
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/Project.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/Project.cs
@@ -3,6 +3,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Xml;
+using Semmle.Util.Logging;

 namespace Semmle.Autobuild.Shared
 {
@@ -25,26 +26,6 @@ namespace Semmle.Autobuild.Shared
        private readonly Lazy<List<Project<TAutobuildOptions>>> includedProjectsLazy;
        public override IEnumerable<IProjectOrSolution> IncludedProjects => includedProjectsLazy.Value;

-        private static bool HasSdkAttribute(XmlElement xml) =>
-            xml.HasAttribute("Sdk");
-
-        private static bool AnyElement(XmlNodeList l, Func<XmlElement, bool> f) =>
-            l.OfType<XmlElement>().Any(f);
-
-        /// <summary>
-        /// According to https://learn.microsoft.com/en-us/visualstudio/msbuild/how-to-use-project-sdk?view=vs-2022#reference-a-project-sdk
-        /// there are three ways to reference a project SDK:
-        ///  1. As an attribute on the <Project/>.
-        ///  2. As a top level element of <Project>.
-        ///  3. As an attribute on an <Import> element.
-        ///
-        /// Returns true, if the Sdk attribute is used, otherwise false.
-        /// </summary>
-        private static bool ReferencesSdk(XmlElement xml) =>
-            HasSdkAttribute(xml) || // Case 1
-            AnyElement(xml.ChildNodes, e => e.Name == "Sdk") || // Case 2
-            AnyElement(xml.GetElementsByTagName("Import"), HasSdkAttribute); // Case 3
-
        public Project(Autobuilder<TAutobuildOptions> builder, string path) : base(builder, path)
        {
            ToolsVersion = new Version();
@@ -68,7 +49,7 @@ namespace Semmle.Autobuild.Shared

            if (root?.Name == "Project")
            {
-                if (ReferencesSdk(root))
+                if (root.HasAttribute("Sdk"))
                {
                    DotNetProject = true;
                    return;
--- a/csharp/ql/integration-tests/all-platforms/diag_missing_project_files/test.py
+++ b/csharp/ql/integration-tests/all-platforms/diag_missing_project_files/test.py
@@ -1,8 +1,2 @@
-import pytest
-import runs_on
-
-
-# Skipping the test on macos-15, as we're running into trouble.
-@pytest.mark.only_if(not runs_on.macos_15)
 def test(codeql, csharp):
    codeql.database.create(_assert_failure=True)
--- a/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py
+++ b/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py
@@ -3,11 +3,8 @@ import pytest
 import os


-# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget.
-@pytest.mark.only_if(
-    runs_on.linux
-    or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15)
-)
+# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget.
+@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64))
 def test(codeql, csharp):
    os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_DOTNET_FRAMEWORK_REFERENCES"] = (
        "/non-existent-path"
--- a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget
+++ b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget
@@ -3,11 +3,8 @@ import runs_on
 import pytest


-# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget.
-@pytest.mark.only_if(
-    runs_on.linux
-    or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15)
-)
+# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget.
+@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64))
 def test(codeql, csharp):
    # making sure we're not doing any fallback restore:
    os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_TIMEOUT"] = "1"
--- a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py
+++ b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py
@@ -2,10 +2,7 @@ import runs_on
 import pytest


-# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget.
-@pytest.mark.only_if(
-    runs_on.linux
-    or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15)
-)
+# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget.
+@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64))
 def test(codeql, csharp):
    codeql.database.create(build_mode="none")
--- a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py
+++ b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py
@@ -3,9 +3,6 @@ import pytest


 # Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget.
-@pytest.mark.only_if(
-    runs_on.linux
-    or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15)
-)
+@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64))
 def test(codeql, csharp):
    codeql.database.create(source_root="proj", build_mode="none")
--- a/csharp/ql/lib/change-notes/2025-04-11-auto-builder-sdk.md
+++ b/csharp/ql/lib/change-notes/2025-04-11-auto-builder-sdk.md
@@ -1,4 +0,0 @@
---
-category: minorAnalysis
---
-* Improved autobuilder logic for detecting whether a project references a SDK (and should be built using `dotnet`).
--- a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
+++ b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
@@ -22,16 +22,10 @@ module ModelGeneratorInput implements ModelGeneratorInputSig<Location, CsharpDat

  class Callable = CS::Callable;

-  class NodeExtended = CS::DataFlow::Node;
-
-  Callable getAsExprEnclosingCallable(NodeExtended node) {
-    result = node.asExpr().getEnclosingCallable()
+  class NodeExtended extends CS::DataFlow::Node {
+    Callable getAsExprEnclosingCallable() { result = this.asExpr().getEnclosingCallable() }
  }

-  Callable getEnclosingCallable(NodeExtended node) { result = node.getEnclosingCallable() }
-
-  Parameter asParameter(NodeExtended node) { result = node.asParameter() }
-
  /**
   * Holds if any of the parameters of `api` are `System.Func<>`.
   */
--- a/docs/codeql/codeql-language-guides/codeql-for-actions.rst
+++ b/docs/codeql/codeql-language-guides/codeql-for-actions.rst
@@ -12,6 +12,6 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
   codeql-library-for-actions
   customizing-library-models-for-actions

-  :doc:`CodeQL library for GitHub Actions <codeql-library-for-actions>`: When you're analyzing GitHub Actions code, you can make use of the large collection of classes in the CodeQL library for GitHub Actions.
