Merge pull request #201 from coliff/dependabot/github_actions/github-actions-1893dd32ff

Bump github/codeql-action from 3 to 4 in the github-actions group

Author: coliff

.github/AGENTS.md

@@ -0,0 +1,11 @@
+# Agents
+
+<!-- https://agents.md -->
+
+## GitHub Actions Workflows
+
+- All GitHub Actions should be pinned versions (SHA-1) to avoid breaking changes.
+- If using `actions/checkout`, it should have `persist-credentials: false` set.
+- Always use the latest available versions of GitHub Actions.
+- GitHub Actions filenames should be all lowercase, with dashes separating words.
+- All GitHub Actions workflows should always be formatted with Prettier.

.github/workflows/codeql-analysis.yml

@@ -10,7 +10,7 @@ on:
       - main
       - "!dependabot/**"
 
-permissions:  # added using https://github.com/step-security/secure-workflows
+permissions: # added using https://github.com/step-security/secure-workflows
   contents: read
 
 jobs:
@@ -23,13 +23,13 @@ jobs:
       security-events: write
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v5
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
 
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: "javascript"
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@2152c31696c8409983789c80ab57c4d91465a2fc # v4
+        with:
+          languages: "javascript"
 
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@2152c31696c8409983789c80ab57c4d91465a2fc # v4

.github/workflows/dependency-review.yml

@@ -1,4 +1,4 @@
-name: 'Dependency Review'
+name: "Dependency Review"
 on: [pull_request]
 
 permissions:
@@ -8,10 +8,10 @@ jobs:
   dependency-review:
     runs-on: ubuntu-latest
     steps:
-      - name: 'Checkout Repository'
-        uses: actions/checkout@v5
+      - name: "Checkout Repository"
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
         with:
           persist-credentials: false
 
-      - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v4
+      - name: "Dependency Review"
+        uses: actions/dependency-review-action@46a3c492319c890177366b6ef46d6b4f89743ed4 # v4

.github/workflows/linter.yml

@@ -9,20 +9,20 @@ permissions:
 jobs:
   build:
     permissions:
-      contents: read  # for actions/checkout to fetch code
-      statuses: write  # for github/super-linter/slim to mark status of each linter run
+      contents: read # for actions/checkout to fetch code
+      statuses: write # for github/super-linter/slim to mark status of each linter run
     name: Lint Code Base
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v5
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
         with:
           fetch-depth: 0
           persist-credentials: false
 
       - name: Lint Code Base
-        uses: super-linter/super-linter/slim@v8
+        uses: super-linter/super-linter/slim@f6d06a003575dde14f917e642302cf1251f28f4a # v8
         env:
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}