Merge pull request #742 from github/codeql/upgrade-to-2.16.6

Upgrade `github/codeql` dependency to 2.16.6
github · Oct 23, 2024 · 18a3f35 · 18a3f35
2 parents d48d3f7 + bdd3865
commit 18a3f35
Show file tree

Hide file tree

Showing 66 changed files with 408 additions and 561 deletions.
diff --git a/c/cert/src/codeql-pack.lock.yml b/c/cert/src/codeql-pack.lock.yml
@@ -2,17 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.12.2
+    version: 0.12.9
   codeql/dataflow:
-    version: 0.1.5
+    version: 0.2.3
   codeql/rangeanalysis:
-    version: 0.0.4
+    version: 0.0.11
   codeql/ssa:
-    version: 0.2.5
+    version: 0.2.12
   codeql/tutorial:
-    version: 0.2.5
+    version: 0.2.12
   codeql/typetracking:
-    version: 0.2.5
+    version: 0.2.12
   codeql/util:
-    version: 0.2.5
+    version: 0.2.12
 compiled: false
diff --git a/c/cert/src/qlpack.yml b/c/cert/src/qlpack.yml
@@ -5,4 +5,4 @@ suites: codeql-suites
 license: MIT
 dependencies:
   codeql/common-c-coding-standards: '*'
-  codeql/cpp-all: 0.12.2
+  codeql/cpp-all: 0.12.9
diff --git a/c/cert/test/codeql-pack.lock.yml b/c/cert/test/codeql-pack.lock.yml
@@ -2,17 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.12.2
+    version: 0.12.9
   codeql/dataflow:
-    version: 0.1.5
+    version: 0.2.3
   codeql/rangeanalysis:
-    version: 0.0.4
+    version: 0.0.11
   codeql/ssa:
-    version: 0.2.5
+    version: 0.2.12
   codeql/tutorial:
-    version: 0.2.5
+    version: 0.2.12
   codeql/typetracking:
-    version: 0.2.5
+    version: 0.2.12
   codeql/util:
-    version: 0.2.5
+    version: 0.2.12
 compiled: false
diff --git a/c/cert/test/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.expected b/c/cert/test/rules/ARR37-C/DoNotUsePointerArithmeticOnNonArrayObjectPointers.expected
@@ -1,13 +1,13 @@
 edges
-| test.c:14:38:14:39 | p1 | test.c:18:10:18:11 | v1 |
-| test.c:14:38:14:39 | p1 | test.c:19:10:19:11 | v2 |
-| test.c:14:38:14:39 | p1 | test.c:20:10:20:11 | p1 |
-| test.c:14:38:14:39 | p1 | test.c:21:10:21:11 | p1 |
-| test.c:14:38:14:39 | p1 | test.c:22:9:22:10 | p1 |
-| test.c:14:38:14:39 | p1 | test.c:23:13:23:14 | p1 |
-| test.c:14:38:14:39 | p1 | test.c:24:9:24:10 | p1 |
-| test.c:14:38:14:39 | p1 | test.c:25:9:25:10 | p1 |
-| test.c:51:30:51:38 | & ... | test.c:14:38:14:39 | p1 |
+| test.c:14:38:14:39 | p1 | test.c:18:10:18:11 | v1 | provenance |  |
+| test.c:14:38:14:39 | p1 | test.c:19:10:19:11 | v2 | provenance |  |
+| test.c:14:38:14:39 | p1 | test.c:20:10:20:11 | p1 | provenance |  |
+| test.c:14:38:14:39 | p1 | test.c:21:10:21:11 | p1 | provenance |  |
+| test.c:14:38:14:39 | p1 | test.c:22:9:22:10 | p1 | provenance |  |
+| test.c:14:38:14:39 | p1 | test.c:23:13:23:14 | p1 | provenance |  |
+| test.c:14:38:14:39 | p1 | test.c:24:9:24:10 | p1 | provenance |  |