+-  :doc:`CodeQL library for GitHub Actions <codeql-library-for-actions>`: When you're analyzing a Ruby program, you can make use of the large collection of classes in the CodeQL library for GitHub Actions.

 -  :doc:`Customizing library models for GitHub Actions <customizing-library-models-for-actions>`: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs.
--- a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst
+++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst
@@ -95,7 +95,7 @@ to all AST classes:
   * - ``getAChildNode()``
     - Gets a child node of this node.
   * - ``getParentNode()``
-     - Gets the parent of this ``AstNode``, if this node is not a root node.
+     - Gets the parent of this `AstNode`, if this node is not a root node.
   * - ``getATriggerEvent()``
     - Gets an Actions trigger event that can start the enclosing Actions workflow, if any.
     
@@ -104,9 +104,9 @@ Workflows
 ~~~~~~~~~

 A workflow is a configurable automated process made up of one or more jobs,
-defined in a workflow YAML file in the ``.github/workflows`` directory of a GitHub repository.
+defined in a workflow YAML file in the `.github/workflows` directory of a GitHub repository.

-In the CodeQL AST library, a ``Workflow`` is an ``AstNode`` representing the mapping at the top level of an Actions YAML workflow file.
+In the CodeQL AST library, a `Workflow` is an `AstNode` representing the mapping at the top level of an Actions YAML workflow file.

 See the GitHub Actions documentation on `workflows <https://docs.github.com/en/actions/writing-workflows/about-workflows>`__ and `workflow syntax <https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions>`__ for more information.

@@ -116,17 +116,16 @@ See the GitHub Actions documentation on `workflows <https://docs.github.com/en/a
   * - CodeQL class
     - Description and selected predicates
   * - ``Workflow``
-     -  An Actions workflow, defined as a mapping at the top level of a workflow YAML file in ``.github/workflows``. See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions.
+     -  An Actions workflow, defined as a mapping at the top level of a workflow YAML file in `.github/workflows`. See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions.
+        - `getAJob()` - Gets a job within the `jobs` mapping of this workflow.
+        - `getEnv()` - Gets an `env` mapping within this workflow declaring workflow-level environment variables, if any.
+        - `getJob(string jobId)` - Gets a job within the `jobs` mapping of this workflow with the given job ID.
+        - `getOn()` - Gets the `on` mapping defining the events that trigger this workflow.
+        - `getPermissions()` - Gets a `permissions` mapping within this workflow declaring workflow-level token permissions, if any.
+        - `getStrategy()` - Gets a `strategy` mapping for the jobs in this workflow, if any.
+        - `getName()` - Gets the name of this workflow, if defined within the workflow.

-        - ``getAJob()`` - Gets a job within the ``jobs`` mapping of this workflow.
-        - ``getEnv()`` - Gets an ``env`` mapping within this workflow declaring workflow-level environment variables, if any.
-        - ``getJob(string jobId)`` - Gets a job within the ``jobs`` mapping of this workflow with the given job ID.
-        - ``getOn()`` - Gets the ``on`` mapping defining the events that trigger this workflow.
-        - ``getPermissions()`` - Gets a ``permissions`` mapping within this workflow declaring workflow-level token permissions, if any.
-        - ``getStrategy()`` - Gets a ``strategy`` mapping for the jobs in this workflow, if any.
-        - ``getName()`` - Gets the name of this workflow, if defined within the workflow.
-
-The following example lists all jobs in a workflow with the name declaration ``name: test``:
+The following example lists all jobs in a workflow with the name declaration `name: test`:

 .. code-block:: ql

--- a/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst
+++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst
@@ -1,6 +1,6 @@
 .. _customizing-library-models-for-actions:

-Customizing library models for GitHub Actions
+Customizing Library Models for GitHub Actions
 =============================================

 .. include:: ../reusables/beta-note-customizing-library-models.rst
--- a/docs/codeql/codeql-language-guides/customizing-library-models-for-ruby.rst
+++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-ruby.rst
@@ -1,7 +1,7 @@
 .. _customizing-library-models-for-ruby:


-Customizing library models for Ruby
+Customizing Library Models for Ruby
 ===================================

 .. include:: ../reusables/beta-note-customizing-library-models.rst
--- a/docs/codeql/codeql-language-guides/index.rst
+++ b/docs/codeql/codeql-language-guides/index.rst
@@ -7,9 +7,9 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat

 .. toctree::

+   codeql-for-actions
   codeql-for-cpp
   codeql-for-csharp
-   codeql-for-actions
   codeql-for-go
   codeql-for-java
   codeql-for-javascript
--- a/docs/codeql/query-help/index.rst
+++ b/docs/codeql/query-help/index.rst
@@ -29,9 +29,9 @@ For a full list of the CWEs covered by these queries, see ":doc:`CodeQL CWE cove
   :hidden:
   :titlesonly:

+   actions
   cpp
   csharp
-   actions
   go
   java
   javascript
--- a/docs/codeql/reusables/supported-frameworks.rst
+++ b/docs/codeql/reusables/supported-frameworks.rst
