chore: update workflows

Author: gnought

.github/dependabot.yml

@@ -1,12 +1,13 @@
 version: 2
 updates:
-- package-ecosystem: github-actions
-  directory: "/"
-  schedule:
-    interval: daily
-  open-pull-requests-limit: 10
-- package-ecosystem: npm
-  directory: "/"
-  schedule:
-    interval: daily
-  open-pull-requests-limit: 10
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: daily
+    open-pull-requests-limit: 10

.github/workflows/ci.yml

@@ -1,4 +1,4 @@
-name: ci
+name: CI
 
 on:
   push:
@@ -10,33 +10,33 @@ on:
       - 'docs/**'
       - '*.md'
 
+permissions:
+  contents: read
+
 jobs:
   dependency-review:
     name: Dependency Review
     if: github.event_name == 'pull_request'
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
-        - name: Check out repo
-          uses: actions/checkout@v3
+        - name: Checkout repository
+          uses: actions/checkout@v4
           with:
             persist-credentials: false
 
         - name: Dependency review
-          uses: actions/dependency-review-action@v2
+          uses: actions/dependency-review-action@v4
 
   test:
     runs-on: ${{ matrix.os }}
-    permissions:
-      contents: read
     strategy:
       matrix:
         node-version: [16, 18, 20]
         os: [ubuntu-latest, windows-latest, macOS-latest]
       fail-fast: false
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
@@ -45,6 +45,8 @@ jobs:
         with:
           node-version: ${{ matrix.node-version }}
           check-latest: true
+          cache: npm
+          cache-dependency-path: package.json
 
       - name: Install
         run: |
@@ -68,8 +70,6 @@ jobs:
   coverage:
     needs: test
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Coveralls Finished
         uses: coverallsapp/github-action@master

.github/workflows/sast.yml renamed to .github/workflows/codeql.yml

@@ -1,4 +1,4 @@
-name: sast
+name: CodeQL
 
 on:
   push:
@@ -11,19 +11,25 @@ jobs:
     name: Analyze
     runs-on: ubuntu-latest
     permissions:
+      actions: read
       contents: read
       security-events: write
     strategy:
       fail-fast: true
       matrix:
-        language: [ 'javascript' ]
+        language: [ 'javascript-typescript' ]
     steps:
-      - uses: actions/checkout@v3
+      - name: Checkout repository
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
-      - uses: github/codeql-action/init@v3
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
 
-      - uses: github/codeql-action/analyze@v3
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:${{ matrix.language }}"

.github/workflows/labeler.yml

@@ -1,10 +1,15 @@
-name: "Pull Request Labeler"
+name: Pull Request Labeler
+
 on: pull_request_target
 
+permissions:
+  contents: read
+  pull-requests: write
+
 jobs:
   label:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/labeler@main
-      with:
-        repo-token: "${{ secrets.GITHUB_TOKEN }}"
+      - uses: actions/labeler@v5
+        with:
+          repo-token: "${{ secrets.GITHUB_TOKEN }}"