chore(deps): bump github/codeql-action from 579411fb6c2fa885902ffeb0238873661aa2dc29 to a21bb7f968fa17c120cf60e6f0ec444462b718a2

Created by: dependabot[bot]

Bumps github/codeql-action from 579411fb6c2fa885902ffeb0238873661aa2dc29 to a21bb7f968fa17c120cf60e6f0ec444462b718a2.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

[UNRELEASED]

No user facing changes.

2.2.8 - 22 Mar 2023

• Update default CodeQL bundle version to 2.12.5. #1585
• Customers post-processing the SARIF output of the analyze Action before uploading it to Code Scanning will benefit from an improved debugging experience. #1598
  • The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using upload: false. Previously, this was only available for customers using the default value of the upload input.
  • The upload input to the analyze Action now accepts the following values:
    • always is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
    • failure-only is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
    • never avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
    • The legacy true and false options will be interpreted as always and failure-only respectively.

2.2.7 - 15 Mar 2023

No user facing changes.

2.2.6 - 10 Mar 2023

• Update default CodeQL bundle version to 2.12.4. #1561

2.2.5 - 24 Feb 2023

• Update default CodeQL bundle version to 2.12.3. #1543

2.2.4 - 10 Feb 2023

No user facing changes.

2.2.3 - 08 Feb 2023

• Update default CodeQL bundle version to 2.12.2. #1518

2.2.2 - 06 Feb 2023

• Fix an issue where customers using the CodeQL Action with the CodeQL Action sync tool would not be able to obtain the CodeQL tools. #1517

2.2.1 - 27 Jan 2023

No user facing changes.

2.2.0 - 26 Jan 2023

• Improve stability when choosing the default version of CodeQL to use in code scanning workflow runs on Actions on GitHub.com. #1475
  • This change addresses customer reports of code scanning alerts on GitHub.com being closed and reopened during the rollout of new versions of CodeQL in the GitHub Actions runner images.
  • No change is required for the majority of workflows, including:

... (truncated)

Commits

• a21bb7f Update upload input values and logic (#1598)
• 0214d1d Merge pull request #1603 from github/charisk/default-branch-analayzing-override
• 94cc1de Add override for code scanning analysis of default branch
• 04f256d Merge pull request #1602 from github/mergeback/v2.2.8-to-main-67a35a08
• 0b08c9f Update checked-in dependencies
• 1196b1a Update changelog and version after v2.2.8
• 67a35a0 Merge pull request #1601 from github/update-v2.2.8-066b6343e
• 57571ab Update changelog for v2.2.8
• 066b634 Merge pull request #1599 from github/update-supported-enterprise-server-versions
• aefd989 Merge pull request #1597 from github/rneatherway/ghe-dotcom
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)