Merge pull request #2757 from github/update-v3.28.9-24e1c2d33

Merge main into releases/v3

.github/codeql/codeql-actions-config.yml

@@ -0,0 +1,4 @@
+# Configuration for the CodeQL Actions Queries
+name: "CodeQL Actions Queries config"
+queries:
+  - uses: security-and-quality

.github/workflows/codeql.yml

@@ -70,7 +70,7 @@ jobs:
         echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
         echo "versions=${VERSIONS_JSON}" >> $GITHUB_OUTPUT
 
-  build:
+  analyze-javascript:
     needs: [check-codeql-versions]
     strategy:
       fail-fast: false
@@ -81,7 +81,7 @@ jobs:
 
     permissions:
       contents: read
-      security-events: write # needed to upload results
+      security-events: write
 
     steps:
     - name: Checkout
@@ -100,3 +100,27 @@ jobs:
       uses: ./analyze
       with:
         category: "/language:javascript"
+
+
+  analyze-actions:
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+
+    permissions:
+      contents: read
+      security-events: write
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Initialize CodeQL
+      uses: ./init
+      with:
+        languages: actions
+        config-file: ./.github/codeql/codeql-actions-config.yml
+    - name: Perform CodeQL Analysis
+      uses: ./analyze
+      with:
+        category: "/language:actions"

.github/workflows/post-release-mergeback.yml

@@ -168,7 +168,7 @@ jobs:
             --draft
 
       - name: Generate token
-        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755
+        uses: actions/create-github-app-token@136412a57a7081aa63c935a2cc2918f76c34f514
         id: app-token
         with:
           app-id: ${{ vars.AUTOMATION_APP_ID }}

.github/workflows/update-release-branch.yml

@@ -124,7 +124,7 @@ jobs:
       pull-requests: write # needed to create pull request
     steps:
     - name: Generate token
-      uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755
+      uses: actions/create-github-app-token@136412a57a7081aa63c935a2cc2918f76c34f514
       id: app-token
       with:
         app-id: ${{ vars.AUTOMATION_APP_ID }}

.github/workflows/update-supported-enterprise-server-versions.yml

@@ -19,14 +19,14 @@ jobs:
       - name: Setup Python
         uses: actions/setup-python@v5
         with:
-          python-version: "3.7"
+          python-version: "3.13"
       - name: Checkout CodeQL Action
         uses: actions/checkout@v4
       - name: Checkout Enterprise Releases
         uses: actions/checkout@v4
         with:
           repository: github/enterprise-releases
-          ssh-key: ${{ secrets.ENTERPRISE_RELEASES_SSH_KEY }}
+          token: ${{ secrets.ENTERPRISE_RELEASE_TOKEN }}
           path: ${{ github.workspace }}/enterprise-releases/
       - name: Update Supported Enterprise Server Versions
         run: |

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
 
+## 3.28.9 - 07 Feb 2025
+
+- Update default CodeQL bundle version to 2.20.4. [#2753](https://github.com/github/codeql-action/pull/2753)
+
 ## 3.28.8 - 29 Jan 2025
 
 - Enable support for Kotlin 2.1.10 when running with CodeQL CLI v2.20.3. [#2744](https://github.com/github/codeql-action/pull/2744)

lib/defaults.json

@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.20.3",
-    "cliVersion": "2.20.3",
-    "priorBundleVersion": "codeql-bundle-v2.20.2",
-    "priorCliVersion": "2.20.2"
+    "bundleVersion": "codeql-bundle-v2.20.4",
+    "cliVersion": "2.20.4",
+    "priorBundleVersion": "codeql-bundle-v2.20.3",
+    "priorCliVersion": "2.20.3"
 }