diff --git a/CHANGELOG.md b/CHANGELOG.md
index 89db180f76..52f3987c32 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 ## [UNRELEASED]
 
+No user facing changes.
+
+## 2.1.39 - 18 Jan 2023
+
 - CodeQL Action v1 is now deprecated, and is no longer updated or supported. For better performance, improved security, and new features, upgrade to v2. For more information, see [this changelog post](https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/). [#1467](https://github.com/github/codeql-action/pull/1466)
 - Python automatic dependency installation will no longer fail for projects using Poetry that specify `virtualenvs.options.no-pip = true` in their `poetry.toml`. [#1431](https://github.com/github/codeql-action/pull/1431)
 - Avoid printing a stack trace and error message when the action fails to find the SHA at the
diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json
index 7eb50bfb11..2656b0955a 100644
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.1.39",
+  "version": "2.1.40",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
diff --git a/package-lock.json b/package-lock.json
index 7df856c31d..118dd5f9ed 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "2.1.39",
+  "version": "2.1.40",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "2.1.39",
+      "version": "2.1.40",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^1.1.0",
diff --git a/package.json b/package.json
index fea2825828..85be734fba 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.1.39",
+  "version": "2.1.40",
   "private": true,
   "description": "CodeQL action",
   "scripts": {