Update CodeQL CLI manual (#40489)

Co-authored-by: Felicity Chapman <felicitymay@github.com>

Author: docs-bot

Diff for: content/code-security/codeql-cli/codeql-cli-manual/bqrs-info.md

@@ -56,7 +56,7 @@ Select output format, either `text` _(default)_ or `json`.
 
 \[Advanced] When given together with `--format=json`, compute a table
 of byte offsets that can later be given to the `--start-at` option of
-[codeql bqrs decode](/code-security/codeql-cli/codeql-cli-manual/bqrs-decode), to start streaming results at positions `0, <num>, 2*<num>` and so
+[codeql bqrs decode](/code-security/codeql-cli/codeql-cli-manual/bqrs-decode), to start streaming results at positions `0, <num>, 2*<num>`, and so
 forth.
 
 #### `--paginate-result-set=<name>`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/database-analyze.md

@@ -451,7 +451,7 @@ directory.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/database-create.md

@@ -185,7 +185,7 @@ default to <https://github.com/>
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/database-init.md

@@ -159,7 +159,7 @@ default to <https://github.com/>
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`
@@ -178,16 +178,16 @@ registry, you can instead authenticate using the simpler
 parent process of the CodeQL CLI whose name matches this argument. If
 more than one parent process has this name, the one lowest in the
 process tree will be selected. This option overrides
-`--trace-process-level`, so if both are used passed only this option
-will be used.
+`--trace-process-level`, so if both are passed, only this option will be
+used.
 
 #### `--trace-process-level=<process-level>`
 
 \[Windows only] When initializing tracing, inject the tracer this many
 parents above the current process, with 0 corresponding to the process
-that is invoking the CodeQL CLI. The CLI's default behaviour if no
+that is invoking the CodeQL CLI. The CLI's default behavior if no
 arguments are passed is to inject into the parent of the calling
-process.
+process, with some special cases for GitHub Actions and Azure Pipelines.
 
 ### Options to configure indirect build tracing
 

Diff for: content/code-security/codeql-cli/codeql-cli-manual/database-interpret-results.md

@@ -181,7 +181,7 @@ Print the baseline lines of code counted to standard output.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/database-run-queries.md

@@ -338,7 +338,7 @@ directory.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/execute-queries.md

@@ -327,7 +327,7 @@ directory.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/execute-query-server.md

@@ -25,141 +25,18 @@ redirect_from:
 ## Synopsis
 
 ```shell copy
-codeql execute query-server [--threads=<num>] <options>...
+codeql execute query-server <options>...
 ```
 
 ## Description
 
-\[Plumbing] Support for running queries from IDEs.
+\[Deprecated] \[Plumbing] Support for running queries from IDEs.
 
-This command is only relevant for authors of QL language extensions for
-IDEs. It is started by the IDE plugin in the background and communicates
-with it through a special protocol on its standard input and output
-streams.
-
-The IDE extensions should use
-[codeql resolve ram](/code-security/codeql-cli/codeql-cli-manual/resolve-ram) to construct options for RAM limits before starting the query server.
+The
+[codeql execute query-server](/code-security/codeql-cli/codeql-cli-manual/execute-query-server) subcommand is unsupported and no longer works. If you are using the official CodeQL extension for Visual Studio Code, please upgrade the extension to 1.7.6 or a later version. Otherwise please migrate your CodeQL IDE integration to the `codeql execute query-server2` subcommand.
 
