diff --git a/.github/workflows/gha_security.yml b/.github/workflows/gha_security.yml
index ff207f3e8b7..8114087d237 100644
--- a/.github/workflows/gha_security.yml
+++ b/.github/workflows/gha_security.yml
@@ -27,7 +27,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f # v3.28.18
+        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
         with:
           sarif_file: results.sarif
           category: zizmor
\ No newline at end of file
diff --git a/changes/unreleased/4841.HHVCCXXZbYAaaQVmKHCJm2.toml b/changes/unreleased/4841.HHVCCXXZbYAaaQVmKHCJm2.toml
new file mode 100644
index 00000000000..5959a63505f
--- /dev/null
+++ b/changes/unreleased/4841.HHVCCXXZbYAaaQVmKHCJm2.toml
@@ -0,0 +1,5 @@
+internal = "Bump github/codeql-action from 3.28.18 to 3.29.2"
+[[pull_requests]]
+uid = "4841"
+author_uid = "dependabot"
+closes_threads = []