microsoft
diff --git a/‎javascript/ql/integration-tests/query-suite/javascript-code-scanning.qls.expected‎
Lines changed: 0 additions & 2 deletions b/‎javascript/ql/integration-tests/query-suite/javascript-code-scanning.qls.expected‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎javascript/ql/integration-tests/query-suite/javascript-security-and-quality.qls.expected‎
Lines changed: 0 additions & 2 deletions b/‎javascript/ql/integration-tests/query-suite/javascript-security-and-quality.qls.expected‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎javascript/ql/integration-tests/query-suite/javascript-security-extended.qls.expected‎
Lines changed: 0 additions & 2 deletions b/‎javascript/ql/integration-tests/query-suite/javascript-security-extended.qls.expected‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎javascript/ql/integration-tests/query-suite/not_included_in_qls.expected‎
Lines changed: 0 additions & 1 deletion b/‎javascript/ql/integration-tests/query-suite/not_included_in_qls.expected‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎javascript/ql/lib/ext/react.model.yml‎
Lines changed: 6 additions & 0 deletions b/‎javascript/ql/lib/ext/react.model.yml‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎javascript/ql/lib/javascript.qll‎
Lines changed: 1 addition & 0 deletions b/‎javascript/ql/lib/javascript.qll‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/Actions.qll‎
Lines changed: 2 additions & 0 deletions b/‎javascript/ql/lib/semmle/javascript/Actions.qll‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll‎
Lines changed: 4 additions & 4 deletions b/‎javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/dataflow/BackwardExploration.qll‎
Lines changed: 1 addition & 1 deletion b/‎javascript/ql/lib/semmle/javascript/dataflow/BackwardExploration.qll‎
Lines changed: 1 addition & 1 deletion
@@ -31,7 +31,6 @@ ql/javascript/ql/src/Security/CWE-079/Xss.ql
 ql/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
 ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql
 ql/javascript/ql/src/Security/CWE-094/CodeInjection.ql
-ql/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql
 ql/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql
 ql/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql
 ql/javascript/ql/src/Security/CWE-1004/ClientExposedCookie.ql
@@ -48,7 +47,6 @@ ql/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
 ql/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql
 ql/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql
 ql/javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.ql
-ql/javascript/ql/src/Security/CWE-312/ActionsArtifactLeak.ql
 ql/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql
 ql/javascript/ql/src/Security/CWE-312/CleartextLogging.ql
 ql/javascript/ql/src/Security/CWE-312/CleartextStorage.ql
 
@@ -119,7 +119,6 @@ ql/javascript/ql/src/Security/CWE-079/Xss.ql
 ql/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
 ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql
 ql/javascript/ql/src/Security/CWE-094/CodeInjection.ql
-ql/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql
 ql/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql
 ql/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
 ql/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql
@@ -140,7 +139,6 @@ ql/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
 ql/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql
 ql/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql
 ql/javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.ql
-ql/javascript/ql/src/Security/CWE-312/ActionsArtifactLeak.ql
 ql/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql
 ql/javascript/ql/src/Security/CWE-312/CleartextLogging.ql
 ql/javascript/ql/src/Security/CWE-312/CleartextStorage.ql
 
@@ -34,7 +34,6 @@ ql/javascript/ql/src/Security/CWE-079/Xss.ql
 ql/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
 ql/javascript/ql/src/Security/CWE-089/SqlInjection.ql
 ql/javascript/ql/src/Security/CWE-094/CodeInjection.ql
-ql/javascript/ql/src/Security/CWE-094/ExpressionInjection.ql
 ql/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql
 ql/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql
 ql/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql
@@ -55,7 +54,6 @@ ql/javascript/ql/src/Security/CWE-201/PostMessageStar.ql
 ql/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql
 ql/javascript/ql/src/Security/CWE-295/DisablingCertificateValidation.ql
 ql/javascript/ql/src/Security/CWE-300/InsecureDependencyResolution.ql
-ql/javascript/ql/src/Security/CWE-312/ActionsArtifactLeak.ql
 ql/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql
 ql/javascript/ql/src/Security/CWE-312/CleartextLogging.ql
 ql/javascript/ql/src/Security/CWE-312/CleartextStorage.ql
 
@@ -67,7 +67,6 @@ ql/javascript/ql/src/Summary/TaintSinks.ql
 ql/javascript/ql/src/Summary/TaintSources.ql
 ql/javascript/ql/src/definitions.ql
 ql/javascript/ql/src/experimental/Security/CWE-094-dataURL/CodeInjection.ql
-ql/javascript/ql/src/experimental/Security/CWE-094/UntrustedCheckout.ql
 ql/javascript/ql/src/experimental/Security/CWE-099/EnvValueAndKeyInjection.ql
 ql/javascript/ql/src/experimental/Security/CWE-099/EnvValueInjection.ql
 ql/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql
 
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: summaryModel
+    data:
+      - ["react", "Member[use]", "Argument[0].Awaited", "ReturnValue", "value"]
@@ -92,6 +92,7 @@ import semmle.javascript.frameworks.DigitalOcean
 import semmle.javascript.frameworks.DomEvents
 import semmle.javascript.frameworks.Electron
 import semmle.javascript.frameworks.EventEmitter
+import semmle.javascript.frameworks.Execa
 import semmle.javascript.frameworks.Files
 import semmle.javascript.frameworks.Firebase
 import semmle.javascript.frameworks.FormParsers
 
@@ -1,4 +1,6 @@
 /**
+ * PENDING DEPRECATION. Models for GitHub Actions workflow files are part of the actions qlpack now.
+ *
  * Libraries for modeling GitHub Actions workflow files written in YAML.
  * See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions.
  */
 
@@ -152,7 +152,7 @@ class LegacyFlowStep extends Unit {
    * Holds if `pred` &rarr; `succ` should be considered a data flow edge
    * transforming values with label `predlbl` to have label `succlbl`.
    */
-  predicate step(
+  deprecated predicate step(
     DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
     DataFlow::FlowLabel succlbl
   ) {
@@ -207,7 +207,7 @@ module LegacyFlowStep {
    * transforming values with label `predlbl` to have label `succlbl`.
    */
   cached
-  predicate step(
+  deprecated predicate step(
     DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
     DataFlow::FlowLabel succlbl
   ) {
@@ -282,7 +282,7 @@ class SharedFlowStep extends Unit {
    * Holds if `pred` &rarr; `succ` should be considered a data flow edge
    * transforming values with label `predlbl` to have label `succlbl`.
    */
-  predicate step(
+  deprecated predicate step(
     DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
     DataFlow::FlowLabel succlbl
   ) {
@@ -364,7 +364,7 @@ module SharedFlowStep {
    * Holds if `pred` &rarr; `succ` should be considered a data flow edge
    * transforming values with label `predlbl` to have label `succlbl`.
    */
-  predicate step(
+  deprecated predicate step(
     DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl,
     DataFlow::FlowLabel succlbl
   ) {
 
@@ -1,6 +1,6 @@
 /**
  * Alias for the library `semmle.javascript.explore.BackwardDataFlow`.
  */
-// deprecated module;
+deprecated module;
 
 import semmle.javascript.explore.BackwardDataFlow