Merge branch 'main' into update-bundle/codeql-bundle-v2.15.1

2023-10-19 10:38:22 -04:00 · 2023-10-19 10:38:22 -04:00 · b98a636a6b
commit b98a636a6b
parent 0132448784 4a368f64ad
6 changed files with 25 additions and 12 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 ## [UNRELEASED]

 - Update default CodeQL bundle version to 2.15.1. [#1953](https://github.com/github/codeql-action/pull/1953)
+- Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023.
+  - All code scanning workflows should continue to succeed regardless of the warning.
+  - The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.
+  - For more information, and to communicate with the maintaining team, please use [this issue](https://github.com/github/codeql-action/issues/1959). 

 ## 2.22.3 - 13 Oct 2023

--- a/README.md
+++ b/README.md
@ -4,6 +4,15 @@ This action runs GitHub's industry-leading semantic code analysis engine, [CodeQ

 For a list of recent changes, see the CodeQL Action's [changelog](CHANGELOG.md).

+## :loudspeaker: Node 16 deprecation, upcoming CodeQL Action v3 :loudspeaker:
+Announcement for users of this Action and code scanning workflows on GitHub.com:
+
+- You will begin to see these warnings about Node.js 16 deprecation in your Actions logs on code scanning runs starting October 23, 2023.
+- All code scanning workflows should continue to succeed regardless of the warning.
+- The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.
+
+For more information, and to communicate with the maintaining team, please use [this issue](https://github.com/github/codeql-action/issues/1959). 
+
 ## License

 This project is released under the [MIT License](LICENSE).
--- a/python-setup/tests/pipenv/python-3.8/Pipfile.lock
+++ b/python-setup/tests/pipenv/python-3.8/Pipfile.lock
@ -139,12 +139,12 @@
        },
        "urllib3": {
            "hashes": [
-                "sha256:7a7c7003b000adf9e7ca2a377c9688bbc54ed41b985789ed576570342a375cd2",
-                "sha256:b19e1a85d206b56d7df1d5e683df4a7725252a964e3993648dd0fb5a1c157564"
+                "sha256:c97dfde1f7bd43a71c8d2a58e369e9b2bf692d1334ea9f9cae55add7d0dd0f84",
+                "sha256:fdb6d215c776278489906c2f8916e6e7d4f5a9b602ccbcfdf7f016fc8da0596e"
            ],
            "index": "pypi",
            "markers": "python_version >= '3.7'",
-            "version": "==2.0.6"
+            "version": "==2.0.7"
        }
    },
    "develop": {}
--- a/python-setup/tests/pipenv/requests-3/Pipfile.lock
+++ b/python-setup/tests/pipenv/requests-3/Pipfile.lock
@ -137,12 +137,12 @@
        },
        "urllib3": {
            "hashes": [
-                "sha256:7a7c7003b000adf9e7ca2a377c9688bbc54ed41b985789ed576570342a375cd2",
-                "sha256:b19e1a85d206b56d7df1d5e683df4a7725252a964e3993648dd0fb5a1c157564"
+                "sha256:c97dfde1f7bd43a71c8d2a58e369e9b2bf692d1334ea9f9cae55add7d0dd0f84",
+                "sha256:fdb6d215c776278489906c2f8916e6e7d4f5a9b602ccbcfdf7f016fc8da0596e"
            ],
            "index": "pypi",
            "markers": "python_version >= '3.7'",
-            "version": "==2.0.6"
+            "version": "==2.0.7"
        }
    },
    "develop": {}
--- a/python-setup/tests/poetry/python-3.8/poetry.lock
+++ b/python-setup/tests/poetry/python-3.8/poetry.lock
@ -59,13 +59,13 @@ use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"]

 [[package]]
 name = "urllib3"
-version = "1.26.17"
+version = "1.26.18"
 description = "HTTP library with thread-safe connection pooling, file post, and more."
 optional = false
 python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*"
 files = [
-    {file = "urllib3-1.26.17-py2.py3-none-any.whl", hash = "sha256:94a757d178c9be92ef5539b8840d48dc9cf1b2709c9d6b588232a055c524458b"},
-    {file = "urllib3-1.26.17.tar.gz", hash = "sha256:24d6a242c28d29af46c3fae832c36db3bbebcc533dd1bb549172cd739c82df21"},
+    {file = "urllib3-1.26.18-py2.py3-none-any.whl", hash = "sha256:34b97092d7e0a3a8cf7cd10e386f401b3737364026c45e622aa02903dffe0f07"},
+    {file = "urllib3-1.26.18.tar.gz", hash = "sha256:f8ecc1bba5667413457c529ab955bf8c67b45db799d159066261719e328580a0"},
 ]

 [package.extras]
--- a/python-setup/tests/poetry/requests-3/poetry.lock
+++ b/python-setup/tests/poetry/requests-3/poetry.lock
@ -59,13 +59,13 @@ use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"]

 [[package]]
 name = "urllib3"
-version = "1.26.17"
+version = "1.26.18"
 description = "HTTP library with thread-safe connection pooling, file post, and more."
 optional = false
 python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*"
 files = [
-    {file = "urllib3-1.26.17-py2.py3-none-any.whl", hash = "sha256:94a757d178c9be92ef5539b8840d48dc9cf1b2709c9d6b588232a055c524458b"},
-    {file = "urllib3-1.26.17.tar.gz", hash = "sha256:24d6a242c28d29af46c3fae832c36db3bbebcc533dd1bb549172cd739c82df21"},
+    {file = "urllib3-1.26.18-py2.py3-none-any.whl", hash = "sha256:34b97092d7e0a3a8cf7cd10e386f401b3737364026c45e622aa02903dffe0f07"},
+    {file = "urllib3-1.26.18.tar.gz", hash = "sha256:f8ecc1bba5667413457c529ab955bf8c67b45db799d159066261719e328580a0"},
 ]

 [package.extras]