Merge main into releases/v3

.github/actions/setup-swift/action.yml

@@ -33,7 +33,7 @@ runs:
         fi
         echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
 
-    - uses: swift-actions/setup-swift@f51889efb55dccf13be0ee727e3d6c89a096fb4c # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
+    - uses: swift-actions/setup-swift@cdbe0f7f4c77929b6580e71983e8606e55ffe7e4 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
       if: runner.os == 'Linux' && steps.get_swift_version.outputs.version != 'null'
       with:
         swift-version: "${{ steps.get_swift_version.outputs.version }}"

.github/dependabot.yml

@@ -2,6 +2,8 @@ version: 2
 updates:
   - package-ecosystem: npm
     directory: "/"
+    reviewers:
+      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     labels:
@@ -20,6 +22,8 @@ updates:
           - "*"
   - package-ecosystem: github-actions
     directory: "/"
+    reviewers:
+      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     groups:
@@ -28,6 +32,8 @@ updates:
           - "*"
   - package-ecosystem: github-actions
     directory: "/.github/actions/setup-swift/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
+    reviewers:
+      - "github/codeql-production-shield"
     schedule:
       interval: weekly
     groups:

CHANGELOG.md

@@ -4,6 +4,11 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.
 
+## 3.23.1 - 17 Jan 2024
+
+- Update default CodeQL bundle version to 2.16.0. [#2073](https://github.com/github/codeql-action/pull/2073)
+- Change the retention period for uploaded debug artifacts to 7 days. Previously, this was whatever the repository default was. [#2079](https://github.com/github/codeql-action/pull/2079)
+
 ## 3.23.0 - 08 Jan 2024
 
 - We are rolling out a feature in January 2024 that will disable Python dependency installation by default for all users. This improves the speed of analysis while having only a very minor impact on results. You can override this behavior by setting `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION=false` in your workflow, however we plan to remove this ability in future versions of the CodeQL Action. [#2031](https://github.com/github/codeql-action/pull/2031)

README.md

@@ -4,15 +4,6 @@ This action runs GitHub's industry-leading semantic code analysis engine, [CodeQ
 
 For a list of recent changes, see the CodeQL Action's [changelog](CHANGELOG.md).
 
-## :loudspeaker: Node 16 deprecation, upcoming CodeQL Action v3 :loudspeaker:
-Announcement for users of this Action and code scanning workflows on GitHub.com:
-
-- You will begin to see these warnings about Node.js 16 deprecation in your Actions logs on code scanning runs starting October 23, 2023.
-- All code scanning workflows should continue to succeed regardless of the warning.
-- The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20.
-
-For more information, and to communicate with the maintaining team, please use [this issue](https://github.com/github/codeql-action/issues/1959). 
-
 ## License
 
 This project is released under the [MIT License](LICENSE).