@@ -54,8 +54,8 @@ and the CodeQL library pack ``codeql/actions-all`` (`changelog <https://github.c
   :align: left

   Name, Category
-   `GitHub Actions workflow YAML files <https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions>`__, Workflows
-   `GitHub Actions action metadata YAML files <https://docs.github.com/en/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions>`__, Actions
+   `GitHub Actions workflow YAML files <https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions>`, Workflows
+   `GitHub Actions action metadata YAML files <https://docs.github.com/en/actions/sharing-automations/creating-actions/metadata-syntax-for-github-actions>`, Actions

 Go built-in support
 ================================
--- a/go/documentation/library-coverage/coverage.csv
+++ b/go/documentation/library-coverage/coverage.csv
@@ -56,7 +56,7 @@ github.com/gobuffalo/envy,,7,,,,,,,,,,,,,,,,,,,,7,,,,,
 github.com/gobwas/ws,,2,,,,,,,,,,,,,,,,,,,,,,2,,,
 github.com/gofiber/fiber,5,,,,,,,,4,,,,,,,,,1,,,,,,,,,
 github.com/gogf/gf-jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,,,
-github.com/gogf/gf/database/gdb,51,39,21,,,,,,,,,,,,51,,,,,,39,,,,,21,
+github.com/gogf/gf/database/gdb,51,,,,,,,,,,,,,,51,,,,,,,,,,,,
 github.com/going/toolkit/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,,
 github.com/golang-jwt/jwt,3,,11,,2,1,,,,,,,,,,,,,,,,,,,,11,
 github.com/golang/glog,90,,,,,,90,,,,,,,,,,,,,,,,,,,,
@@ -94,7 +94,7 @@ github.com/sendgrid/sendgrid-go/helpers/mail,,,1,,,,,,,,,,,,,,,,,,,,,,,1,
 github.com/sirupsen/logrus,145,,,,,,145,,,,,,,,,,,,,,,,,,,,
 github.com/spf13/afero,34,,,,,,,,34,,,,,,,,,,,,,,,,,,
 github.com/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,,,4,
-github.com/uptrace/bun,63,8,,,,,,,,,,,,,63,,,,,,8,,,,,,
+github.com/uptrace/bun,63,,,,,,,,,,,,,,63,,,,,,,,,,,,
 github.com/valyala/fasthttp,35,50,5,,,,,,8,,,,17,8,,2,,,,,,,,50,,5,
 go.mongodb.org/mongo-driver/mongo,14,11,5,,,,,14,,,,,,,,,,,,,11,,,,,5,
 go.uber.org/zap,33,,11,,,,33,,,,,,,,,,,,,,,,,,,11,
--- a/go/documentation/library-coverage/coverage.rst
+++ b/go/documentation/library-coverage/coverage.rst
@@ -8,7 +8,7 @@ Go framework & library support

   Framework / library,Package,Flow sources,Taint & value steps,Sinks (total)
   `Afero <https://github.com/spf13/afero>`_,``github.com/spf13/afero*``,,,34
-   `Bun <https://bun.uptrace.dev/>`_,``github.com/uptrace/bun*``,8,,63
+   `Bun <https://bun.uptrace.dev/>`_,``github.com/uptrace/bun*``,,,63
   `CleverGo <https://github.com/clevergo/clevergo>`_,"``clevergo.tech/clevergo*``, ``github.com/clevergo/clevergo*``",,,2
   `Couchbase official client(gocb) <https://github.com/couchbase/gocb>`_,"``github.com/couchbase/gocb*``, ``gopkg.in/couchbase/gocb*``",44,96,16
   `Couchbase unofficial client <http://www.github.com/couchbase/go-couchbase>`_,``github.com/couchbaselabs/gocb*``,22,48,8
@@ -22,7 +22,7 @@ Go framework & library support
   `Go kit <https://gokit.io/>`_,``github.com/go-kit/kit*``,,,1
   `Go-spew <https://github.com/davecgh/go-spew>`_,``github.com/davecgh/go-spew/spew*``,,,9
   `GoDotEnv <https://github.com/joho/godotenv>`_,``github.com/joho/godotenv*``,4,,
-   `GoFrame <https://goframe.org/en/>`_,``github.com/gogf/gf*``,39,21,51
+   `GoFrame <https://goframe.org/en/>`_,``github.com/gogf/gf*``,,,51
   `Gokogiri <https://github.com/moovweb/gokogiri>`_,"``github.com/jbowtie/gokogiri*``, ``github.com/moovweb/gokogiri*``",,,10
   `Iris <https://www.iris-go.com/>`_,``github.com/kataras/iris*``,,,14
   `Kubernetes <https://kubernetes.io/>`_,"``k8s.io/api*``, ``k8s.io/apimachinery*``",,57,
@@ -74,5 +74,5 @@ Go framework & library support
   `yaml <https://gopkg.in/yaml.v3>`_,``gopkg.in/yaml*``,,9,
   `zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,33
   Others,``github.com/kanikanema/gorqlite``,8,2,24
-   Totals,,688,1069,1556
+   Totals,,641,1048,1556

--- a/go/extractor/go.mod
+++ b/go/extractor/go.mod
@@ -10,7 +10,7 @@ toolchain go1.24.0
 //    bazel mod tidy
 require (
 	golang.org/x/mod v0.24.0
-	golang.org/x/tools v0.32.0
+	golang.org/x/tools v0.31.0
 )

-require golang.org/x/sync v0.13.0 // indirect
+require golang.org/x/sync v0.12.0 // indirect
--- a/go/extractor/go.sum
+++ b/go/extractor/go.sum
@@ -2,7 +2,7 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
 github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU=
 golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww=
-golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610=
-golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
-golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU=
-golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s=
+golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw=
+golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU=
+golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ=
--- a/go/extractor/toolchain/toolchain.go
+++ b/go/extractor/toolchain/toolchain.go
@@ -259,7 +259,7 @@ func GetPkgsInfo(patterns []string, includingDeps bool, extractTests bool, flags
 			break
 		}
 		if decErr != nil {
-			log.Printf("Error decoding output of go list -json: %s", decErr.Error())
+			log.Printf("Error decoding output of go list -json: %s", err.Error())
 			return nil, decErr
 		}
 		pkgAbsDir, err := filepath.Abs(pkgInfo.Dir)
--- a/go/ql/src/CallGraph.ql
+++ b/go/ql/src/CallGraph.ql
@@ -1,15 +0,0 @@
-/**
- * @name Call graph
- * @description Generates the call graph for the program.
