Bump github/codeql-action from 2.2.9 to 2.2.12 (jaegertracing#4383)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.2.9 to 2.2.12.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.2.12 - 13 Apr 2023</h2>
<ul>
<li>Include the value of the <code>GITHUB_RUN_ATTEMPT</code> environment
variable in the telemetry sent to GitHub. <a
href="https://github.com/github/codeql-action/pull/1640">#1640</a></li>
<li>Improve the ease of debugging failed runs configured using <a
href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning-for-a-repository#configuring-code-scanning-automatically">default
setup</a>. The CodeQL Action will now upload diagnostic information to
Code Scanning from failed runs configured using default setup. You can
view this diagnostic information on the <a
href="https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/about-the-tool-status-page">tool
status page</a>. <a
href="https://github.com/github/codeql-action/pull/1619">#1619</a></li>
</ul>
<h2>2.2.11 - 06 Apr 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.10 - 05 Apr 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.6. <a
href="https://github.com/github/codeql-action/pull/1629">#1629</a></li>
</ul>
<h2>2.2.9 - 27 Mar 2023</h2>
<ul>
<li>Customers post-processing the SARIF output of the
<code>analyze</code> Action before uploading it to Code Scanning will
benefit from an improved debugging experience. <a
href="https://github.com/github/codeql-action/pull/1598">#1598</a>
<ul>
<li>The CodeQL Action will now upload a SARIF file with debugging
information to Code Scanning on failed runs for customers using
<code>upload: false</code>. Previously, this was only available for
customers using the default value of the <code>upload</code> input.</li>
<li>The <code>upload</code> input to the <code>analyze</code> Action now
accepts the following values:
<ul>
<li><code>always</code> is the default value, which uploads the SARIF
file to Code Scanning for successful and failed runs.</li>
<li><code>failure-only</code> is recommended for customers
post-processing the SARIF file before uploading it to Code Scanning.
This option uploads debugging information to Code Scanning for failed
runs to improve the debugging experience.</li>
<li><code>never</code> avoids uploading the SARIF file to Code Scanning
even if the code scanning run fails. This is not recommended for
external users since it complicates debugging.</li>
<li>The legacy <code>true</code> and <code>false</code> options will be
interpreted as <code>always</code> and <code>failure-only</code>
respectively.</li>
</ul>
</li>
</ul>
</li>
</ul>
<h2>2.2.8 - 22 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.5. <a
href="https://github.com/github/codeql-action/pull/1585">#1585</a></li>
</ul>
<h2>2.2.7 - 15 Mar 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.6 - 10 Mar 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.4. <a
href="https://github.com/github/codeql-action/pull/1561">#1561</a></li>
</ul>
<h2>2.2.5 - 24 Feb 2023</h2>
<ul>
<li>Update default CodeQL bundle version to 2.12.3. <a
href="https://github.com/github/codeql-action/pull/1543">#1543</a></li>
</ul>
<h2>2.2.4 - 10 Feb 2023</h2>
<p>No user facing changes.</p>
<h2>2.2.3 - 08 Feb 2023</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/7df0ce34898d659f95c0c4a09eaa8d4e32ee64db"><code>7df0ce3</code></a>
Merge pull request <a
href="https://github.com/github/codeql-action/issues/1646">#1646</a>
from github/update-v2.2.12-d944b3423</li>
<li><a
href="https://github.com/github/codeql-action/commit/fbedecac345b827920c17b4b3488704f4f5bf0b8"><code>fbedeca</code></a>
Update changelog for v2.2.12</li>
<li><a
href="https://github.com/github/codeql-action/commit/d944b3423d194ae3a11d1d7291ab2f38eb94207a"><code>d944b34</code></a>
Merge pull request <a
href="https://github.com/github/codeql-action/issues/1619">#1619</a>
from github/henrymercer/default-setup-workflow</li>
<li><a
href="https://github.com/github/codeql-action/commit/e3210d8ce3ab70ba62248e01804f8ace92086dc3"><code>e3210d8</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/599f4927f24ee8729768e58d8ba4c60b93bc1833"><code>599f492</code></a>
Allow passing the workflow via an environment variable</li>
<li><a
href="https://github.com/github/codeql-action/commit/ed6c4995fcfc90fa1e870bf955dd15e010cf71e8"><code>ed6c499</code></a>
Merge pull request <a
href="https://github.com/github/codeql-action/issues/1645">#1645</a>
from github/henrymercer/remove-dependencies</li>
<li><a
href="https://github.com/github/codeql-action/commit/c2b5d643fdc41c9b28b4930ec55e93dbedf6636d"><code>c2b5d64</code></a>
Require xml2js <code>&gt;=0.5.0</code> to address CVE-2023-0842</li>
<li><a
href="https://github.com/github/codeql-action/commit/9c13316a15486574cee9cd715fe1892201680a31"><code>9c13316</code></a>
Remove unused dependencies</li>
<li><a
href="https://github.com/github/codeql-action/commit/98f7bbd6102f2c11acb5631e38386a1837dca5a5"><code>98f7bbd</code></a>
Add <code>workflow_run_attempt</code> data to status report (<a
href="https://github.com/github/codeql-action/issues/1640">#1640</a>)</li>
<li><a
href="https://github.com/github/codeql-action/commit/d7b9dcdb855b6df190af13376d458258d9dff7ef"><code>d7b9dcd</code></a>
Bump peter-evans/create-pull-request from 4.2.4 to 5.0.0 (<a
href="https://github.com/github/codeql-action/issues/1643">#1643</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/04df1262e6247151b5ac09cd2c303ac36ad3f62b...7df0ce34898d659f95c0c4a09eaa8d4e32ee64db">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.2.9&new-version=2.2.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yuri Shkuro <[email protected]>

.github/workflows/codeql.yml

@@ -40,7 +40,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@04df1262e6247151b5ac09cd2c303ac36ad3f62b
+      uses: github/codeql-action/init@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -49,7 +49,7 @@ jobs:
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@04df1262e6247151b5ac09cd2c303ac36ad3f62b
+      uses: github/codeql-action/autobuild@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@04df1262e6247151b5ac09cd2c303ac36ad3f62b
+      uses: github/codeql-action/analyze@7df0ce34898d659f95c0c4a09eaa8d4e32ee64db