diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-governance.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-governance.md
index c2d7f7b95f22..52613f848c65 100644
--- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-governance.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-governance.md
@@ -32,8 +32,6 @@ Rulesets allow you to flexibly target the organizations, repositories, and branc
 * Within those organizations, you can target all **repositories**, or target a dynamic list by custom property or deployment context.
 * Within the repositories, you can target certain **branches or tags**: all branches, the default branch, or a dynamic list using `fnmatch` syntax.
 
-When you create a ruleset that targets branches in a repository, repository administrators can no longer rename branches or change the default branch in the targeted repository. They can still create and delete branches if they have the appropriate permissions.
-
 ## How can I control the format of commits?
 
 In branch or tag rulesets, you can add a rule that restricts the format of commit metadata such as commit message or author email.
diff --git a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md
index d71e9d112b70..0ac32834c728 100644
--- a/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md
+++ b/content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise.md
@@ -190,6 +190,19 @@ Across all organizations owned by your enterprise, you can allow members with ad
 1. Under "Repository issue deletion", review the information about changing the setting. {% data reusables.enterprise-accounts.view-current-policy-config-orgs %}
 1. Under "Repository issue deletion", select the dropdown menu and click a policy.
 
+{% ifversion repo-admin-branch-rename %}
+
+## Enforcing a policy for renaming protected branches
+
+By default, repository administrators can rename branches that are targeted by enterprise-level rules, provided the new branch name is still targeted by those rules. You can restrict this ability to enterprise owners only.
+
+{% data reusables.enterprise-accounts.access-enterprise %}
+{% data reusables.enterprise-accounts.policies-tab %}
+{% data reusables.enterprise-accounts.repositories-tab %}
+1. Under "Repository branch renames", select the dropdown menu and click a policy.
+
+{% endif %}
+
 {% ifversion ghes %}
 
 ## Enforcing a policy for Git push limits
diff --git a/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-finalize.md b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-finalize.md
index 72d2180babd1..dae327738917 100644
--- a/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-finalize.md
+++ b/content/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-finalize.md
@@ -54,6 +54,13 @@ Indicates that the directory given on the command line is not a database
 itself, but a directory that _contains_ one or more databases under
 construction. Those databases will be processed together.
 
+#### `--working-dir=<dir>`
+
+\[Advanced] The directory in which the specified command should be
+executed. If this argument is not provided, the command is executed in
+the value of `--source-root` passed to [codeql database create](/code-security/reference/code-scanning/codeql/codeql-cli-manual/database-create), if one exists. If no `--source-root` argument is provided, the command is executed in the
+current working directory.
+
 #### `--additional-dbs=<database>[:<database>...]`
 