+| test.c:14:38:14:39 | p1 | test.c:25:9:25:10 | p1 | provenance |  |
+| test.c:51:30:51:38 | & ... | test.c:14:38:14:39 | p1 | provenance |  |
 nodes
 | test.c:14:38:14:39 | p1 | semmle.label | p1 |
 | test.c:18:10:18:11 | v1 | semmle.label | v1 |

diff --git a/c/cert/test/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.expected b/c/cert/test/rules/ARR39-C/DoNotAddOrSubtractAScaledIntegerToAPointer.expected
@@ -1,9 +1,9 @@
 edges
-| test.c:7:13:7:14 | p1 | test.c:9:9:9:10 | p1 |
-| test.c:16:19:16:41 | ... - ... | test.c:18:26:18:31 | offset |
-| test.c:16:19:16:41 | ... - ... | test.c:29:6:29:11 | offset |
-| test.c:17:17:17:26 | sizeof(<expr>) | test.c:23:9:23:12 | size |
-| test.c:29:6:29:11 | offset | test.c:7:13:7:14 | p1 |
+| test.c:7:13:7:14 | p1 | test.c:9:9:9:10 | p1 | provenance |  |
+| test.c:16:19:16:41 | ... - ... | test.c:18:26:18:31 | offset | provenance |  |
+| test.c:16:19:16:41 | ... - ... | test.c:29:6:29:11 | offset | provenance |  |
+| test.c:17:17:17:26 | sizeof(<expr>) | test.c:23:9:23:12 | size | provenance |  |
+| test.c:29:6:29:11 | offset | test.c:7:13:7:14 | p1 | provenance |  |
 nodes
 | test.c:7:13:7:14 | p1 | semmle.label | p1 |
 | test.c:9:9:9:10 | p1 | semmle.label | p1 |

diff --git a/c/cert/test/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.expected b/c/cert/test/rules/EXP36-C/DoNotCastPointerToMoreStrictlyAlignedPointerType.expected
@@ -1,67 +1,67 @@
 edges
-| test.c:75:14:75:16 | & ... | test.c:76:11:76:12 | v1 |
-| test.c:75:14:75:16 | & ... | test.c:77:12:77:13 | v1 |
-| test.c:75:14:75:16 | & ... | test.c:78:10:78:11 | v1 |
-| test.c:75:14:75:16 | & ... | test.c:79:12:79:13 | v1 |
-| test.c:75:14:75:16 | & ... | test.c:80:11:80:12 | v1 |
-| test.c:75:14:75:16 | & ... | test.c:81:13:81:14 | v1 |
-| test.c:84:14:84:16 | & ... | test.c:85:11:85:12 | v2 |
-| test.c:84:14:84:16 | & ... | test.c:86:12:86:13 | v2 |
-| test.c:84:14:84:16 | & ... | test.c:87:10:87:11 | v2 |
-| test.c:84:14:84:16 | & ... | test.c:88:12:88:13 | v2 |
-| test.c:84:14:84:16 | & ... | test.c:89:11:89:12 | v2 |
-| test.c:84:14:84:16 | & ... | test.c:90:13:90:14 | v2 |
-| test.c:93:14:93:16 | & ... | test.c:94:11:94:12 | v3 |
-| test.c:93:14:93:16 | & ... | test.c:95:12:95:13 | v3 |
-| test.c:93:14:93:16 | & ... | test.c:96:10:96:11 | v3 |
-| test.c:93:14:93:16 | & ... | test.c:97:12:97:13 | v3 |
-| test.c:93:14:93:16 | & ... | test.c:98:11:98:12 | v3 |
-| test.c:93:14:93:16 | & ... | test.c:99:13:99:14 | v3 |
-| test.c:102:14:102:16 | & ... | test.c:103:11:103:12 | v4 |
-| test.c:102:14:102:16 | & ... | test.c:104:12:104:13 | v4 |
-| test.c:102:14:102:16 | & ... | test.c:105:10:105:11 | v4 |
-| test.c:102:14:102:16 | & ... | test.c:106:12:106:13 | v4 |
-| test.c:102:14:102:16 | & ... | test.c:107:11:107:12 | v4 |
