Overlay: Bump minimum CLI version for overlay

[kaspersv]

Bump minimum CLI version for overlay analysis to reduce number of CLI versions in use.

Risk assessment

For internal use only. Please select the risk level of this change:

• Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Workflow types:

• Advanced setup - Impacts users who have custom CodeQL workflows.
• Managed - Impacts users with dynamic workflows (Default Setup, CCR, ...).

Products:

• Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.
• Code Quality - The changes impact analyses when analysis-kinds: code-quality.

Environments:

• Dotcom - Impacts CodeQL workflows on github.com.

How did/will you validate this change?

• Test repository - This change will be tested on a test repository before merging.

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

• Feature flags - All new or changed code paths can be fully disabled with corresponding feature flags.
• Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

• Telemetry - I rely on existing telemetry or have made changes to the telemetry.
  • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
  • Alerts - New or existing monitors will trip if something goes wrong with this change.

Are there any special considerations for merging or releasing this change?

• Special considerations - This change should only be merged once certain preconditions are met. Please provide details of those or link to this PR from an internal issue.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.

[Copilot]

Pull request overview

This PR bumps the minimum CodeQL CLI version required for overlay analysis from 2.23.5 to 2.23.8, aiming to reduce the number of CLI versions in use.

Key Changes:

• Updates the CODEQL_OVERLAY_MINIMUM_VERSION constant from "2.23.5" to "2.23.8" in the source file
• Regenerated JavaScript files in the lib/ directory reflect this change

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
src/overlay-database-utils.ts	Updates the minimum CLI version constant for overlay database functionality
lib/upload-sarif-action.js	Auto-generated JavaScript reflecting the source change
lib/upload-sarif-action-post.js	Auto-generated JavaScript reflecting the source change
lib/upload-lib.js	Auto-generated JavaScript reflecting the source change
lib/start-proxy-action.js	Auto-generated JavaScript reflecting the source change
lib/start-proxy-action-post.js	Auto-generated JavaScript reflecting the source change
lib/setup-codeql-action.js	Auto-generated JavaScript reflecting the source change
lib/resolve-environment-action.js	Auto-generated JavaScript reflecting the source change
lib/init-action.js	Auto-generated JavaScript reflecting the source change
lib/init-action-post.js	Auto-generated JavaScript reflecting the source change
lib/autobuild-action.js	Auto-generated JavaScript reflecting the source change
lib/analyze-action.js	Auto-generated JavaScript reflecting the source change
lib/analyze-action-post.js	Auto-generated JavaScript reflecting the source change

---

Review Notes:

The change is straightforward and correct. The version bump from 2.23.5 to 2.23.8 is valid - version 2.23.8 was already set as the default CodeQL bundle version in release 4.31.8 (as documented in CHANGELOG.md). This version constant is used to determine the minimum CLI version for overlay analysis features, and bumping it aligns with reducing CLI version diversity. All generated JavaScript files in lib/ correctly reflect the TypeScript source change, as expected per the repository's custom guidelines.