- * @kind graph
- * @id go/call-graph
- */
-
-import go
-import semmle.go.dataflow.DataFlow
-
-query predicate edges(CallExpr call, Function f, string key, string value) {
-  call.getTarget() = f and
-  key = "semmle.label" and
-  value = f.getQualifiedName()
-}
--- a/go/ql/test/experimental/CWE-285/vendor/modules.txt
+++ b/go/ql/test/experimental/CWE-285/vendor/modules.txt
@@ -1,3 +1,3 @@
 # github.com/msteinert/pam v1.0.0
 ## explicit
-github.com/msteinert/pam
+github.com/msteinert/pam
--- a/go/ql/test/experimental/CWE-321-V2/vendor/modules.txt
+++ b/go/ql/test/experimental/CWE-321-V2/vendor/modules.txt
@@ -1,6 +1,6 @@
 # github.com/go-jose/go-jose/v3 v3.0.0
 ## explicit
-github.com/go-jose/go-jose/v3/jwt
+github.com/go-jose/go-jose/v3
 # github.com/golang-jwt/jwt/v5 v5.0.0
 ## explicit
 github.com/golang-jwt/jwt/v5
--- a/go/ql/test/experimental/CWE-522-DecompressionBombs/vendor/modules.txt
+++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/vendor/modules.txt
@@ -3,20 +3,13 @@
 github.com/DataDog/zstd
 # github.com/dsnet/compress v0.0.1
 ## explicit
-github.com/dsnet/compress/bzip2
-github.com/dsnet/compress/flate
+github.com/dsnet/compress
 # github.com/golang/snappy v0.0.4
 ## explicit
 github.com/golang/snappy
 # github.com/klauspost/compress v1.16.6
 ## explicit
-github.com/klauspost/compress/zstd
-github.com/klauspost/compress/snappy
-github.com/klauspost/compress/s2
-github.com/klauspost/compress/zlib
-github.com/klauspost/compress/zip
-github.com/klauspost/compress/flate
-github.com/klauspost/compress/gzip
+github.com/klauspost/compress
 # github.com/klauspost/pgzip v1.2.6
 ## explicit
 github.com/klauspost/pgzip
--- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go
+++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go
@@ -7,6 +7,8 @@
 // Package glog is a stub of github.com/golang/glog, generated by depstubber.
 package glog

+import ()
+
 func Error(_ ...interface{}) {}

 func ErrorDepth(_ int, _ ...interface{}) {}
--- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go
+++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go
@@ -7,6 +7,8 @@
 // Package klog is a stub of k8s.io/klog, generated by depstubber.
 package klog

+import ()
+
 func Error(_ ...interface{}) {}

 func ErrorDepth(_ int, _ ...interface{}) {}
--- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt
@@ -1,9 +1,14 @@
+# github.com/github/depstubber v0.0.0-20200916130315-f3217697abd4
+## explicit
 # github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
 ## explicit
 github.com/golang/glog
 # github.com/sirupsen/logrus v1.7.0
 ## explicit
 github.com/sirupsen/logrus
+# golang.org/x/sys v0.0.0-20191026070338-33540a1f6037
+golang.org/x/sys/unix
+golang.org/x/sys/windows
 # k8s.io/klog v1.0.0
 ## explicit
 k8s.io/klog
--- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt
@@ -1,10 +1,6 @@
 # github.com/astaxie/beego v1.12.3
 ## explicit
 github.com/astaxie/beego
-github.com/astaxie/beego/context
-github.com/astaxie/beego/logs
-github.com/astaxie/beego/utils
 # github.com/beego/beego/v2 v2.1.2
 ## explicit
-github.com/beego/beego/v2/server/web
-github.com/beego/beego/v2/server/web/context
+github.com/beego/beego/v2
--- a/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/vendor/modules.txt
@@ -3,4 +3,3 @@
 github.com/elazarl/goproxy
 # github.com/github/depstubber v0.0.0-20201214172518-12c3da4b7c9d
 ## explicit
-github.com/github/depstubber
--- a/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go
@@ -7,6 +7,8 @@
 // Package mail is a stub of github.com/sendgrid/sendgrid-go/helpers/mail, generated by depstubber.
 package mail

+import ()
+
 type Asm struct {
 	GroupID         int
 	GroupsToDisplay []int
--- a/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/modules.txt
@@ -1,3 +1,3 @@
 # github.com/sendgrid/sendgrid-go v3.5.0+incompatible
 ## explicit
-github.com/sendgrid/sendgrid-go/helpers/mail
+github.com/sendgrid/sendgrid-go
--- a/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/modules.txt
@@ -1,4 +1,3 @@
 # github.com/gin-gonic/gin v1.6.2
 ## explicit
 github.com/gin-gonic/gin
-github.com/gin-gonic/gin/binding
--- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt
@@ -1,11 +1,6 @@
 # go-micro.dev/v4 v4.10.2
 ## explicit
 go-micro.dev/v4
-go-micro.dev/v4/api
-go-micro.dev/v4/client
-go-micro.dev/v4/server
 # google.golang.org/protobuf v1.28.1
 ## explicit
-google.golang.org/protobuf/proto
-google.golang.org/protobuf/reflect/protoreflect
-google.golang.org/protobuf/runtime/protoimpl
+google.golang.org/protobuf
--- a/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt
@@ -1,6 +1,6 @@
 # github.com/kataras/iris/v12 v12.2.5
 ## explicit
-github.com/kataras/iris/v12/context
+github.com/kataras/iris/v12
 # github.com/Shopify/goreferrer v0.0.0-20220729165902-8cddb4f5de06
 ## explicit
 github.com/Shopify/goreferrer
--- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/api/core/v1/stub.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/api/core/v1/stub.go
@@ -7,6 +7,8 @@
 // Package core is a stub of k8s.io/api/core/v1, generated by depstubber.