-| test.c:102:14:102:16 | & ... | test.c:108:13:108:14 | v4 |
-| test.c:111:14:111:16 | & ... | test.c:112:11:112:12 | v5 |
-| test.c:111:14:111:16 | & ... | test.c:113:12:113:13 | v5 |
-| test.c:111:14:111:16 | & ... | test.c:114:10:114:11 | v5 |
-| test.c:111:14:111:16 | & ... | test.c:115:12:115:13 | v5 |
-| test.c:111:14:111:16 | & ... | test.c:116:11:116:12 | v5 |
-| test.c:111:14:111:16 | & ... | test.c:117:13:117:14 | v5 |
-| test.c:120:14:120:16 | & ... | test.c:121:11:121:12 | v6 |
-| test.c:120:14:120:16 | & ... | test.c:122:12:122:13 | v6 |
-| test.c:120:14:120:16 | & ... | test.c:123:10:123:11 | v6 |
-| test.c:120:14:120:16 | & ... | test.c:124:12:124:13 | v6 |
-| test.c:120:14:120:16 | & ... | test.c:125:11:125:12 | v6 |
-| test.c:120:14:120:16 | & ... | test.c:126:13:126:14 | v6 |
-| test.c:129:22:129:22 | v | test.c:130:17:130:17 | v |
-| test.c:135:21:135:23 | & ... | test.c:129:22:129:22 | v |
-| test.c:138:21:138:23 | & ... | test.c:129:22:129:22 | v |
-| test.c:166:24:166:29 | call to malloc | test.c:167:13:167:15 | & ... |
-| test.c:166:24:166:29 | call to malloc | test.c:168:16:168:17 | s1 |
-| test.c:166:24:166:29 | call to malloc | test.c:169:13:169:14 | s1 |
-| test.c:166:24:166:29 | call to malloc | test.c:169:13:169:14 | s1 |
-| test.c:169:13:169:14 | s1 | test.c:129:22:129:22 | v |
-| test.c:174:13:174:14 | s2 | test.c:129:22:129:22 | v |
-| test.c:179:13:179:14 | s3 | test.c:129:22:129:22 | v |
-| test.c:183:14:183:26 | call to aligned_alloc | test.c:184:11:184:12 | v1 |
-| test.c:183:14:183:26 | call to aligned_alloc | test.c:185:10:185:11 | v1 |
-| test.c:183:14:183:26 | call to aligned_alloc | test.c:186:13:186:14 | v1 |
-| test.c:183:14:183:26 | call to aligned_alloc | test.c:187:13:187:14 | v1 |
-| test.c:187:13:187:14 | v1 | test.c:129:22:129:22 | v |
-| test.c:189:14:189:26 | call to aligned_alloc | test.c:190:13:190:14 | v2 |
-| test.c:190:13:190:14 | v2 | test.c:129:22:129:22 | v |
-| test.c:222:8:222:9 | p2 | test.c:223:11:223:12 | v1 |
-| test.c:222:8:222:9 | p2 | test.c:224:12:224:13 | v1 |
-| test.c:222:8:222:9 | p2 | test.c:225:10:225:11 | v1 |
-| test.c:222:8:222:9 | p2 | test.c:226:12:226:13 | v1 |
-| test.c:222:8:222:9 | p2 | test.c:227:11:227:12 | v1 |
-| test.c:222:8:222:9 | p2 | test.c:228:13:228:14 | v1 |
-| test.c:238:13:238:14 | & ... | test.c:244:12:244:13 | ip |
-| test.c:241:15:241:18 | & ... | test.c:247:9:247:12 | & ... |
-| test.c:252:16:252:18 | & ... | test.c:254:11:254:13 | ps1 |
-| test.c:252:16:252:18 | & ... | test.c:256:10:256:12 | ps1 |
+| test.c:75:14:75:16 | & ... | test.c:76:11:76:12 | v1 | provenance |  |
+| test.c:75:14:75:16 | & ... | test.c:77:12:77:13 | v1 | provenance |  |
+| test.c:75:14:75:16 | & ... | test.c:78:10:78:11 | v1 | provenance |  |