 \[Advanced] Path to additional CodeQL databases under construction.
diff --git a/content/copilot/how-tos/use-copilot-agents/cloud-agent/index.md b/content/copilot/how-tos/use-copilot-agents/cloud-agent/index.md
index 3079c2e399eb..c34427f1222c 100644
--- a/content/copilot/how-tos/use-copilot-agents/cloud-agent/index.md
+++ b/content/copilot/how-tos/use-copilot-agents/cloud-agent/index.md
@@ -13,6 +13,7 @@ children:
   - /integrate-cloud-agent-with-teams
   - /integrate-cloud-agent-with-linear
   - /integrate-cloud-agent-with-azure-boards
+  - /use-cloud-agent-via-the-api
   - /changing-the-ai-model
   - /configuring-agent-settings
   - /create-custom-agents-in-your-ide
diff --git a/content/copilot/how-tos/use-copilot-agents/cloud-agent/use-cloud-agent-via-the-api.md b/content/copilot/how-tos/use-copilot-agents/cloud-agent/use-cloud-agent-via-the-api.md
new file mode 100644
index 000000000000..28105635025d
--- /dev/null
+++ b/content/copilot/how-tos/use-copilot-agents/cloud-agent/use-cloud-agent-via-the-api.md
@@ -0,0 +1,93 @@
+---
+title: Using Copilot cloud agent via the API
+shortTitle: Use cloud agent via the API
+intro: 'You can start and manage {% data variables.copilot.copilot_cloud_agent %} tasks programmatically using the REST API.'
+product: '{% data reusables.gated-features.copilot-business-and-enterprise %}'
+versions:
+  feature: copilot
+contentType: how-tos
+category:
+  - Integrate Copilot with your tools
+---
+
+> [!NOTE]
+> The agent tasks API is in {% data variables.release-phases.public_preview %} and subject to change.
+
+You can use the agent tasks API to integrate {% data variables.copilot.copilot_cloud_agent_short %} into your own tools and workflows. For example, you can start a new task, list existing tasks, or check the status of a task.
+
+For the full API reference, see [AUTOTITLE](/rest/agent-tasks/agent-tasks).
+
+## Authentication
+
+The agent tasks API only supports user-to-server tokens. You can authenticate using a {% data variables.product.pat_generic %}, a {% data variables.product.prodname_oauth_app %} token or a {% data variables.product.prodname_github_app %} user-to-server token.
+
+Server-to-server tokens, such as {% data variables.product.prodname_github_app %} installation access tokens, are not supported.
+
+## Starting a task via the API
+
+To start a new {% data variables.copilot.copilot_cloud_agent_short %} task, send a `POST` request to `/agents/repos/{owner}/{repo}/tasks`. The only required parameter is `prompt`, which is the prompt for the agent.
+
+```shell copy
+curl -X POST \
+  -H "Accept: application/vnd.github+json" \
+  -H "X-GitHub-Api-Version: {{ defaultRestApiVersion }}" \
+  -H "Authorization: Bearer YOUR-TOKEN" \
+  https://api.github.com/agents/repos/OWNER/REPO/tasks \
+  -d '{
+    "prompt": "Fix the login button on the homepage",
+    "base_ref": "main"
+  }'
+```
+
+Replace the following placeholder values:
+
+* `YOUR-TOKEN`: A {% data variables.product.pat_generic %} or {% data variables.product.prodname_github_app %} user-to-server token.
+* `OWNER`: The account owner of the repository.
+* `REPO`: The name of the repository.
+
+You can also include the following optional parameters in the request body:
+
+* `base_ref`: The base branch for the new branch and pull request.
+* `model`: The AI model to use for the task. If omitted, {% data variables.copilot.copilot_auto_model_selection_short %} is used. For more information about supported models, see [AUTOTITLE](/rest/agent-tasks/agent-tasks).
+* `create_pull_request`: A boolean that determines whether to create a pull request for the task.
+
+## Listing tasks
+
+You can list tasks for a specific repository or across all repositories you have access to.
+
+To list tasks for a specific repository:
+
+```shell copy
+curl -H "Accept: application/vnd.github+json" \
+  -H "X-GitHub-Api-Version: {{ defaultRestApiVersion }}" \
+  -H "Authorization: Bearer YOUR-TOKEN" \
+  https://api.github.com/agents/repos/OWNER/REPO/tasks
+```
+
+To list your tasks across all repositories:
+
+```shell copy
+curl -H "Accept: application/vnd.github+json" \
+  -H "X-GitHub-Api-Version: {{ defaultRestApiVersion }}" \
+  -H "Authorization: Bearer YOUR-TOKEN" \
+  https://api.github.com/agents/tasks
+```
+
+## Checking the status of a task
+
+To check the status of a specific task, send a `GET` request with the task ID:
+
+```shell copy
+curl -H "Accept: application/vnd.github+json" \
+  -H "X-GitHub-Api-Version: {{ defaultRestApiVersion }}" \
+  -H "Authorization: Bearer YOUR-TOKEN" \
+  https://api.github.com/agents/repos/OWNER/REPO/tasks/TASK-ID
+```
+
+Replace `TASK-ID` with the ID of the task you want to check. You can get this ID from the response when you create a task or list tasks. The response includes the task's current `state`, which can be one of: `queued`, `in_progress`, `completed`, `failed`, `idle`, `waiting_for_user`, `timed_out`, or `cancelled`.
+
+## Further reading
+
+* [AUTOTITLE](/rest/agent-tasks/agent-tasks)
+* [AUTOTITLE](/copilot/concepts/agents/cloud-agent/about-cloud-agent)
+* [AUTOTITLE](/copilot/how-tos/use-copilot-agents/cloud-agent/start-copilot-sessions)
diff --git a/content/organizations/managing-organization-settings/allowing-repository-admins-to-rename-branches-with-organization-rulesets.md b/content/organizations/managing-organization-settings/allowing-repository-admins-to-rename-branches-with-organization-rulesets.md
new file mode 100644
index 000000000000..cc1be467d749
--- /dev/null
+++ b/content/organizations/managing-organization-settings/allowing-repository-admins-to-rename-branches-with-organization-rulesets.md
@@ -0,0 +1,30 @@
+---
+title: Allowing repository admins to rename branches with organization rulesets
+intro: 'Organization owners can allow people with repository admin permission to rename branches that are targeted by organization rulesets.'
+versions:
+  feature: repo-admin-branch-rename
+permissions: Organization owners can manage this setting.
+shortTitle: Allow branch renames
+category:
+  - Configure organization features
+---
+
+Organization owners control whether repository administrators can rename branches that are targeted by one or more branch rulesets. For existing organizations, this setting is off by default. For newly created organizations, this setting is on by default.
+
+When this setting is enabled, repository administrators can rename these branches, provided the new branch name is still targeted by all the same organization rulesets as the current branch name. This ensures that rulesets cannot be circumvented through branch renaming.
+
+Organization administrators can rename branches targeted by organization rulesets without restriction.
+
+> [!NOTE]
+> Even with this setting enabled, changing the default branch of a repository still requires an organization administrator when organization rulesets are in play.
+
+{% data reusables.profile.access_org %}
+{% data reusables.profile.org_settings %}
+{% data reusables.organizations.member-privileges %}
+1. Under "Branch renames", select **Allow repository administrators to rename branches protected by organization rules**.
+1. Click **Save**.
+
+## Further reading
+
+* [AUTOTITLE](/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch)
+* [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-renaming-protected-branches)
diff --git a/content/organizations/managing-organization-settings/index.md b/content/organizations/managing-organization-settings/index.md
index db9ff62ef0a5..705eee09994b 100644
--- a/content/organizations/managing-organization-settings/index.md
+++ b/content/organizations/managing-organization-settings/index.md
@@ -27,6 +27,7 @@ children:
   - /configuring-the-retention-period-for-github-actions-artifacts-and-logs-in-your-organization
   - /setting-permissions-for-adding-outside-collaborators
   - /allowing-people-to-delete-issues-in-your-organization
+  - /allowing-repository-admins-to-rename-branches-with-organization-rulesets
   - /enabling-or-disabling-github-discussions-for-an-organization
   - /managing-discussion-creation-for-repositories-in-your-organization
   - /managing-the-commit-signoff-policy-for-your-organization
diff --git a/content/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization.md b/content/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization.md
index 7c102b0c8ff1..360d319574c3 100644
--- a/content/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization.md
+++ b/content/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization.md
@@ -13,7 +13,17 @@ category:
 
