Bump github/codeql-action from 2 to 3

[dependabot[bot]]

Bumps github/codeql-action from 2 to 3.

Release notes

Sourced from github/codeql-action's releases.

CodeQL Bundle v2.15.4

Bundles CodeQL CLI v2.15.4

• (changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.15.4:

• codeql/cpp-queries (changelog, source)
• codeql/cpp-all (changelog, source)
• codeql/csharp-queries (changelog, source)
• codeql/csharp-all (changelog, source)
• codeql/go-queries (changelog, source)
• codeql/go-all (changelog, source)
• codeql/java-queries (changelog, source)
• codeql/java-all (changelog, source)
• codeql/javascript-queries (changelog, source)
• codeql/javascript-all (changelog, source)
• codeql/python-queries (changelog, source)
• codeql/python-all (changelog, source)
• codeql/ruby-queries (changelog, source)
• codeql/ruby-all (changelog, source)
• codeql/swift-queries (changelog, source)
• codeql/swift-all (changelog, source)

CodeQL Bundle

Bundles CodeQL CLI v2.15.3

• (changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.15.3:

• codeql/cpp-queries (changelog, source)
• codeql/cpp-all (changelog, source)
• codeql/csharp-queries (changelog, source)
• codeql/csharp-all (changelog, source)
• codeql/go-queries (changelog, source)
• codeql/go-all (changelog, source)
• codeql/java-queries (changelog, source)
• codeql/java-all (changelog, source)
• codeql/javascript-queries (changelog, source)
• codeql/javascript-all (changelog, source)
• codeql/python-queries (changelog, source)
• codeql/python-all (changelog, source)
• codeql/ruby-queries (changelog, source)
• codeql/ruby-all (changelog, source)
• codeql/swift-queries (changelog, source)
• codeql/swift-all (changelog, source)

CodeQL Bundle

Bundles CodeQL CLI v2.15.2

• (changelog, release)

Includes the following CodeQL language packs from github/codeql@codeql-cli/v2.15.2:

• codeql/cpp-queries (changelog, source)

... (truncated)

Changelog

Sourced from github/codeql-action's changelog.

Commits

• 3a9f6a8 update javascript files
• cc4fead update version in various hardcoded locations
• 183559c Merge branch 'main' into update-bundle/codeql-bundle-v2.15.4
• 5b52b36 reintroduce PR check that confirm action can be still be compiled on node16
• 5b19bef change to node20 for all actions
• f2d0c2e upgrade node type definitions
• d651fbc change to node20 for all actions
• 382a50a Merge pull request #2021 from github/mergeback/v2.22.9-to-main-c0d1daa7
• 458b422 Update checked-in dependencies
• 5e0f9db Update changelog and version after v2.22.9
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[coveralls]

Pull Request Test Coverage Report for Build 7388194877

• 0 of 0 changed or added relevant lines in 0 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage remained the same at 0.0%

---

Totals
Change from base Build 7388153480:	0.0%
Covered Lines:	0
Relevant Lines:	0

---

💛 - Coveralls

[dav3r]

FYI @schmelz21 @JCantu248 @ameliav, while you are welcome to merge this PR sooner if you want (or need) to, we typically wait until the parent repo PR (in this case https://github.com/cisagov/skeleton-python-library/pull/128) is merged, along with any other new PRs from the parent, then all of those changes will get bundled into a single lineage PR (a la https://github.com/cisagov/tpt-reports/pull/80) for you to review. After you merge that lineage PR, any redundant dependabot PRs should get closed automatically by dependabot.

[schmelz21]

FYI @schmelz21 @JCantu248 @ameliav, while you are welcome to merge this PR sooner if you want (or need) to, we typically wait until the parent repo PR (in this case cisagov/skeleton-python-library#128) is merged, along with any other new PRs from the parent, then all of those changes will get bundled into a single lineage PR (a la #80) for you to review. After you merge that lineage PR, any redundant dependabot PRs should get closed automatically by dependabot.

@dav3r - thanks for the clarification. For the purposes of this app, we will wait on the lineage PR. Not critical to merge at this time.