+| test.c:75:14:75:16 | & ... | test.c:79:12:79:13 | v1 | provenance |  |
+| test.c:75:14:75:16 | & ... | test.c:80:11:80:12 | v1 | provenance |  |
+| test.c:75:14:75:16 | & ... | test.c:81:13:81:14 | v1 | provenance |  |
+| test.c:84:14:84:16 | & ... | test.c:85:11:85:12 | v2 | provenance |  |
+| test.c:84:14:84:16 | & ... | test.c:86:12:86:13 | v2 | provenance |  |
+| test.c:84:14:84:16 | & ... | test.c:87:10:87:11 | v2 | provenance |  |
+| test.c:84:14:84:16 | & ... | test.c:88:12:88:13 | v2 | provenance |  |
+| test.c:84:14:84:16 | & ... | test.c:89:11:89:12 | v2 | provenance |  |
+| test.c:84:14:84:16 | & ... | test.c:90:13:90:14 | v2 | provenance |  |
+| test.c:93:14:93:16 | & ... | test.c:94:11:94:12 | v3 | provenance |  |
+| test.c:93:14:93:16 | & ... | test.c:95:12:95:13 | v3 | provenance |  |
+| test.c:93:14:93:16 | & ... | test.c:96:10:96:11 | v3 | provenance |  |
+| test.c:93:14:93:16 | & ... | test.c:97:12:97:13 | v3 | provenance |  |
+| test.c:93:14:93:16 | & ... | test.c:98:11:98:12 | v3 | provenance |  |
+| test.c:93:14:93:16 | & ... | test.c:99:13:99:14 | v3 | provenance |  |
+| test.c:102:14:102:16 | & ... | test.c:103:11:103:12 | v4 | provenance |  |
+| test.c:102:14:102:16 | & ... | test.c:104:12:104:13 | v4 | provenance |  |
+| test.c:102:14:102:16 | & ... | test.c:105:10:105:11 | v4 | provenance |  |
+| test.c:102:14:102:16 | & ... | test.c:106:12:106:13 | v4 | provenance |  |
+| test.c:102:14:102:16 | & ... | test.c:107:11:107:12 | v4 | provenance |  |
+| test.c:102:14:102:16 | & ... | test.c:108:13:108:14 | v4 | provenance |  |
+| test.c:111:14:111:16 | & ... | test.c:112:11:112:12 | v5 | provenance |  |
+| test.c:111:14:111:16 | & ... | test.c:113:12:113:13 | v5 | provenance |  |
+| test.c:111:14:111:16 | & ... | test.c:114:10:114:11 | v5 | provenance |  |
+| test.c:111:14:111:16 | & ... | test.c:115:12:115:13 | v5 | provenance |  |
+| test.c:111:14:111:16 | & ... | test.c:116:11:116:12 | v5 | provenance |  |
+| test.c:111:14:111:16 | & ... | test.c:117:13:117:14 | v5 | provenance |  |
+| test.c:120:14:120:16 | & ... | test.c:121:11:121:12 | v6 | provenance |  |
+| test.c:120:14:120:16 | & ... | test.c:122:12:122:13 | v6 | provenance |  |
+| test.c:120:14:120:16 | & ... | test.c:123:10:123:11 | v6 | provenance |  |
+| test.c:120:14:120:16 | & ... | test.c:124:12:124:13 | v6 | provenance |  |
+| test.c:120:14:120:16 | & ... | test.c:125:11:125:12 | v6 | provenance |  |
+| test.c:120:14:120:16 | & ... | test.c:126:13:126:14 | v6 | provenance |  |
+| test.c:129:22:129:22 | v | test.c:130:17:130:17 | v | provenance |  |
+| test.c:135:21:135:23 | & ... | test.c:129:22:129:22 | v | provenance |  |
+| test.c:138:21:138:23 | & ... | test.c:129:22:129:22 | v | provenance |  |
+| test.c:166:24:166:29 | call to malloc | test.c:167:13:167:15 | & ... | provenance |  |
