WIP: Go: Add context query for retrieving call graph edges

WIP: Ruby: Add context query for retrieving XSS sanitisers
2026-05-18 05:07:06 +02:00 · 2025-04-17 15:06:16 -07:00 · 2025-04-17 15:05:56 -07:00
764 changed files with 7442 additions and 80403 deletions
--- a/2
+++ b/2
@@ -8,7 +8,6 @@
 /javascript/ @github/codeql-javascript
 /python/ @github/codeql-python
 /ruby/ @github/codeql-ruby
-/rust/ @github/codeql-rust
 /swift/ @github/codeql-swift
 /misc/codegen/ @github/codeql-swift
 /java/kotlin-extractor/ @github/codeql-kotlin
@@ -42,7 +41,6 @@ MODULE.bazel @github/codeql-ci-reviewers
 /.github/workflows/go-* @github/codeql-go
 /.github/workflows/ql-for-ql-* @github/codeql-ql-for-ql-reviewers
 /.github/workflows/ruby-* @github/codeql-ruby
-/.github/workflows/rust.yml @github/codeql-rust
 /.github/workflows/swift.yml @github/codeql-swift

 # Misc
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -154,15 +154,15 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"

 [[package]]
 name = "bitflags"
-version = "2.9.0"
+version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd"
+checksum = "8f68f53c83ab957f72c32642f3868eec03eb974d1fb82e453128456482613d36"

 [[package]]
 name = "borsh"
-version = "1.5.5"
+version = "1.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5430e3be710b68d984d1391c854eb431a9d548640711faa54eecb1df93db91cc"
+checksum = "2506947f73ad44e344215ccd6403ac2ae18cd8e046e581a441bf8d199f257f03"
 dependencies = [
 "cfg_aliases",
 ]
@@ -224,9 +224,9 @@ dependencies = [

 [[package]]
 name = "cargo_metadata"
-version = "0.19.2"
+version = "0.18.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd5eb614ed4c27c5d706420e4320fbe3216ab31fa1c33cd8246ac36dae4479ba"
+checksum = "2d886547e41f740c616ae73108f6eb70afe6d940c7bc697cb30f13daec073037"
 dependencies = [
 "camino",
 "cargo-platform",
@@ -275,7 +275,7 @@ version = "0.100.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4f114996bda14c0213f014a4ef31a7867dcf5f539a3900477fc6b20138e7a17b"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
 "chalk-derive",
 ]

@@ -301,7 +301,7 @@ dependencies = [
 "chalk-derive",
 "chalk-ir",
 "ena",
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
 "itertools 0.12.1",
 "petgraph",
 "rustc-hash 1.1.0",
@@ -325,9 +325,9 @@ dependencies = [

 [[package]]
 name = "clap"
-version = "4.5.35"
+version = "4.5.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d8aa86934b44c19c50f87cc2790e19f54f7a67aedb64101c2e1a2e5ecfb73944"
+checksum = "6088f3ae8c3608d19260cd7445411865a485688711b78b5be70d78cd96136f83"
 dependencies = [
 "clap_builder",
 "clap_derive",
@@ -335,9 +335,9 @@ dependencies = [

 [[package]]
 name = "clap_builder"
-version = "4.5.35"
+version = "4.5.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2414dbb2dd0695280da6ea9261e327479e9d37b0630f6b53ba2a11c60c679fd9"
+checksum = "22a7ef7f676155edfb82daa97f99441f3ebf4a58d5e32f295a56259f1b6facc8"
 dependencies = [
 "anstream",
 "anstyle",
@@ -622,7 +622,7 @@ version = "0.14.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3d248bdd43ce613d87415282f69b9bb99d947d290b10962dd6c56233312c2ad5"
 dependencies = [
- "log 0.4.27",
+ "log 0.4.25",
 ]

 [[package]]
@@ -691,9 +691,9 @@ checksum = "a246d82be1c9d791c5dfde9a2bd045fc3cbba3fa2b11ad558f27d01712f00569"

 [[package]]
 name = "equivalent"
-version = "1.0.2"
+version = "1.0.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f"
+checksum = "5443807d6dff69373d433ab9ef5378ad8df50ca6298caf15de6e52e24aaf54d5"

 [[package]]
 name = "figment"
@@ -781,7 +781,7 @@ checksum = "cc6bd114ceda131d3b1d665eba35788690ad37f5916457286b32ab6fd3c438dd"
 dependencies = [
 "cfg-if",
 "libc",
- "log 0.4.27",
+ "log 0.4.25",
 "rustversion",
 "windows",
 ]
@@ -812,7 +812,7 @@ checksum = "15f1ce686646e7f1e19bf7d5533fe443a45dbfb990e00629110797578b42fb19"
 dependencies = [
 "aho-corasick",
 "bstr",
- "log 0.4.27",
+ "log 0.4.25",
 "regex-automata 0.4.9",
 "regex-syntax 0.8.5",
 ]
@@ -918,9 +918,9 @@ dependencies = [

 [[package]]
 name = "indexmap"
-version = "2.9.0"
+version = "2.7.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cea70ddb795996207ad57735b50c5982d8844f38ba9ee5f1aedcfb708a2aa11e"
+checksum = "62f822373a4fe84d4bb149bf54e584a7f4abec90e072ed49cda0edea5b95471f"
 dependencies = [
 "equivalent",
 "hashbrown 0.15.2",
@@ -939,7 +939,7 @@ version = "0.11.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f37dccff2791ab604f9babef0ba14fbe0be30bd368dc541e2b08d07c8aa908f3"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
 "inotify-sys",
 "libc",
 ]
@@ -979,9 +979,9 @@ dependencies = [

 [[package]]
 name = "itoa"
-version = "1.0.15"
+version = "1.0.14"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
+checksum = "d75a2a4b1b190afb6f5425f10f6a8f959d2ea0b9c2b1d79553551850539e4674"

 [[package]]
 name = "jod-thread"
@@ -1033,9 +1033,9 @@ checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"

 [[package]]
 name = "libc"
-version = "0.2.171"
+version = "0.2.169"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c19937216e9d3aa9956d9bb8dfc0b0c8beb6058fc4f7a4dc4d850edf86a237d6"
+checksum = "b5aba8db14291edd000dfcc4d620c7ebfb122c613afb886ca8803fa4e128a20a"

 [[package]]
 name = "libredox"
@@ -1043,7 +1043,7 @@ version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c0ff37bd590ca25063e35af745c343cb7a0271906fb7b37e4813e8f79f00268d"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
 "libc",
 "redox_syscall",
 ]
@@ -1074,14 +1074,14 @@ version = "0.3.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e19e8d5c34a3e0e2223db8e060f9e8264aeeb5c5fc64a4ee9965c062211c024b"
 dependencies = [
- "log 0.4.27",
+ "log 0.4.25",
 ]

 [[package]]
 name = "log"
-version = "0.4.27"
+version = "0.4.25"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94"
+checksum = "04cbf5b083de1c7e0222a7a51dbfdba1cbe1c6ab0b15e29fff3f6c077fd9cd9f"

 [[package]]
 name = "loom"
@@ -1096,6 +1096,12 @@ dependencies = [
 "tracing-subscriber",
 ]

+[[package]]
+name = "lz4_flex"
+version = "0.11.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75761162ae2b0e580d7e7c390558127e5f01b4194debd6221fd8c207fc80e3f5"
+
 [[package]]
 name = "matchers"
 version = "0.1.0"
@@ -1136,7 +1142,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2886843bf800fba2e3377cff24abf6379b4c4d5c6681eaf9ea5b0d15090450bd"
 dependencies = [
 "libc",
- "log 0.4.27",
+ "log 0.4.25",
 "wasi 0.11.0+wasi-snapshot-preview1",
 "windows-sys 0.52.0",
 ]
@@ -1172,13 +1178,13 @@ version = "8.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2fee8403b3d66ac7b26aee6e40a897d85dc5ce26f44da36b8b73e987cc52e943"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
 "filetime",
 "fsevent-sys",
 "inotify",
 "kqueue",
 "libc",
- "log 0.4.27",
+ "log 0.4.25",
 "mio",
 "notify-types",
 "walkdir",
@@ -1234,9 +1240,9 @@ checksum = "945462a4b81e43c4e3ba96bd7b49d834c6f61198356aa858733bc4acf3cbe62e"

 [[package]]
 name = "oorandom"
-version = "11.1.5"
+version = "11.1.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d6790f58c7ff633d8771f42965289203411a5e5c68388703c06e14f24770b41e"
+checksum = "b410bbe7e14ab526a0e86877eb47c6996a2bd7746f027ba551028c925390e4e9"

 [[package]]
 name = "os_str_bytes"
@@ -1325,7 +1331,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db"
 dependencies = [
 "fixedbitset",
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
 ]

 [[package]]
@@ -1392,7 +1398,7 @@ version = "0.100.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f1651b0f7e8c3eb7c27a88f39d277e69c32bfe58e3be174d286c1a24d6a7a4d8"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
 "ra-ap-rustc_hashes",
 "ra-ap-rustc_index",
 "tracing",
@@ -1464,16 +1470,18 @@ dependencies = [

 [[package]]
 name = "ra_ap_base_db"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fd761118bbafe29e2b187e694c6b8e800f2c7822bbc1d9d2db4ac21fb8b0365"
+checksum = "4baa9734d254af14fd603528ad594650dea601b1764492bd39988da38598ae67"
 dependencies = [
 "dashmap 5.5.3",
 "la-arena",
+ "lz4_flex",
 "ra_ap_cfg",
 "ra_ap_intern",
 "ra_ap_query-group-macro",
 "ra_ap_span",
+ "ra_ap_stdx",
 "ra_ap_syntax",
 "ra_ap_vfs",
 "rustc-hash 2.1.1",
@@ -1485,9 +1493,9 @@ dependencies = [

 [[package]]
 name = "ra_ap_cfg"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ce74ce1af24afd86d3529dbbf5a849d026948b2d8ba51d199b6ea6db6e345b6"
+checksum = "0ef2ba45636c5e585040c0c4bee640737a6001b08309f1a25ca78cf04abfbf90"
 dependencies = [
 "ra_ap_intern",
 "ra_ap_tt",
@@ -1497,20 +1505,20 @@ dependencies = [

 [[package]]
 name = "ra_ap_edition"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f423b9fb19e3920e4c7039120d09d9c79070a26efe8ff9f787c7234b07f518c5"
+checksum = "8955c1484d5e7274f755187788ba0d51eb149f870c69cdf0d87c3b7edea20ea0"

 [[package]]
 name = "ra_ap_hir"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dd4aa8a568b80d288b90c4fa5dc8a3cc405914d261bfd33a3761c1ba41be358d"
+checksum = "a51d7955beff2212701b149bea36d4cf2dc0f5cd129652c9bcf0cb5c0b021078"
 dependencies = [
 "arrayvec",
 "either",
- "indexmap 2.9.0",
- "itertools 0.14.0",
+ "indexmap 2.7.0",
+ "itertools 0.12.1",
 "ra_ap_base_db",
 "ra_ap_cfg",
 "ra_ap_hir_def",
@@ -1529,20 +1537,23 @@ dependencies = [

 [[package]]
 name = "ra_ap_hir_def"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "acb18d9378a828a23ccf87b89199db005adb67ba2a05a37d7a3fcad4d1036e66"
+checksum = "e5c97e617e4c585d24b3d4f668861452aedddfbe0262f4c53235dcea77e62f9b"
 dependencies = [
 "arrayvec",
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
 "cov-mark",
+ "dashmap 5.5.3",
 "drop_bomb",
 "either",
 "fst",
- "indexmap 2.9.0",
- "itertools 0.14.0",
+ "hashbrown 0.14.5",
+ "indexmap 2.7.0",
+ "itertools 0.12.1",
 "la-arena",
 "ra-ap-rustc_abi",
+ "ra-ap-rustc_hashes",
 "ra-ap-rustc_parse_format",
 "ra_ap_base_db",
 "ra_ap_cfg",
@@ -1559,20 +1570,21 @@ dependencies = [
 "salsa",
 "smallvec",
 "text-size",
- "thin-vec",
 "tracing",
 "triomphe",
 ]

 [[package]]
 name = "ra_ap_hir_expand"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "094fa79d8f661f52cf3b7fb8b3d91c4be2ad9e71a3967d3dacd25429fa44b37d"
+checksum = "be57c0d7e3f2180dd8ea584b11447f34060eadc06f0f6d559e2a790f6e91b6c5"
 dependencies = [
 "cov-mark",
 "either",
- "itertools 0.14.0",
+ "hashbrown 0.14.5",
+ "itertools 0.12.1",
+ "la-arena",
 "ra_ap_base_db",
 "ra_ap_cfg",
 "ra_ap_intern",
@@ -1593,22 +1605,24 @@ dependencies = [

 [[package]]
 name = "ra_ap_hir_ty"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "093482d200d5db421db5692e7819bbb14fb717cc8cb0f91f93cce9fde85b3df2"
+checksum = "f260f35748f3035b46a8afcdebda7cb75d95c24750105fad86101d09a9d387c8"
 dependencies = [
 "arrayvec",
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
 "chalk-derive",
 "chalk-ir",
 "chalk-recursive",
 "chalk-solve",
 "cov-mark",
+ "dashmap 5.5.3",
 "either",
 "ena",
- "indexmap 2.9.0",
- "itertools 0.14.0",
+ "indexmap 2.7.0",
+ "itertools 0.12.1",
 "la-arena",
+ "nohash-hasher",
 "oorandom",
 "ra-ap-rustc_abi",
 "ra-ap-rustc_index",
@@ -1633,18 +1647,19 @@ dependencies = [

 [[package]]
 name = "ra_ap_ide_db"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b655b92dfa9444db8129321b9217d9e4a83a58ee707aa1004a93052acfb43d57"
+checksum = "0426263be26e27cb55a3b9ef88b120511b66fe7d9b418a2473d6d5f3ac2fe0a6"
 dependencies = [
 "arrayvec",
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
 "cov-mark",
 "crossbeam-channel",
+ "dashmap 5.5.3",
 "either",
 "fst",
- "indexmap 2.9.0",
- "itertools 0.14.0",
+ "indexmap 2.7.0",
+ "itertools 0.12.1",
 "line-index",
 "memchr",
 "nohash-hasher",
@@ -1666,9 +1681,9 @@ dependencies = [

 [[package]]
 name = "ra_ap_intern"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b4e528496b4d4c351806bb073d3d7f6526535741b9e8801776603c924bbec624"
+checksum = "f6ea8c9615b3b0688cf557e7310dbd9432f43860c8ea766d54f4416cbecf3571"
 dependencies = [
 "dashmap 5.5.3",
 "hashbrown 0.14.5",
@@ -1678,16 +1693,17 @@ dependencies = [

