github
diff --git a/‎.github/codeql/codeql-actions-config.yml
Lines changed: 4 additions & 0 deletions b/‎.github/codeql/codeql-actions-config.yml
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/__rubocop-multi-language.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/__rubocop-multi-language.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/codeql.yml
Lines changed: 26 additions & 2 deletions b/‎.github/workflows/codeql.yml
Lines changed: 26 additions & 2 deletions
diff --git a/‎.github/workflows/post-release-mergeback.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/post-release-mergeback.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/update-release-branch.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/update-release-branch.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/update-supported-enterprise-server-versions.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/update-supported-enterprise-server-versions.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎CHANGELOG.md
Lines changed: 4 additions & 0 deletions b/‎CHANGELOG.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎lib/defaults.json
Lines changed: 4 additions & 4 deletions b/‎lib/defaults.json
Lines changed: 4 additions & 4 deletions
diff --git a/‎lib/init-action-post.js
Lines changed: 3 additions & 2 deletions b/‎lib/init-action-post.js
Lines changed: 3 additions & 2 deletions
diff --git a/‎lib/init-action-post.js.map
Lines changed: 1 addition & 1 deletion b/‎lib/init-action-post.js.map
Lines changed: 1 addition & 1 deletion
@@ -0,0 +1,4 @@
+# Configuration for the CodeQL Actions Queries
+name: "CodeQL Actions Queries config"
+queries:
+  - uses: security-and-quality
@@ -70,7 +70,7 @@ jobs:
         echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
         echo "versions=${VERSIONS_JSON}" >> $GITHUB_OUTPUT
 
-  build:
+  analyze-javascript:
     needs: [check-codeql-versions]
     strategy:
       fail-fast: false
@@ -81,7 +81,7 @@ jobs:
 
     permissions:
       contents: read
-      security-events: write # needed to upload results
+      security-events: write
 
     steps:
     - name: Checkout
@@ -100,3 +100,27 @@ jobs:
       uses: ./analyze
       with:
         category: "/language:javascript"
+
+
+  analyze-actions:
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+
+    permissions:
+      contents: read
+      security-events: write
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Initialize CodeQL
+      uses: ./init
+      with:
+        languages: actions
+        config-file: ./.github/codeql/codeql-actions-config.yml
+    - name: Perform CodeQL Analysis
+      uses: ./analyze
+      with:
+        category: "/language:actions"
@@ -168,7 +168,7 @@ jobs:
             --draft
 
       - name: Generate token
-        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755
+        uses: actions/create-github-app-token@136412a57a7081aa63c935a2cc2918f76c34f514
         id: app-token
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}
 
@@ -124,7 +124,7 @@ jobs:
       pull-requests: write # needed to create pull request
     steps:
     - name: Generate token
-      uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755
+      uses: actions/create-github-app-token@136412a57a7081aa63c935a2cc2918f76c34f514
       id: app-token
       with:
         app-id: ${{ vars.AUTOMATION_APP_ID }}
 
@@ -19,14 +19,14 @@ jobs:
       - name: Setup Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.7"
+          python-version: "3.13"
       - name: Checkout CodeQL Action
         uses: actions/checkout@v4
       - name: Checkout Enterprise Releases
         uses: actions/checkout@v4
         with:
           repository: github/enterprise-releases
-          ssh-key: ${{ secrets.ENTERPRISE_RELEASES_SSH_KEY }}
+          token: ${{ secrets.ENTERPRISE_RELEASE_TOKEN }}
           path: ${{ github.workspace }}/enterprise-releases/
       - name: Update Supported Enterprise Server Versions
         run: |
 
@@ -2,6 +2,10 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
+## 3.28.9 - 07 Feb 2025
+
+- Update default CodeQL bundle version to 2.20.4. [#2753](https://github.com/github/codeql-action/pull/2753)
+
 ## 3.28.8 - 29 Jan 2025
 
 - Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. [#2744](https://github.com/github/codeql-action/pull/2744)
 
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.20.3",
-    "cliVersion": "2.20.3",
-    "priorBundleVersion": "codeql-bundle-v2.20.2",
-    "priorCliVersion": "2.20.2"
+    "bundleVersion": "codeql-bundle-v2.20.4",
+    "cliVersion": "2.20.4",
+    "priorBundleVersion": "codeql-bundle-v2.20.3",
+    "priorCliVersion": "2.20.3"
 }
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`		`- "bundleVersion": "codeql-bundle-v2.20.3",`
`3`		`- "cliVersion": "2.20.3",`
`4`		`- "priorBundleVersion": "codeql-bundle-v2.20.2",`
`5`		`- "priorCliVersion": "2.20.2"`
	`2`	`+ "bundleVersion": "codeql-bundle-v2.20.4",`
	`3`	`+ "cliVersion": "2.20.4",`
	`4`	`+ "priorBundleVersion": "codeql-bundle-v2.20.3",`
	`5`	`+ "priorCliVersion": "2.20.3"`
`6`	`6`	`}`