+| test.c:166:24:166:29 | call to malloc | test.c:168:16:168:17 | s1 | provenance |  |
+| test.c:166:24:166:29 | call to malloc | test.c:169:13:169:14 | s1 | provenance |  |
+| test.c:166:24:166:29 | call to malloc | test.c:169:13:169:14 | s1 | provenance |  |
+| test.c:169:13:169:14 | s1 | test.c:129:22:129:22 | v | provenance |  |
+| test.c:174:13:174:14 | s2 | test.c:129:22:129:22 | v | provenance |  |
+| test.c:179:13:179:14 | s3 | test.c:129:22:129:22 | v | provenance |  |
+| test.c:183:14:183:26 | call to aligned_alloc | test.c:184:11:184:12 | v1 | provenance |  |
+| test.c:183:14:183:26 | call to aligned_alloc | test.c:185:10:185:11 | v1 | provenance |  |
+| test.c:183:14:183:26 | call to aligned_alloc | test.c:186:13:186:14 | v1 | provenance |  |
+| test.c:183:14:183:26 | call to aligned_alloc | test.c:187:13:187:14 | v1 | provenance |  |
+| test.c:187:13:187:14 | v1 | test.c:129:22:129:22 | v | provenance |  |
+| test.c:189:14:189:26 | call to aligned_alloc | test.c:190:13:190:14 | v2 | provenance |  |
+| test.c:190:13:190:14 | v2 | test.c:129:22:129:22 | v | provenance |  |
+| test.c:222:8:222:9 | p2 | test.c:223:11:223:12 | v1 | provenance |  |
+| test.c:222:8:222:9 | p2 | test.c:224:12:224:13 | v1 | provenance |  |
+| test.c:222:8:222:9 | p2 | test.c:225:10:225:11 | v1 | provenance |  |
+| test.c:222:8:222:9 | p2 | test.c:226:12:226:13 | v1 | provenance |  |
+| test.c:222:8:222:9 | p2 | test.c:227:11:227:12 | v1 | provenance |  |
+| test.c:222:8:222:9 | p2 | test.c:228:13:228:14 | v1 | provenance |  |
+| test.c:238:13:238:14 | & ... | test.c:244:12:244:13 | ip | provenance |  |
+| test.c:241:15:241:18 | & ... | test.c:247:9:247:12 | & ... | provenance |  |
+| test.c:252:16:252:18 | & ... | test.c:254:11:254:13 | ps1 | provenance |  |
+| test.c:252:16:252:18 | & ... | test.c:256:10:256:12 | ps1 | provenance |  |
 nodes
 | test.c:7:11:7:13 | & ... | semmle.label | & ... |
 | test.c:8:12:8:14 | & ... | semmle.label | & ... |

diff --git a/c/cert/test/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.expected b/c/cert/test/rules/EXP37-C/DoNotCallFunctionPointerWithIncompatibleType.expected
@@ -1,11 +1,11 @@
 edges
-| test.c:48:68:48:70 | fns [f1] | test.c:49:3:49:5 | fns [f1] |
-| test.c:49:3:49:5 | fns [f1] | test.c:49:8:49:9 | f1 |
-| test.c:61:28:61:29 | f2 | test.c:62:3:62:11 | v1_called |
-| test.c:73:3:73:5 | fns [post update] [f1] | test.c:75:45:75:48 | & ... [f1] |
-| test.c:73:3:73:13 | ... = ... | test.c:73:3:73:5 | fns [post update] [f1] |
-| test.c:73:12:73:13 | v2 | test.c:73:3:73:13 | ... = ... |
-| test.c:75:45:75:48 | & ... [f1] | test.c:48:68:48:70 | fns [f1] |
+| test.c:48:68:48:70 | fns [f1] | test.c:49:3:49:5 | fns [f1] | provenance |  |
+| test.c:49:3:49:5 | fns [f1] | test.c:49:8:49:9 | f1 | provenance |  |
