diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml
deleted file mode 100644
index f18c2a0..0000000
--- a/.github/codeql-config.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-name: "CodeQL config"
-disable-default-queries: false
-queries:
-  - uses: security-and-quality
-  - uses: security-extended
-paths-ignore:
-  - 'others/**'
-paths:
-  - 'index.html'
\ No newline at end of file
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
deleted file mode 100644
index a5f0e9a..0000000
--- a/.github/workflows/codeql-analysis.yml
+++ /dev/null
@@ -1,38 +0,0 @@
-name: "CodeQL-Customized"
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-  schedule:
-    - cron: '24 2 * * 0'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript' ]
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        config-file: .github/codeql-config.yml
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"
\ No newline at end of file
diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml
index 7c92f38..d3d1703 100644
--- a/.github/workflows/eslint.yml
+++ b/.github/workflows/eslint.yml
@@ -32,8 +32,10 @@ jobs:
 
       - name: Install ESLint
         run: |
-          npm install eslint@8.10.0
+          npm install eslint@9.18.0
           npm install @microsoft/eslint-formatter-sarif@3.1.0
+          npm install @eslint/js@9.18.0
+          npm install globals@15.14.0
 
       - name: Run ESLint
         env:
@@ -43,8 +45,7 @@ jobs:
          echo "Environment variables:"
          echo "ESLINT_USE_FLAT_CONFIG: $ESLINT_USE_FLAT_CONFIG"
          npx eslint . \
-           --config eslint.config.mjs \
-           --ext .js,.jsx,.ts,.tsx \
+           --config ./eslint.config.mjs \
            --format @microsoft/eslint-formatter-sarif \
            --output-file eslint-results.sarif
         continue-on-error: true
diff --git a/eslint.config.mjs b/eslint.config.mjs
new file mode 100644
index 0000000..5733f9d
--- /dev/null
+++ b/eslint.config.mjs
@@ -0,0 +1,22 @@
+import globals from "globals";
+import pluginJs from "@eslint/js";
+
+/** @type {import('eslint').Linter.Config[]} */
+export default [
+  {
+    languageOptions: { 
+      globals: globals.browser,
+      parserOptions: {
+        ecmaVersion: 'latest',
+      }
+    },
+    rules: {
+      'semi': ['error', 'always'],
+      'no-unused-vars': 'warn',
+      'eqeqeq': 'error',
+      'space-before-function-paren': ['error', 'always'],
+      'space-infix-ops': 'error'
+    }
+  },
+  pluginJs.configs.recommended,
+];
\ No newline at end of file
diff --git a/index.html b/index.html
index 903ba74..e058fc3 100644
--- a/index.html
+++ b/index.html
@@ -4,38 +4,24 @@
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Dependabot, CodeQL, and Secret Scanning Demo </title>
-
-    <!-- 外部ライブラリの参照 -->
-    <script src="https://code.jquery.com/jquery-3.5.0.min.js"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.15/lodash.min.js"></script>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.24.0/moment.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/lodash.js/4.17.21/lodash.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/axios/1.6.2/axios.min.js"></script>
 </head>
 <body>
-    <h1>Dependabot, CodeQL, and Secret Scanning Demo</h1>
+    <h1>GitHub Advanced Security Demo</h1>
     <p id="demo"></p>
     <input type="text" id="userInput" placeholder="Enter your name">
-    <button onclick="greetUser()">Greet</button>
+    <button id="greetButton">Greeting</button>
     <div id="greeting"></div>
+    <div>
+        <input type="text" id="usernameInput" placeholder="Enter your username">
+        <input type="password" id="passwordInput" placeholder="Enter your password">
+        <button id="savePasswordButton">Save Password</button>
+    </div>
 
