From b6b0833c3dcbc510e52e232ffa10b394011136f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Oct 2023 14:33:15 -0700 Subject: [PATCH 1/5] Bump urllib3 in /python-setup/tests/pipenv/python-3.8 (#1954) Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.6 to 2.0.7. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.0.6...2.0.7) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- python-setup/tests/pipenv/python-3.8/Pipfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python-setup/tests/pipenv/python-3.8/Pipfile.lock b/python-setup/tests/pipenv/python-3.8/Pipfile.lock index 06d3fc63e7..8fc3f2c98d 100644 --- a/python-setup/tests/pipenv/python-3.8/Pipfile.lock +++ b/python-setup/tests/pipenv/python-3.8/Pipfile.lock @@ -139,12 +139,12 @@ }, "urllib3": { "hashes": [ - "sha256:7a7c7003b000adf9e7ca2a377c9688bbc54ed41b985789ed576570342a375cd2", - "sha256:b19e1a85d206b56d7df1d5e683df4a7725252a964e3993648dd0fb5a1c157564" + "sha256:c97dfde1f7bd43a71c8d2a58e369e9b2bf692d1334ea9f9cae55add7d0dd0f84", + "sha256:fdb6d215c776278489906c2f8916e6e7d4f5a9b602ccbcfdf7f016fc8da0596e" ], "index": "pypi", "markers": "python_version >= '3.7'", - "version": "==2.0.6" + "version": "==2.0.7" } }, "develop": {} From aa55b87f8723d3b0ef9a4163d3952d085d692c7e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Oct 2023 14:33:37 -0700 Subject: [PATCH 2/5] Bump urllib3 in /python-setup/tests/pipenv/requests-3 (#1955) Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.0.6 to 2.0.7. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.0.6...2.0.7) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- python-setup/tests/pipenv/requests-3/Pipfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python-setup/tests/pipenv/requests-3/Pipfile.lock b/python-setup/tests/pipenv/requests-3/Pipfile.lock index d4483f5628..0ee35b3d84 100644 --- a/python-setup/tests/pipenv/requests-3/Pipfile.lock +++ b/python-setup/tests/pipenv/requests-3/Pipfile.lock @@ -137,12 +137,12 @@ }, "urllib3": { "hashes": [ - "sha256:7a7c7003b000adf9e7ca2a377c9688bbc54ed41b985789ed576570342a375cd2", - "sha256:b19e1a85d206b56d7df1d5e683df4a7725252a964e3993648dd0fb5a1c157564" + "sha256:c97dfde1f7bd43a71c8d2a58e369e9b2bf692d1334ea9f9cae55add7d0dd0f84", + "sha256:fdb6d215c776278489906c2f8916e6e7d4f5a9b602ccbcfdf7f016fc8da0596e" ], "index": "pypi", "markers": "python_version >= '3.7'", - "version": "==2.0.6" + "version": "==2.0.7" } }, "develop": {} From a75a0d5716c40695ffa2977b51b8bd0daff48b87 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Oct 2023 15:33:48 -0700 Subject: [PATCH 3/5] Bump urllib3 in /python-setup/tests/poetry/requests-3 (#1956) Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.17 to 1.26.18. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.17...1.26.18) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- python-setup/tests/poetry/requests-3/poetry.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python-setup/tests/poetry/requests-3/poetry.lock b/python-setup/tests/poetry/requests-3/poetry.lock index 2504dc4655..13c2c71d0a 100644 --- a/python-setup/tests/poetry/requests-3/poetry.lock +++ b/python-setup/tests/poetry/requests-3/poetry.lock @@ -59,13 +59,13 @@ use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"] [[package]] name = "urllib3" -version = "1.26.17" +version = "1.26.18" description = "HTTP library with thread-safe connection pooling, file post, and more." optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*" files = [ - {file = "urllib3-1.26.17-py2.py3-none-any.whl", hash = "sha256:94a757d178c9be92ef5539b8840d48dc9cf1b2709c9d6b588232a055c524458b"}, - {file = "urllib3-1.26.17.tar.gz", hash = "sha256:24d6a242c28d29af46c3fae832c36db3bbebcc533dd1bb549172cd739c82df21"}, + {file = "urllib3-1.26.18-py2.py3-none-any.whl", hash = "sha256:34b97092d7e0a3a8cf7cd10e386f401b3737364026c45e622aa02903dffe0f07"}, + {file = "urllib3-1.26.18.tar.gz", hash = "sha256:f8ecc1bba5667413457c529ab955bf8c67b45db799d159066261719e328580a0"}, ] [package.extras] From 77bbb99abd466b60ab05e710e898ebe72cc5a8a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Oct 2023 15:34:08 -0700 Subject: [PATCH 4/5] Bump urllib3 in /python-setup/tests/poetry/python-3.8 (#1957) Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.17 to 1.26.18. