github
diff --git a/‎.github/dependabot.yml
Lines changed: 8 additions & 0 deletions b/‎.github/dependabot.yml
Lines changed: 8 additions & 0 deletions
diff --git a/‎.github/workflows/code-scanning-pack-gen.yml
Lines changed: 10 additions & 6 deletions b/‎.github/workflows/code-scanning-pack-gen.yml
Lines changed: 10 additions & 6 deletions
diff --git a/‎.github/workflows/codeql_unit_tests.yml
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/codeql_unit_tests.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/dispatch-matrix-test-on-comment.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/dispatch-matrix-test-on-comment.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/dispatch-release-performance-check.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/dispatch-release-performance-check.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/extra-rule-validation.yml
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/extra-rule-validation.yml
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/finalize-release.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/finalize-release.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/generate-html-docs.yml
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/generate-html-docs.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/prepare-release.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/prepare-release.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/standard_library_upgrade_tests.yml
Lines changed: 5 additions & 5 deletions b/‎.github/workflows/standard_library_upgrade_tests.yml
Lines changed: 5 additions & 5 deletions
diff --git a/‎.github/workflows/tooling-unit-tests.yml
Lines changed: 8 additions & 8 deletions b/‎.github/workflows/tooling-unit-tests.yml
Lines changed: 8 additions & 8 deletions
diff --git a/‎.github/workflows/update-release.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/update-release.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/validate-package-files.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/validate-package-files.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/validate-query-formatting.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/validate-query-formatting.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/validate-query-help.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/validate-query-help.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/validate-query-test-case-formatting.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/validate-query-test-case-formatting.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/verify-standard-library-dependencies.yml
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/verify-standard-library-dependencies.yml
Lines changed: 4 additions & 4 deletions
diff --git a/‎amendments.csv
Lines changed: 1 addition & 1 deletion b/‎amendments.csv
Lines changed: 1 addition & 1 deletion
diff --git a/‎c/cert/src/codeql-pack.lock.yml
Lines changed: 13 additions & 7 deletions b/‎c/cert/src/codeql-pack.lock.yml
Lines changed: 13 additions & 7 deletions
@@ -0,0 +1,8 @@
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every week
+      interval: "weekly"
@@ -46,7 +46,7 @@ jobs:
 
       - name: Cache CodeQL
         id: cache-codeql
-        uses: actions/cache@v2.1.3
+        uses: actions/cache@v4
         with:
           path: ${{ github.workspace }}/codeql_home
           key: codeql-home-${{ matrix.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library }}
@@ -68,16 +68,20 @@ jobs:
       - name: Determine ref for external help files
         id: determine-ref
         run: |
-          if [[ $GITHUB_EVENT_NAME == "pull_request" || $GITHUB_EVENT_NAME == "merge_group" ]]; then
-            echo "EXTERNAL_HELP_REF=$GITHUB_HEAD_REF" >> "$GITHUB_ENV"
+          if [[ $GITHUB_EVENT_NAME == "pull_request" ]]; then
+            EXTERNAL_HELP_REF="${{ github.event.pull_request.base.ref }}"
+          elif [[ $GITHUB_EVENT_NAME == "merge_group" ]]; then
+            EXTERNAL_HELP_REF="${{ github.event.merge_group.base_ref }}"
           else
-            echo "EXTERNAL_HELP_REF=$GITHUB_REF" >> "$GITHUB_ENV"
+            EXTERNAL_HELP_REF="$GITHUB_REF"
           fi
+          echo "EXTERNAL_HELP_REF=$EXTERNAL_HELP_REF" >> "$GITHUB_ENV"
           echo "Using ref $EXTERNAL_HELP_REF for external help files."
 
       - name: Checkout external help files
-        continue-on-error: true
         id: checkout-external-help-files
+        # PRs from forks and dependabot do not have access to an appropriate token for cloning the help files repos
+        if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }}
         uses: actions/checkout@v4
         with:
           ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }}
@@ -86,7 +90,7 @@ jobs:
           path: external-help-files
 
       - name: Include external help files
-        if: steps.checkout-external-help-files.outcome == 'success'
+        if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'&& steps.checkout-external-help-files.outcome == 'success' }}
         run: |
           pushd external-help-files
           find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \;
 
@@ -48,7 +48,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
@@ -57,7 +57,7 @@ jobs:
 
       - name: Cache CodeQL
         id: cache-codeql
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           # A list of files, directories, and wildcard patterns to cache and restore
           path: ${{github.workspace}}/codeql_home
@@ -166,7 +166,7 @@ jobs:
     steps:
       - name: Check if run-test-suites job failed to complete, if so fail
         if: ${{ needs.run-test-suites.result == 'failure' }}
-        uses: actions/github-script@v3
+        uses: actions/github-script@v7
         with:
           script: |
             core.setFailed('Test run job failed')
 
@@ -40,7 +40,7 @@ jobs:
           --json \
             -R github/codeql-coding-standards-release-engineering
 
-      - uses: actions/github-script@v6
+      - uses: actions/github-script@v7
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
         with:
           script: |
 
@@ -40,7 +40,7 @@ jobs:
           --json \
           -R github/codeql-coding-standards-release-engineering
 