 [[package]]
 name = "ra_ap_load-cargo"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a97a5070b2f4b99f56683d91b2687aa0c530d8969cc5252ec2ae5644e428ffe"
+checksum = "570907e16725c13a678bfd8050ce8839af2831da042a0878b75ee8c41b0f7b0c"
 dependencies = [
 "anyhow",
 "crossbeam-channel",
- "itertools 0.14.0",
+ "itertools 0.12.1",
 "ra_ap_hir_expand",
 "ra_ap_ide_db",
 "ra_ap_intern",
+ "ra_ap_paths",
 "ra_ap_proc_macro_api",
 "ra_ap_project_model",
 "ra_ap_span",
@@ -1699,9 +1715,9 @@ dependencies = [

 [[package]]
 name = "ra_ap_mbe"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b187ee5ee3fa726eeea5142242a0397e2200d77084026986a68324b9599f9046"
+checksum = "e893fe03b04b30c9b5a339ac2bf39ce32ac9c05a8b50121b7d89ce658346e164"
 dependencies = [
 "arrayvec",
 "cov-mark",
@@ -1710,17 +1726,19 @@ dependencies = [
 "ra_ap_parser",
 "ra_ap_span",
 "ra_ap_stdx",
+ "ra_ap_syntax",
 "ra_ap_syntax-bridge",
 "ra_ap_tt",
 "rustc-hash 2.1.1",
 "smallvec",
+ "tracing",
 ]

 [[package]]
 name = "ra_ap_parser"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2306e6c051e60483f3b317fac9dec6c883b7792eeb8db24ec6f39dbfa5430159"
+checksum = "6fd9a264120968b14a66b6ba756cd7f99435385b5dbc2f0a611cf3a12221c385"
 dependencies = [
 "drop_bomb",
 "ra-ap-rustc_lexer",
@@ -1730,20 +1748,20 @@ dependencies = [

 [[package]]
 name = "ra_ap_paths"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dcedd00499621bdd0f1fe01955c04e4b388197aa826744003afaf6cc2944bc80"
+checksum = "f47817351651e36b56ff3afc483b41600053c9cb7e67d945467c0abe93416032"
 dependencies = [
 "camino",
 ]

 [[package]]
 name = "ra_ap_proc_macro_api"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7a2e49b550015cd4ad152bd78d92d73594497f2e44f61273f9fed3534ad4bbbe"
+checksum = "d96da3b8b9f6b813a98f5357eef303905450741f47ba90adaab8a5371b748416"
 dependencies = [
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
 "ra_ap_intern",
 "ra_ap_paths",
 "ra_ap_span",
@@ -1758,9 +1776,9 @@ dependencies = [

 [[package]]
 name = "ra_ap_profile"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "87cdbd27ebe02ec21fdae3df303f194bda036a019ecef80d47e0082646f06c54"
+checksum = "13637377287c84f88a628e40229d271ef0081c0d683956bd99a6c8278a4f8b14"
 dependencies = [
 "cfg-if",
 "libc",
@@ -1770,13 +1788,13 @@ dependencies = [

 [[package]]
 name = "ra_ap_project_model"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5eaa3406c891a7840d20ce615f8decca32cbc9d3654b82dcbcc3a31257ce90b9"
+checksum = "053c5207a638fc7a752c7a454bc952b28b0d02f0bf9f6d7ec785ec809579d8fa"
 dependencies = [
 "anyhow",
 "cargo_metadata",
- "itertools 0.14.0",
+ "itertools 0.12.1",
 "la-arena",
 "ra_ap_base_db",
 "ra_ap_cfg",
@@ -1796,20 +1814,22 @@ dependencies = [

 [[package]]
 name = "ra_ap_query-group-macro"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fbc1748e4876a9b0ccfacfc7e2fe254f30e92ef58d98925282b3803e8b004ed"
+checksum = "0f1a38f07b442e47a234cbe2e8fd1b8a41ff0cc5123cb1cf994c5ce20edb5bd6"
 dependencies = [
+ "heck",
 "proc-macro2",
 "quote",
+ "salsa",
 "syn",
 ]

 [[package]]
 name = "ra_ap_span"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ed1d036e738bf32a057d90698df85bcb83ed6263b5fe9fba132c99e8ec3aecaf"
+checksum = "8818680c6f7da3b32cb2bb0992940b24264b1aa90203aa94812e09ab34d362d1"
 dependencies = [
 "hashbrown 0.14.5",
 "la-arena",
@@ -1823,12 +1843,12 @@ dependencies = [

 [[package]]
 name = "ra_ap_stdx"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e3775954ab24408f71e97079a97558078a166a4082052e83256ae4c22dae18d"
+checksum = "f1c10bee1b03fc48083862c13cf06bd3ed17760463ecce2734103a2f511e5ed4"
 dependencies = [
 "crossbeam-channel",
- "itertools 0.14.0",
+ "itertools 0.12.1",
 "jod-thread",
 "libc",
 "miow",
@@ -1838,12 +1858,14 @@ dependencies = [

 [[package]]
 name = "ra_ap_syntax"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b49b081f209a764700f688db91820a66c2ecfe5f138895d831361cf84f716691"
+checksum = "92bc32f3946fc5fcbdc79e61b7e26a8c2a3a56f3ef6ab27c7d298a9e21a462f2"
 dependencies = [
+ "cov-mark",
 "either",
- "itertools 0.14.0",
+ "indexmap 2.7.0",
+ "itertools 0.12.1",
 "ra-ap-rustc_lexer",
 "ra_ap_parser",
 "ra_ap_stdx",
@@ -1856,9 +1878,9 @@ dependencies = [

 [[package]]
 name = "ra_ap_syntax-bridge"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f2740bbe603d527f2cf0aaf51629de7d072694fbbaaeda8264f7591be1493d1b"
+checksum = "a42052c44c98c122c37aac476260c8f19d8fec495edc9c05835307c9ae86194d"
 dependencies = [
 "ra_ap_intern",
 "ra_ap_parser",
@@ -1867,13 +1889,14 @@ dependencies = [
 "ra_ap_syntax",
 "ra_ap_tt",
 "rustc-hash 2.1.1",
+ "tracing",
 ]

 [[package]]
 name = "ra_ap_toolchain"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "efbff9f26f307ef958586357d1653d000861dcd3acbaf33a009651e024720c7e"
+checksum = "75996e70b3a0c68cd5157ba01f018964c7c6a5d7b209047d449b393139d0b57f"
 dependencies = [
 "camino",
 "home",
@@ -1881,9 +1904,9 @@ dependencies = [

 [[package]]
 name = "ra_ap_tt"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b1ce3ac14765e414fa6031fda7dc35d3492c74de225aac689ba8b8bf037e1f8"
+checksum = "0e4ee31e93bfabe83e6720b7469db88d7ad7ec5c59a1f011efec4aa1327ffc5c"
 dependencies = [
 "arrayvec",
 "ra-ap-rustc_lexer",
@@ -1894,13 +1917,13 @@ dependencies = [

 [[package]]
 name = "ra_ap_vfs"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "29427a7c27ce8ddfefb52d77c952a4588c74d0a7ab064dc627129088a90423ca"
+checksum = "f6aac1e277ac70bb073f40f8a3fc44e4b1bb9e4d4b1d0e0bd2f8269543560f80"
 dependencies = [
 "crossbeam-channel",
 "fst",
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
 "nohash-hasher",
 "ra_ap_paths",
 "ra_ap_stdx",
@@ -1910,9 +1933,9 @@ dependencies = [

 [[package]]
 name = "ra_ap_vfs-notify"
-version = "0.0.273"
+version = "0.0.270"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d5a0e3095b8216ecc131f38b4b0025cac324a646469a95d2670354aee7278078"
+checksum = "cd95285146049621ee8f7a512c982a008bf036321fcc9b01a95c1ad7e6aeae57"
 dependencies = [
 "crossbeam-channel",
 "notify",
@@ -1982,7 +2005,7 @@ version = "0.5.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "03a862b389f93e68874fbf580b9de08dd02facb9a788ebadaf4a3fd33cf58834"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
 ]

 [[package]]
@@ -2070,10 +2093,10 @@ checksum = "2febf9acc5ee5e99d1ad0afcdbccc02d87aa3f857a1f01f825b80eacf8edfcd1"

 [[package]]
 name = "rustc_apfloat"
-version = "0.2.2+llvm-462a31f5a5ab"
-source = "git+https://github.com/redsun82/rustc_apfloat.git?rev=32968f16ef1b082243f9bf43a3fbd65c381b3e27#32968f16ef1b082243f9bf43a3fbd65c381b3e27"
+version = "0.2.1+llvm-462a31f5a5ab"
+source = "git+https://github.com/redsun82/rustc_apfloat.git?rev=096d585100636bc2e9f09d7eefec38c5b334d47b#096d585100636bc2e9f09d7eefec38c5b334d47b"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 1.3.2",
 "smallvec",
 ]

@@ -2100,7 +2123,7 @@ dependencies = [
 "dashmap 6.1.0",
 "hashbrown 0.15.2",
 "hashlink",
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
 "parking_lot",
 "portable-atomic",
 "rayon",
@@ -2153,9 +2176,9 @@ checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"

 [[package]]
 name = "semver"
-version = "1.0.26"
+version = "1.0.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0"
+checksum = "3cb6eb87a131f756572d7fb904f6e7b68633f09cca868c5df1c4b8d1a694bbba"
 dependencies = [
 "serde",
 ]
@@ -2211,7 +2234,7 @@ dependencies = [
 "chrono",
 "hex",
 "indexmap 1.9.3",
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
 "serde",
 "serde_derive",
 "serde_json",
@@ -2237,7 +2260,7 @@ version = "0.9.34+deprecated"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47"
 dependencies = [
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
 "itoa",
 "ryu",
 "serde",
@@ -2321,26 +2344,20 @@ version = "1.1.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f18aa187839b2bdb1ad2fa35ead8c4c2976b64e4363c386d45ac0f7ee85c9233"

-[[package]]
-name = "thin-vec"
-version = "0.2.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "144f754d318415ac792f9d69fc87abbbfc043ce2ef041c60f16ad828f638717d"
-
 [[package]]
 name = "thiserror"
-version = "2.0.12"
+version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "567b8a2dae586314f7be2a752ec7474332959c6460e02bde30d702a66d488708"
+checksum = "b6aaf5339b578ea85b50e080feb250a3e8ae8cfcdff9a461c9ec2904bc923f52"
 dependencies = [
 "thiserror-impl",
 ]

 [[package]]
 name = "thiserror-impl"
-version = "2.0.12"
+version = "1.0.69"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f7cf42b4507d8ea322120659672cf1b9dbb93f8f2d4ecfd6e51350ff5b17a1d"
+checksum = "4fee6c4efc90059e10f81e6d42c60a18f76588c3d74cb83a0b242a2b6c7504c1"
 dependencies = [
 "proc-macro2",
 "quote",
@@ -2415,7 +2432,7 @@ version = "0.22.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "17b4795ff5edd201c7cd6dca065ae59972ce77d1b80fa0a84d94950ece7d1474"
 dependencies = [
- "indexmap 2.9.0",
+ "indexmap 2.7.0",
 "serde",
 "serde_spanned",
 "toml_datetime",
@@ -2471,7 +2488,7 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ee855f1f400bd0e5c02d150ae5de3840039a3f54b025156404e34c23c03f47c3"
 dependencies = [
- "log 0.4.27",
+ "log 0.4.25",
 "once_cell",
 "tracing-core",
 ]
@@ -2586,9 +2603,9 @@ checksum = "a3e5df347f0bf3ec1d670aad6ca5c6a1859cd9ea61d2113125794654ccced68f"

 [[package]]
 name = "unicode-ident"
-version = "1.0.17"
+version = "1.0.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "00e2473a93778eb0bad35909dff6a10d28e63f792f16ed15e404fca9d5eeedbe"
+checksum = "a210d160f08b701c8721ba1c726c11662f877ea6b7094007e1ca9a1041945034"

 [[package]]
 name = "unicode-properties"
@@ -2669,7 +2686,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "5f89bb38646b4f81674e8f5c3fb81b562be1fd936d84320f3264486418519c79"
 dependencies = [
 "bumpalo",
- "log 0.4.27",
+ "log 0.4.25",
 "proc-macro2",
 "quote",
 "syn",
@@ -2978,7 +2995,7 @@ version = "0.33.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c"
 dependencies = [
- "bitflags 2.9.0",
+ "bitflags 2.8.0",
 ]

