Merge releases/v3 into releases/v2

[henrymercer]

Merging b7cec7526 into releases/v2.

Conductor for this PR is @henrymercer.

Contains the following pull requests:

• 2273 (@aeisenberg)

• 2274 (@aeisenberg)

• 2276 (@henrymercer)

• 2277 (@henrymercer)

• 2279 (@henrymercer)

• 2280 (@henrymercer)

• 2282 (@henrymercer)

• 2283 (@henrymercer)

• 2287 (@henrymercer)

Please do the following:

• [ ] Ensure the CHANGELOG displays the correct version and date.
• [ ] Ensure the CHANGELOG includes all relevant, user-facing changes since the last release.
• [ ] Check that there are not any unexpected commits being merged into the releases/v2 branch.
• [ ] Ensure the docs team is aware of any documentation changes that need to be released.
• [ ] Remove and re-add the "Update dependencies" label to the PR to trigger just this workflow.
• [ ] Wait for the "Update dependencies" workflow to push a commit updating the dependencies.
• [ ] Mark the PR as ready for review to trigger the full set of PR checks.
• [ ] Approve and merge this PR. Make sure Create a merge commit is selected rather than Squash and merge or Rebase and merge.

[github-actions[bot]]

Pushed a commit to update the checked-in dependencies. Please mark the PR as ready for review to trigger PR checks.

[NlightNFotis]

Hello, don't know how useful my review on this would be, but happy to do a review if needed.

I do have a question though, just to build my understanding of our process:

This is the PR that adds the new features to the release branch correct? Assuming it gets merged, this means that anyone using the action/v2 will be able to pick these changes up next time they run the action. Or am I misunderstanding?

[NlightNFotis]

On second thoughts, I had a look at the diff, and this appears to be just a sync PR, needing just a stamp. Happy to give it to unblock us.

[henrymercer]

That's right — currently we bring all the latest features from v3 into v2 (apart from Node 20 support), and to do that we have a backport PR like this each time we release the CodeQL Action. Usually it's automatically generated, but this one updated a workflow file, and updating workflow files requires a PAT, so we had to run it manually. Thanks for the review!