 ## About managing rulesets for an organization
 
-After creating a ruleset at the organization level, you can make changes to the ruleset to alter how people can interact with the targeted repositories. For example, you can add rules to better protect the branches or tags in those repositories{% ifversion not fpt %}, or you can switch your ruleset from "Evaluate" mode to "Active" after testing its effects on the contributor experience for your repositories{% endif %}. Organizational rulesets that apply to branches of a repository will no longer allow the repository administrator to rename branches of the targeted repository or change the default branch to another branch. Repository administrators may create and delete branches so long as they have the appropriate permissions.
+After creating a ruleset at the organization level, you can make changes to the ruleset to alter how people can interact with the targeted repositories. For example, you can add rules to better protect the branches or tags in those repositories{% ifversion not fpt %}, or you can switch your ruleset from "Evaluate" mode to "Active" after testing its effects on the contributor experience for your repositories{% endif %}.
+
+{% ifversion repo-admin-branch-rename %}
+
+For information about how organizational rulesets affect branch renaming, see [AUTOTITLE](/organizations/managing-organization-settings/allowing-repository-admins-to-rename-branches-with-organization-rulesets).
+
+{% else %}
+
+Organizational rulesets that apply to branches of a repository will not allow the repository administrator to rename branches of the targeted repository or change the default branch to another branch.
+
+{% endif %}
 
 {% ifversion push-rule-delegated-bypass %}
 
diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/changing-the-default-branch.md b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/changing-the-default-branch.md
index 870d1ffab735..596c304f0b3e 100644
--- a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/changing-the-default-branch.md
+++ b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/changing-the-default-branch.md
@@ -27,9 +27,13 @@ You can also rename the default branch. For more information, see [AUTOTITLE](/r
 
 To change the default branch, your repository must have more than one branch. For more information, see [AUTOTITLE](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-and-deleting-branches-within-your-repository#creating-a-branch).
 