 [[package]]
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -14,4 +14,4 @@ members = [
 [patch.crates-io]
 # patch for build script bug preventing bazel build
 # see https://github.com/rust-lang/rustc_apfloat/pull/17
-rustc_apfloat = { git = "https://github.com/redsun82/rustc_apfloat.git", rev = "32968f16ef1b082243f9bf43a3fbd65c381b3e27" }
+rustc_apfloat = { git = "https://github.com/redsun82/rustc_apfloat.git", rev = "096d585100636bc2e9f09d7eefec38c5b334d47b" }
--- a/MODULE.bazel
+++ b/MODULE.bazel
@@ -75,7 +75,7 @@ use_repo(
    "vendor_ts__argfile-0.2.1",
    "vendor_ts__chalk-ir-0.100.0",
    "vendor_ts__chrono-0.4.40",
-    "vendor_ts__clap-4.5.35",
+    "vendor_ts__clap-4.5.32",
    "vendor_ts__dunce-1.0.5",
    "vendor_ts__either-1.15.0",
    "vendor_ts__encoding-0.2.33",
@@ -90,22 +90,22 @@ use_repo(
    "vendor_ts__num_cpus-1.16.0",
    "vendor_ts__proc-macro2-1.0.94",
    "vendor_ts__quote-1.0.40",
-    "vendor_ts__ra_ap_base_db-0.0.273",
-    "vendor_ts__ra_ap_cfg-0.0.273",
-    "vendor_ts__ra_ap_hir-0.0.273",
-    "vendor_ts__ra_ap_hir_def-0.0.273",
-    "vendor_ts__ra_ap_hir_expand-0.0.273",
-    "vendor_ts__ra_ap_hir_ty-0.0.273",
-    "vendor_ts__ra_ap_ide_db-0.0.273",
-    "vendor_ts__ra_ap_intern-0.0.273",
-    "vendor_ts__ra_ap_load-cargo-0.0.273",
-    "vendor_ts__ra_ap_parser-0.0.273",
-    "vendor_ts__ra_ap_paths-0.0.273",
-    "vendor_ts__ra_ap_project_model-0.0.273",
-    "vendor_ts__ra_ap_span-0.0.273",
-    "vendor_ts__ra_ap_stdx-0.0.273",
-    "vendor_ts__ra_ap_syntax-0.0.273",
-    "vendor_ts__ra_ap_vfs-0.0.273",
+    "vendor_ts__ra_ap_base_db-0.0.270",
+    "vendor_ts__ra_ap_cfg-0.0.270",
+    "vendor_ts__ra_ap_hir-0.0.270",
+    "vendor_ts__ra_ap_hir_def-0.0.270",
+    "vendor_ts__ra_ap_hir_expand-0.0.270",
+    "vendor_ts__ra_ap_hir_ty-0.0.270",
+    "vendor_ts__ra_ap_ide_db-0.0.270",
+    "vendor_ts__ra_ap_intern-0.0.270",
+    "vendor_ts__ra_ap_load-cargo-0.0.270",
+    "vendor_ts__ra_ap_parser-0.0.270",
+    "vendor_ts__ra_ap_paths-0.0.270",
+    "vendor_ts__ra_ap_project_model-0.0.270",
+    "vendor_ts__ra_ap_span-0.0.270",
+    "vendor_ts__ra_ap_stdx-0.0.270",
+    "vendor_ts__ra_ap_syntax-0.0.270",
+    "vendor_ts__ra_ap_vfs-0.0.270",
    "vendor_ts__rand-0.9.0",
    "vendor_ts__rayon-1.10.0",
    "vendor_ts__regex-1.11.1",
--- a/actions/ql/integration-tests/query-suite/actions-code-quality.qls.expected
+++ b/actions/ql/integration-tests/query-suite/actions-code-quality.qls.expected
@@ -1 +0,0 @@
-
--- a/actions/ql/integration-tests/query-suite/actions-code-scanning.qls.expected
+++ b/actions/ql/integration-tests/query-suite/actions-code-scanning.qls.expected
@@ -1,17 +0,0 @@
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
-ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
-ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
-ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
-ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
-ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
--- a/actions/ql/integration-tests/query-suite/actions-security-and-quality.qls.expected
+++ b/actions/ql/integration-tests/query-suite/actions-security-and-quality.qls.expected
@@ -1,27 +0,0 @@
-ql/actions/ql/src/Debug/SyntaxError.ql
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
-ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
-ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
-ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
-ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
-ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
-ql/actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueCritical.ql
-ql/actions/ql/src/Security/CWE-571/ExpressionIsAlwaysTrueHigh.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
-ql/actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.ql
-ql/actions/ql/src/Violations Of Best Practice/CodeQL/UnnecessaryUseOfAdvancedConfig.ql
--- a/actions/ql/integration-tests/query-suite/actions-security-extended.qls.expected
+++ b/actions/ql/integration-tests/query-suite/actions-security-extended.qls.expected
@@ -1,23 +0,0 @@
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvPathInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
-ql/actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql
-ql/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql
-ql/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
-ql/actions/ql/src/Security/CWE-285/ImproperAccessControl.ql
-ql/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
-ql/actions/ql/src/Security/CWE-312/SecretsInArtifacts.ql
-ql/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaCodeInjection.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaDirectCache.ql
-ql/actions/ql/src/Security/CWE-349/CachePoisoningViaPoisonableStep.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUCritical.ql
-ql/actions/ql/src/Security/CWE-367/UntrustedCheckoutTOCTOUHigh.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningCritical.ql
-ql/actions/ql/src/Security/CWE-829/ArtifactPoisoningMedium.ql
-ql/actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutHigh.ql
-ql/actions/ql/src/Security/CWE-829/UntrustedCheckoutMedium.ql
--- a/actions/ql/integration-tests/query-suite/not_included_in_qls.expected
+++ b/actions/ql/integration-tests/query-suite/not_included_in_qls.expected
@@ -1,17 +0,0 @@
-ql/actions/ql/src/Debug/partial.ql
-ql/actions/ql/src/Models/CompositeActionsSinks.ql
-ql/actions/ql/src/Models/CompositeActionsSources.ql
-ql/actions/ql/src/Models/CompositeActionsSummaries.ql
-ql/actions/ql/src/Models/ReusableWorkflowsSinks.ql
-ql/actions/ql/src/Models/ReusableWorkflowsSources.ql
-ql/actions/ql/src/Models/ReusableWorkflowsSummaries.ql
-ql/actions/ql/src/experimental/Security/CWE-074/OutputClobberingHigh.ql
-ql/actions/ql/src/experimental/Security/CWE-078/CommandInjectionCritical.ql
-ql/actions/ql/src/experimental/Security/CWE-078/CommandInjectionMedium.ql
-ql/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionCritical.ql
-ql/actions/ql/src/experimental/Security/CWE-088/ArgumentInjectionMedium.ql
-ql/actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql
-ql/actions/ql/src/experimental/Security/CWE-284/CodeExecutionOnSelfHostedRunner.ql
-ql/actions/ql/src/experimental/Security/CWE-829/ArtifactPoisoningPathTraversal.ql
-ql/actions/ql/src/experimental/Security/CWE-829/UnversionedImmutableAction.ql
-ql/actions/ql/src/experimental/Security/CWE-918/RequestForgery.ql
--- a/actions/ql/integration-tests/query-suite/test.py
+++ b/actions/ql/integration-tests/query-suite/test.py
@@ -1,14 +0,0 @@
-import runs_on
-import pytest
-from query_suites import *
-
-well_known_query_suites = ['actions-code-quality.qls', 'actions-security-and-quality.qls', 'actions-security-extended.qls', 'actions-code-scanning.qls']
-
-@runs_on.posix
-@pytest.mark.parametrize("query_suite", well_known_query_suites)
-def test(codeql, actions, check_query_suite, query_suite):
-    check_query_suite(query_suite)
-
-@runs_on.posix
-def test_not_included_queries(codeql, actions, check_queries_not_included):
-    check_queries_not_included('actions', well_known_query_suites)
--- a/actions/ql/lib/CHANGELOG.md
+++ b/actions/ql/lib/CHANGELOG.md
@@ -1,13 +1,3 @@
-## 0.4.8
-
-No user-facing changes.
-
-## 0.4.7
-
-### New Features
-
-* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
-
 ## 0.4.6

 ### Bug Fixes
--- a/actions/ql/lib/change-notes/released/0.4.7.md
+++ b/actions/ql/lib/change-notes/released/0.4.7.md
@@ -1,5 +0,0 @@
-## 0.4.7
-
-### New Features
-
-* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
--- a/actions/ql/lib/change-notes/released/0.4.8.md
+++ b/actions/ql/lib/change-notes/released/0.4.8.md
@@ -1,3 +0,0 @@
-## 0.4.8
-
-No user-facing changes.
--- a/actions/ql/lib/codeql-pack.release.yml
+++ b/actions/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.4.8
+lastReleaseVersion: 0.4.6
--- a/actions/ql/lib/qlpack.yml
+++ b/actions/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-all
-version: 0.4.8
+version: 0.4.7-dev
 library: true
 warnOnImplicitThis: true
 dependencies:
--- a/actions/ql/src/CHANGELOG.md
+++ b/actions/ql/src/CHANGELOG.md
@@ -1,33 +1,3 @@
-## 0.6.0
-
-### Breaking Changes
-
-* The following queries have been removed from the `security-and-quality` suite.
-  They are not intended to produce user-facing
-  alerts describing vulnerabilities.
-  Any existing alerts for these queries will be closed automatically.
-  * `actions/composite-action-sinks`
-  * `actions/composite-action-sources`
-  * `actions/composite-action-summaries`
-  * `actions/reusable-workflow-sinks`
-    (renamed from `actions/reusable-wokflow-sinks`)
-  * `actions/reusable-workflow-sources`
-  * `actions/reusable-workflow-summaries`
-
-### Bug Fixes
-
-* Assigned a `security-severity` to the query `actions/excessive-secrets-exposure`.
-
-## 0.5.4
-
-### New Features
-
-* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
-
-### Bug Fixes
-
-* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.
-
 ## 0.5.3

 ### Bug Fixes
--- a/actions/ql/src/Models/ReusableWorkflowsSinks.ql
+++ b/actions/ql/src/Models/ReusableWorkflowsSinks.ql
@@ -5,7 +5,7 @@
 * @problem.severity warning
 * @security-severity 9.3
 * @precision high
- * @id actions/reusable-workflow-sinks
+ * @id actions/reusable-wokflow-sinks
 * @tags actions
 *       model-generator
 *       external/cwe/cwe-020
--- a/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.md
+++ b/actions/ql/src/Security/CWE-077/EnvVarInjectionMedium.md
@@ -109,7 +109,7 @@ An attacker could craft a malicious artifact that writes dangerous environment v

 ### Exploitation

-An attacker would be able to run arbitrary code by injecting environment variables such as `LD_PRELOAD`, `BASH_ENV`, etc.
+An attacker is be able to run arbitrary code by injecting environment variables such as `LD_PRELOAD`, `BASH_ENV`, etc.

 ## References

--- a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
+++ b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql
@@ -1,6 +1,6 @@
 /**
 * @name Workflow does not contain permissions
- * @description Workflows should contain explicit permissions to restrict the scope of the default GITHUB_TOKEN.
+ * @description Workflows should contain permissions to provide a clear understanding has permissions to run the workflow.
 * @kind problem
 * @security-severity 5.0
 * @problem.severity warning
--- a/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
+++ b/actions/ql/src/Security/CWE-312/ExcessiveSecretsExposure.ql
@@ -3,7 +3,6 @@
 * @description All organization and repository secrets are passed to the workflow runner.
 * @kind problem
 * @precision high
- * @security-severity 5.0
 * @problem.severity warning
 * @id actions/excessive-secrets-exposure
 * @tags actions
--- a/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md
+++ b/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md
@@ -2,11 +2,11 @@

 ## Description

-Secrets derived from other secrets are not known to the workflow runner, and therefore are not masked unless explicitly registered.
+Secrets derived from other secrets are not know to the workflow runner and therefore not masked unless explicitly registered.

 ## Recommendations

-Avoid defining non-plain secrets. For example, do not define a new secret containing a JSON object and then read properties out of it from the workflow, since these read values will not be masked by the workflow runner.
+Avoid defining non-plain secrets. For example, do not define a new secret containing a JSON object and then read properties out of it from the workflow since these read values will not be masked by the workflow runner.

 ## Examples

--- a/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md
+++ b/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md
@@ -1,9 +1,4 @@
-## 0.5.4
-
-### New Features
-
-* CodeQL and Copilot Autofix support for GitHub Actions is now Generally Available.
-
-### Bug Fixes
-
-* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.
+---
+category: fix
+---
+* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file.
--- a/actions/ql/src/change-notes/released/0.6.0.md
+++ b/actions/ql/src/change-notes/released/0.6.0.md
@@ -1,19 +0,0 @@
-## 0.6.0
-
-### Breaking Changes
-
-* The following queries have been removed from the `security-and-quality` suite.
-  They are not intended to produce user-facing
-  alerts describing vulnerabilities.
-  Any existing alerts for these queries will be closed automatically.
-  * `actions/composite-action-sinks`
-  * `actions/composite-action-sources`
-  * `actions/composite-action-summaries`
-  * `actions/reusable-workflow-sinks`
-    (renamed from `actions/reusable-wokflow-sinks`)
-  * `actions/reusable-workflow-sources`
-  * `actions/reusable-workflow-summaries`
-
-### Bug Fixes
-
-* Assigned a `security-severity` to the query `actions/excessive-secrets-exposure`.
--- a/actions/ql/src/codeql-pack.release.yml
+++ b/actions/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 0.6.0
+lastReleaseVersion: 0.5.3
--- a/actions/ql/src/qlpack.yml
+++ b/actions/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/actions-queries
-version: 0.6.0
+version: 0.5.4-dev
 library: false
 warnOnImplicitThis: true
 groups: [actions, queries]
--- a/cpp/downgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/old.dbscheme
+++ b/cpp/downgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/old.dbscheme
--- a/cpp/downgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/semmlecode.cpp.dbscheme
+++ b/cpp/downgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/semmlecode.cpp.dbscheme
--- a/cpp/downgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/upgrade.properties
+++ b/cpp/downgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/upgrade.properties
@@ -1,3 +0,0 @@
-description: Add a new predicate `isVla()` to the `ArrayType` class
-compatibility: full
-type_is_vla.rel: delete
--- a/cpp/downgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/aggregate_array_init.ql
+++ b/cpp/downgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/aggregate_array_init.ql
@@ -1,11 +0,0 @@
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-class AggregateLiteral extends Expr, @aggregateliteral {
-  override string toString() { none() }
-}
-
-from AggregateLiteral aggregate, Expr initializer, int element_index, int position
-where aggregate_array_init(aggregate, initializer, element_index, position, _)
-select aggregate, initializer, element_index, position
--- a/cpp/downgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/aggregate_field_init.ql
+++ b/cpp/downgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/aggregate_field_init.ql
@@ -1,15 +0,0 @@
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-class AggregateLiteral extends Expr, @aggregateliteral {
-  override string toString() { none() }
-}
-
-class MemberVariable extends @membervariable {
-  string toString() { none() }
-}
-
-from AggregateLiteral aggregate, Expr initializer, MemberVariable field, int position
-where aggregate_field_init(aggregate, initializer, field, position, _)
-select aggregate, initializer, field, position
--- a/cpp/downgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/old.dbscheme
+++ b/cpp/downgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/old.dbscheme
--- a/cpp/downgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/semmlecode.cpp.dbscheme
+++ b/cpp/downgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/semmlecode.cpp.dbscheme
--- a/cpp/downgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/upgrade.properties
+++ b/cpp/downgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/upgrade.properties
@@ -1,4 +0,0 @@
-description: add `hasDesignator` predicate to `ArrayOrVectorAggregateLiteral` and `ClassAggregateLiteral`
-compatibility: backwards
-aggregate_array_init.rel: run aggregate_array_init.qlo
-aggregate_field_init.rel: run aggregate_field_init.qlo
--- a/cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/decltypes.ql
+++ b/cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/decltypes.ql
@@ -1,11 +0,0 @@
-class Type extends @type {
-  string toString() { none() }
-}
-
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-from Type decltype, Expr expr, Type basetype, boolean parentheses
-where decltypes(decltype, expr, _, basetype, parentheses)
-select decltype, expr, basetype, parentheses
--- a/cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/derivedtypes.ql
+++ b/cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/derivedtypes.ql
@@ -1,19 +0,0 @@
-class Type extends @type {
-  string toString() { none() }
-}
-
-predicate derivedType(Type type, string name, int kind, Type type_id) {
-  derivedtypes(type, name, kind, type_id)
-}
-
-predicate typeTransformation(Type type, string name, int kind, Type type_id) {
-  type_operators(type, _, _, type_id) and
-  name = "" and
-  kind = 3 // @type_with_specifiers
-}
-
-from Type type, string name, int kind, Type type_id
-where
-  derivedType(type, name, kind, type_id) or
-  typeTransformation(type, name, kind, type_id)
-select type, name, kind, type_id
--- a/cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/old.dbscheme
+++ b/cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/old.dbscheme
--- a/cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/semmlecode.cpp.dbscheme
+++ b/cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/semmlecode.cpp.dbscheme
--- a/cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/upgrade.properties
+++ b/cpp/downgrades/9a7c3c14c1076f64b871719117a558733d987b48/upgrade.properties
@@ -1,5 +0,0 @@
-description: Support C23 typeof and typeof_unqual
-compatibility: backwards
-decltypes.rel: run decltypes.qlo
-derivedtypes.rel: run derivedtypes.qlo
-type_operators.rel: delete
--- a/cpp/ql/lib/CHANGELOG.md
+++ b/cpp/ql/lib/CHANGELOG.md
@@ -1,19 +1,3 @@
-## 4.3.0
-
-### New Features
-
-* New classes `TypeofType`, `TypeofExprType`, and `TypeofTypeType` were introduced, which represent the C23 `typeof` and `typeof_unqual` operators. The `TypeofExprType` class represents the variant taking an expression as its argument. The `TypeofTypeType` class represents the variant taking a type as its argument.
-* A new class `IntrinsicTransformedType` was introduced, which represents the type transforming intrinsics supported by clang, gcc, and MSVC.
-* Introduced `hasDesignator()` predicates to distinguish between designated and positional initializations for both struct/union fields and array elements.
-* Added the `isVla()` predicate to the `ArrayType` class. This allows queries to identify variable-length arrays (VLAs).
-
-## 4.2.0
-
-### New Features
-
-* Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.)  are now represented as specifiers of those declarations.
-* A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions.
-
 ## 4.1.0