+| test.c:61:28:61:29 | f2 | test.c:62:3:62:11 | v1_called | provenance |  |
+| test.c:73:3:73:5 | fns [post update] [f1] | test.c:75:45:75:48 | & ... [f1] | provenance |  |
+| test.c:73:3:73:13 | ... = ... | test.c:73:3:73:5 | fns [post update] [f1] | provenance |  |
+| test.c:73:12:73:13 | v2 | test.c:73:3:73:13 | ... = ... | provenance |  |
+| test.c:75:45:75:48 | & ... [f1] | test.c:48:68:48:70 | fns [f1] | provenance |  |
 nodes
 | test.c:48:68:48:70 | fns [f1] | semmle.label | fns [f1] |
 | test.c:49:3:49:5 | fns [f1] | semmle.label | fns [f1] |

diff --git a/c/cert/test/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.expected b/c/cert/test/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.expected
@@ -1,15 +1,15 @@
 edges
-| test.c:49:8:49:9 | s3 | test.c:50:8:50:9 | s1 |
-| test.c:60:16:60:18 | E1A | test.c:61:16:61:17 | e1 |
-| test.c:60:16:60:18 | E1A | test.c:65:10:65:12 | & ... |
-| test.c:68:22:68:22 | v | test.c:68:41:68:41 | v |
-| test.c:72:13:72:15 | & ... | test.c:68:22:68:22 | v |
-| test.c:74:13:74:15 | & ... | test.c:68:22:68:22 | v |
-| test.c:97:32:97:37 | call to malloc | test.c:98:40:98:41 | s2 |
-| test.c:97:32:97:37 | call to malloc | test.c:98:40:98:41 | s2 |
-| test.c:98:32:98:38 | call to realloc | test.c:99:3:99:4 | s3 |
-| test.c:98:32:98:38 | call to realloc | test.c:100:10:100:11 | s3 |
-| test.c:98:40:98:41 | s2 | test.c:98:32:98:38 | call to realloc |
+| test.c:49:8:49:9 | s3 | test.c:50:8:50:9 | s1 | provenance |  |
+| test.c:60:16:60:18 | E1A | test.c:61:16:61:17 | e1 | provenance |  |
+| test.c:60:16:60:18 | E1A | test.c:65:10:65:12 | & ... | provenance |  |
+| test.c:68:22:68:22 | v | test.c:68:41:68:41 | v | provenance |  |
+| test.c:72:13:72:15 | & ... | test.c:68:22:68:22 | v | provenance |  |
+| test.c:74:13:74:15 | & ... | test.c:68:22:68:22 | v | provenance |  |
+| test.c:97:32:97:37 | call to malloc | test.c:98:40:98:41 | s2 | provenance |  |
+| test.c:97:32:97:37 | call to malloc | test.c:98:40:98:41 | s2 | provenance |  |
+| test.c:98:32:98:38 | call to realloc | test.c:99:3:99:4 | s3 | provenance |  |
+| test.c:98:32:98:38 | call to realloc | test.c:100:10:100:11 | s3 | provenance |  |
+| test.c:98:40:98:41 | s2 | test.c:98:32:98:38 | call to realloc | provenance |  |
 nodes
 | test.c:6:19:6:20 | & ... | semmle.label | & ... |
 | test.c:11:10:11:11 | & ... | semmle.label | & ... |

diff --git a/c/cert/test/rules/EXP40-C/DoNotModifyConstantObjects.expected b/c/cert/test/rules/EXP40-C/DoNotModifyConstantObjects.expected
@@ -1,11 +1,11 @@
 edges
-| test.c:5:8:5:9 | & ... | test.c:6:4:6:5 | aa |
-| test.c:26:15:26:15 | a | test.c:27:4:27:4 | a |
-| test.c:34:13:34:14 | & ... | test.c:39:7:39:8 | p1 |
-| test.c:39:7:39:8 | p1 | test.c:26:15:26:15 | a |
-| test.c:40:7:40:9 | * ... | test.c:26:15:26:15 | a |