-    <script>
-        $(document).ready(function() {
-            var now = moment().format('MMMM Do YYYY, h:mm:ss a');
-            $('#demo').text('Current time: ' + now);
-        });
-
-        // XSS脆弱性 - ユーザー入力を直接DOMに挿入
-        function greetUser() {
-            var name = document.getElementById('userInput').value;
-            document.getElementById('greeting').innerHTML = 'Hello, ' + name + '!';
-        }
-
-        // パスワードを平文で保存
-        function savePassword(username, password) {
-            localStorage.setItem(username, password);
-        }
+    <script src="logic.js" type="module"></script>
 
-        // デモ用のシークレット一覧
-        const PLACEHOLDER_GITHUB_TOKEN = "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";
-    </script>
 </body>
 </html>
diff --git a/logic.js b/logic.js
new file mode 100644
index 0000000..d3bfc59
--- /dev/null
+++ b/logic.js
@@ -0,0 +1,85 @@
+const moment = window.moment;
+const _ = window._;
+const $ = window.jQuery;
+const axios = window.axios;
+
+$(document).ready(function () {
+    var now = moment().format('MMMM Do YYYY, h:mm:ss a');
+    $('#demo').text('Current time: ' + now);
+    $('#greetButton').on('click', greetUser);
+    $('#savePasswordButton').on('click', function() {
+        var username = $('#usernameInput').val();
+        var password = $('#passwordInput').val();
+        savePassword(username, password);
+    });
+});
+
+export function greetUser () {
+    var name = document.getElementById('userInput').value;
+    if (name == "") {
+        name = "guest";
+    }
+    document.getElementById('greeting').innerHTML = 'Hello, ' + name + '!';
+}
+
+export function savePassword (username, password) {
+    if (_.isEmpty(username) || _.isEmpty(password)) return;
+    localStorage.setItem(username, password);
+    $('#demo').text('Username: ' + username + ', Password: ' + password);
+}
+
+export function processData (data){
+    return data + 1;
+}
+
+// GitHubのシークレット
+const PLACEHOLDER_GITHUB_TOKEN = "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";
+async function fetchGitHubUserData (username) {
+    const config = {
+        headers: {
+            'Authorization': `token ${PLACEHOLDER_GITHUB_TOKEN}`
+        }
+    };
+
+    try {
+        const response = await axios.get(`https://api.github.com/users/${username}`, config);
+        return response.data;
+    } catch (error) {
+        console.error('Error fetching GitHub user data:', error);
+        return null;
+    }
+}
+
+// Example usage
+fetchGitHubUserData('octocat').then(data => {
+    if (data) {
+        console.log('GitHub User Data:', data);
+    } else {
+        console.log('Failed to fetch GitHub user data.');
+    }
+});
+
+
+// SQL Injection
+export async function queryUserData (userId) {
+    const query = `SELECT * FROM users WHERE id = ${userId}`;
+    try {
+        const response = await axios.post('/api/query', { sql: query });
+        return response.data;
+    } catch (error) {
+        console.error('Query error:', error);
+        return null;
+    }
+}
+
+// Prototype pollution
+export function mergeObjects (target, source) {
+    for (let key in source) {
+        if (typeof source[key] === 'object') {
+            target[key] = mergeObjects(target[key], source[key]);
+        } else {
+            target[key] = source[key];
+        }
+    }
+    return target;
+}
\ No newline at end of file
diff --git a/package.json b/package.json
index f482895..a0546ae 100644
--- a/package.json
+++ b/package.json
@@ -4,14 +4,21 @@
     "description": "A demo for CodeQL and Dependabot",
     "main": "index.js",
     "scripts": {
-      "start": "http-server"
+        "start": "http-server"
     },
     "dependencies": {
       "jquery": "3.5.0",
       "lodash": "4.17.15",
-      "moment": "2.30.1"
+      "moment": "2.24.0"
     },
     "devDependencies": {
-      "http-server": "^0.12.3"
-    }
-  }
\ No newline at end of file
+        "@eslint/js": "^9.18.0",
+        "eslint": "^9.18.0",
+        "eslint-plugin-html": "^8.1.2",
+        "globals": "^15.14.0",
+        "http-server": "^0.12.3"
+    },
+    "keywords": [],
+    "author": "",
+    "license": "ISC"
+}