 ### New Features
--- a/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md
+++ b/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md
@@ -1,6 +1,5 @@
-## 4.2.0
-
-### New Features
-
+---
+category: feature
+---
 * Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.)  are now represented as specifiers of those declarations.
 * A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions.
--- a/cpp/ql/lib/change-notes/released/4.3.0.md
+++ b/cpp/ql/lib/change-notes/released/4.3.0.md
@@ -1,8 +0,0 @@
-## 4.3.0
-
-### New Features
-
-* New classes `TypeofType`, `TypeofExprType`, and `TypeofTypeType` were introduced, which represent the C23 `typeof` and `typeof_unqual` operators. The `TypeofExprType` class represents the variant taking an expression as its argument. The `TypeofTypeType` class represents the variant taking a type as its argument.
-* A new class `IntrinsicTransformedType` was introduced, which represents the type transforming intrinsics supported by clang, gcc, and MSVC.
-* Introduced `hasDesignator()` predicates to distinguish between designated and positional initializations for both struct/union fields and array elements.
-* Added the `isVla()` predicate to the `ArrayType` class. This allows queries to identify variable-length arrays (VLAs).
--- a/cpp/ql/lib/codeql-pack.release.yml
+++ b/cpp/ql/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 4.3.0
+lastReleaseVersion: 4.1.0
--- a/cpp/ql/lib/ext/generated/empty.model.yml
+++ b/cpp/ql/lib/ext/generated/empty.model.yml
@@ -1,5 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data: []
--- a/cpp/ql/lib/qlpack.yml
+++ b/cpp/ql/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-all
-version: 4.3.0
+version: 4.1.1-dev
 groups: cpp
 dbscheme: semmlecode.cpp.dbscheme
 extractor: cpp
@@ -16,7 +16,6 @@ dependencies:
  codeql/xml: ${workspace}
 dataExtensions:
  - ext/*.model.yml
-  - ext/generated/*.model.yml
  - ext/deallocation/*.model.yml
  - ext/allocation/*.model.yml
 warnOnImplicitThis: true
--- a/cpp/ql/lib/semmle/code/cpp/Print.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Print.qll
@@ -176,30 +176,6 @@ private class DecltypeDumpType extends DumpType, Decltype {
  }
 }

-private class TypeofDumpType extends DumpType, TypeofType {
-  override string getTypeSpecifier() { result = this.getBaseType().(DumpType).getTypeSpecifier() }
-
-  override string getDeclaratorPrefix() {
-    result = this.getBaseType().(DumpType).getDeclaratorPrefix()
-  }
-
-  override string getDeclaratorSuffix() {
-    result = this.getBaseType().(DumpType).getDeclaratorSuffix()
-  }
-}
-
-private class IntrinsicTransformedDumpType extends DumpType, IntrinsicTransformedType {
-  override string getTypeSpecifier() { result = this.getBaseType().(DumpType).getTypeSpecifier() }
-
-  override string getDeclaratorPrefix() {
-    result = this.getBaseType().(DumpType).getDeclaratorPrefix()
-  }
-
-  override string getDeclaratorSuffix() {
-    result = this.getBaseType().(DumpType).getDeclaratorSuffix()
-  }
-}
-
 private class PointerIshDumpType extends DerivedDumpType {
  PointerIshDumpType() {
    this instanceof PointerType or
--- a/cpp/ql/lib/semmle/code/cpp/Type.qll
+++ b/cpp/ql/lib/semmle/code/cpp/Type.qll
@@ -92,9 +92,8 @@ class Type extends Locatable, @type {
  /**
   * Gets this type after typedefs have been resolved.
   *
-   * The result of this predicate will be the type itself, except in the case of a TypedefType, a Decltype,
-   * or a TypeofType, in which case the result will be type which results from (possibly recursively)
-   * resolving typedefs.
+   * The result of this predicate will be the type itself, except in the case of a TypedefType or a Decltype,
+   * in which case the result will be type which results from (possibly recursively) resolving typedefs.
   */
  pragma[nomagic]
  Type getUnderlyingType() { result = this }
@@ -1118,20 +1117,18 @@ class DerivedType extends Type, @derivedtype {
 * decltype(a) b;
 * ```
 */
-class Decltype extends Type {
-  Decltype() { decltypes(underlyingElement(this), _, 0, _, _) }
-
+class Decltype extends Type, @decltype {
  override string getAPrimaryQlClass() { result = "Decltype" }

  /**
-   * Gets the expression whose type is being obtained by this decltype.
+   * The expression whose type is being obtained by this decltype.
   */
-  Expr getExpr() { decltypes(underlyingElement(this), unresolveElement(result), _, _, _) }
+  Expr getExpr() { decltypes(underlyingElement(this), unresolveElement(result), _, _) }

  /**
-   * Gets the type immediately yielded by this decltype.
+   * The type immediately yielded by this decltype.
   */
-  Type getBaseType() { decltypes(underlyingElement(this), _, _, unresolveElement(result), _) }
+  Type getBaseType() { decltypes(underlyingElement(this), _, unresolveElement(result), _) }

  /**
   * Whether an extra pair of parentheses around the expression would change the semantics of this decltype.
@@ -1145,7 +1142,7 @@ class Decltype extends Type {
   * ```
   * Please consult the C++11 standard for more details.
   */
-  predicate parenthesesWouldChangeMeaning() { decltypes(underlyingElement(this), _, _, _, true) }
+  predicate parenthesesWouldChangeMeaning() { decltypes(underlyingElement(this), _, _, true) }

  override Type getUnderlyingType() { result = this.getBaseType().getUnderlyingType() }

@@ -1186,215 +1183,6 @@ class Decltype extends Type {
  }
 }

-/**
- * An instance of the C23 `typeof` or `typeof_unqual` operator. For example:
- * ```
- * int a;
- * typeof(a) b;
- * typeof_unqual(const int) b;
- * ```
- */
-class TypeofType extends Type {
-  TypeofType() {
-    decltypes(underlyingElement(this), _, 1, _, _) or
-    type_operators(underlyingElement(this), _, 0, _)
-  }
-
-  /**
-   * Gets the type immediately yielded by this typeof.
-   */
-  Type getBaseType() {
-    decltypes(underlyingElement(this), _, _, unresolveElement(result), _)
-    or
-    type_operators(underlyingElement(this), _, _, unresolveElement(result))
-  }
-
-  override Type getUnderlyingType() { result = this.getBaseType().getUnderlyingType() }
-
-  override Type stripTopLevelSpecifiers() { result = this.getBaseType().stripTopLevelSpecifiers() }
-
-  override Type stripType() { result = this.getBaseType().stripType() }
-
-  override Type resolveTypedefs() { result = this.getBaseType().resolveTypedefs() }
-
-  override string toString() { result = "typeof(...)" }
-
-  override string getName() { none() }
-
-  override int getSize() { result = this.getBaseType().getSize() }
-
-  override int getAlignment() { result = this.getBaseType().getAlignment() }
-
-  override int getPointerIndirectionLevel() {
-    result = this.getBaseType().getPointerIndirectionLevel()
-  }
-
-  override string explain() {
-    result = "typeof resulting in {" + this.getBaseType().explain() + "}"
-  }
-
-  override predicate involvesReference() { this.getBaseType().involvesReference() }
-
-  override predicate involvesTemplateParameter() { this.getBaseType().involvesTemplateParameter() }
-
-  override predicate isDeeplyConst() { this.getBaseType().isDeeplyConst() }
-
-  override predicate isDeeplyConstBelow() { this.getBaseType().isDeeplyConstBelow() }
-
-  override Specifier internal_getAnAdditionalSpecifier() {
-    result = this.getBaseType().getASpecifier()
-  }
-}
-
-/**
- * An instance of the C23 `typeof` or `typeof_unqual` operator taking an expression
- * as its argument. For example:
- * ```
- * int a;
- * typeof(a) b;
- * ```
- */
-class TypeofExprType extends TypeofType {
-  TypeofExprType() { decltypes(underlyingElement(this), _, 1, _, _) }
-
-  override string getAPrimaryQlClass() { result = "TypeofExprType" }
-
-  /**
-   * Gets the expression whose type is being obtained by this typeof.
-   */
-  Expr getExpr() { decltypes(underlyingElement(this), unresolveElement(result), _, _, _) }
-
-  override Location getLocation() { result = this.getExpr().getLocation() }
-}
-
-/**
- * A type obtained by C23 `typeof` or `typeof_unqual` operator taking a type as its
- * argument. For example:
- * ```
- * typeof_unqual(const int) b;
- * ```
- */
-class TypeofTypeType extends TypeofType {
-  TypeofTypeType() { type_operators(underlyingElement(this), _, 0, _) }
-
-  /**
-   * Gets the expression whose type is being obtained by this typeof.
-   */
-  Type getType() { type_operators(underlyingElement(this), unresolveElement(result), _, _) }
-
-  override string getAPrimaryQlClass() { result = "TypeofTypeType" }
-
-  override string toString() { result = "typeof(...)" }
-}
-
-/**
- * A type obtained by applying a type transforming intrinsic. For example:
- * ```
- * __make_unsigned(int) x;
- * ```
- */
-class IntrinsicTransformedType extends Type {
-  int intrinsic;
-
-  IntrinsicTransformedType() {
-    type_operators(underlyingElement(this), _, intrinsic, _) and
-    intrinsic in [1 .. 19]
-  }
-
-  override string getAPrimaryQlClass() { result = "IntrinsicTransformedType" }
-
-  override string toString() { result = this.getIntrinsicName() + "(...)" }
-
-  /**
-   * Gets the type immediately yielded by this transformation.
-   */
-  Type getBaseType() { type_operators(underlyingElement(this), _, _, unresolveElement(result)) }
-
-  /**
-   * Gets the type that is transformed.
-   */
-  Type getType() { type_operators(underlyingElement(this), unresolveElement(result), _, _) }
-
-  /**
-   * Gets the name of the intrinsic used to transform the type.
-   */
-  string getIntrinsicName() {
-    intrinsic = 1 and result = "__underlying_type"
-    or
-    intrinsic = 2 and result = "__bases"
-    or
-    intrinsic = 3 and result = "__direct_bases"
-    or
-    intrinsic = 4 and result = "__add_lvalue_reference"
-    or
-    intrinsic = 5 and result = "__add_pointer"
-    or
-    intrinsic = 6 and result = "__add_rvalue_reference"
-    or
-    intrinsic = 7 and result = "__decay"
-    or
-    intrinsic = 8 and result = "__make_signed"
-    or
-    intrinsic = 9 and result = "__make_unsigned"
-    or
-    intrinsic = 10 and result = "__remove_all_extents"
-    or
-    intrinsic = 11 and result = "__remove_const"
-    or
-    intrinsic = 12 and result = "__remove_cv"
-    or
-    intrinsic = 13 and result = "__remove_cvref"
-    or
-    intrinsic = 14 and result = "__remove_extent"
-    or
-    intrinsic = 15 and result = "__remove_pointer"
-    or
-    intrinsic = 16 and result = "__remove_reference_t"
-    or
-    intrinsic = 17 and result = "__remove_restrict"
-    or
-    intrinsic = 18 and result = "__remove_volatile"
-    or
-    intrinsic = 19 and result = "__remove_reference"
-  }
-
-  override Type getUnderlyingType() { result = this.getBaseType().getUnderlyingType() }
-
-  override Type stripTopLevelSpecifiers() { result = this.getBaseType().stripTopLevelSpecifiers() }
-
-  override Type stripType() { result = this.getBaseType().stripType() }
-
-  override Type resolveTypedefs() { result = this.getBaseType().resolveTypedefs() }
-
-  override string getName() { none() }
-
-  override int getSize() { result = this.getBaseType().getSize() }
-
-  override int getAlignment() { result = this.getBaseType().getAlignment() }
-
-  override int getPointerIndirectionLevel() {
-    result = this.getBaseType().getPointerIndirectionLevel()
-  }
-
-  override string explain() {
-    result =
-      "application of " + this.getIntrinsicName() + " resulting in {" + this.getBaseType().explain()
-        + "}"
-  }
-
-  override predicate involvesReference() { this.getBaseType().involvesReference() }
-
-  override predicate involvesTemplateParameter() { this.getBaseType().involvesTemplateParameter() }
-
-  override predicate isDeeplyConst() { this.getBaseType().isDeeplyConst() }
-
-  override predicate isDeeplyConstBelow() { this.getBaseType().isDeeplyConstBelow() }
-
-  override Specifier internal_getAnAdditionalSpecifier() {
-    result = this.getBaseType().getASpecifier()
-  }
-}
-
 /**
 * A C/C++ pointer type. See 4.9.1.
 * ```
@@ -1581,11 +1369,6 @@ class ArrayType extends DerivedType {
  override predicate isDeeplyConst() { this.getBaseType().isDeeplyConst() } // No such thing as a const array type

  override predicate isDeeplyConstBelow() { this.getBaseType().isDeeplyConst() }
-
-  /**
-   * Holds if this array is a variable-length array (VLA).
-   */
-  predicate isVla() { type_is_vla(underlyingElement(this)) }
 }

 /**
--- a/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll
+++ b/cpp/ql/lib/semmle/code/cpp/exprs/Expr.qll
@@ -310,8 +310,6 @@ class Expr extends StmtParent, @expr {
    or
    exists(Decltype d | d.getExpr() = this.getParentWithConversions*())
    or
-    exists(TypeofExprType t | t.getExpr() = this.getParentWithConversions*())
-    or
    exists(ConstexprIfStmt constIf |
      constIf.getControllingExpr() = this.getParentWithConversions*()
    )
--- a/cpp/ql/lib/semmle/code/cpp/exprs/Literal.qll
+++ b/cpp/ql/lib/semmle/code/cpp/exprs/Literal.qll
@@ -213,24 +213,7 @@ class ClassAggregateLiteral extends AggregateLiteral {
  Expr getFieldExpr(Field field, int position) {
    field = classType.getAField() and
    aggregate_field_init(underlyingElement(this), unresolveElement(result), unresolveElement(field),
-      position, _)
-  }
-
-  /**
-   * Holds if the `position`-th initialization of `field` in this aggregate initializer
-   * uses a designated (e.g., `.x = ...`) rather than a positional initializer.
-   *
-   * For example, in:
-   * ```c
-   * struct S { int x, y; };
-   * struct S s = { .x = 1, 2 };
-   * ```
-   * - `.x = 1` is a designated initializer, therefore `hasDesignator(x, 0)` holds.
-   * - `2` is a positional initializer for `s.y`, therefore `hasDesignator(y, 1)` does not hold.
-   */
-  predicate hasDesignator(Field field, int position) {
-    field = classType.getAField() and
-    aggregate_field_init(underlyingElement(this), _, unresolveElement(field), position, true)
+      position)
  }

  /**
@@ -321,24 +304,7 @@ class ArrayOrVectorAggregateLiteral extends AggregateLiteral {
   * - `a.getElementExpr(0, 2)` gives `789`.
   */
  Expr getElementExpr(int elementIndex, int position) {
-    aggregate_array_init(underlyingElement(this), unresolveElement(result), elementIndex, position,
-      _)
-  }
-
-  /**
-   * Holds if the `position`-th initialization of the array element at `elementIndex`
-   * in this aggregate initializer uses a designated (e.g., `[0] = ...`) rather than
-   * a positional initializer.
-   *
-   * For example, in:
-   * ```c
-   * int x[] = { [0] = 1, 2 };
-   * ```
-   * - `[0] = 1` is a designated initializer, therefore `hasDesignator(0, 0)` holds.
-   * - `2` is a positional initializer for `x[1]`, therefore `hasDesignator(1, 1)` does not hold.
-   */
-  predicate hasDesignator(int elementIndex, int position) {
-    aggregate_array_init(underlyingElement(this), _, elementIndex, position, true)
+    aggregate_array_init(underlyingElement(this), unresolveElement(result), elementIndex, position)
  }

  /**
--- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/SideEffects.qll
+++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/SideEffects.qll
@@ -16,10 +16,6 @@ private predicate isDeeplyConst(Type t) {
  or
  isDeeplyConst(t.(Decltype).getBaseType())
  or
-  isDeeplyConst(t.(TypeofType).getBaseType())
-  or
-  isDeeplyConst(t.(IntrinsicTransformedType).getBaseType())
-  or
  isDeeplyConst(t.(ReferenceType).getBaseType())
  or
  exists(SpecifiedType specType | specType = t |
@@ -40,10 +36,6 @@ private predicate isDeeplyConstBelow(Type t) {
  or
  isDeeplyConstBelow(t.(Decltype).getBaseType())
  or
-  isDeeplyConstBelow(t.(TypeofType).getBaseType())
-  or
-  isDeeplyConstBelow(t.(IntrinsicTransformedType).getBaseType())
-  or
  isDeeplyConst(t.(PointerType).getBaseType())
  or
  isDeeplyConst(t.(ReferenceType).getBaseType())
--- a/cpp/ql/lib/semmlecode.cpp.dbscheme
+++ b/cpp/ql/lib/semmlecode.cpp.dbscheme
@@ -743,17 +743,15 @@ typedefbase(
 );

 /**
- * An instance of the C++11 `decltype` operator or C23 `typeof`/`typeof_unqual`
- * operator taking an expression as its argument.  For example:
+ * An instance of the C++11 `decltype` operator.  For example:
 * ```
 * int a;
 * decltype(1+a) b;
- * typeof(1+a) c;
 * ```
 * Here `expr` is `1+a`.
 *
 * Sometimes an additional pair of parentheses around the expression
- * changes the semantics of the decltype, e.g.
+ * would change the semantics of this decltype, e.g.
 * ```
 * struct A { double x; };
 * const A* a = new A();
@@ -763,55 +761,14 @@ typedefbase(
 * (Please consult the C++11 standard for more details).
 * `parentheses_would_change_meaning` is `true` iff that is the case.
 */
-
-/*
-case @decltype.kind of
-|  0 = @decltype
-|  1 = @typeof // The frontend does not differentiate between typeof and typeof_unqual
-;
-*/
-
 #keyset[id, expr]
 decltypes(
    int id: @decltype,
    int expr: @expr ref,
-    int kind: int ref,
    int base_type: @type ref,
    boolean parentheses_would_change_meaning: boolean ref
 );

