I will squash this down once it is working.

I tried manually dismissing all of the warnings from exten/ or build/, lets see if that reduces the noise?

I'm a bit unclear where that state lives though.

I would also like feedback from @QuLogic or @anntzer about the c++ changes to deal with the overflows (I did it two ways, is one better than the other? Is it important to be consistent here? should we have just pushed everything to bigger types?).

It would probably be better to be consistent and use ssize_t everywhere, but let's not lose sleep over that for now.

Also, AFAICT the whole to_string_argb is completely unused (and can be easily implemented with numpy, it's the similar to one-line byteorder swap in cbook._premultiplied_argb32_to_unmultiplied_rgba8888 without the extra alpha handling), so I would just deprecate it together with the Python-level wrappers.

Back to draft because the build does not work again...

Nearly all the changes just hit the now deprecated to_string{,_argb}; just left an additional point re: signedness of num_paths, though it's not a big deal either way.

OK, this is now passing, though I will likely want to clean up the YAML. The JavaScript analysis takes ~6m; the C++/Python one takes ~17m. I think I can split C++/Python back up again now that it's working so that it'll finish quicker. Hopefully we don't end up with too many workflows running in parallel.

I squashed down everything, removed the C++ change and confirmed that CodeQL is still warning about it, so I've now added it back in along with a more explicit message about why the build broke earlier.

This is my PR so I can not approve it, but 👍🏻 from me.

Do we want to standardize the c++ any more or not worry about that right now?

I think since they're deprecated, it's fine to leave them slightly inconsistent since they'll be deleted.