[improve](sec): extended description(version update, vulnerability fi…

…x) (#679)

step-security/[email protected] fixed vulnerability 
github/codeql-action

Signed-off-by: Ralph Hightower <[email protected]>

.github/workflows/codeql.yml

@@ -21,9 +21,7 @@ on:
     - cron: "0 0 * * 1"
 
 permissions:
-  actions: read
   contents: read
-  security-events: write
 
 jobs:
   analyze:
@@ -37,28 +35,22 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: ["ruby","github-actions"]
+        language: ["ruby"]
         # CodeQL supports [ $supported-codeql-languages ]
         # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
     steps:
       - name: Harden Runner
         uses: step-security/[email protected]
         with:
-         disable-sudo: true
-         egress-policy: block
-         allowed-endpoints: >
-           api.github.com:443
-           github.com:443
-           objects.githubusercontent.com:443
-           uploads.github.com:443       
+          egress-policy: audit
 
       - name: Checkout repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2.20.1
+        uses: github/codeql-action/autobuild@v2.20.1
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -81,6 +73,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@6c089f53dd51dc3fc7e599c3cb5356453a52ca9e # v2.20.0
+        uses: github/codeql-action/[email protected].1
         with:
           category: "/language:${{matrix.language}}"