-/*
-case @type_operator.kind of
-|  0 = @typeof // The frontend does not differentiate between typeof and typeof_unqual
-|  1 = @underlying_type
-|  2 = @bases
-|  3 = @direct_bases
-|  4 = @add_lvalue_reference
-|  5 = @add_pointer
-|  6 = @add_rvalue_reference
-|  7 = @decay
-|  8 = @make_signed
-|  9 = @make_unsigned
-| 10 = @remove_all_extents
-| 11 = @remove_const
-| 12 = @remove_cv
-| 13 = @remove_cvref
-| 14 = @remove_extent
-| 15 = @remove_pointer
-| 16 = @remove_reference_t
-| 17 = @remove_restrict
-| 18 = @remove_volatile
-| 19 = @remove_reference
-;
-*/
-
-type_operators(
-    unique int id: @type_operator,
-    int arg_type: @type ref,
-    int kind: int ref,
-    int base_type: @type ref
-)
-
 /*
 case @usertype.kind of
 |  0 = @unknown_usertype
@@ -1146,10 +1103,10 @@ stmtattributes(
@type = @builtintype
      | @derivedtype
      | @usertype
+      /* TODO | @fixedpointtype */
      | @routinetype
      | @ptrtomember
-      | @decltype
-      | @type_operator;
+      | @decltype;

 unspecifiedtype(
    unique int type_id: @type ref,
@@ -2082,8 +2039,7 @@ aggregate_field_init(
    int aggregate: @aggregateliteral ref,
    int initializer: @expr ref,
    int field: @membervariable ref,
-    int position: int ref,
-    boolean is_designated: boolean ref
+    int position: int ref
 );

 /**
@@ -2095,8 +2051,7 @@ aggregate_array_init(
    int aggregate: @aggregateliteral ref,
    int initializer: @expr ref,
    int element_index: int ref,
-    int position: int ref,
-    boolean is_designated: boolean ref
+    int position: int ref
 );

@ctorinit = @ctordirectinit
@@ -2223,8 +2178,6 @@ variable_vla(
    int decl: @stmt_vla_decl ref
 );

-type_is_vla(unique int type_id: @derivedtype ref)
-
 if_initialization(
    unique int if_stmt: @stmt_if ref,
    int init_id: @stmt ref
--- a/cpp/ql/lib/semmlecode.cpp.dbscheme.stats
+++ b/cpp/ql/lib/semmlecode.cpp.dbscheme.stats
--- a/cpp/ql/lib/upgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/aggregate_array_init.ql
+++ b/cpp/ql/lib/upgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/aggregate_array_init.ql
@@ -1,11 +0,0 @@
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-class AggregateLiteral extends Expr, @aggregateliteral {
-  override string toString() { none() }
-}
-
-from AggregateLiteral aggregate, Expr initializer, int element_index, int position
-where aggregate_array_init(aggregate, initializer, element_index, position)
-select aggregate, initializer, element_index, position, false
--- a/cpp/ql/lib/upgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/aggregate_field_init.ql
+++ b/cpp/ql/lib/upgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/aggregate_field_init.ql
@@ -1,15 +0,0 @@
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-class AggregateLiteral extends Expr, @aggregateliteral {
-  override string toString() { none() }
-}
-
-class MemberVariable extends @membervariable {
-  string toString() { none() }
-}
-
-from AggregateLiteral aggregate, Expr initializer, MemberVariable field, int position
-where aggregate_field_init(aggregate, initializer, field, position)
-select aggregate, initializer, field, position, false
--- a/cpp/ql/lib/upgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/old.dbscheme
+++ b/cpp/ql/lib/upgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/old.dbscheme
--- a/cpp/ql/lib/upgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/semmlecode.cpp.dbscheme
+++ b/cpp/ql/lib/upgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/semmlecode.cpp.dbscheme
--- a/cpp/ql/lib/upgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/upgrade.properties
+++ b/cpp/ql/lib/upgrades/0f0a390468a5eb43d1dc72937c028070b106bf53/upgrade.properties
@@ -1,4 +0,0 @@
-description: add `hasDesignator` predicate to `ArrayOrVectorAggregateLiteral` and `ClassAggregateLiteral`
-compatibility: backwards
-aggregate_array_init.rel: run aggregate_array_init.qlo
-aggregate_field_init.rel: run aggregate_field_init.qlo
--- a/cpp/ql/lib/upgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/decltypes.ql
+++ b/cpp/ql/lib/upgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/decltypes.ql
@@ -1,11 +0,0 @@
-class Type extends @type {
-  string toString() { none() }
-}
-
-class Expr extends @expr {
-  string toString() { none() }
-}
-
-from Type decltype, Expr expr, Type basetype, boolean parentheses
-where decltypes(decltype, expr, basetype, parentheses)
-select decltype, expr, 0, basetype, parentheses
--- a/cpp/ql/lib/upgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/old.dbscheme
+++ b/cpp/ql/lib/upgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/old.dbscheme
--- a/cpp/ql/lib/upgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/semmlecode.cpp.dbscheme
+++ b/cpp/ql/lib/upgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/semmlecode.cpp.dbscheme
--- a/cpp/ql/lib/upgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/upgrade.properties
+++ b/cpp/ql/lib/upgrades/2e2d805ef93d060b813403cb9b51dc72455a4c68/upgrade.properties
@@ -1,3 +0,0 @@
-description: Support C23 typeof and typeof_unqual
-compatibility: partial
-decltypes.rel: run decltypes.qlo
--- a/cpp/ql/lib/upgrades/e594389175c098d7225683d0fd8cefcc47d84bc1/old.dbscheme
+++ b/cpp/ql/lib/upgrades/e594389175c098d7225683d0fd8cefcc47d84bc1/old.dbscheme
--- a/cpp/ql/lib/upgrades/e594389175c098d7225683d0fd8cefcc47d84bc1/semmlecode.cpp.dbscheme
+++ b/cpp/ql/lib/upgrades/e594389175c098d7225683d0fd8cefcc47d84bc1/semmlecode.cpp.dbscheme
--- a/cpp/ql/lib/upgrades/e594389175c098d7225683d0fd8cefcc47d84bc1/upgrade.properties
+++ b/cpp/ql/lib/upgrades/e594389175c098d7225683d0fd8cefcc47d84bc1/upgrade.properties
@@ -1,2 +0,0 @@
-description:  Add a new predicate `isVla()` to the `ArrayType` class
-compatibility: backwards
--- a/cpp/ql/src/CHANGELOG.md
+++ b/cpp/ql/src/CHANGELOG.md
@@ -1,11 +1,3 @@
-## 1.3.9
-
-No user-facing changes.
-
-## 1.3.8
-
-No user-facing changes.
-
 ## 1.3.7

 ### Minor Analysis Improvements
--- a/Bugs/Arithmetic/IntMultToLong.ql
+++ b/Bugs/Arithmetic/IntMultToLong.ql
@@ -179,7 +179,6 @@ predicate overflows(MulExpr me, Type t) {

 from MulExpr me, Type t1, Type t2
 where
-  not any(Compilation c).buildModeNone() and
  t1 = me.getType().getUnderlyingType() and
  t2 = me.getConversion().getType().getUnderlyingType() and
  t1.getSize() < t2.getSize() and
--- a/Bugs/Format/WrongTypeFormatArguments.ql
+++ b/Bugs/Format/WrongTypeFormatArguments.ql
@@ -154,7 +154,6 @@ int sizeof_IntType() { exists(IntType it | result = it.getSize()) }

 from FormattingFunctionCall ffc, int n, Expr arg, Type expected, Type actual
 where
-  not any(Compilation c).buildModeNone() and
  (
    formattingFunctionCallExpectedType(ffc, n, expected) and
    formattingFunctionCallActualType(ffc, n, arg, actual) and
--- a/Management/SuspiciousCallToMemset.ql
+++ b/Management/SuspiciousCallToMemset.ql
@@ -47,17 +47,11 @@ Type stripType(Type t) {
  or
  result = stripType(t.(Decltype).getBaseType())
  or
-  result = stripType(t.(TypeofType).getBaseType())
-  or
-  result = stripType(t.(IntrinsicTransformedType).getBaseType())
-  or
  not t instanceof TypedefType and
  not t instanceof ArrayType and
  not t instanceof ReferenceType and
  not t instanceof SpecifiedType and
  not t instanceof Decltype and
-  not t instanceof TypeofType and
-  not t instanceof IntrinsicTransformedType and
  result = t
 }

