diff --git a/.github/copilot-instructions.md b/.github/copilot-instructions.md
new file mode 100644
index 000000000..7dfd363e7
--- /dev/null
+++ b/.github/copilot-instructions.md
@@ -0,0 +1,5 @@
+# CodeQL Action - Copilot Instructions
+
+The CodeQL Action is written in TypeScript and compiled to JavaScript. Both the TypeScript sources and the **generated** JavaScript code are contained in this repository. The TypeScript sources are contained in the `src` directory and the JavaScript code is contained in the `lib` directory. A GitHub Actions workflow checks that the JavaScript code in `lib` is up-to-date. Therefore, you should not review any changes to the contents of the `lib` folder and it is expected that the JavaScript code in `lib` closely mirrors the TypeScript code it is generated from.
+
+GitHub Actions workflows in the `.github/workflows` directory whose filenames start with two underscores (e.g. `__all-platform-bundle.yml`) are automatically generated using the `pr-checks/sync.sh` script from template files in the `pr-checks/checks` directory. Therefore, you do not need to review files in the `.github/workflows` directory that starts with two underscores. However, you should review changes to the `pr-checks` directory as well as workflows in the `.github/workflows` directory that do not start with underscores.
diff --git a/.github/workflows/update-proxy-release.yml b/.github/workflows/update-proxy-release.yml
new file mode 100644
index 000000000..9e294f178
--- /dev/null
+++ b/.github/workflows/update-proxy-release.yml
@@ -0,0 +1,101 @@
+name: Update dependency proxy release assets
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "The tag of CodeQL Bundle release that contains the proxy binaries as release assets"
+        type: string
+        required: true
+
+jobs:
+  update:
+    name: Update code and create PR
+    timeout-minutes: 15
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # needed to push the updated files
+      pull-requests: write # needed to create the PR
+    env:
+      RELEASE_TAG: ${{ inputs.tag }}
+    steps:
+      - name: Check release tag format
+        id: checks
+        shell: bash
+        run: |
+          if ! [[ $RELEASE_TAG =~ ^codeql-bundle-v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
+            echo "Invalid release tag: expected a CodeQL bundle tag in the 'codeql-bundle-vM.N.P' format."
+            exit 1
+          fi
+
+          echo "target_branch=dependency-proxy/$RELEASE_TAG" >> $GITHUB_OUTPUT
+
+      - name: Check that the release exists
+        shell: bash
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+        run: |
+          (gh release view --repo "$GITHUB_REPOSITORY" --json "assets" "$RELEASE_TAG" && echo "Release found.") || exit 1
+
+      - name: Install Node
+        uses: actions/setup-node@v4
+
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # ensure we have all tags and can push commits
+          ref: main
+
+      - name: Update git config
+        shell: bash
+        run: |
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config --global user.name "github-actions[bot]"
+
+      - name: Update release tag and version
+        shell: bash
+        run: |
+          NOW=$(date +"%Y%m%d%H%M%S") # only used to make sure we don't fetch stale binaries from the toolcache
+          sed -i "s|https://github.com/github/codeql-action/releases/download/codeql-bundle-v[0-9.]\+/|https://github.com/github/codeql-action/releases/download/$RELEASE_TAG/|g" ./src/start-proxy-action.ts
+          sed -i "s/\"v2.0.[0-9]\+\"/\"v2.0.$NOW\"/g" ./src/start-proxy-action.ts
+
+      - name: Compile TypeScript and commit changes
+        shell: bash
+        env:
+          TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }}
+        run: |
+          set -exu
+          git checkout -b "$TARGET_BRANCH"
+
+          npm run build
+          git add ./src/start-proxy-action.ts
+          git add ./lib
+          git commit -m "Update release used by \`start-proxy\` action"
+
+      - name: Push changes and open PR
+        shell: bash
+        env:
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          TARGET_BRANCH: ${{ steps.checks.outputs.target_branch }}
+          PR_FLAG: ${{ (github.event_name == 'workflow_dispatch' && '--draft') || '--dry-run' }}
+        run: |
+          set -exu
+          pr_title="Update release used by \`start-proxy\` to \`$RELEASE_TAG\`"
+          pr_body=$(cat << EOF
+            This PR updates the \`start-proxy\` action to use the private registry proxy binaries that
+            are attached as release assets to the \`$RELEASE_TAG\` release.
+
+
+            Please do the following before merging:
+
+            - [ ] Verify that the changes to the code are correct.
+            - [ ] Mark the PR as ready for review to trigger the CI.
+          EOF
+          )
+
+          git push origin "$TARGET_BRANCH"
+          gh pr create \
+            --head "$TARGET_BRANCH" \
+            --base "main" \
+            --title "${pr_title}" \
+            --body "${pr_body}" \
+            $PR_FLAG
diff --git a/CHANGELOG.md b/CHANGELOG.md
index d81420a0c..629fbf9c0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,12 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th
 