-      - uses: actions/github-script@v6
+      - uses: actions/github-script@v7
         if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
         with:
           script: |
 
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Check Rules 
         shell: pwsh
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Ensure CPP Shared Rules Have Valid Structure  
         shell: pwsh
@@ -44,13 +44,13 @@ jobs:
         run: scripts/util/Test-SharedImplementationsHaveTestCases.ps1 -Language c -CIMode
 
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: failure()
         with:
           name: missing-test-report.csv
           path: MissingTestReport*.csv
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: failure()
         with:
           name: test-report.csv
 
@@ -52,7 +52,7 @@ jobs:
           path: tooling 
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
 
@@ -20,10 +20,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
@@ -35,7 +35,7 @@ jobs:
           python scripts/documentation/generate_iso26262_docs.py coding-standards-html-docs
 
       - name: Upload HTML documentation
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: coding-standards-docs-${{ github.sha }}
           path: coding-standards-html-docs/
@@ -34,12 +34,12 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref }}
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
 
@@ -19,7 +19,7 @@ jobs:
       matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Export unit test matrix
         id: export-unit-test-matrix
@@ -41,16 +41,16 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Setup Python 3
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v5
         with:
           python-version: "3.x"
 
       - name: Cache CodeQL
         id: cache-codeql
-        uses: actions/cache@v2.1.3
+        uses: actions/cache@v4
         with:
           # A list of files, directories, and wildcard patterns to cache and restore
           path: ${{github.workspace}}/codeql_home
@@ -157,7 +157,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
 
@@ -22,7 +22,7 @@ jobs:
       matrix: ${{ steps.export-supported-codeql-env-matrix.outputs.matrix }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Export supported CodeQL environment matrix
         id: export-supported-codeql-env-matrix
@@ -40,10 +40,10 @@ jobs:
       matrix: ${{ fromJSON(needs.prepare-supported-codeql-env-matrix.outputs.matrix) }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
@@ -52,7 +52,7 @@ jobs:
 
       - name: Cache CodeQL
         id: cache-codeql
-        uses: actions/cache@v2.1.3
+        uses: actions/cache@v4
         with:
           path: ${{ github.workspace }}/codeql_home
           key: codeql-home-${{ matrix.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library }}
@@ -83,10 +83,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
@@ -102,10 +102,10 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
 
@@ -34,7 +34,7 @@ jobs:
           ref: ${{ inputs.head-sha }}
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
 
@@ -16,12 +16,12 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref }}
 
       - name: Install Python
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
 
@@ -19,7 +19,7 @@ jobs:
       runs-on: ubuntu-22.04
       steps:
         - name: Checkout
-          uses: actions/checkout@v3
+          uses: actions/checkout@v4
           with:
             ref: ${{ inputs.ref }}
 
 
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref }}
 
 
@@ -20,7 +20,7 @@ jobs:
       fail-fast: false
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.ref }}
 
 
@@ -22,7 +22,7 @@ jobs:
       matrix: ${{ steps.export-matrix.outputs.matrix }}
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Export unit test matrix
         id: export-matrix
@@ -44,16 +44,16 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Setup Python 3
-        uses: actions/setup-python@v4
+        uses: actions/setup-python@v5
         with:
           python-version: "3.9"
 
       - name: Cache CodeQL
         id: cache-codeql
-        uses: actions/cache@v2.1.3
+        uses: actions/cache@v4
         with:
           # A list of files, directories, and wildcard patterns to cache and restore
           path: ${{github.workspace}}/codeql_home
 
@@ -15,7 +15,7 @@ c,MISRA-C-2012,Amendment4,RULE-11-3,Yes,Expand,No,Easy
 c,MISRA-C-2012,Amendment4,RULE-11-8,Yes,Expand,No,Easy
 c,MISRA-C-2012,Amendment4,RULE-13-2,Yes,Expand,No,Very Hard
 c,MISRA-C-2012,Amendment4,RULE-18-6,Yes,Expand,No,Medium
-c,MISRA-C-2012,Amendment4,RULE-18-8,Yes,Split,No,Easy
+c,MISRA-C-2012,Amendment4,RULE-18-8,Yes,Split,Yes,Easy
 c,MISRA-C-2012,Corrigendum2,RULE-2-2,Yes,Clarification,No,Import
 c,MISRA-C-2012,Corrigendum2,RULE-2-7,Yes,Clarification,No,Import
 c,MISRA-C-2012,Corrigendum2,RULE-3-1,Yes,Refine,No,Easy
 
@@ -2,17 +2,23 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.12.9
+    version: 1.4.2
   codeql/dataflow:
-    version: 0.2.3
+    version: 1.1.1
+  codeql/mad:
+    version: 1.0.7
   codeql/rangeanalysis:
-    version: 0.0.11
+    version: 1.0.7
   codeql/ssa:
-    version: 0.2.12
+    version: 1.0.7
   codeql/tutorial:
-    version: 0.2.12
+    version: 1.0.7
+  codeql/typeflow:
+    version: 1.0.7
   codeql/typetracking:
-    version: 0.2.12
+    version: 1.0.7
   codeql/util:
-    version: 0.2.12
+    version: 1.0.7
+  codeql/xml:
+    version: 1.0.7
 compiled: false