--- a/Functions/ImplicitFunctionDeclaration.ql
+++ b/Functions/ImplicitFunctionDeclaration.ql
@@ -38,7 +38,6 @@ predicate isCompiledAsC(File f) {

 from FunctionDeclarationEntry fdeIm, FunctionCall fc
 where
-  not any(Compilation c).buildModeNone() and
  isCompiledAsC(fdeIm.getFile()) and
  not isFromMacroDefinition(fc) and
  fdeIm.isImplicit() and
--- a/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
+++ b/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
@@ -51,7 +51,6 @@ int getComparisonSizeAdjustment(Expr e) {

 from Loop l, RelationalOperation rel, VariableAccess small, Expr large
 where
-  not any(Compilation c).buildModeNone() and
  small = rel.getLesserOperand() and
  large = rel.getGreaterOperand() and
  rel = l.getCondition().getAChild*() and
--- a/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
+++ b/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
@@ -24,12 +24,10 @@ private predicate isCharSzPtrExpr(Expr e) {

 from Expr sizeofExpr, Expr e
 where
-  not any(Compilation c).buildModeNone() and
  // If we see an addWithSizeof then we expect the type of
  // the pointer expression to be `char*` or `void*`. Otherwise it
  // is probably a mistake.
-  addWithSizeof(e, sizeofExpr, _) and
-  not isCharSzPtrExpr(e)
+  addWithSizeof(e, sizeofExpr, _) and not isCharSzPtrExpr(e)
 select sizeofExpr,
  "Suspicious sizeof offset in a pointer arithmetic expression. The type of the pointer is $@.",
  e.getFullyConverted().getType() as t, t.toString()
--- a/cpp/ql/src/change-notes/released/1.3.8.md
+++ b/cpp/ql/src/change-notes/released/1.3.8.md
@@ -1,3 +0,0 @@
-## 1.3.8
-
-No user-facing changes.
--- a/cpp/ql/src/change-notes/released/1.3.9.md
+++ b/cpp/ql/src/change-notes/released/1.3.9.md
@@ -1,3 +0,0 @@
-## 1.3.9
-
-No user-facing changes.
--- a/cpp/ql/src/codeql-pack.release.yml
+++ b/cpp/ql/src/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.3.9
+lastReleaseVersion: 1.3.7
--- a/cpp/ql/src/qlpack.yml
+++ b/cpp/ql/src/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/cpp-queries
-version: 1.3.9
+version: 1.3.8-dev
 groups:
  - cpp
  - queries
--- a/cpp/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql
+++ b/cpp/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql
@@ -1,13 +0,0 @@
-/**
- * @name Capture content based summary models.
- * @description Finds applicable content based summary models to be used by other queries.
- * @kind diagnostic
- * @id cpp/utils/modelgenerator/contentbased-summary-models
- * @tags modelgenerator
- */
-
-import internal.CaptureModels
-
-from DataFlowSummaryTargetApi api, string flow
-where flow = ContentSensitive::captureFlow(api, _)
-select flow order by flow
--- a/cpp/ql/src/utils/modelgenerator/CaptureSinkModels.ql
+++ b/cpp/ql/src/utils/modelgenerator/CaptureSinkModels.ql
@@ -1,14 +0,0 @@
-/**
- * @name Capture sink models.
- * @description Finds public methods that act as sinks as they flow into a known sink.
- * @kind diagnostic
- * @id cpp/utils/modelgenerator/sink-models
- * @tags modelgenerator
- */
-
-import internal.CaptureModels
-import Heuristic
-
-from DataFlowSinkTargetApi api, string sink
-where sink = captureSink(api)
-select sink order by sink
--- a/cpp/ql/src/utils/modelgenerator/CaptureSourceModels.ql
+++ b/cpp/ql/src/utils/modelgenerator/CaptureSourceModels.ql
@@ -1,14 +0,0 @@
-/**
- * @name Capture source models.
- * @description Finds APIs that act as sources as they expose already known sources.
- * @kind diagnostic
- * @id cpp/utils/modelgenerator/source-models
- * @tags modelgenerator
- */
-
-import internal.CaptureModels
-import Heuristic
-
-from DataFlowSourceTargetApi api, string source
-where source = captureSource(api)
-select source order by source
--- a/cpp/ql/src/utils/modelgenerator/GenerateFlowModel.py
+++ b/cpp/ql/src/utils/modelgenerator/GenerateFlowModel.py
@@ -1,15 +0,0 @@
-#!/usr/bin/python3
-
-import sys
-import os.path
-import subprocess
-
-# Add Model as Data script directory to sys.path.
-gitroot = subprocess.check_output(["git", "rev-parse", "--show-toplevel"]).decode("utf-8").strip()
-madpath = os.path.join(gitroot, "misc/scripts/models-as-data/")
-sys.path.append(madpath)
-
-import generate_flow_model as model
-
-language = "cpp"
-model.Generator.make(language).run()
--- a/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
+++ b/cpp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
@@ -1,404 +0,0 @@
-/**
- * Provides predicates related to capturing summary models of the Standard or a 3rd party library.
- */
-
-private import cpp
-private import semmle.code.cpp.ir.IR
-private import semmle.code.cpp.dataflow.ExternalFlow as ExternalFlow
-private import semmle.code.cpp.ir.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon
-private import semmle.code.cpp.ir.dataflow.internal.DataFlowImplSpecific
-private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate as DataFlowPrivate
-private import semmle.code.cpp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
-private import semmle.code.cpp.ir.dataflow.internal.TaintTrackingImplSpecific
-private import semmle.code.cpp.dataflow.new.TaintTracking
-private import codeql.mad.modelgenerator.internal.ModelGeneratorImpl
-
-module ModelGeneratorInput implements ModelGeneratorInputSig<Location, CppDataFlow> {
-  class Type = DataFlowPrivate::DataFlowType;
-
-  // Note: This also includes `this`
-  class Parameter = DataFlow::ParameterNode;
-
-  class Callable = Declaration;
-
-  class NodeExtended extends DataFlow::Node {
-    Callable getAsExprEnclosingCallable() { result = this.asExpr().getEnclosingDeclaration() }
-  }
-
-  Parameter asParameter(NodeExtended n) { result = n }
-
-  Callable getEnclosingCallable(NodeExtended n) {
-    result = n.getEnclosingCallable().asSourceCallable()
-  }
-
-  Callable getAsExprEnclosingCallable(NodeExtended n) {
-    result = n.asExpr().getEnclosingDeclaration()
-  }
-
-  /** Gets `api` if it is relevant. */
-  private Callable liftedImpl(Callable api) { result = api and relevant(api) }
-
-  private predicate hasManualSummaryModel(Callable api) {
-    api = any(FlowSummaryImpl::Public::SummarizedCallable sc | sc.applyManualModel()) or
-    api = any(FlowSummaryImpl::Public::NeutralSummaryCallable sc | sc.hasManualModel())
-  }
-
-  private predicate hasManualSourceModel(Callable api) {
-    api = any(FlowSummaryImpl::Public::NeutralSourceCallable sc | sc.hasManualModel())
-  }
-
-  private predicate hasManualSinkModel(Callable api) {
-    api = any(FlowSummaryImpl::Public::NeutralSinkCallable sc | sc.hasManualModel())
-  }
-
-  /**
-   * Holds if `f` is a "private" function.
-   *
-   * A "private" function does not contribute any models as it is assumed
-   * to be an implementation detail of some other "public" function for which
-   * we will generate a summary.
-   */
-  private predicate isPrivateOrProtected(Function f) {
-    f.getNamespace().getParentNamespace*().isAnonymous()
-    or
-    exists(MemberFunction mf | mf = f |
-      mf.isPrivate()
-      or
-      mf.isProtected()
-    )
-    or
-    f.isStatic()
-  }
-
-  private predicate isUninterestingForModels(Callable api) {
-    // Note: This also makes all global/static-local variables
-    // not relevant (which is good!)
-    not api.(Function).hasDefinition()
-    or
-    isPrivateOrProtected(api)
-    or
-    api instanceof Destructor
-    or
-    api = any(LambdaExpression lambda).getLambdaFunction()
-    or
-    api.isFromUninstantiatedTemplate(_)
-  }
-
-  private predicate relevant(Callable api) {
-    api.fromSource() and
-    not isUninterestingForModels(api)
-  }
-
-  class SummaryTargetApi extends Callable {
-    private Callable lift;
-
-    SummaryTargetApi() {
-      lift = liftedImpl(this) and
-      not hasManualSummaryModel(lift)
-    }
-
-    Callable lift() { result = lift }
-
-    predicate isRelevant() {
-      relevant(this) and
-      not hasManualSummaryModel(this)
-    }
-  }
-
-  class SourceOrSinkTargetApi extends Callable {
-    SourceOrSinkTargetApi() { relevant(this) }
-  }
-
-  class SinkTargetApi extends SourceOrSinkTargetApi {
-    SinkTargetApi() { not hasManualSinkModel(this) }
-  }
-
-  class SourceTargetApi extends SourceOrSinkTargetApi {
-    SourceTargetApi() { not hasManualSourceModel(this) }
-  }
-
-  class InstanceParameterNode extends DataFlow::ParameterNode {
-    InstanceParameterNode() {
-      DataFlowPrivate::nodeHasInstruction(this,
-        any(InitializeParameterInstruction i | i.hasIndex(-1)), 1)
-    }
-  }
-
-  private predicate isFinalMemberFunction(MemberFunction mf) {
-    mf.isFinal()
-    or
-    mf.getDeclaringType().isFinal()
-  }
-
-  /**
-   * Holds if the summary generated for `c` should also apply to overrides
-   * of `c`.
-   */
-  private string isExtensible(Callable c) {
-    if isFinalMemberFunction(c) then result = "false" else result = "true"
-  }
-
-  /**
-   * Gets the string representing the list of template parameters declared
-   * by `template`.
-   *
-   * `template` must either be:
-   * - An uninstantiated template, or
-   * - A declaration that is not from a template instantiation.
-   */
-  private string templateParams(Declaration template) {
-    exists(string params |
-      params =
-        concat(int i |
-          |
-          template.getTemplateArgument(i).(TypeTemplateParameter).getName(), "," order by i
-        )
-    |
-      if params = "" then result = "" else result = "<" + params + ">"
-    )
-  }
-
-  /**
-   * Gets the string representing the list of parameters declared
-   * by `functionTemplate`.
-   *
-   * `functionTemplate` must either be:
-   * - An uninstantiated template, or
-   * - A declaration that is not from a template instantiation.
-   */
-  private string params(Function functionTemplate) {
-    exists(string params |
-      params =
-        concat(int i |
-          |
-          ExternalFlow::getParameterTypeWithoutTemplateArguments(functionTemplate, i, true), ","
-          order by
-            i
-        ) and
-      result = "(" + params + ")"
-    )
-  }
-
-  /**
-   * Holds if the callable `c` is:
-   * - In the namespace represented by `namespace`, and
-   * - Has a declaring type represented by `type`, and
-   * - Has the name `name`, and
-   * - Has a list of parameters represented by `params`
-   *
-   * This is the predicate that computes the columns that it put into the MaD
-   * row for `callable`.
-   */
-  private predicate qualifiedName(
-    Callable callable, string namespace, string type, string name, string params
-  ) {
-    exists(
-      Function functionTemplate, string typeWithoutTemplateArgs, string nameWithoutTemplateArgs
-    |
-      functionTemplate = ExternalFlow::getFullyTemplatedFunction(callable) and
-      functionTemplate.hasQualifiedName(namespace, typeWithoutTemplateArgs, nameWithoutTemplateArgs) and
-      nameWithoutTemplateArgs = functionTemplate.getName() and
-      name = nameWithoutTemplateArgs + templateParams(functionTemplate) and
-      params = params(functionTemplate)
-    |
-      exists(Class classTemplate |
-        classTemplate = functionTemplate.getDeclaringType() and
-        type = typeWithoutTemplateArgs + templateParams(classTemplate)
-      )
-      or
-      not exists(functionTemplate.getDeclaringType()) and
-      type = ""
-    )
-  }
-
-  predicate isRelevantType(Type t) { any() }
-
-  Type getUnderlyingContentType(DataFlow::ContentSet c) {
-    result = c.(DataFlow::FieldContent).getField().getUnspecifiedType() or
-    result = c.(DataFlow::UnionContent).getUnion().getUnspecifiedType()
-  }
-
-  string qualifierString() { result = "Argument[-1]" }
-
-  private predicate parameterContentAccessImpl(Parameter p, string argument) {
-    exists(int indirectionIndex, int argumentIndex, DataFlowPrivate::Position pos |
-      p.isSourceParameterOf(_, pos) and
-      pos.getArgumentIndex() = argumentIndex and
-      argumentIndex != -1 and // handled elsewhere
-      pos.getIndirectionIndex() = indirectionIndex
-    |
-      indirectionIndex = 0 and
-      argument = "Argument[" + argumentIndex + "]"
-      or
-      indirectionIndex > 0 and
-      argument = "Argument[" + DataFlow::repeatStars(indirectionIndex) + argumentIndex + "]"
-    )
-  }
-
-  string parameterAccess(Parameter p) { parameterContentAccessImpl(p, result) }
-
-  string parameterContentAccess(Parameter p) { parameterContentAccessImpl(p, result) }
-
-  bindingset[c]
-  string paramReturnNodeAsOutput(Callable c, DataFlowPrivate::Position pos) {
-    exists(Parameter p |
-      p.isSourceParameterOf(c, pos) and
-      result = parameterAccess(p)
-    )
-    or
-    pos.getArgumentIndex() = -1 and
-    result = qualifierString() and
-    pos.getIndirectionIndex() = 1
-  }
-
-  bindingset[c]
-  string paramReturnNodeAsContentOutput(Callable c, DataFlowPrivate::ParameterPosition pos) {
-    result = paramReturnNodeAsOutput(c, pos)
-  }
-
-  pragma[nomagic]
-  Callable returnNodeEnclosingCallable(DataFlow::Node ret) {
-    result = DataFlowImplCommon::getNodeEnclosingCallable(ret).asSourceCallable()
-  }
-
-  /** Holds if this instance access is to an enclosing instance of type `t`. */
-  pragma[nomagic]
-  private predicate isEnclosingInstanceAccess(DataFlowPrivate::ReturnNode n, Class t) {
-    n.getKind().isIndirectReturn(-1) and
-    t = n.getType().stripType() and
-    t != n.getEnclosingCallable().asSourceCallable().(Function).getDeclaringType()
-  }
-
-  pragma[nomagic]
-  predicate isOwnInstanceAccessNode(DataFlowPrivate::ReturnNode node) {
-    node.getKind().isIndirectReturn(-1) and
-    not isEnclosingInstanceAccess(node, _)
-  }
-
-  predicate sinkModelSanitizer(DataFlow::Node node) { none() }
-
-  predicate apiSource(DataFlow::Node source) {
-    DataFlowPrivate::nodeHasOperand(source, any(DataFlow::FieldAddress fa), 1)
-    or
-    source instanceof DataFlow::ParameterNode
-  }
-
-  string getInputArgument(DataFlow::Node source) {
-    exists(DataFlowPrivate::Position pos, int argumentIndex, int indirectionIndex |
-      source.(DataFlow::ParameterNode).isParameterOf(_, pos) and
-      argumentIndex = pos.getArgumentIndex() and
-      indirectionIndex = pos.getIndirectionIndex() and
-      result = "Argument[" + DataFlow::repeatStars(indirectionIndex) + argumentIndex + "]"
-    )
-    or
-    DataFlowPrivate::nodeHasOperand(source, any(DataFlow::FieldAddress fa), 1) and
-    result = qualifierString()
-  }
-
-  string getReturnValueString(DataFlowPrivate::ReturnKind k) {
-    k.isNormalReturn() and
-    exists(int indirectionIndex | indirectionIndex = k.getIndirectionIndex() |
-      indirectionIndex = 0 and
-      result = "ReturnValue"
-      or
-      indirectionIndex > 0 and
-      result = "ReturnValue[" + DataFlow::repeatStars(indirectionIndex) + "]"
-    )
-  }
-
-  predicate irrelevantSourceSinkApi(Callable source, SourceTargetApi api) { none() }
-
-  bindingset[kind]
-  predicate isRelevantSourceKind(string kind) { any() }
-
-  bindingset[kind]
-  predicate isRelevantSinkKind(string kind) { any() }
-
-  predicate containerContent(DataFlow::ContentSet cs) { cs instanceof DataFlow::ElementContent }
-
-  predicate isAdditionalContentFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    TaintTracking::defaultAdditionalTaintStep(node1, node2, _) and
-    not exists(DataFlow::Content f |
-      DataFlowPrivate::readStep(node1, f, node2) and containerContent(f)
-    )
-  }
-
-  predicate isField(DataFlow::ContentSet cs) {
-    exists(DataFlow::Content c | cs.isSingleton(c) |
-      c instanceof DataFlow::FieldContent or
-      c instanceof DataFlow::UnionContent
-    )
-  }
-
-  predicate isCallback(DataFlow::ContentSet c) { none() }
-
-  string getSyntheticName(DataFlow::ContentSet c) {
-    exists(Field f |
-      not f.isPublic() and
-      f = c.(DataFlow::FieldContent).getField() and
-      result = f.getName()
-    )
-  }
-
-  string printContent(DataFlow::ContentSet c) {
-    exists(int indirectionIndex, string name, string kind |
-      exists(DataFlow::UnionContent uc |
-        c.isSingleton(uc) and
-        name = uc.getUnion().getName() and
-        indirectionIndex = uc.getIndirectionIndex() and
-        // Note: We don't actually support the union string in MaD, but we should do that eventually
-        kind = "Union["
-      )
-      or
-      exists(DataFlow::FieldContent fc |
-        c.isSingleton(fc) and
-        name = fc.getField().getName() and
-        indirectionIndex = fc.getIndirectionIndex() and
-        kind = "Field["
-      )
-    |
-      result = kind + DataFlow::repeatStars(indirectionIndex) + name + "]"
-    )
-    or
-    exists(DataFlow::ElementContent ec |
-      c.isSingleton(ec) and
-      result = "Element[" + ec.getIndirectionIndex() + "]"
-    )
-  }
-
-  predicate isUninterestingForDataFlowModels(Callable api) { none() }
-
-  predicate isUninterestingForHeuristicDataFlowModels(Callable api) {
-    isUninterestingForDataFlowModels(api)
-  }
-
-  string partialModelRow(Callable api, int i) {
-    i = 0 and qualifiedName(api, result, _, _, _) // namespace
-    or
-    i = 1 and qualifiedName(api, _, result, _, _) // type
-    or
-    i = 2 and result = isExtensible(api) // extensible
-    or
-    i = 3 and qualifiedName(api, _, _, result, _) // name
-    or
-    i = 4 and qualifiedName(api, _, _, _, result) // parameters
-    or
-    i = 5 and result = "" and exists(api) // ext
-  }
-
-  string partialNeutralModelRow(Callable api, int i) {
-    i = 0 and qualifiedName(api, result, _, _, _) // namespace
-    or
-    i = 1 and qualifiedName(api, _, result, _, _) // type
-    or
-    i = 2 and qualifiedName(api, _, _, result, _) // name
-    or
-    i = 3 and qualifiedName(api, _, _, _, result) // parameters
-  }
-
-  predicate sourceNode = ExternalFlow::sourceNode/2;