 package core

+import ()
+
 type Secret struct {
 	TypeMeta   interface{}
 	ObjectMeta interface{}
--- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/apimachinery/pkg/runtime/stub.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/apimachinery/pkg/runtime/stub.go
@@ -7,6 +7,8 @@
 // Package runtime is a stub of k8s.io/apimachinery/pkg/runtime, generated by depstubber.
 package runtime

+import ()
+
 type ProtobufMarshaller interface {
 	MarshalTo(_ []byte) (int, error)
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/modules.txt
@@ -1,7 +1,6 @@
 # k8s.io/api v0.20.0
 ## explicit
-k8s.io/api/core/v1
-k8s.io/apimachinery/pkg/runtime
+k8s.io/api
 # k8s.io/apimachinery v0.20.0
 ## explicit
-k8s.io/apimachinery/pkg/runtime
+k8s.io/apimachinery
--- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/k8s.io/apimachinery/pkg/runtime/schema/stub.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/k8s.io/apimachinery/pkg/runtime/schema/stub.go
@@ -7,6 +7,8 @@
 // Package schema is a stub of k8s.io/apimachinery/pkg/runtime/schema, generated by depstubber.
 package schema

+import ()
+
 type GroupKind struct {
 	Group string
 	Kind  string
--- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/modules.txt
@@ -1,5 +1,3 @@
 # k8s.io/apimachinery v0.19.4
 ## explicit
-k8s.io/apimachinery/pkg/conversion
-k8s.io/apimachinery/pkg/runtime
-k8s.io/apimachinery/pkg/runtime/schema
+k8s.io/apimachinery
--- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/vendor/modules.txt
@@ -18,7 +18,7 @@ golang.org/x/oauth2
 golang.org/x/time
 # k8s.io/client-go v0.19.0
 ## explicit
-k8s.io/client-go/kubernetes/typed/core/v1
+k8s.io/client-go
 # k8s.io/utils v0.0.0-20201110183641-67b214c5f920
 ## explicit
 k8s.io/utils
--- a/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/vendor/modules.txt
@@ -1,3 +1,6 @@
+# go.mongodb.org/mongo-driver v1.3.2
+## explicit
+go.mongodb.org/mongo-driver
 # github.com/couchbase/gocb/v2 v2.2.0
 ## explicit
 github.com/couchbase/gocb/v2
@@ -7,10 +10,6 @@ github.com/google/uuid
 # github.com/opentracing/opentracing-go v1.2.0
 ## explicit
 github.com/opentracing/opentracing-go
-# go.mongodb.org/mongo-driver v1.3.2
-## explicit
-go.mongodb.org/mongo-driver/bson
-go.mongodb.org/mongo-driver/mongo
 # gopkg.in/couchbase/gocb.v1 v1.6.7
 ## explicit
 gopkg.in/couchbase/gocb.v1
--- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/vendor/modules.txt
@@ -3,9 +3,7 @@
 github.com/go-stack/stack
 # github.com/revel/modules v1.0.0
 ## explicit
-github.com/revel/modules/orm/gorp/app/controllers
-github.com/revel/modules/static/app/controllers
+github.com/revel/modules
 # github.com/revel/revel v1.0.0
 ## explicit
 github.com/revel/revel
-github.com/revel/revel/logger
--- a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt
@@ -1,7 +1,6 @@
 # github.com/gogf/gf v1.16.9
 ## explicit
-github.com/gogf/gf/database/gdb
-github.com/gogf/gf/frame/g
+github.com/gogf/gf
 # github.com/BurntSushi/toml v0.3.1
 ## explicit
 github.com/BurntSushi/toml
--- a/go/ql/test/library-tests/semmle/go/frameworks/SQL/pg.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/pg.go
@@ -1,7 +1,7 @@
 package main

 //go:generate depstubber -vendor github.com/go-pg/pg Conn,DB,Tx Q
-//go:generate depstubber -vendor github.com/go-pg/pg/orm Query,Formatter Q
+//go:generate depstubber -vendor github.com/go-pg/pg/orm Query Q
 //go:generate depstubber -vendor github.com/go-pg/pg/v9 Conn,DB,Tx Q

 import (
--- a/go/ql/test/library-tests/semmle/go/frameworks/SQL/vendor/github.com/go-pg/pg/orm/stub.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/vendor/github.com/go-pg/pg/orm/stub.go
@@ -2,7 +2,7 @@
 // This is a simple stub for github.com/go-pg/pg/orm, strictly for use in testing.

 // See the LICENSE file for information about the licensing of the original library.
