chore: bump github/codeql-action from 2.2.7 to 2.2.9

[dependabot]

Bumps github/codeql-action from 2.2.7 to 2.2.9.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

[UNRELEASED]

No user facing changes.

2.2.9 - 27 Mar 2023

• Customers post-processing the SARIF output of the analyze Action before uploading it to Code Scanning will benefit from an improved debugging experience. #1598
  • The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using upload: false. Previously, this was only available for customers using the default value of the upload input.
  • The upload input to the analyze Action now accepts the following values:
    • always is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
    • failure-only is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
    • never avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
    • The legacy true and false options will be interpreted as always and failure-only respectively.

2.2.8 - 22 Mar 2023

• Update default CodeQL bundle version to 2.12.5. #1585

2.2.7 - 15 Mar 2023

No user facing changes.

2.2.6 - 10 Mar 2023

• Update default CodeQL bundle version to 2.12.4. #1561

2.2.5 - 24 Feb 2023

• Update default CodeQL bundle version to 2.12.3. #1543

2.2.4 - 10 Feb 2023

No user facing changes.

2.2.3 - 08 Feb 2023

• Update default CodeQL bundle version to 2.12.2. #1518

2.2.2 - 06 Feb 2023

• Fix an issue where customers using the CodeQL Action with the CodeQL Action sync tool would not be able to obtain the CodeQL tools. #1517

2.2.1 - 27 Jan 2023

No user facing changes.

2.2.0 - 26 Jan 2023

... (truncated)

Commits

• 04df126 Merge pull request #1608 from github/update-v2.2.9-fb32c3fef
• f0988cb Move changelog note to correct section
• fef20d6 Update changelog for v2.2.9
• fb32c3f Merge pull request #1605 from github/henrymercer/diagnostics-grouping-workaround
• 329c022 Just check the number of locations
• c8935d5 Remove duplicate locations from failed run SARIF
• ade432f Remove duplicate locations from output of database interpret-results
• 6f852ee Implement removing duplicate locations from a SARIF file
• 097ab46 Speed up checks a bit by just running the standard suite
• befd804 Extend diagnostics export integration test to capture location bug
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #811 (88def94) into main (9893baf) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #811   +/-   ##
=======================================
  Coverage   50.92%   50.92%           
=======================================
  Files          36       36           
  Lines        2370     2370           
=======================================
  Hits         1207     1207           
  Misses       1116     1116           
  Partials       47       47           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[aramase]

/azp run Azure Workload Identity CI

[azure-pipelines]

Azure Pipelines could not run because the pipeline triggers exclude this branch/path.