-{% ifversion not fpt %}
+{% ifversion repo-admin-branch-rename %}
 
-Rulesets at the organization{% ifversion ghec %} or enterprise{% endif %} level that apply to branches of a repository will not allow the repository administrator to rename branches of the targeted repository or change the default branch to another branch. See [AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization){% ifversion ghec %} or [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-code-governance){% endif %}.
+If organizational or enterprise rulesets target branches in your repository, changing the default branch requires an organization or enterprise administrator. Whether repository administrators can rename other targeted branches depends on the branch-rename setting or policy configured by your organization or enterprise. For more information, see [AUTOTITLE](/organizations/managing-organization-settings/allowing-repository-admins-to-rename-branches-with-organization-rulesets).
+
+{% else %}
+
+Rulesets at the organization level that apply to branches of a repository will not allow the repository administrator to rename branches of the targeted repository or change the default branch to another branch. See [AUTOTITLE](/organizations/managing-organization-settings/managing-rulesets-for-repositories-in-your-organization).
 
 {% endif %}
 
diff --git a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch.md b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch.md
index deaf25c20cf3..a6039f2e0f40 100644
--- a/content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch.md
+++ b/content/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch.md
@@ -1,7 +1,7 @@
 ---
 title: Renaming a branch
 intro: You can change the name of a branch in a repository.
-permissions: 'People with write permissions to a repository can rename a branch in the repository unless it is the [default branch](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch) or a [protected branch](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches). People with admin permissions can rename the default branch and protected branches.'
+permissions: 'People with write permissions to a repository can rename a branch in the repository unless it is the [default branch](/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch) or covered by a [branch protection](/repositories/configuring-branches-and-merges-in-your-repository/managing-protected-branches/about-protected-branches) or ruleset. People with admin permissions can rename the default branch and protected branches.'
 versions:
   fpt: '*'
   ghes: '*'
@@ -24,7 +24,27 @@ Although file URLs are automatically redirected, raw file URLs are not redirecte
 
 {% data variables.product.prodname_actions %} workflows do not follow renames, so if your repository publishes an action, anyone using that action with `@{old-branch-name}` will break. You should consider adding a new branch with the original content plus an additional commit reporting that the branch name is {% data variables.release-phases.closing_down %} and suggesting that users migrate to the new branch name.
 
-Organizational rulesets that apply to branches of a repository will no longer allow the repository administrator to rename branches of the targeted repository or change the default branch to another branch. Repository administrators may create and delete branches so long as they have the appropriate permissions.
+## Who can rename a branch
+
+Most branches can be renamed by any user with **write** permission to the repository.
+
+Some branches can only be renamed by a repository administrator: the repository's default branch, and any branch covered by a branch protection or a repository-level branch ruleset.
+
+{% ifversion repo-admin-branch-rename %}
+
+When organization-level or enterprise-level rulesets target branches in a repository, renaming those branches typically requires an organization or enterprise administrator.
+
+However, organization and enterprise owners can allow repository administrators to rename branches covered by these rulesets, provided the new branch name is still subject to all the same rules as the current name. Changing the default branch still requires an organization or enterprise administrator when rulesets are in play.
+
+For more information, see [AUTOTITLE](/organizations/managing-organization-settings/allowing-repository-admins-to-rename-branches-with-organization-rulesets) and [AUTOTITLE](/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-repository-management-policies-in-your-enterprise#enforcing-a-policy-for-renaming-protected-branches).
+
+{% else %}
+
+Organizational rulesets that apply to branches of a repository will not allow the repository administrator to rename branches of the targeted repository or change the default branch to another branch.
+
+{% endif %}
+
+Repository administrators may create and delete branches so long as they have the appropriate permissions.
 