-// Source: github.com/go-pg/pg/orm (exports: Query,Formatter; functions: Q)
+// Source: github.com/go-pg/pg/orm (exports: Query, Formatter; functions: Q)

 // Package orm is a stub of github.com/go-pg/pg/orm, generated by depstubber.
 package orm
@@ -94,34 +94,6 @@ func (_ *Field) Value(_ reflect.Value) reflect.Value {
 	return reflect.Value{}
 }

-type Formatter struct{}
-
-func (_ Formatter) Append(_ []byte, _ string, _ ...interface{}) []byte {
-	return nil
-}
-
-func (_ Formatter) AppendBytes(_ []byte, _ []byte, _ ...interface{}) []byte {
-	return nil
-}
-
-func (_ Formatter) FormatQuery(_ []byte, _ string, _ ...interface{}) []byte {
-	return nil
-}
-
-func (_ Formatter) Param(_ string) interface{} {
-	return nil
-}
-
-func (_ Formatter) String() string {
-	return ""
-}
-
-func (_ Formatter) WithParam(_ string, _ interface{}) Formatter {
-	return Formatter{}
-}
-
-func (_ *Formatter) SetParam(_ string, _ interface{}) {}
-
 type Method struct {
 	Index int
 }
@@ -519,3 +491,18 @@ type TableModel interface {
 	Table() *Table
 	Value() reflect.Value
 }
+
+type Formatter struct {
+}
+
+func (f Formatter) Append(dst []byte, src string, params ...interface{}) []byte {
+	return nil
+}
+
+func (f Formatter) AppendBytes(dst, src []byte, params ...interface{}) []byte {
+	return nil
+}
+
+func (f Formatter) FormatQuery(dst []byte, query string, params ...interface{}) []byte {
+	return nil
+}
--- a/go/ql/test/library-tests/semmle/go/frameworks/Spew/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Spew/vendor/modules.txt
@@ -1,6 +1,6 @@
 # github.com/davecgh/go-spew v1.1.1
 ## explicit
-github.com/davecgh/go-spew/spew
+github.com/davecgh/go-spew
 # github.com/github/depstubber v0.0.0-20200916130315-f3217697abd4
 ## explicit
 github.com/github/depstubber
--- a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/github.com/codeskyblue/go-sh/stub.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/github.com/codeskyblue/go-sh/stub.go
@@ -1,11 +1,10 @@
 // Code generated by depstubber. DO NOT EDIT.
 // This is a simple stub for github.com/codeskyblue/go-sh, strictly for use in testing.

-// See the LICENSE file for information about the licensing of the original library.
 // Source: github.com/codeskyblue/go-sh (exports: ; functions: Command,InteractiveSession)

-// Package go_pkg is a stub of github.com/codeskyblue/go-sh, generated by depstubber.
-package go_pkg
+// Package go_sh is a stub of github.com/codeskyblue/go-sh, generated by depstubber.
+package go_sh

 import (
 	io "io"
@@ -33,11 +32,15 @@ type Session struct {

 func (_ *Session) Alias(_ string, _ string, _ ...string) {}

-func (_ *Session) Call(_ string, _ ...interface{}) error {
+func (_ *Session) Call(_ string, _ ...interface{}) interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) CombinedOutput() ([]byte, error) {
+func (_ *Session) CombinedOutput() ([]uint8, interface {
+	Error() string
+}) {
 	return nil, nil
 }

@@ -47,11 +50,15 @@ func (_ *Session) Command(_ string, _ ...interface{}) *Session {

 func (_ *Session) Kill(_ os.Signal) {}

-func (_ *Session) Output() ([]byte, error) {
+func (_ *Session) Output() ([]uint8, interface {
+	Error() string
+}) {
 	return nil, nil
 }

-func (_ *Session) Run() error {
+func (_ *Session) Run() interface {
+	Error() string
+} {
 	return nil
 }

@@ -75,7 +82,9 @@ func (_ *Session) SetTimeout(_ time.Duration) *Session {
 	return nil
 }

-func (_ *Session) Start() error {
+func (_ *Session) Start() interface {
+	Error() string
+} {
 	return nil
 }

@@ -83,22 +92,32 @@ func (_ *Session) Test(_ string, _ string) bool {
 	return false
 }

-func (_ *Session) UnmarshalJSON(_ interface{}) error {
+func (_ *Session) UnmarshalJSON(_ interface{}) interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) UnmarshalXML(_ interface{}) error {
+func (_ *Session) UnmarshalXML(_ interface{}) interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) Wait() error {
+func (_ *Session) Wait() interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) WaitTimeout(_ time.Duration) error {
+func (_ *Session) WaitTimeout(_ time.Duration) interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) WriteStdout(_ string) error {
+func (_ *Session) WriteStdout(_ string) interface {
+	Error() string
+} {
 	return nil
 }
--- a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/golang.org/x/crypto/ssh/stub.go
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/golang.org/x/crypto/ssh/stub.go
@@ -1,7 +1,6 @@
 // Code generated by depstubber. DO NOT EDIT.
 // This is a simple stub for golang.org/x/crypto/ssh, strictly for use in testing.

-// See the LICENSE file for information about the licensing of the original library.
 // Source: golang.org/x/crypto/ssh (exports: Session; functions: )

 // Package ssh is a stub of golang.org/x/crypto/ssh, generated by depstubber.
