StemmlerSisters · pull · Oct 17, 2025 · Oct 12, 2025 · Oct 12, 2025 · Oct 14, 2025
diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml
diff --git a/.github/workflows/__bundle-from-toolcache.yml b/.github/workflows/__bundle-from-toolcache.yml
diff --git a/.github/workflows/__local-bundle.yml b/.github/workflows/__local-bundle.yml
diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml
diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml
diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml
diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml
diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml
diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml
diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,7 +4,8 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 ## [UNRELEASED]
 
-No user facing changes.
+- Update default CodeQL bundle version to 2.23.3. [#3205](https://github.com/github/codeql-action/pull/3205)
+- Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#3204](https://github.com/github/codeql-action/pull/3204)
 
 ## 4.30.8 - 10 Oct 2025
 

diff --git a/README.md b/README.md
@@ -34,6 +34,7 @@ Actions with special purposes and unlikely to be used directly:
 - `autobuild`: Attempts to automatically build the code. Only used for analyzing languages that require a build. Use the `build-mode: autobuild` input in the `init` action instead. For information about input parameters, see the [autobuild action definition](https://github.com/github/codeql-action/blob/main/autobuild/action.yml).
 - `resolve-environment`: [Experimental] Attempts to infer a build environment suitable for automatic builds. For information about input parameters, see the [resolve-environment action definition](https://github.com/github/codeql-action/blob/main/resolve-environment/action.yml).
 - `start-proxy`: [Experimental] Start the HTTP proxy server. Internal use only and will change without notice. For information about input parameters, see the [start-proxy action definition](https://github.com/github/codeql-action/blob/main/start-proxy/action.yml).
+- `setup-codeql`: [Experimental] Similar to `init`, except it only installs the CodeQL CLI and does not initialize a database.
 
 ### Workflow Permissions
 

diff --git a/lib/analyze-action.js b/lib/analyze-action.js
diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js
diff --git a/lib/defaults.json b/lib/defaults.json
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.23.2",
-  "cliVersion": "2.23.2",
-  "priorBundleVersion": "codeql-bundle-v2.23.1",
-  "priorCliVersion": "2.23.1"
+  "bundleVersion": "codeql-bundle-v2.23.3",
+  "cliVersion": "2.23.3",
+  "priorBundleVersion": "codeql-bundle-v2.23.2",
+  "priorCliVersion": "2.23.2"
 }
diff --git a/lib/init-action-post.js b/lib/init-action-post.js