update version in various hardcoded locations

src/autobuild.ts

@@ -38,11 +38,11 @@ export async function determineAutobuildLanguages(
    * For example, consider a user with the following workflow file:
    *
    * ```yml
-   * - uses: github/codeql-action/init@v2
+   * - uses: github/codeql-action/init@v3
    *   with:
    *     languages: go, java
-   * - uses: github/codeql-action/autobuild@v2
-   * - uses: github/codeql-action/analyze@v2
+   * - uses: github/codeql-action/autobuild@v3
+   * - uses: github/codeql-action/analyze@v3
    * ```
    *
    * - With Go extraction disabled, we will run the Java autobuilder in the

src/codeql.ts

@@ -1159,7 +1159,7 @@ export async function getCodeQLForCmd(
         "version of the CLI using the 'tools' input to the 'init' Action, you can remove this " +
         "input to use the default version.\n\n" +
         "Alternatively, if you want to continue using CodeQL CLI version " +
-        `${result.version}, you can replace 'github/codeql-action/*@v2' by ` +
+        `${result.version}, you can replace 'github/codeql-action/*@v3' by ` +
         `'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to ` +
         "continue using this version of the CodeQL Action.",
     );

src/init-action-post-helper.test.ts

@@ -91,14 +91,14 @@ test("uploads failed SARIF run with `diagnostics export` if feature flag is off"
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v2",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v2",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         category: "my-category",
       },
@@ -115,14 +115,14 @@ test("uploads failed SARIF run with `diagnostics export` if the database doesn't
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v2",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v2",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         category: "my-category",
       },
@@ -142,14 +142,14 @@ test("uploads failed SARIF run with database export-diagnostics if the database
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v2",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v2",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         category: "my-category",
       },
@@ -199,14 +199,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
       },
       {
         name: "Initialize CodeQL",
-        uses: "github/codeql-action/init@v2",
+        uses: "github/codeql-action/init@v3",
         with: {
           languages: "javascript",
         },
       },
       {
         name: "Perform CodeQL Analysis",
-        uses: "github/codeql-action/analyze@v2",
+        uses: "github/codeql-action/analyze@v3",
         with: {
           category: "my-category",
           upload: uploadInput,
@@ -234,14 +234,14 @@ test("uploading failed SARIF run succeeds when workflow uses an input with a mat
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v2",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v2",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         category: "/language:${{ matrix.language }}",
       },
@@ -261,14 +261,14 @@ test("uploading failed SARIF run fails when workflow uses a complex upload input
     },
     {
       name: "Initialize CodeQL",
-      uses: "github/codeql-action/init@v2",
+      uses: "github/codeql-action/init@v3",
       with: {
         languages: "javascript",
       },
     },
     {
       name: "Perform CodeQL Analysis",
-      uses: "github/codeql-action/analyze@v2",
+      uses: "github/codeql-action/analyze@v3",
       with: {
         upload: "${{ matrix.language != 'csharp' }}",
       },

src/workflow.test.ts

@@ -396,9 +396,9 @@ async function testLanguageAliases(
             },
           },
           steps: [
-            { uses: "actions/checkout@v2" },
-            { uses: "github/codeql-action/init@v2" },
-            { uses: "github/codeql-action/analyze@v2" },
+            { uses: "actions/checkout@v3" },
+            { uses: "github/codeql-action/init@v3" },
+            { uses: "github/codeql-action/analyze@v3" },
           ],
         },
       },
@@ -516,11 +516,11 @@ test("getWorkflowErrors() should only report the current job's CheckoutWrongHead
     test:
       steps:
         - run: "git checkout HEAD^2"
-  
+
     test2:
       steps:
         - run: "git checkout HEAD^2"
-  
+
     test3:
       steps: []
   `) as Workflow,
@@ -546,11 +546,11 @@ test("getWorkflowErrors() should not report a different job's CheckoutWrongHead"
     test:
       steps:
         - run: "git checkout HEAD^2"
-  
+
     test2:
       steps:
         - run: "git checkout HEAD^2"
-  
+
     test3:
       steps: []
   `) as Workflow,
@@ -652,9 +652,9 @@ test("getCategoryInputOrThrow returns category for simple workflow with category
           analysis:
             runs-on: ubuntu-latest
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
-              - uses: github/codeql-action/analyze@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
+              - uses: github/codeql-action/analyze@v3
                 with:
                   category: some-category
       `) as Workflow,
@@ -674,9 +674,9 @@ test("getCategoryInputOrThrow returns undefined for simple workflow without cate
           analysis:
             runs-on: ubuntu-latest
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
-              - uses: github/codeql-action/analyze@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
+              - uses: github/codeql-action/analyze@v3
       `) as Workflow,
       "analysis",
       {},
@@ -694,19 +694,19 @@ test("getCategoryInputOrThrow returns category for workflow with multiple jobs",
           foo:
             runs-on: ubuntu-latest
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
               - runs: ./build foo
-              - uses: github/codeql-action/analyze@v2
+              - uses: github/codeql-action/analyze@v3
                 with:
                   category: foo-category
           bar:
             runs-on: ubuntu-latest
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
               - runs: ./build bar
-              - uses: github/codeql-action/analyze@v2
+              - uses: github/codeql-action/analyze@v3
                 with:
                   category: bar-category
       `) as Workflow,
@@ -729,11 +729,11 @@ test("getCategoryInputOrThrow finds category for workflow with language matrix",
               matrix:
                 language: [javascript, python]
             steps:
-              - uses: actions/checkout@v2
-              - uses: github/codeql-action/init@v2
+              - uses: actions/checkout@v3
+              - uses: github/codeql-action/init@v3
                 with:
                   language: \${{ matrix.language }}
-              - uses: github/codeql-action/analyze@v2
+              - uses: github/codeql-action/analyze@v3
                 with:
                   category: "/language:\${{ matrix.language }}"
       `) as Workflow,
@@ -753,9 +753,9 @@ test("getCategoryInputOrThrow throws error for workflow with dynamic category",
           jobs:
             analysis:
               steps:
-                - uses: actions/checkout@v2
-                - uses: github/codeql-action/init@v2
-                - uses: github/codeql-action/analyze@v2
+                - uses: actions/checkout@v3
+                - uses: github/codeql-action/init@v3
+                - uses: github/codeql-action/analyze@v3
                   with:
                     category: "\${{ github.workflow }}"
         `) as Workflow,
@@ -780,12 +780,12 @@ test("getCategoryInputOrThrow throws error for workflow with multiple calls to a
             analysis:
               runs-on: ubuntu-latest
               steps:
-                - uses: actions/checkout@v2
-                - uses: github/codeql-action/init@v2
-                - uses: github/codeql-action/analyze@v2
+                - uses: actions/checkout@v3
+                - uses: github/codeql-action/init@v3
+                - uses: github/codeql-action/analyze@v3
                   with:
                     category: some-category
-                - uses: github/codeql-action/analyze@v2
+                - uses: github/codeql-action/analyze@v3
                   with:
                     category: another-category
         `) as Workflow,