 ## Renaming a branch
 
diff --git a/data/features/repo-admin-branch-rename.yml b/data/features/repo-admin-branch-rename.yml
new file mode 100644
index 000000000000..94585623c258
--- /dev/null
+++ b/data/features/repo-admin-branch-rename.yml
@@ -0,0 +1,6 @@
+# Reference: github/releases#8431
+# Allow repo admins to rename branches protected by org/enterprise rulesets
+versions:
+  fpt: '*'
+  ghec: '*'
+  ghes: '>=3.22'
diff --git a/data/reusables/actions/supported-github-runners.md b/data/reusables/actions/supported-github-runners.md
index 6fe7599fece1..275f99ea2ede 100644
--- a/data/reusables/actions/supported-github-runners.md
+++ b/data/reusables/actions/supported-github-runners.md
@@ -36,7 +36,7 @@ For public repositories, jobs using the workflow labels shown in the table below
       <td>
         <code><a href="https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-Readme.md">windows-latest</a></code>,
          <code><a href="https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-Readme.md">windows-2025</a></code>,
-        <code><a href="https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-VS2026-Readme.md">windows-2025-vs2026</a></code> ({% data variables.release-phases.public_preview %}),
+        <code><a href="https://github.com/actions/runner-images/blob/main/images/windows/Windows2025-VS2026-Readme.md">windows-2025-vs2026</a></code>,
         <code><a href="https://github.com/actions/runner-images/blob/main/images/windows/Windows2022-Readme.md">windows-2022</a></code>
       </td>
     </tr>
diff --git a/data/reusables/code-scanning/codeql-query-tables/cpp.md b/data/reusables/code-scanning/codeql-query-tables/cpp.md
index 205c6a2e8e37..b2377b166a48 100644
--- a/data/reusables/code-scanning/codeql-query-tables/cpp.md
+++ b/data/reusables/code-scanning/codeql-query-tables/cpp.md
@@ -12,6 +12,7 @@
 | [CGI script vulnerable to cross-site scripting](https://codeql.github.com/codeql-query-help/cpp/cpp-cgi-xss/) | 079 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Cleartext storage of sensitive information in file](https://codeql.github.com/codeql-query-help/cpp/cpp-cleartext-storage-file/) | 260, 313 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Cleartext transmission of sensitive information](https://codeql.github.com/codeql-query-help/cpp/cpp-cleartext-transmission/) | 319, 359 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Comparison of narrow type with wide type in loop condition](https://codeql.github.com/codeql-query-help/cpp/cpp-comparison-with-wider-type/) | 190, 197, 835 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Dangerous use of 'cin'](https://codeql.github.com/codeql-query-help/cpp/cpp-dangerous-cin/) | 676 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Exposure of system data to an unauthorized control sphere](https://codeql.github.com/codeql-query-help/cpp/cpp-system-data-exposure/) | 497 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Failure to use HTTPS URLs](https://codeql.github.com/codeql-query-help/cpp/cpp-non-https-url/) | 319, 345 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -20,6 +21,7 @@
 | [Iterator to expired container](https://codeql.github.com/codeql-query-help/cpp/cpp-iterator-to-expired-container/) | 416, 664 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Likely overrunning write](https://codeql.github.com/codeql-query-help/cpp/cpp-very-likely-overrunning-write/) | 120, 787, 805 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Mismatching new/free or malloc/delete](https://codeql.github.com/codeql-query-help/cpp/cpp-new-free-mismatch/) | 401 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Multiplication result converted to larger type](https://codeql.github.com/codeql-query-help/cpp/cpp-integer-multiplication-cast-to-long/) | 190, 192, 197, 681 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [No space for zero terminator](https://codeql.github.com/codeql-query-help/cpp/cpp-no-space-for-terminator/) | 131, 120, 122 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Pointer overflow check](https://codeql.github.com/codeql-query-help/cpp/cpp-pointer-overflow-check/) | 758 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Potential double free](https://codeql.github.com/codeql-query-help/cpp/cpp-double-free/) | 415 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
@@ -31,6 +33,7 @@
 | [Setting a DACL to NULL in a SECURITY_DESCRIPTOR](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-dacl-security-descriptor/) | 732 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Signed overflow check](https://codeql.github.com/codeql-query-help/cpp/cpp-signed-overflow-check/) | 128, 190 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Static array access may cause overflow](https://codeql.github.com/codeql-query-help/cpp/cpp-static-buffer-overflow/) | 119, 131 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Suspicious add with sizeof](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-add-sizeof/) | 468 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Time-of-check time-of-use filesystem race condition](https://codeql.github.com/codeql-query-help/cpp/cpp-toctou-race-condition/) | 367 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Too few arguments to formatting function](https://codeql.github.com/codeql-query-help/cpp/cpp-wrong-number-format-arguments/) | 234, 685 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Uncontrolled data in arithmetic expression](https://codeql.github.com/codeql-query-help/cpp/cpp-uncontrolled-arithmetic/) | 190, 191 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -47,6 +50,7 @@
