chore(deps): bump github/codeql-action from 2.2.7 to 2.2.8

[dependabot]

Bumps github/codeql-action from 2.2.7 to 2.2.8.

Changelog

Sourced from github/codeql-action's changelog.

2.2.8 - 22 Mar 2023

• Update default CodeQL bundle version to 2.12.5. #1585
• Customers post-processing the SARIF output of the analyze Action before uploading it to Code Scanning will benefit from an improved debugging experience. #1598
  • The CodeQL Action will now upload a SARIF file with debugging information to Code Scanning on failed runs for customers using upload: false. Previously, this was only available for customers using the default value of the upload input.
  • The upload input to the analyze Action now accepts the following values:
    • always is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
    • failure-only is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
    • never avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
    • The legacy true and false options will be interpreted as always and failure-only respectively.

Commits

• 67a35a0 Merge pull request #1601 from github/update-v2.2.8-066b6343e
• 57571ab Update changelog for v2.2.8
• 066b634 Merge pull request #1599 from github/update-supported-enterprise-server-versions
• aefd989 Merge pull request #1597 from github/rneatherway/ghe-dotcom
• 3ca2260 Account for versioning of ghe.com
• 5f20b2c Update supported GitHub Enterprise Server versions.
• 760583e Bump setup-go from v3 to v4 (#1595)
• 0ef7eda Merge pull request #1585 from github/henrymercer/bundle-2.12.5
• 8612813 Merge branch 'main' into henrymercer/bundle-2.12.5
• ebbe965 Merge pull request #1588 from github/update-supported-enterprise-server-versions
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)