-| test.c:59:7:59:8 | & ... | test.c:60:4:60:4 | p |
-| test.c:79:11:79:16 | call to strchr | test.c:81:6:81:12 | ... ++ |
+| test.c:5:8:5:9 | & ... | test.c:6:4:6:5 | aa | provenance |  |
+| test.c:26:15:26:15 | a | test.c:27:4:27:4 | a | provenance |  |
+| test.c:34:13:34:14 | & ... | test.c:39:7:39:8 | p1 | provenance |  |
+| test.c:39:7:39:8 | p1 | test.c:26:15:26:15 | a | provenance |  |
+| test.c:40:7:40:9 | * ... | test.c:26:15:26:15 | a | provenance |  |
+| test.c:59:7:59:8 | & ... | test.c:60:4:60:4 | p | provenance |  |
+| test.c:79:11:79:16 | call to strchr | test.c:81:6:81:12 | ... ++ | provenance |  |
 nodes
 | test.c:5:8:5:9 | & ... | semmle.label | & ... |
 | test.c:6:4:6:5 | aa | semmle.label | aa |

diff --git a/c/cert/test/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.expected b/c/cert/test/rules/FIO32-C/DoNotPerformFileOperationsOnDevices.expected
@@ -1,12 +1,12 @@
 edges
-| test.c:20:15:20:23 | scanf output argument | test.c:21:8:21:16 | file_name indirection |
-| test.c:45:15:45:23 | scanf output argument | test.c:46:29:46:37 | file_name indirection |
+| test.c:20:15:20:23 | scanf output argument | test.c:21:8:21:16 | *file_name | provenance |  |
+| test.c:45:15:45:23 | scanf output argument | test.c:46:29:46:37 | *file_name | provenance |  |
 nodes
 | test.c:20:15:20:23 | scanf output argument | semmle.label | scanf output argument |
-| test.c:21:8:21:16 | file_name indirection | semmle.label | file_name indirection |
+| test.c:21:8:21:16 | *file_name | semmle.label | *file_name |
 | test.c:45:15:45:23 | scanf output argument | semmle.label | scanf output argument |
-| test.c:46:29:46:37 | file_name indirection | semmle.label | file_name indirection |
+| test.c:46:29:46:37 | *file_name | semmle.label | *file_name |
 subpaths
 #select
-| test.c:21:8:21:16 | file_name | test.c:20:15:20:23 | scanf output argument | test.c:21:8:21:16 | file_name indirection | This argument to a file access function is derived from $@ and then passed to func(file_name), which calls fopen((unnamed parameter 0)). | test.c:20:15:20:23 | scanf output argument | user input (value read by scanf) |
-| test.c:46:29:46:37 | file_name | test.c:45:15:45:23 | scanf output argument | test.c:46:29:46:37 | file_name indirection | This argument to a file access function is derived from $@ and then passed to CreateFile(lpFileName). | test.c:45:15:45:23 | scanf output argument | user input (value read by scanf) |
+| test.c:21:8:21:16 | file_name | test.c:20:15:20:23 | scanf output argument | test.c:21:8:21:16 | *file_name | This argument to a file access function is derived from $@ and then passed to func(file_name), which calls fopen((unnamed parameter 0)). | test.c:20:15:20:23 | scanf output argument | user input (value read by scanf) |