 | [Use of expired stack-address](https://codeql.github.com/codeql-query-help/cpp/cpp-using-expired-stack-address/) | 825 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Use of string after lifetime ends](https://codeql.github.com/codeql-query-help/cpp/cpp-use-of-string-after-lifetime-ends/) | 416, 664 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Use of unique pointer after lifetime ends](https://codeql.github.com/codeql-query-help/cpp/cpp-use-of-unique-pointer-after-lifetime-ends/) | 416, 664 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
+| [Wrong type of arguments to formatting function](https://codeql.github.com/codeql-query-help/cpp/cpp-wrong-type-format-argument/) | 686 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [XML external entity expansion](https://codeql.github.com/codeql-query-help/cpp/cpp-external-entity-expansion/) | 611 | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Array offset used before range check](https://codeql.github.com/codeql-query-help/cpp/cpp-offset-use-before-range-check/) | 120, 125 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Authentication bypass by spoofing](https://codeql.github.com/codeql-query-help/cpp/cpp-user-controlled-bypass/) | 290 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
@@ -58,13 +62,11 @@
 | [Cleartext storage of sensitive information in an SQLite database](https://codeql.github.com/codeql-query-help/cpp/cpp-cleartext-storage-database/) | 313 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Cleartext storage of sensitive information in buffer](https://codeql.github.com/codeql-query-help/cpp/cpp-cleartext-storage-buffer/) | 312 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Comma before misleading indentation](https://codeql.github.com/codeql-query-help/cpp/cpp-comma-before-misleading-indentation/) | 1078, 670 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Comparison of narrow type with wide type in loop condition](https://codeql.github.com/codeql-query-help/cpp/cpp-comparison-with-wider-type/) | 190, 197, 835 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [File created without restricting permissions](https://codeql.github.com/codeql-query-help/cpp/cpp-world-writable-file-creation/) | 732 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Incorrect 'not' operator usage](https://codeql.github.com/codeql-query-help/cpp/cpp-incorrect-not-operator-usage/) | 480 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Incorrect allocation-error handling](https://codeql.github.com/codeql-query-help/cpp/cpp-incorrect-allocation-error-handling/) | 570, 252, 755 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Invalid pointer dereference](https://codeql.github.com/codeql-query-help/cpp/cpp-invalid-pointer-deref/) | 119, 125, 193, 787 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Missing return-value check for a 'scanf'-like function](https://codeql.github.com/codeql-query-help/cpp/cpp-missing-check-scanf/) | 252, 253 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Multiplication result converted to larger type](https://codeql.github.com/codeql-query-help/cpp/cpp-integer-multiplication-cast-to-long/) | 190, 192, 197, 681 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Non-constant format string](https://codeql.github.com/codeql-query-help/cpp/cpp-non-constant-format/) | 134 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Not enough memory allocated for array of pointer type](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-allocation-size/) | 131, 122 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Not enough memory allocated for pointer type](https://codeql.github.com/codeql-query-help/cpp/cpp-allocation-too-small/) | 131, 122 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -77,7 +79,6 @@
 | [Potentially uninitialized local variable](https://codeql.github.com/codeql-query-help/cpp/cpp-uninitialized-local/) | 665, 457 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Potentially unsafe use of strcat](https://codeql.github.com/codeql-query-help/cpp/cpp-unsafe-strcat/) | 676, 120, 251 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Suspicious 'sizeof' use](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-sizeof/) | 467 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Suspicious add with sizeof](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-add-sizeof/) | 468 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Suspicious pointer scaling](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-pointer-scaling/) | 468 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "x" aria-label="Not included" %} |
 | [Suspicious pointer scaling to void](https://codeql.github.com/codeql-query-help/cpp/cpp-suspicious-pointer-scaling-void/) | 468 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Type confusion](https://codeql.github.com/codeql-query-help/cpp/cpp-type-confusion/) | 843 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
@@ -88,6 +89,5 @@
 | [Unterminated variadic call](https://codeql.github.com/codeql-query-help/cpp/cpp-unterminated-variadic-call/) | 121 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Untrusted input for a condition](https://codeql.github.com/codeql-query-help/cpp/cpp-tainted-permissions-check/) | 807 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 | [Use of potentially dangerous function](https://codeql.github.com/codeql-query-help/cpp/cpp-potentially-dangerous-function/) | 676 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
-| [Wrong type of arguments to formatting function](https://codeql.github.com/codeql-query-help/cpp/cpp-wrong-type-format-argument/) | 686 | {% octicon "x" aria-label="Not included" %} | {% octicon "check" aria-label="Included" %} | {% octicon "check" aria-label="Included" %} |
 
 {% endrowheaders %}