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/1.26.17...1.26.18) --- updated-dependencies: - dependency-name: urllib3 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- python-setup/tests/poetry/python-3.8/poetry.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python-setup/tests/poetry/python-3.8/poetry.lock b/python-setup/tests/poetry/python-3.8/poetry.lock index 70c17430ca..bd2f771a80 100644 --- a/python-setup/tests/poetry/python-3.8/poetry.lock +++ b/python-setup/tests/poetry/python-3.8/poetry.lock @@ -59,13 +59,13 @@ use-chardet-on-py3 = ["chardet (>=3.0.2,<6)"] [[package]] name = "urllib3" -version = "1.26.17" +version = "1.26.18" description = "HTTP library with thread-safe connection pooling, file post, and more." optional = false python-versions = ">=2.7, !=3.0.*, !=3.1.*, !=3.2.*, !=3.3.*, !=3.4.*, !=3.5.*" files = [ - {file = "urllib3-1.26.17-py2.py3-none-any.whl", hash = "sha256:94a757d178c9be92ef5539b8840d48dc9cf1b2709c9d6b588232a055c524458b"}, - {file = "urllib3-1.26.17.tar.gz", hash = "sha256:24d6a242c28d29af46c3fae832c36db3bbebcc533dd1bb549172cd739c82df21"}, + {file = "urllib3-1.26.18-py2.py3-none-any.whl", hash = "sha256:34b97092d7e0a3a8cf7cd10e386f401b3737364026c45e622aa02903dffe0f07"}, + {file = "urllib3-1.26.18.tar.gz", hash = "sha256:f8ecc1bba5667413457c529ab955bf8c67b45db799d159066261719e328580a0"}, ] [package.extras] From 4a368f64ad12c37745429168fc8de8672d16d5a6 Mon Sep 17 00:00:00 2001 From: Angela P Wen Date: Wed, 18 Oct 2023 16:00:03 -0700 Subject: [PATCH 5/5] Add announcement on Node 16 deprecation (#1960) --- CHANGELOG.md | 5 ++++- README.md | 9 +++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 534f25ce5c..22507465b6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th ## [UNRELEASED] -No user facing changes. +- Users will begin to see warnings on Node.js 16 deprecation in their Actions logs on code scanning runs starting October 23, 2023. + - All code scanning workflows should continue to succeed regardless of the warning. + - The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20. + - For more information, and to communicate with the maintaining team, please use [this issue](https://github.com/github/codeql-action/issues/1959). ## 2.22.3 - 13 Oct 2023 diff --git a/README.md b/README.md index 781f2aa192..e4fe26e359 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,15 @@ This action runs GitHub's industry-leading semantic code analysis engine, [CodeQ For a list of recent changes, see the CodeQL Action's [changelog](CHANGELOG.md). +## :loudspeaker: Node 16 deprecation, upcoming CodeQL Action v3 :loudspeaker: +Announcement for users of this Action and code scanning workflows on GitHub.com: + +- You will begin to see these warnings about Node.js 16 deprecation in your Actions logs on code scanning runs starting October 23, 2023. +- All code scanning workflows should continue to succeed regardless of the warning. +- The team at GitHub maintaining the CodeQL Action is aware of the deprecation timeline and actively working on creating another version of the CodeQL Action, v3, that will bump us to Node 20. + +For more information, and to communicate with the maintaining team, please use [this issue](https://github.com/github/codeql-action/issues/1959). + ## License This project is released under the [MIT License](LICENSE).