Update CodeQL workflow and configuration, fix found bugs (#51263)

.github/codeql/codeql-configuration.yml

@@ -1,4 +1,8 @@
 name : CodeQL Configuration
 
 paths:
-  - './src' 
+  - src
+  - scripts
+  - Gulpfile.mjs
+paths-ignore:
+  - src/lib

.github/workflows/codeql.yml

@@ -1,50 +1,64 @@
-name: "Code scanning - action"
+name: "Code Scanning - Action"
 
 on:
   push:
+    branches:
+      - main
+      - release-*
   pull_request:
+    branches:
+      - main
+      - release-*
   schedule:
-    - cron: '0 19 * * 0'
+    #        ┌───────────── minute (0 - 59)
+    #        │  ┌───────────── hour (0 - 23)
+    #        │  │ ┌───────────── day of the month (1 - 31)
+    #        │  │ │ ┌───────────── month (1 - 12 or JAN-DEC)
+    #        │  │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        *  * * * *
+    - cron: '30 1 * * 0'
 
 jobs:
   CodeQL-Build:
-
-    # CodeQL runs on ubuntu-latest and windows-latest
+    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
     runs-on: ubuntu-latest
     if: github.repository == 'microsoft/TypeScript'
 
+    permissions:
+      # required for all workflows
+      security-events: write
+
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
+      - name: Checkout repository
+        uses: actions/checkout@v3
 
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        config-file: ./.github/codeql/codeql-configuration.yml
-      # Override language selection by uncommenting this and choosing your languages
-      # with:
-      #   languages: go, javascript, csharp, python, cpp, java
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          config-file: ./.github/codeql/codeql-configuration.yml
+        # Override language selection by uncommenting this and choosing your languages
+        # with:
+        #   languages: go, javascript, csharp, python, cpp, java
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below).
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
 
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
 
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following
+      #    three lines and modify them (or add more) to build your code if your
+      #    project uses a compiled language
 
-    #- run: |
-    #   make bootstrap
-    #   make release
+      #- run: |
+      #     make bootstrap
+      #     make release
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

scripts/generateLocalizedDiagnosticMessages.mjs

@@ -171,7 +171,7 @@ function main() {
          */
         function getItemXML(key, value) {
             // escape entrt value
-            value = value.replace(/]/, "]5D;");
+            value = value.replace(/]/g, "]5D;");
 
             return `
             <Item ItemId=";${key}" ItemType="0" PsrId="306" Leaf="true">

scripts/importDefinitelyTypedTests.mjs

@@ -157,7 +157,7 @@ function importDefinitelyTypedTests(tscPath, rwcTestPath, definitelyTypedRoot) {
 
                     if (testFiles.length === 0) {
                         // no test files but multiple d.ts's, e.g. winjs
-                        const regexp = new RegExp(d + "(([-][0-9])|([\.]d[\.]ts))");
+                        const regexp = new RegExp(d + "(([-][0-9])|(\\.d\\.ts))");
                         if (tsFiles.length > 1 && tsFiles.every(t => filePathEndsWith(t, ".d.ts") && regexp.test(t))) {
                             for (const fileName of tsFiles) {
                                 importDefinitelyTypedTest(tscPath, rwcTestPath, path.basename(fileName, ".d.ts"), [fileName], paramFile);

scripts/processDiagnosticMessages.mjs

@@ -104,19 +104,15 @@ function buildInfoFileOutput(messageTable, inputFilePathRel, thisFilePathRel) {
  * @returns {string}
  */
 function buildDiagnosticMessageOutput(messageTable) {
-    let result = "{";
+    /** @type {Record<string, string>} */
+    const result = {};
+
     messageTable.forEach(({ code }, name) => {
         const propName = convertPropertyName(name);
-        result += `\r\n  "${createKey(propName, code)}" : "${name.replace(/[\"]/g, '\\"')}",`;
+        result[createKey(propName, code)] = name;
     });
 
-    // Shave trailing comma, then add newline and ending brace
-    result = result.slice(0, result.length - 1) + "\r\n}";
-
-    // Assert that we generated valid JSON
-    JSON.parse(result);
-
-    return result;
+    return JSON.stringify(result, undefined, 2).replace(/\r?\n/g, "\r\n");
 }
 
 /**