 ## [UNRELEASED]
 
+No user facing changes.
+
+## 3.29.1 - 27 Jun 2025
+
 - Fix bug in PR analysis where user-provided `include` query filter fails to exclude non-included queries. [#2938](https://github.com/github/codeql-action/pull/2938)
+- Update default CodeQL bundle version to 2.22.1. [#2950](https://github.com/github/codeql-action/pull/2950)
 
 ## 3.29.0 - 11 Jun 2025
 
diff --git a/lib/api-compatibility.json b/lib/api-compatibility.json
index 6dabeea1c..58f645ff2 100644
--- a/lib/api-compatibility.json
+++ b/lib/api-compatibility.json
@@ -1 +1 @@
-{ "maximumVersion": "3.18", "minimumVersion": "3.13" }
+{ "maximumVersion": "3.18", "minimumVersion": "3.14" }
diff --git a/lib/defaults.json b/lib/defaults.json
index 26b1ed0ac..7dff90930 100644
--- a/lib/defaults.json
+++ b/lib/defaults.json
@@ -1,6 +1,6 @@
 {
-    "bundleVersion": "codeql-bundle-v2.22.0",
-    "cliVersion": "2.22.0",
-    "priorBundleVersion": "codeql-bundle-v2.21.4",
-    "priorCliVersion": "2.21.4"
+    "bundleVersion": "codeql-bundle-v2.22.1",
+    "cliVersion": "2.22.1",
+    "priorBundleVersion": "codeql-bundle-v2.22.0",
+    "priorCliVersion": "2.22.0"
 }
diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js
index 0b9368536..a6bd08d6c 100644
--- a/lib/start-proxy-action.js
+++ b/lib/start-proxy-action.js
@@ -43,8 +43,8 @@ const logging_1 = require("./logging");
 const start_proxy_1 = require("./start-proxy");
 const util = __importStar(require("./util"));
 const UPDATEJOB_PROXY = "update-job-proxy";
-const UPDATEJOB_PROXY_VERSION = "v2.0.20250424171100";
-const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.1/";
+const UPDATEJOB_PROXY_VERSION = "v2.0.20250624110901";
+const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.0/";
 const KEY_SIZE = 2048;
 const KEY_EXPIRY_YEARS = 2;
 const CERT_SUBJECT = [
diff --git a/node_modules/.package-lock.json b/node_modules/.package-lock.json
index 2bb25482e..c26cc2f87 100644
--- a/node_modules/.package-lock.json
+++ b/node_modules/.package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.29.1",
+  "version": "3.29.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
diff --git a/package-lock.json b/package-lock.json
index 817560cf8..79ff14061 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "3.29.1",
+  "version": "3.29.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "3.29.1",
+      "version": "3.29.2",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^2.3.1",
diff --git a/package.json b/package.json
index 4ae885838..385207031 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "3.29.1",
+  "version": "3.29.2",
   "private": true,
   "description": "CodeQL action",
   "scripts": {
diff --git a/src/api-compatibility.json b/src/api-compatibility.json
index efa09acf9..cb3dd14fa 100644
--- a/src/api-compatibility.json
+++ b/src/api-compatibility.json
@@ -1 +1 @@
-{"maximumVersion": "3.18", "minimumVersion": "3.13"}
+{"maximumVersion": "3.18", "minimumVersion": "3.14"}
diff --git a/src/defaults.json b/src/defaults.json
index e02af898f..b99e6e688 100644
--- a/src/defaults.json
+++ b/src/defaults.json
@@ -1,6 +1,6 @@
 {
-  "bundleVersion": "codeql-bundle-v2.22.0",
-  "cliVersion": "2.22.0",
-  "priorBundleVersion": "codeql-bundle-v2.21.4",
-  "priorCliVersion": "2.21.4"
+  "bundleVersion": "codeql-bundle-v2.22.1",
+  "cliVersion": "2.22.1",
+  "priorBundleVersion": "codeql-bundle-v2.22.0",
+  "priorCliVersion": "2.22.0"
 }
diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts
index 100e867df..1efedb7d5 100644
--- a/src/start-proxy-action.ts
+++ b/src/start-proxy-action.ts
@@ -11,9 +11,9 @@ import { Credential, getCredentials } from "./start-proxy";
 import * as util from "./util";
 
