Bump github/codeql-action from 3.29.11 to 3.30.0 (#167)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.29.11 to 3.30.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.30.0</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.0 - 01 Sep 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.0/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.30.0 - 01 Sep 2025</h2>
<ul>
<li>Reduce the size of the CodeQL Action, speeding up workflows by
approximately 4 seconds. <a
href="https://redirect.github.com/github/codeql-action/pull/3054">#3054</a></li>
</ul>
<h2>3.29.11 - 21 Aug 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li>
</ul>
<h2>3.29.10 - 18 Aug 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.9 - 12 Aug 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.8 - 08 Aug 2025</h2>
<ul>
<li>Fix an issue where the Action would autodetect unsupported languages
such as HTML. <a
href="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li>
</ul>
<h2>3.29.7 - 07 Aug 2025</h2>
<p>This release rolls back 3.29.6 to address issues with language
autodetection. It is identical to 3.29.5.</p>
<h2>3.29.6 - 07 Aug 2025</h2>
<ul>
<li>The <code>cleanup-level</code> input to the <code>analyze</code>
Action is now deprecated. The CodeQL Action has written a limited amount
of intermediate results to the database since version 2.2.5, and now
automatically manages cleanup. <a
href="https://redirect.github.com/github/codeql-action/pull/2999">#2999</a></li>
<li>Update default CodeQL bundle version to 2.22.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3000">#3000</a></li>
</ul>
<h2>3.29.5 - 29 Jul 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.2. <a
href="https://redirect.github.com/github/codeql-action/pull/2986">#2986</a></li>
</ul>
<h2>3.29.4 - 23 Jul 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.3 - 21 Jul 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.2 - 30 Jun 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d"><code>2d92b76</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3067">#3067</a>
from github/update-v3.30.0-92eada825</li>
<li><a
href="https://github.com/github/codeql-action/commit/390daafd7d971cca449e6aa45656ac85ca1d29fd"><code>390daaf</code></a>
Update changelog for v3.30.0</li>
<li><a
href="https://github.com/github/codeql-action/commit/92eada825a77b70d62c71adc29a0a9fe75c21bf5"><code>92eada8</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3033">#3033</a>
from github/mbg/ci/rollback-release</li>
<li><a
href="https://github.com/github/codeql-action/commit/872a6a41e95ca66b6ce89dac89c1fbb97b171c89"><code>872a6a4</code></a>
Add <code>pull-requests: write</code> permission</li>
<li><a
href="https://github.com/github/codeql-action/commit/9389ce0cc4cf11345ec3a2a7a61fc790feb44165"><code>9389ce0</code></a>
Merge remote-tracking branch 'origin/main' into
mbg/ci/rollback-release</li>
<li><a
href="https://github.com/github/codeql-action/commit/02ab253bd299d261d00cdf8a9bca38fea2697d50"><code>02ab253</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3054">#3054</a>
from github/henrymercer/bundle</li>
<li><a
href="https://github.com/github/codeql-action/commit/b06d32585026d970f28d3f3604a67ddf4c314f9e"><code>b06d325</code></a>
Add draft release URL to job summary</li>
<li><a
href="https://github.com/github/codeql-action/commit/43d629cdfd9a8e4ac201aeb0d9330b2eaf0f8699"><code>43d629c</code></a>
Use <code>argparse</code> in <code>rollback_changelog.py</code></li>
<li><a
href="https://github.com/github/codeql-action/commit/8f01f5d4296c6c45c71748648c333daa34454bb2"><code>8f01f5d</code></a>
Apply suggestions from code review</li>
<li><a
href="https://github.com/github/codeql-action/commit/3e493e72f755ad15a0ff97b25da2e232b3cb4f3f"><code>3e493e7</code></a>
Remove <code>removeNPMAbsolutePaths</code></li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/3c3833e0f8c1c83d449a7478aa59c036a9165498...2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.29.11&new-version=3.30.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

.github/workflows/scorecards-analysis.yml

@@ -51,6 +51,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@3c3833e0f8c1c83d449a7478aa59c036a9165498
+        uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d
         with:
           sarif_file: results.sarif