chore(deps): bump github/codeql-action from 2.1.36 to 2.1.37 (#3645)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 2.1.36 to 2.1.37.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>2.1.37 - 14 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.6. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1433">#1433</a></li>
</ul>
<h2>2.1.36 - 08 Dec 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.5. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1412">#1412</a></li>
<li>Add a step that tries to upload a SARIF file for the workflow run
when that workflow run fails. This will help better surface failed code
scanning workflow runs. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1393">#1393</a></li>
<li>Python automatic dependency installation will no longer consider
dependecy code installed in venv as user-written, for projects using
Poetry that specify <code>virtualenvs.in-project = true</code> in their
<code>poetry.toml</code>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1419">#1419</a>.</li>
</ul>
<h2>2.1.35 - 01 Dec 2022</h2>
<p>No user facing changes.</p>
<h2>2.1.34 - 25 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.4. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1391">#1391</a></li>
<li>Fixed a bug where some the <code>init</code> action and the
<code>analyze</code> action would have different sets of experimental
feature flags enabled. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1384">#1384</a></li>
</ul>
<h2>2.1.33 - 16 Nov 2022</h2>
<ul>
<li>Go is now analyzed in the same way as other compiled languages such
as C/C++, C#, and Java. This completes the rollout of the feature
described in <a
href="https://github.com/github/codeql-action/blob/main/#2127---06-oct-2022">CodeQL
Action version 2.1.27</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1322">#1322</a></li>
<li>Bump the minimum CodeQL bundle version to 2.6.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1358">#1358</a></li>
</ul>
<h2>2.1.32 - 14 Nov 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.3. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1348">#1348</a></li>
<li>Update the ML-powered additional query pack for JavaScript to
version 0.4.0. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1351">#1351</a></li>
</ul>
<h2>2.1.31 - 04 Nov 2022</h2>
<ul>
<li>The <code>rb/weak-cryptographic-algorithm</code> Ruby query has been
updated to no longer report uses of hash functions such as
<code>MD5</code> and <code>SHA1</code> even if they are known to be
weak. These hash algorithms are used very often in non-sensitive
contexts, making the query too imprecise in practice. For more
information, see the corresponding change in the <a
href="https://github-redirect.dependabot.com/github/codeql/pull/11129">github/codeql
repository</a>. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1344">#1344</a></li>
</ul>
<h2>2.1.30 - 02 Nov 2022</h2>
<ul>
<li>Improve the error message when using CodeQL bundle version 2.7.2 and
earlier in a workflow that runs on a runner image such as
<code>ubuntu-22.04</code> that uses glibc version 2.34 and later. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1334">#1334</a></li>
</ul>
<h2>2.1.29 - 26 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.2. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1320">#1320</a></li>
</ul>
<h2>2.1.28 - 18 Oct 2022</h2>
<ul>
<li>Update default CodeQL bundle version to 2.11.1. <a
href="https://github-redirect.dependabot.com/github/codeql-action/pull/1294">#1294</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/959cbb7472c4d4ad70cdfe6f4976053fe48ab394"><code>959cbb7</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1436">#1436</a>
from github/update-v2.1.37-d58039a1</li>
<li><a
href="https://github.com/github/codeql-action/commit/10ca836463902e2860cb03c23dc7a3ee659d32dc"><code>10ca836</code></a>
Update changelog for v2.1.37</li>
<li><a
href="https://github.com/github/codeql-action/commit/d58039a1e3151bdd087ec4044da5183fc5d14d60"><code>d58039a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1435">#1435</a>
from github/orhantoy/add-CODE_SCANNING_REF-tests</li>
<li><a
href="https://github.com/github/codeql-action/commit/37a44962378d1984d228e6ac1cb838a701a35c28"><code>37a4496</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1433">#1433</a>
from github/henrymercer/use-codeql-2.11.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/b7028afcb462569c0fa0516f58467b0d561b8c57"><code>b7028af</code></a>
Make sure env is reset between tests</li>
<li><a
href="https://github.com/github/codeql-action/commit/f629dada4c57c444f2c4fd20a2c2e1e4ab6adcfe"><code>f629dad</code></a>
Merge branch 'main' into henrymercer/use-codeql-2.11.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/ccee4c68ff1bd1c6bbe262703b9707d937d5846a"><code>ccee4c6</code></a>
Add tests for CODE_SCANNING_REF</li>
<li><a
href="https://github.com/github/codeql-action/commit/899bf9c076bcf8a9b657dd1b6d6a8270f89f356a"><code>899bf9c</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/github/codeql-action/issues/1432">#1432</a>
from github/henrymercer/init-post-telemetry</li>
<li><a
href="https://github.com/github/codeql-action/commit/dd7c3ef80e9300ee54af3196a0dd0671537ebfd4"><code>dd7c3ef</code></a>
Remove debugging log statements</li>
<li><a
href="https://github.com/github/codeql-action/commit/b7b875efff184017fd6ec63be41745ab382afac5"><code>b7b875e</code></a>
Reuse existing fields in post-init status report</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/a669cc5936cc5e1b6a362ec1ff9e410dc570d190...959cbb7472c4d4ad70cdfe6f4976053fe48ab394">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=2.1.36&new-version=2.1.37)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/codeql.yml

@@ -20,6 +20,6 @@ jobs:
       with:
         go-version: '>=1.19.4'
         cache: true
-    - uses: github/codeql-action/init@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 # v2
-    - uses: github/codeql-action/autobuild@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 # v2
-    - uses: github/codeql-action/analyze@a669cc5936cc5e1b6a362ec1ff9e410dc570d190 # v2
+    - uses: github/codeql-action/init@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2
+    - uses: github/codeql-action/autobuild@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2
+    - uses: github/codeql-action/analyze@959cbb7472c4d4ad70cdfe6f4976053fe48ab394 # v2