@@ -17,70 +16,102 @@ type Session struct {
 	Stderr io.Writer
 }

-func (_ *Session) Close() error {
+func (_ *Session) Close() interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) CombinedOutput(_ string) ([]byte, error) {
+func (_ *Session) CombinedOutput(_ string) ([]uint8, interface {
+	Error() string
+}) {
 	return nil, nil
 }

-func (_ *Session) Output(_ string) ([]byte, error) {
+func (_ *Session) Output(_ string) ([]uint8, interface {
+	Error() string
+}) {
 	return nil, nil
 }

-func (_ *Session) RequestPty(_ string, _ int, _ int, _ TerminalModes) error {
+func (_ *Session) RequestPty(_ string, _ int, _ int, _ TerminalModes) interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) RequestSubsystem(_ string) error {
+func (_ *Session) RequestSubsystem(_ string) interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) Run(_ string) error {
+func (_ *Session) Run(_ string) interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) SendRequest(_ string, _ bool, _ []byte) (bool, error) {
+func (_ *Session) SendRequest(_ string, _ bool, _ []uint8) (bool, interface {
+	Error() string
+}) {
 	return false, nil
 }

-func (_ *Session) Setenv(_ string, _ string) error {
+func (_ *Session) Setenv(_ string, _ string) interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) Shell() error {
+func (_ *Session) Shell() interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) Signal(_ Signal) error {
+func (_ *Session) Signal(_ Signal) interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) Start(_ string) error {
+func (_ *Session) Start(_ string) interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) StderrPipe() (io.Reader, error) {
+func (_ *Session) StderrPipe() (io.Reader, interface {
+	Error() string
+}) {
 	return nil, nil
 }

-func (_ *Session) StdinPipe() (io.WriteCloser, error) {
+func (_ *Session) StdinPipe() (io.WriteCloser, interface {
+	Error() string
+}) {
 	return nil, nil
 }

-func (_ *Session) StdoutPipe() (io.Reader, error) {
+func (_ *Session) StdoutPipe() (io.Reader, interface {
+	Error() string
+}) {
 	return nil, nil
 }

-func (_ *Session) Wait() error {
+func (_ *Session) Wait() interface {
+	Error() string
+} {
 	return nil
 }

-func (_ *Session) WindowChange(_ int, _ int) error {
+func (_ *Session) WindowChange(_ int, _ int) interface {
+	Error() string
+} {
 	return nil
 }

 type Signal string

-type TerminalModes map[byte]uint32
+type TerminalModes map[uint8]uint32
--- a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/modules.txt
@@ -3,4 +3,4 @@
 github.com/codeskyblue/go-sh
 # golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59
 ## explicit
-golang.org/x/crypto/ssh
+golang.org/x/crypto
--- a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/vendor/modules.txt
@@ -9,7 +9,7 @@ github.com/gorilla/websocket
 github.com/sacOO7/gowebsocket
 # golang.org/x/net v0.0.0-20200505041828-1ed23360d12c
 ## explicit
-golang.org/x/net/websocket
+golang.org/x/net
 # nhooyr.io/websocket v1.8.5
 ## explicit
 nhooyr.io/websocket
--- a/go/ql/test/library-tests/semmle/go/frameworks/Zap/vendor/modules.txt
+++ b/go/ql/test/library-tests/semmle/go/frameworks/Zap/vendor/modules.txt
@@ -1,4 +1,3 @@
 # go.uber.org/zap v1.16.0
 ## explicit
 go.uber.org/zap
-go.uber.org/zap/zapcore
--- a/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/vendor/modules.txt
+++ b/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/vendor/modules.txt
@@ -1,3 +1,5 @@
 # github.com/elazarl/goproxy v0.0.0-20201021153353-00ad82a08272
 ## explicit
 github.com/elazarl/goproxy
+# github.com/github/depstubber v0.0.0-20201214172518-12c3da4b7c9d
+## explicit
--- a/go/ql/test/query-tests/Security/CWE-079/vendor/modules.txt
+++ b/go/ql/test/query-tests/Security/CWE-079/vendor/modules.txt
@@ -6,7 +6,7 @@ github.com/gobwas/ws
 github.com/gorilla/websocket
 # golang.org/x/net v0.0.0-20200505041828-1ed23360d12c
 ## explicit
-golang.org/x/net/websocket
+golang.org/x/net
 # nhooyr.io/websocket v1.8.5
 ## explicit
 nhooyr.io/websocket
--- a/go/ql/test/query-tests/Security/CWE-089/vendor/go.mongodb.org/mongo-driver/bson/primitive/stub.go
+++ b/go/ql/test/query-tests/Security/CWE-089/vendor/go.mongodb.org/mongo-driver/bson/primitive/stub.go
@@ -7,6 +7,8 @@
 // Package primitive is a stub of go.mongodb.org/mongo-driver/bson/primitive, generated by depstubber.
 package primitive

+import ()
+
 type D []E

 func (_ D) Map() M {
--- a/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt
+++ b/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt
@@ -3,6 +3,4 @@
 github.com/Masterminds/squirrel
 # go.mongodb.org/mongo-driver v1.3.3
 ## explicit
-go.mongodb.org/mongo-driver/bson
-go.mongodb.org/mongo-driver/mongo
-go.mongodb.org/mongo-driver/mongo/options
+go.mongodb.org/mongo-driver
--- a/go/ql/test/query-tests/Security/CWE-312/vendor/github.com/golang/glog/stub.go
+++ b/go/ql/test/query-tests/Security/CWE-312/vendor/github.com/golang/glog/stub.go
@@ -7,4 +7,6 @@
 // Package glog is a stub of github.com/golang/glog, generated by depstubber.