-
-  predicate sinkNode = ExternalFlow::sinkNode/2;
-}
-
-import MakeModelGenerator<Location, CppDataFlow, CppTaintTracking, ModelGeneratorInput>
--- a/cpp/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll
+++ b/cpp/ql/src/utils/modelgenerator/internal/CaptureModelsPrinting.qll
@@ -1,13 +0,0 @@
-private import cpp as Cpp
-private import codeql.mad.modelgenerator.internal.ModelPrinting
-private import CaptureModels::ModelGeneratorInput as ModelGeneratorInput
-
-private module ModelPrintingLang implements ModelPrintingLangSig {
-  class Callable = Cpp::Declaration;
-
-  predicate partialModelRow = ModelGeneratorInput::partialModelRow/2;
-
-  predicate partialNeutralModelRow = ModelGeneratorInput::partialNeutralModelRow/2;
-}
-
-import ModelPrintingImpl<ModelPrintingLang>
--- a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureContentSummaryModels.ext.yml
+++ b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureContentSummaryModels.ext.yml
@@ -1,6 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data:
-      - [ "models", "ManuallyModelled", False, "hasSummary", "(void *)", "", "Argument[0]", "ReturnValue", "value", "manual"]
--- a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureContentSummaryModels.ql
+++ b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureContentSummaryModels.ql
@@ -1,11 +0,0 @@
-import cpp
-import utils.modelgenerator.internal.CaptureModels
-import InlineModelsAsDataTest
-
-module InlineMadTestConfig implements InlineMadTestConfigSig {
-  string getCapturedModel(MadRelevantFunction c) { result = ContentSensitive::captureFlow(c, _) }
-
-  string getKind() { result = "contentbased-summary" }
-}
-
-import InlineMadTest<InlineMadTestConfig>
--- a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ext.yml
+++ b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ext.yml
@@ -1,6 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/cpp-all
-      extensible: summaryModel
-    data:
-      - [ "Models", "ManuallyModelled", False, "hasSummary", "(void *)", "", "Argument[0]", "ReturnValue", "value", "manual"]
--- a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ql
+++ b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/CaptureHeuristicSummaryModels.ql
@@ -1,11 +0,0 @@
-import cpp
-import utils.modelgenerator.internal.CaptureModels
-import InlineModelsAsDataTest
-
-module InlineMadTestConfig implements InlineMadTestConfigSig {
-  string getCapturedModel(MadRelevantFunction c) { result = Heuristic::captureFlow(c) }
-
-  string getKind() { result = "heuristic-summary" }
-}
-
-import InlineMadTest<InlineMadTestConfig>
--- a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/InlineModelsAsDataTest.qll
+++ b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/InlineModelsAsDataTest.qll
@@ -1,34 +0,0 @@
-private import cpp
-private import codeql.mad.test.InlineMadTest
-
-class MadRelevantFunction extends Function {
-  MadRelevantFunction() { not this.isFromUninstantiatedTemplate(_) }
-}
-
-private module InlineMadTestLang implements InlineMadTestLangSig {
-  class Callable = MadRelevantFunction;
-
-  /**
-   * Holds if `c` is the closest `Callable` that succeeds `comment` in the file.
-   */
-  private predicate hasClosestCallable(CppStyleComment comment, Callable c) {
-    c =
-      min(Callable cand, int dist |
-        // This has no good join order, but should hopefully be good enough for tests.
-        cand.getFile() = comment.getFile() and
-        dist = cand.getLocation().getStartLine() - comment.getLocation().getStartLine() and
-        dist > 0
-      |
-        cand order by dist
-      )
-  }
-
-  string getComment(Callable c) {
-    exists(CppStyleComment comment |
-      hasClosestCallable(comment, c) and
-      result = comment.getContents().suffix(2)
-    )
-  }
-}
-
-import InlineMadTestImpl<InlineMadTestLang>
--- a/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp
+++ b/cpp/ql/test/library-tests/dataflow/modelgenerator/dataflow/summaries.cpp
@@ -1,201 +0,0 @@
-using size_t = decltype(sizeof(int));
-
-size_t strlen(const char* str);
-char* strcpy(char* dest, const char* src);
-
-namespace Models {
-    struct BasicFlow {
-        int* tainted;
-
-        //No model as destructors are excluded from model generation.
-        ~BasicFlow() = default;
-
-        //heuristic-summary=Models;BasicFlow;true;returnThis;(int *);;Argument[-1];ReturnValue[*];taint;df-generated
-        //contentbased-summary=Models;BasicFlow;true;returnThis;(int *);;Argument[-1];ReturnValue[*];value;dfc-generated
-        BasicFlow* returnThis(int* input) {
-            return this;
-        }
-
-        //heuristic-summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[0];ReturnValue;taint;df-generated
-        //heuristic-summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[*0];ReturnValue[*];taint;df-generated
-        //contentbased-summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[0];ReturnValue;value;dfc-generated
-        //contentbased-summary=Models;BasicFlow;true;returnParam0;(int *,int *);;Argument[*0];ReturnValue[*];value;dfc-generated
-        int* returnParam0(int* input0, int* input1) {
-            return input0;
-        }
-
-        //heuristic-summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[1];ReturnValue;taint;df-generated
-        //heuristic-summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[*1];ReturnValue[*];taint;df-generated
-        //contentbased-summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[1];ReturnValue;value;dfc-generated
-        //contentbased-summary=Models;BasicFlow;true;returnParam1;(int *,int *);;Argument[*1];ReturnValue[*];value;dfc-generated
-        int* returnParam1(int* input0, int* input1) {
-            return input1;
-        }
-
-        //heuristic-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[1];ReturnValue;taint;df-generated
-        //heuristic-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*1];ReturnValue[*];taint;df-generated
-        //heuristic-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[2];ReturnValue;taint;df-generated
-        //heuristic-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*2];ReturnValue[*];taint;df-generated
-        //contentbased-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[1];ReturnValue;value;dfc-generated
-        //contentbased-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*1];ReturnValue[*];value;dfc-generated
-        //contentbased-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[2];ReturnValue;value;dfc-generated
-        //contentbased-summary=Models;BasicFlow;true;returnParamMultiple;(bool,int *,int *);;Argument[*2];ReturnValue[*];value;dfc-generated
-        int* returnParamMultiple(bool b, int* input0, int* input1) {
-            return b ? input0 : input1;
-        }
-
-        //heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];Argument[*1];taint;df-generated
-        //heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];ReturnValue[*];taint;df-generated
-        //heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];ReturnValue[*];taint;df-generated
-        //heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[1];ReturnValue;taint;df-generated
-        //heuristic-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];Argument[*1];taint;df-generated
-        //contentbased-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];Argument[*1];taint;dfc-generated
-        //contentbased-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[0];ReturnValue[*];taint;dfc-generated
-        //contentbased-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];ReturnValue[*];value;dfc-generated
-        //contentbased-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[1];ReturnValue;value;dfc-generated
-        //contentbased-summary=Models;BasicFlow;true;returnSubstring;(const char *,char *);;Argument[*0];Argument[*1];value;dfc-generated
-        char* returnSubstring(const char* source, char* dest) {
-            return strcpy(dest, source + 1);
-        }
-
-        //heuristic-summary=Models;BasicFlow;true;setField;(int *);;Argument[0];Argument[-1];taint;df-generated
-        //heuristic-summary=Models;BasicFlow;true;setField;(int *);;Argument[*0];Argument[-1];taint;df-generated
-        //contentbased-summary=Models;BasicFlow;true;setField;(int *);;Argument[0];Argument[-1].Field[*tainted];value;dfc-generated
-        //contentbased-summary=Models;BasicFlow;true;setField;(int *);;Argument[*0];Argument[-1].Field[**tainted];value;dfc-generated
-        void setField(int* s) {
-            tainted = s;
-        }
-
-        //heuristic-summary=Models;BasicFlow;true;returnField;();;Argument[-1];ReturnValue;taint;df-generated
-        //heuristic-summary=Models;BasicFlow;true;returnField;();;Argument[-1];ReturnValue[*];taint;df-generated
-        //contentbased-summary=Models;BasicFlow;true;returnField;();;Argument[-1].Field[*tainted];ReturnValue;value;dfc-generated
-        //contentbased-summary=Models;BasicFlow;true;returnField;();;Argument[-1].Field[**tainted];ReturnValue[*];value;dfc-generated
-        int* returnField() {
-            return tainted;
-        }
-    };
-
-    template<typename T>
-    struct TemplatedFlow {
-        T tainted;
-
-        //heuristic-summary=Models;TemplatedFlow<T>;true;template_returnThis;(T);;Argument[-1];ReturnValue[*];taint;df-generated
-        //contentbased-summary=Models;TemplatedFlow<T>;true;template_returnThis;(T);;Argument[-1];ReturnValue[*];value;dfc-generated
-        TemplatedFlow<T>* template_returnThis(T input) {
-            return this;
-        }
-
-        //heuristic-summary=Models;TemplatedFlow<T>;true;template_returnParam0;(T *,T *);;Argument[0];ReturnValue;taint;df-generated
-        //heuristic-summary=Models;TemplatedFlow<T>;true;template_returnParam0;(T *,T *);;Argument[*0];ReturnValue[*];taint;df-generated
-        //contentbased-summary=Models;TemplatedFlow<T>;true;template_returnParam0;(T *,T *);;Argument[0];ReturnValue;value;dfc-generated
-        //contentbased-summary=Models;TemplatedFlow<T>;true;template_returnParam0;(T *,T *);;Argument[*0];ReturnValue[*];value;dfc-generated
-        T* template_returnParam0(T* input0, T* input1) {
-            return input0;
-        }
-
-        //heuristic-summary=Models;TemplatedFlow<T>;true;template_setField;(T);;Argument[0];Argument[-1];taint;df-generated
-        //contentbased-summary=Models;TemplatedFlow<T>;true;template_setField;(T);;Argument[0];Argument[-1].Field[*tainted];value;dfc-generated
-        void template_setField(T s) {
-            tainted = s;
-        }
-
-        //heuristic-summary=Models;TemplatedFlow<T>;true;template_returnField;();;Argument[-1];ReturnValue[*];taint;df-generated
-        //contentbased-summary=Models;TemplatedFlow<T>;true;template_returnField;();;Argument[-1].Field[*tainted];ReturnValue[*];value;dfc-generated
-        T& template_returnField() {
-            return tainted;
-        }
-
-        //heuristic-summary=Models;TemplatedFlow<T>;true;templated_function<U>;(U *,T *);;Argument[0];ReturnValue;taint;df-generated
-        //heuristic-summary=Models;TemplatedFlow<T>;true;templated_function<U>;(U *,T *);;Argument[*0];ReturnValue[*];taint;df-generated
-        //contentbased-summary=Models;TemplatedFlow<T>;true;templated_function<U>;(U *,T *);;Argument[0];ReturnValue;value;dfc-generated
-        //contentbased-summary=Models;TemplatedFlow<T>;true;templated_function<U>;(U *,T *);;Argument[*0];ReturnValue[*];value;dfc-generated
-        template<typename U>
-        U* templated_function(U* u, T* t) {
-            return u;
-        }
-    };
-
-    void test_templated_flow() {
-        // Ensure that we have an instantiation of the templated class
-        TemplatedFlow<int> intFlow;
-        intFlow.template_returnThis(0);
-
-        intFlow.template_returnParam0(nullptr, nullptr);
-
-        intFlow.template_setField(0);
-        intFlow.template_returnField();
-
-        intFlow.templated_function<int>(nullptr, nullptr);
-    }
-}
-
-//heuristic-summary=;;true;toplevel_function;(int *);;Argument[0];ReturnValue;taint;df-generated
-//heuristic-summary=;;true;toplevel_function;(int *);;Argument[*0];ReturnValue;taint;df-generated
-//contentbased-summary=;;true;toplevel_function;(int *);;Argument[0];ReturnValue;taint;dfc-generated
-//contentbased-summary=;;true;toplevel_function;(int *);;Argument[*0];ReturnValue;value;dfc-generated
-int toplevel_function(int* p) {
-    return *p;
-}
-
-//No model as static functions are excluded from model generation.
-static int static_toplevel_function(int* p) {
-    return *p;
-}
-
-struct NonFinalStruct {
-    //heuristic-summary=;NonFinalStruct;true;public_not_final_member_function;(int);;Argument[0];ReturnValue;taint;df-generated
-    //contentbased-summary=;NonFinalStruct;true;public_not_final_member_function;(int);;Argument[0];ReturnValue;value;dfc-generated
-    virtual int public_not_final_member_function(int x) {
-        return x;
-    }
-
-    //heuristic-summary=;NonFinalStruct;false;public_final_member_function;(int);;Argument[0];ReturnValue;taint;df-generated
-    //contentbased-summary=;NonFinalStruct;false;public_final_member_function;(int);;Argument[0];ReturnValue;value;dfc-generated
-    virtual int public_final_member_function(int x) final {
-        return x;
-    }
-
-private:
-    //No model as private members are excluded from model generation.
-    int private_member_function(int x) {
-        return x;
-    }
-
-protected:
-    //No model as protected members are excluded from model generation.
-    int protected_member_function(int x) {
-        return x;
-    }
-};
-
-struct FinalStruct final {
-    //heuristic-summary=;FinalStruct;false;public_not_final_member_function_2;(int);;Argument[0];ReturnValue;taint;df-generated
-    //contentbased-summary=;FinalStruct;false;public_not_final_member_function_2;(int);;Argument[0];ReturnValue;value;dfc-generated
-    virtual int public_not_final_member_function_2(int x) {
-        return x;
-    }
-
-    //heuristic-summary=;FinalStruct;false;public_final_member_function_2;(int);;Argument[0];ReturnValue;taint;df-generated
-    //contentbased-summary=;FinalStruct;false;public_final_member_function_2;(int);;Argument[0];ReturnValue;value;dfc-generated
-    virtual int public_final_member_function_2(int x) final {
-        return x;
-    }
-};
-
-union U {
-    int x, y;
-};
-
-//heuristic-summary=;;true;get_x_from_union;(U *);;Argument[0];ReturnValue;taint;df-generated
-//heuristic-summary=;;true;get_x_from_union;(U *);;Argument[*0];ReturnValue;taint;df-generated
-//contentbased-summary=;;true;get_x_from_union;(U *);;Argument[0];ReturnValue;taint;dfc-generated
-//contentbased-summary=;;true;get_x_from_union;(U *);;Argument[*0].Union[*U];ReturnValue;value;dfc-generated
-int get_x_from_union(U* u) {
-    return u->x;
-}
-
-//heuristic-summary=;;true;set_x_in_union;(U *,int);;Argument[1];Argument[*0];taint;df-generated
-//contentbased-summary=;;true;set_x_in_union;(U *,int);;Argument[1];Argument[*0].Union[*U];value;dfc-generated
-void set_x_in_union(U* u, int x) {
-    u->x = x;
-}
--- a/cpp/ql/test/library-tests/declstmt/getDeclaration.expected
+++ b/cpp/ql/test/library-tests/declstmt/getDeclaration.expected
@@ -1,7 +1,5 @@
 | cpp.cpp:3:5:3:51 | declaration | 0 | cpp.cpp:3:19:3:24 | twisty |
 | cpp.cpp:3:5:3:51 | declaration | 0 | cpp.cpp:3:43:3:48 | twisty |
-| cpp.cpp:3:15:3:27 | declaration | 0 | cpp.cpp:3:19:3:24 | twisty |
-| cpp.cpp:3:15:3:27 | declaration | 0 | cpp.cpp:3:43:3:48 | twisty |
 | cpp.cpp:5:5:5:62 | declaration | 0 | cpp.cpp:5:61:5:61 | i |
 | cpp.cpp:5:38:5:51 | declaration | 0 | cpp.cpp:5:44:5:44 | t |
 | declstmt.c:7:5:7:19 | declaration | 0 | declstmt.c:7:9:7:12 | fun1 |
--- a/cpp/ql/test/library-tests/declstmt/getDeclarationEntry.expected
+++ b/cpp/ql/test/library-tests/declstmt/getDeclarationEntry.expected
@@ -1,5 +1,4 @@
 | cpp.cpp:3:5:3:51 | declaration | 0 | cpp.cpp:3:43:3:48 | declaration of twisty |
-| cpp.cpp:3:15:3:27 | declaration | 0 | cpp.cpp:3:19:3:24 | declaration of twisty |
 | cpp.cpp:5:5:5:62 | declaration | 0 | cpp.cpp:5:61:5:61 | definition of i |
 | cpp.cpp:5:38:5:51 | declaration | 0 | cpp.cpp:5:44:5:44 | declaration of t |
 | declstmt.c:7:5:7:19 | declaration | 0 | declstmt.c:7:9:7:12 | definition of fun1 |
--- a/cpp/ql/test/library-tests/enums/typedefs/exprs.expected
+++ b/cpp/ql/test/library-tests/enums/typedefs/exprs.expected
@@ -1,3 +1,2 @@
 | file://:0:0:0:0 | 0 | file://:0:0:0:0 | int |
-| test.c:7:14:7:14 | E | file://:0:0:0:0 | int |
-| test.c:7:20:7:21 | E | test.c:7:14:7:14 | typeof(...) |
+| test.c:7:20:7:21 | E | file://:0:0:0:0 | int |
--- a/cpp/ql/test/library-tests/syntax-zoo/dataflow-consistency.expected
+++ b/cpp/ql/test/library-tests/syntax-zoo/dataflow-consistency.expected
@@ -8,10 +8,7 @@ uniqueEnclosingCallable
 | misc.c:210:24:210:24 | 0 | Node should have one enclosing callable but has 0. |
 | misc.c:210:24:210:28 | ... + ... | Node should have one enclosing callable but has 0. |
 | misc.c:210:28:210:28 | 1 | Node should have one enclosing callable but has 0. |
-| stmt_in_type.cpp:3:12:3:40 | (statement expression) | Node should have one enclosing callable but has 0. |
-| stmt_in_type.cpp:3:29:3:34 | call to twisty | Node should have one enclosing callable but has 0. |
 uniqueCallEnclosingCallable
-| stmt_in_type.cpp:3:29:3:34 | call to twisty | Call should have one enclosing callable but has 0. |
 uniqueType
 uniqueNodeLocation
 | file://:0:0:0:0 | (unnamed parameter 2) | Node should have one location but has 0. |
--- a/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BuildScripts.cs
@@ -162,10 +162,6 @@ namespace Semmle.Autobuild.CSharp.Tests

