From 5cfe7d4bb586f4a1e108bcc29edc82ef7a08678d Mon Sep 17 00:00:00 2001
From: Darryl Pogue <darryl@dpogue.ca>
Date: Mon, 10 Feb 2025 18:42:43 -0800
Subject: [PATCH] Update GHA workflows to latest steps

---
 .github/dependabot.yml   |  5 +++++
 .github/workflows/ci.yml | 20 +++++++++++++-------
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 51c04de..593754e 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,3 +4,8 @@ updates:
     directory: "/"
     schedule:
       interval: weekly
+
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: weekly
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 527d72f..67c0b4f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,10 +15,12 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Use Node.js latest
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
+        with:
+            cache: npm
 
       - name: npm install
         run: npm ci
@@ -27,22 +29,26 @@ jobs:
         run: npm run lint
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v3
         with:
-          languages: javascript
+          tools: linked
+          languages: javascript, actions
+          queries: security-and-quality
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v3
 
 
   test:
     name: Test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
 
       - name: Use Node.js latest
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v4
+        with:
+            cache: npm
 
       - name: npm install and test
         run: npm cit