+| test.c:46:29:46:37 | file_name | test.c:45:15:45:23 | scanf output argument | test.c:46:29:46:37 | *file_name | This argument to a file access function is derived from $@ and then passed to CreateFile(lpFileName). | test.c:45:15:45:23 | scanf output argument | user input (value read by scanf) |
diff --git a/c/cert/test/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.expected b/c/cert/test/rules/MEM36-C/DoNotModifyAlignmentOfMemoryWithRealloc.expected
@@ -1,9 +1,9 @@
 edges
-| test.c:5:10:5:22 | call to aligned_alloc | test.c:15:8:15:28 | call to aligned_alloc_wrapper |
-| test.c:8:29:8:31 | ptr | test.c:8:64:8:66 | ptr |
-| test.c:15:8:15:28 | call to aligned_alloc_wrapper | test.c:16:24:16:25 | v1 |
-| test.c:16:24:16:25 | v1 | test.c:8:29:8:31 | ptr |
-| test.c:22:8:22:20 | call to aligned_alloc | test.c:23:16:23:17 | v3 |
+| test.c:5:10:5:22 | call to aligned_alloc | test.c:15:8:15:28 | call to aligned_alloc_wrapper | provenance |  |
+| test.c:8:29:8:31 | ptr | test.c:8:64:8:66 | ptr | provenance |  |
+| test.c:15:8:15:28 | call to aligned_alloc_wrapper | test.c:16:24:16:25 | v1 | provenance |  |
+| test.c:16:24:16:25 | v1 | test.c:8:29:8:31 | ptr | provenance |  |
+| test.c:22:8:22:20 | call to aligned_alloc | test.c:23:16:23:17 | v3 | provenance |  |
 nodes
 | test.c:5:10:5:22 | call to aligned_alloc | semmle.label | call to aligned_alloc |
 | test.c:8:29:8:31 | ptr | semmle.label | ptr |

diff --git a/c/common/src/codeql-pack.lock.yml b/c/common/src/codeql-pack.lock.yml
@@ -2,17 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.12.2
+    version: 0.12.9
   codeql/dataflow:
-    version: 0.1.5
+    version: 0.2.3
   codeql/rangeanalysis:
-    version: 0.0.4
+    version: 0.0.11
   codeql/ssa:
-    version: 0.2.5
+    version: 0.2.12
   codeql/tutorial:
-    version: 0.2.5
+    version: 0.2.12
   codeql/typetracking:
-    version: 0.2.5
+    version: 0.2.12
   codeql/util:
-    version: 0.2.5
+    version: 0.2.12
 compiled: false
diff --git a/c/common/src/qlpack.yml b/c/common/src/qlpack.yml
@@ -3,4 +3,4 @@ version: 2.37.0-dev
 license: MIT
 dependencies:
   codeql/common-cpp-coding-standards: '*'
-  codeql/cpp-all: 0.12.2
+  codeql/cpp-all: 0.12.9
diff --git a/c/common/test/codeql-pack.lock.yml b/c/common/test/codeql-pack.lock.yml
@@ -2,17 +2,17 @@
 lockVersion: 1.0.0
 dependencies:
   codeql/cpp-all:
-    version: 0.12.2
+    version: 0.12.9
   codeql/dataflow:
-    version: 0.1.5
+    version: 0.2.3
   codeql/rangeanalysis:
-    version: 0.0.4
+    version: 0.0.11
   codeql/ssa:
-    version: 0.2.5
+    version: 0.2.12
   codeql/tutorial:
-    version: 0.2.5
+    version: 0.2.12
   codeql/typetracking:
-    version: 0.2.5
+    version: 0.2.12
   codeql/util:
-    version: 0.2.5
+    version: 0.2.12
 compiled: false