        bool IBuildActions.IsRunningOnAppleSilicon() => IsRunningOnAppleSilicon;

-        public bool IsMonoInstalled { get; set; }
-
-        bool IBuildActions.IsMonoInstalled() => IsMonoInstalled;
-
        public string PathCombine(params string[] parts)
        {
            return string.Join(IsWindows ? '\\' : '/', parts.Where(p => !string.IsNullOrWhiteSpace(p)));
@@ -860,32 +856,11 @@ namespace Semmle.Autobuild.CSharp.Tests
        }

        [Fact]
-        public void TestDirsProjLinux_WithMono()
+        public void TestDirsProjLinux()
        {
-            actions.IsMonoInstalled = true;
-
            actions.RunProcess[@"nuget restore C:\Project/dirs.proj -DisableParallelProcessing"] = 1;
            actions.RunProcess[@"mono scratch/.nuget/nuget.exe restore C:\Project/dirs.proj -DisableParallelProcessing"] = 0;
            actions.RunProcess[@"msbuild C:\Project/dirs.proj /t:rebuild"] = 0;
-
-            var autobuilder = TestDirsProjLinux();
-            TestAutobuilderScript(autobuilder, 0, 3);
-        }
-
-        [Fact]
-        public void TestDirsProjLinux_WithoutMono()
-        {
-            actions.IsMonoInstalled = false;
-
-            actions.RunProcess[@"dotnet msbuild /t:restore C:\Project/dirs.proj"] = 0;
-            actions.RunProcess[@"dotnet msbuild C:\Project/dirs.proj /t:rebuild"] = 0;
-
-            var autobuilder = TestDirsProjLinux();
-            TestAutobuilderScript(autobuilder, 0, 2);
-        }
-
-        private CSharpAutobuilder TestDirsProjLinux()
-        {
            actions.FileExists["csharp.log"] = true;
            actions.FileExists[@"C:\Project/a/test.csproj"] = true;
            actions.FileExists[@"C:\Project/dirs.proj"] = true;
@@ -914,7 +889,8 @@ namespace Semmle.Autobuild.CSharp.Tests
 </Project>");
            actions.LoadXml[@"C:\Project/dirs.proj"] = dirsproj;

-            return CreateAutoBuilder(false);
+            var autobuilder = CreateAutoBuilder(false);
+            TestAutobuilderScript(autobuilder, 0, 3);
        }

        [Fact]
--- a/csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BuildScripts.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BuildScripts.cs
@@ -150,10 +150,6 @@ namespace Semmle.Autobuild.Cpp.Tests

        bool IBuildActions.IsRunningOnAppleSilicon() => IsRunningOnAppleSilicon;

-        public bool IsMonoInstalled { get; set; }
-
-        bool IBuildActions.IsMonoInstalled() => IsMonoInstalled;
-
        string IBuildActions.PathCombine(params string[] parts)
        {
            return string.Join(IsWindows ? '\\' : '/', parts.Where(p => !string.IsNullOrWhiteSpace(p)));
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/MsBuildRule.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/MsBuildRule.cs
@@ -10,15 +10,15 @@ namespace Semmle.Autobuild.Shared
        /// <summary>
        /// Appends a call to msbuild.
        /// </summary>
+        /// <param name="cmdBuilder"></param>
+        /// <param name="builder"></param>
        /// <returns></returns>
-        public static CommandBuilder MsBuildCommand(this CommandBuilder cmdBuilder, IAutobuilder<AutobuildOptionsShared> builder, bool preferDotnet)
+        public static CommandBuilder MsBuildCommand(this CommandBuilder cmdBuilder, IAutobuilder<AutobuildOptionsShared> builder)
        {
            // mono doesn't ship with `msbuild` on Arm-based Macs, but we can fall back to
            // msbuild that ships with `dotnet` which can be invoked with `dotnet msbuild`
            // perhaps we should do this on all platforms?
-            // Similarly, there's no point in trying to rely on mono if it's not installed.
-            // In which case we can still fall back to `dotnet msbuild`.
-            return preferDotnet
+            return builder.Actions.IsRunningOnAppleSilicon()
                ? cmdBuilder.RunCommand("dotnet").Argument("msbuild")
                : cmdBuilder.RunCommand("msbuild");
        }
@@ -75,16 +75,13 @@ namespace Semmle.Autobuild.Shared
                        QuoteArgument(projectOrSolution.FullPath).
                        Argument("-DisableParallelProcessing").
                        Script;
-
-                var preferDotnet = builder.Actions.IsRunningOnAppleSilicon() || !builder.Actions.IsWindows() && !builder.Actions.IsMonoInstalled();
-
                var nugetRestore = GetNugetRestoreScript();
                var msbuildRestoreCommand = new CommandBuilder(builder.Actions).
-                    MsBuildCommand(builder, preferDotnet).
+                    MsBuildCommand(builder).
                    Argument("/t:restore").
                    QuoteArgument(projectOrSolution.FullPath);

-                if (preferDotnet)
+                if (builder.Actions.IsRunningOnAppleSilicon())
                {
                    // On Apple Silicon, only try package restore with `dotnet msbuild /t:restore`
                    ret &= BuildScript.Try(msbuildRestoreCommand.Script);
@@ -122,7 +119,7 @@ namespace Semmle.Autobuild.Shared
                    command.RunCommand("set Platform=&& type NUL", quoteExe: false);
                }

-                command.MsBuildCommand(builder, preferDotnet);
+                command.MsBuildCommand(builder);
                command.QuoteArgument(projectOrSolution.FullPath);

                var target = "rebuild";
--- a/csharp/autobuilder/Semmle.Autobuild.Shared/Project.cs
+++ b/csharp/autobuilder/Semmle.Autobuild.Shared/Project.cs
@@ -34,9 +34,9 @@ namespace Semmle.Autobuild.Shared
        /// <summary>
        /// According to https://learn.microsoft.com/en-us/visualstudio/msbuild/how-to-use-project-sdk?view=vs-2022#reference-a-project-sdk
        /// there are three ways to reference a project SDK:
-        ///  1. As an attribute on the &lt;Project/&gt;.
-        ///  2. As a top level element of &lt;Project&gt;.
-        ///  3. As an attribute on an &lt;Import&gt; element.
+        ///  1. As an attribute on the <Project/>.
+        ///  2. As a top level element of <Project>.
+        ///  3. As an attribute on an <Import> element.
        ///
        /// Returns true, if the Sdk attribute is used, otherwise false.
        /// </summary>
--- a/csharp/extractor/Semmle.Util/BuildActions.cs
+++ b/csharp/extractor/Semmle.Util/BuildActions.cs
@@ -125,11 +125,6 @@ namespace Semmle.Util
        /// <returns>True if we are running on Apple Silicon.</returns>
        bool IsRunningOnAppleSilicon();

-        /// <summary>
-        /// Checks if Mono is installed.
-        /// </summary>
-        bool IsMonoInstalled();
-
        /// <summary>
        /// Combine path segments, Path.Combine().
        /// </summary>
@@ -266,25 +261,6 @@ namespace Semmle.Util
            }
        }

-        bool IBuildActions.IsMonoInstalled()
-        {
-            var thisBuildActions = (IBuildActions)this;
-
-            if (thisBuildActions.IsWindows())
-            {
-                return false;
-            }
-
-            try
-            {
-                return 0 == thisBuildActions.RunProcess("mono", "--version", workingDirectory: null, env: null);
-            }
-            catch (Exception)
-            {
-                return false;
-            }
-        }
-
        string IBuildActions.PathCombine(params string[] parts) => Path.Combine(parts);

        void IBuildActions.WriteAllText(string filename, string contents) => File.WriteAllText(filename, contents);
--- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
+++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
@@ -1,11 +1,3 @@
-## 1.7.39
-
-No user-facing changes.
-
-## 1.7.38
-
-No user-facing changes.
-
 ## 1.7.37

 No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md
@@ -1,3 +0,0 @@
-## 1.7.38
-
-No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.39.md
+++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.39.md
@@ -1,3 +0,0 @@
-## 1.7.39
-
-No user-facing changes.
--- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
@@ -1,2 +1,2 @@
 ---
-lastReleaseVersion: 1.7.39
+lastReleaseVersion: 1.7.37
--- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
+++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml
@@ -1,5 +1,5 @@
 name: codeql/csharp-solorigate-all
-version: 1.7.39
+version: 1.7.38-dev
 groups:
  - csharp
  - solorigate
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Aditya Sharad	93efbfe1c7	WIP: Go: Add context query for retrieving call graph edges	2025-04-17 15:06:16 -07:00
Aditya Sharad	4a1b988f39	WIP: Ruby: Add context query for retrieving XSS sanitisers	2025-04-17 15:05:56 -07:00