diff --git a/.github/workflows/gha_security.yml b/.github/workflows/gha_security.yml
index f517b9d34..23985c363 100644
--- a/.github/workflows/gha_security.yml
+++ b/.github/workflows/gha_security.yml
@@ -27,7 +27,7 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+        uses: github/codeql-action/upload-sarif@2d92b76c45b91eb80fc44c74ce3fce0ee94e8f9d # v3.30.0
         with:
           sarif_file: results.sarif
-          category: zizmor
\ No newline at end of file
+          category: zizmor
diff --git a/changes/unreleased/4929.P2dSYTjRtQtXPdKyaDHPJA.toml b/changes/unreleased/4929.P2dSYTjRtQtXPdKyaDHPJA.toml
new file mode 100644
index 000000000..28cec83f0
--- /dev/null
+++ b/changes/unreleased/4929.P2dSYTjRtQtXPdKyaDHPJA.toml
@@ -0,0 +1,5 @@
+internal = "Bump github/codeql-action from 3.29.7 to 3.30.0"
+[[pull_requests]]
+uid = "4929"
+author_uid = "dependabot"
+closes_threads = []