 ## Primary options
 
-#### `--[no-]tuple-counting`
-
-\[Advanced] Display tuple counts for each evaluation step in the query
-evaluator logs. If the `--evaluator-log` option is provided, tuple
-counts will be included in both the text-based and structured JSON logs
-produced by the command. (This can be useful for performance
-optimization of complex QL code).
-
-#### `--timeout=<seconds>`
-
-\[Advanced] Set the timeout length for query evaluation, in seconds.
-
-The timeout feature is intended to catch cases where a complex query
-would take "forever" to evaluate. It is not an effective way to limit
-the total amount of time the query evaluation can take. The evaluation
-will be allowed to continue as long as each separately timed part of the
-computation completes within the timeout. Currently these separately
-timed parts are "RA layers" of the optimized query, but that might
-change in the future.
-
-If no timeout is specified, or is given as 0, no timeout will be set
-(except for [codeql test run](/code-security/codeql-cli/codeql-cli-manual/test-run), where the default timeout is 5 minutes).
-
-#### `-j, --threads=<num>`
-
-Use this many threads to evaluate queries.
-
-Defaults to 1. You can pass 0 to use one thread per core on the machine,
-or -_N_ to leave _N_ cores unused (except still use at least one
-thread).
-
-#### `--[no-]save-cache`
-
-\[Advanced] Aggressively write intermediate results to the disk cache.
-This takes more time and uses (much) more disk space, but may speed up
-the subsequent execution of similar queries.
-
-#### `--[no-]expect-discarded-cache`
-
-\[Advanced] Make decisions about which predicates to evaluate, and what
-to write to the disk cache, based on the assumption that the cache will
-be discarded after the queries have been executed.
-
-#### `--[no-]keep-full-cache`
-
-\[Advanced] Don't clean up the disk cache after evaluation completes.
-This may save time if you're going to do [codeql dataset cleanup](/code-security/codeql-cli/codeql-cli-manual/dataset-cleanup) or [codeql database cleanup](/code-security/codeql-cli/codeql-cli-manual/database-cleanup) afterwards anyway.
-
-#### `--max-disk-cache=<MB>`
-
-Set the maximum amount of space that the disk cache for intermediate
-query results can use.
-
-If this size is not configured explicitly, the evaluator will try to use
-a "reasonable" amount of cache space, based on the size of the dataset
-and the complexity of the queries. Explicitly setting a higher limit
-than this default usage will enable additional caching which can speed
-up later queries.
-
-#### `--min-disk-free=<MB>`
-
-\[Advanced] Set target amount of free space on file system.
-
-If `--max-disk-cache` is not given, the evaluator will try hard to
-curtail disk cache usage if the free space on the file system drops
-below this value.
-
-#### `--min-disk-free-pct=<pct>`
-
-\[Advanced] Set target fraction of free space on file system.
-
-If `--max-disk-cache` is not given, the evaluator will try hard to
-curtail disk cache usage if the free space on the file system drops
-below this percentage.
-
-#### `--external=<pred>=<file.csv>`
-
-A CSV file that contains rows for external predicate `<pred>`.
-Multiple `--external` options can be supplied.
-
-#### `--xterm-progress=<mode>`
-
-\[Advanced] Controls whether to show progress tracking during QL
-evaluation using xterm control sequences. Possible values are:
-
-`no`: Never produce fancy progress; assume a dumb terminal.
-
-`auto` _(default)_: Autodetect whether the command is running in an
-appropriate terminal.
-
-`yes`: Assume the terminal can understand xterm control sequences. The
-feature still depends on being able to autodetect the _size_ of the
-terminal, and will also be disabled if `-q` is given.
-
-`25x80` (or similar): Like `yes`, and also explicitly give the size of
-the terminal.
-
-`25x80:/dev/pts/17` (or similar): show fancy progress on a _different_
-terminal than stderr. Mostly useful for internal testing.
-
-### Options for controlling outputting of structured evaluator logs
-
-#### `--evaluator-log=<file>`
-
-\[Advanced] Output structured logs about evaluator performance to the
-given file. The format of this log file is subject to change with no
-notice, but will be a stream of JSON objects separated by either two
-newline characters (by default) or one if the `--evaluator-log-minify`
-option is passed. Please use `codeql generate log-summary <file>` to
-produce a more stable summary of this file, and avoid parsing the file
-directly. The file will be overwritten if it already exists.
-
-#### `--evaluator-log-minify`
-
-\[Advanced] If the `--evaluator-log` option is passed, also passing
-this option will minimize the size of the JSON log produced, at the
-expense of making it much less human readable.
-
 ### Common options
 
 #### `-h, --help`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/execute-upgrades.md

@@ -214,7 +214,7 @@ expense of making it much less human readable.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/generate-query-help.md

@@ -131,7 +131,7 @@ value.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/pack-add.md

@@ -67,7 +67,7 @@ The root directory of the package.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/pack-bundle.md

@@ -157,7 +157,7 @@ directory.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/pack-ci.md

@@ -75,6 +75,13 @@ Available since `v2.11.3`.
 \[Advanced] Specifies an alternate lock file to use as the input to
 dependency resolution.
 
+#### `--lock-output=<file>`
+
+\[Advanced] Specifies an alternate location to save the lock file
+generated by dependency resolution.
+
+Available since `v2.14.1`.
+
 #### `--no-strict-mode`
 
 \[Advanced] Turn off strict mode to avoid a warning when resolving
@@ -131,7 +138,7 @@ value.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/pack-create.md

@@ -159,7 +159,7 @@ directory.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/pack-download.md

@@ -124,7 +124,7 @@ value.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/pack-install.md

@@ -71,6 +71,13 @@ Available since `v2.11.3`.
 \[Advanced] Specifies an alternate lock file to use as the input to
 dependency resolution.
 
+#### `--lock-output=<file>`
+
+\[Advanced] Specifies an alternate location to save the lock file
+generated by dependency resolution.
+
+Available since `v2.14.1`.
+
 #### `--no-strict-mode`
 
 \[Advanced] Turn off strict mode to avoid a warning when resolving
@@ -158,7 +165,7 @@ value.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/pack-publish.md

@@ -195,7 +195,7 @@ directory.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/pack-resolve-dependencies.md

@@ -101,6 +101,13 @@ and will not be added to the package lock.
 \[Advanced] Specifies an alternate lock file to use as the input to
 dependency resolution.
 
+#### `--lock-output=<file>`
+
+\[Advanced] Specifies an alternate location to save the lock file
+generated by dependency resolution.
+
+Available since `v2.14.1`.
+
 ### Options for resolving QL packs outside of the package registry
 
 #### `--search-path=<dir>[:<dir>...]`
@@ -147,7 +154,7 @@ value.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/pack-upgrade.md

@@ -68,6 +68,13 @@ Available since `v2.11.3`.
 \[Advanced] Specifies an alternate lock file to use as the input to
 dependency resolution.
 
+#### `--lock-output=<file>`
+
+\[Advanced] Specifies an alternate location to save the lock file
+generated by dependency resolution.
+
+Available since `v2.14.1`.
+
 #### `--no-strict-mode`
 
 \[Advanced] Turn off strict mode to avoid a warning when resolving
@@ -124,7 +131,7 @@ value.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`

Diff for: content/code-security/codeql-cli/codeql-cli-manual/query-compile.md

@@ -234,7 +234,7 @@ directory.
 #### `--registries-auth-stdin`
 
 Authenticate to GitHub Enterprise Server Container registries by passing
-a comma-separated list of \<registry\_url>=\<token> pairs.
+a comma-separated list of `<registry_url>=<token>` pairs.
 
 For example, you can pass
 `https://containers.GHEHOSTNAME1/v2/=TOKEN1,https://containers.GHEHOSTNAME2/v2/=TOKEN2`