diff --git a/.github/workflows/analyze.yml b/.github/workflows/analyze.yml
index ae262de..bf1d69c 100644
--- a/.github/workflows/analyze.yml
+++ b/.github/workflows/analyze.yml
@@ -64,13 +64,13 @@ jobs:
           fetch-depth: 2
 
       - name: Initialize CodeQL
-        uses: 'github/codeql-action/init@4238421316c33d73aeea2801274dd286f157c2bb'
+        uses: 'github/codeql-action/init@b2a92eb56d8cb930006a1c6ed86b0782dd8a4297'
         with:
           languages: 'java'
           queries: 'security-and-quality'
 
       - name: Autobuild
-        uses: 'github/codeql-action/autobuild@4238421316c33d73aeea2801274dd286f157c2bb'
+        uses: 'github/codeql-action/autobuild@b2a92eb56d8cb930006a1c6ed86b0782dd8a4297'
 
       - name: Perform CodeQL Analysis
-        uses: 'github/codeql-action/analyze@4238421316c33d73aeea2801274dd286f157c2bb'
+        uses: 'github/codeql-action/analyze@b2a92eb56d8cb930006a1c6ed86b0782dd8a4297'
diff --git a/CHANGELOG.md b/CHANGELOG.md
index f46fa68..57acd79 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,7 +19,7 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 - Grant permissions to comment pull-requests to SonarCloud (#243).
 - Improve caching during SonarCloud analysis (#243).
 - Merge codeql and analyze workflows (#243).
-- Bump github/codeql-action from 2.1.28 to 2.1.32 (#240, #255, #259, #260).
+- Bump github/codeql-action from 2.1.28 to 2.1.35 (#240, #255, #259, #260, #263).
 - Bump actions/setup-java from 3.6.0 to 3.7.0 (#262).
 - Bump parent from 2.7.0 to 2.7.2 (#241, #261).
 - Bump development java version from 17.0.4+101 to 17.0.5+8 (#258).