 const UPDATEJOB_PROXY = "update-job-proxy";
-const UPDATEJOB_PROXY_VERSION = "v2.0.20250424171100";
+const UPDATEJOB_PROXY_VERSION = "v2.0.20250624110901";
 const UPDATEJOB_PROXY_URL_PREFIX =
-  "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.21.1/";
+  "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.22.0/";
 const KEY_SIZE = 2048;
 const KEY_EXPIRY_YEARS = 2;
 
diff --git a/tests/multi-language-repo/.gitignore b/tests/multi-language-repo/.gitignore
new file mode 100644
index 000000000..3b2981208
--- /dev/null
+++ b/tests/multi-language-repo/.gitignore
@@ -0,0 +1,9 @@
+.DS_Store
+/.build
+/Packages
+/*.xcodeproj
+xcuserdata/
+DerivedData/
+.swiftpm/config/registries.json
+.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata
+.netrc
diff --git a/tests/multi-language-repo/Package.swift b/tests/multi-language-repo/Package.swift
index 9c557cdb8..ff2b07e41 100644
--- a/tests/multi-language-repo/Package.swift
+++ b/tests/multi-language-repo/Package.swift
@@ -1,26 +1,15 @@
-// swift-tools-version: 5.7
+// swift-tools-version: 5.8
 // The swift-tools-version declares the minimum version of Swift required to build this package.
 
 import PackageDescription
 
 let package = Package(
-    name: "helloWorld",
-    products: [
-        // Products define the executables and libraries a package produces, and make them visible to other packages.
-        .library(
-            name: "helloWorld",
-            targets: ["helloWorld"]),
-    ],
-    dependencies: [
-        // Dependencies declare other packages that this package depends on.
-        // .package(url: /* package url */, from: "1.0.0"),
-    ],
+    name: "multi-language-repo",
     targets: [
-        // Targets are the basic building blocks of a package. A target can define a module or a test suite.
-        // Targets can depend on other targets in this package, and on products in packages this package depends on.
-        .target(
-            name: "helloWorld",
-            path: "swift-custom-build/helloWorld"
-        )
+        // Targets are the basic building blocks of a package, defining a module or a test suite.
+        // Targets can depend on other targets in this package and products from dependencies.
+        .executableTarget(
+            name: "multi-language-repo",
+            path: "Sources"),
     ]
 )
diff --git a/tests/multi-language-repo/Sources/main.swift b/tests/multi-language-repo/Sources/main.swift
new file mode 100644
index 000000000..44e20d5ac
--- /dev/null
+++ b/tests/multi-language-repo/Sources/main.swift
@@ -0,0 +1,4 @@
+// The Swift Programming Language
+// https://docs.swift.org/swift-book
+
+print("Hello, world!")