 package glog

+import ()
+
 func Info(_ ...interface{}) {}
--- a/go/ql/test/query-tests/Security/CWE-312/vendor/k8s.io/klog/stub.go
+++ b/go/ql/test/query-tests/Security/CWE-312/vendor/k8s.io/klog/stub.go
@@ -7,4 +7,6 @@
 // Package klog is a stub of k8s.io/klog, generated by depstubber.
 package klog

+import ()
+
 func Info(_ ...interface{}) {}
--- a/go/ql/test/query-tests/Security/CWE-312/vendor/modules.txt
+++ b/go/ql/test/query-tests/Security/CWE-312/vendor/modules.txt
@@ -9,8 +9,7 @@ github.com/sirupsen/logrus
 k8s.io/klog
 # github.com/golang/protobuf v1.4.2
 ## explicit
-github.com/golang/protobuf/proto
+github.com/golang/protobuf
 # google.golang.org/protobuf v1.23.0
 ## explicit
-google.golang.org/protobuf/reflect/protoreflect
-google.golang.org/protobuf/runtime/protoimpl
+google.golang.org/protobuf
--- a/go/ql/test/query-tests/Security/CWE-347/vendor/modules.txt
+++ b/go/ql/test/query-tests/Security/CWE-347/vendor/modules.txt
@@ -3,7 +3,7 @@
 github.com/gin-gonic/gin
 # github.com/go-jose/go-jose/v3 v3.0.0
 ## explicit
-github.com/go-jose/go-jose/v3/jwt
+github.com/go-jose/go-jose/v3
 # github.com/golang-jwt/jwt/v5 v5.0.0
 ## explicit
 github.com/golang-jwt/jwt/v5
--- a/go/ql/test/query-tests/Security/CWE-640/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go
+++ b/go/ql/test/query-tests/Security/CWE-640/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go
@@ -7,6 +7,8 @@
 // Package mail is a stub of github.com/sendgrid/sendgrid-go/helpers/mail, generated by depstubber.
 package mail

+import ()
+
 type Asm struct {
 	GroupID         int
 	GroupsToDisplay []int
--- a/go/ql/test/query-tests/Security/CWE-640/vendor/modules.txt
+++ b/go/ql/test/query-tests/Security/CWE-640/vendor/modules.txt
@@ -1,3 +1,3 @@
 # github.com/sendgrid/sendgrid-go v3.5.0+incompatible
 ## explicit
-github.com/sendgrid/sendgrid-go/helpers/mail
+github.com/sendgrid/sendgrid-go
--- a/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/htmlquery/stub.go
+++ b/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/htmlquery/stub.go
@@ -7,6 +7,8 @@
 // Package htmlquery is a stub of github.com/antchfx/htmlquery, generated by depstubber.
 package htmlquery

+import ()
+
 func Find(_ interface{}, _ string) []interface{} {
 	return nil
 }
--- a/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/jsonquery/stub.go
+++ b/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/jsonquery/stub.go
@@ -7,6 +7,8 @@
 // Package jsonquery is a stub of github.com/antchfx/jsonquery, generated by depstubber.
 package jsonquery

+import ()
+
 func Find(_ *Node, _ string) []*Node {
 	return nil
 }
--- a/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt
+++ b/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt
@@ -1,7 +1,6 @@
 # github.com/ChrisTrenkamp/goxpath v0.0.0-20190607011252-c5096ec8773d
 ## explicit
 github.com/ChrisTrenkamp/goxpath
-github.com/ChrisTrenkamp/goxpath/tree
 # github.com/antchfx/htmlquery v1.2.2
 ## explicit
 github.com/antchfx/htmlquery
@@ -19,11 +18,10 @@ github.com/antchfx/xpath
 github.com/go-xmlpath/xmlpath
 # github.com/jbowtie/gokogiri v0.0.0-20190301021639-37f655d3078f
 ## explicit
-github.com/jbowtie/gokogiri/xml
-github.com/jbowtie/gokogiri/xpath
+github.com/jbowtie/gokogiri
 # github.com/lestrrat-go/libxml2 v0.0.0-20231124114421-99c71026c2f5
 ## explicit
-github.com/lestrrat-go/libxml2/parser
+github.com/lestrrat-go/libxml2
 # github.com/santhosh-tekuri/xpathparser v1.0.0
 ## explicit
 github.com/santhosh-tekuri/xpathparser
--- a/go/ql/test/query-tests/Security/CWE-798/vendor/modules.txt
+++ b/go/ql/test/query-tests/Security/CWE-798/vendor/modules.txt
@@ -6,7 +6,7 @@ github.com/appleboy/gin-jwt/v2
 github.com/cristalhq/jwt/v3
 # github.com/go-kit/kit v0.12.0
 ## explicit
-github.com/go-kit/kit/auth/jwt
+github.com/go-kit/kit
 # github.com/gogf/gf-jwt/v2 v2.0.1
 ## explicit
 github.com/gogf/gf-jwt/v2
@@ -18,13 +18,13 @@ github.com/golang-jwt/jwt/v4
 github.com/iris-contrib/middleware/jwt
 # github.com/kataras/iris/v12 v12.2.0
 ## explicit
-github.com/kataras/iris/v12/middleware/jwt
+github.com/kataras/iris/v12
 # github.com/kataras/jwt v0.1.8
 ## explicit
 github.com/kataras/jwt
 # github.com/lestrrat/go-jwx v0.9.1
 ## explicit
-github.com/lestrrat/go-jwx/jwk
+github.com/lestrrat/go-jwx
 # github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693
 ## explicit
 github.com/square/go-jose/v3
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .1.1
 .0.0