diff --git a/ruby/ql/src/change-notes/2023-05-02-github-actions-sources.md b/ruby/ql/src/change-notes/2023-05-02-github-actions-sources.md
new file mode 100644
index 00000000000..a9cf1339421
--- /dev/null
+++ b/ruby/ql/src/change-notes/2023-05-02-github-actions-sources.md
@@ -0,0 +1,5 @@
+---
+category: majorAnalysis
+---
+* Added taint sources from the `@actions/core` and `@actions/github` packages.
+* Added command-injection sinks from the `@actions/exec` package.