ci: update GitHub Actions dependencies to latest versions

[arthurschreiber]

Before submitting a PR :

1. Ensure your fork is created from master branch of the repository.
2. Run npm install in the root folder.
3. After bug fix/code change, ensure all the existing tests and new tests (if any) pass (npm run-script test-all). During development, to run individual test use node_modules/nodeunit test/<test_file.js> -t <test_name>.
4. Build the driver (npm run build).
5. Run eslint and flow typechecker (npm run lint).
6. Run commitlint (node_modules/.bin/commitlint --from origin/master --to HEAD). Refer commit conventions and commit rules.

Thank you for Contributing!

[claude]

Pull Request Review

Overview

This PR updates GitHub Actions dependencies across all workflow files to their latest major versions. The changes are consistent and well-structured.

✅ Positive Aspects

1. Security & Maintenance

• Updating to latest action versions ensures the project benefits from recent security patches and bug fixes
• Major version bumps (v4→v6 for checkout/setup-node, v2→v4 for CodeQL, v4→v5 for codecov, v4.5.0→v6 for semantic-pull-request) bring important security improvements
• Consistent updates across all workflow files demonstrate thorough attention to detail

2. Code Quality

• All changes are systematic and consistent across 4 workflow files
• No partial updates that could cause version mismatches
• Proper semantic versioning is maintained (using major version tags)

3. Scope

• Changes are appropriately scoped to dependency updates only
• No unrelated modifications included
• Commit message follows conventional commit format: ci: update GitHub Actions dependencies to latest versions

🔍 Areas to Consider

1. Breaking Changes Assessment
The major version bumps warrant verification:

• actions/checkout v4→v6: Verify no breaking changes affect your checkout behavior
• actions/setup-node v4→v6: Confirm Node.js caching and setup behavior remains compatible
• github/codeql-action v2→v4: This is a 2-major-version jump - recommend checking CodeQL analysis results after merge to ensure consistent security scanning
• codecov/codecov-action v4→v5: Verify token handling and upload behavior remains consistent
• amannn/action-semantic-pull-request v4.5.0→v6: Confirm PR title validation rules haven't changed unexpectedly

2. Testing Recommendation
Since these are CI/CD infrastructure changes:

• Monitor the first few CI runs after merge to ensure all workflows complete successfully
• Pay special attention to CodeQL analysis results (v2→v4 is a significant jump)
• Verify codecov uploads are working correctly with v5
• Check that semantic PR title validation still works as expected

3. Documentation
Minor suggestion: The removal of the blank line after checkout in codeql-analysis.yml:42 is fine, but consider if workflow files should maintain consistent spacing for readability.

🔒 Security Considerations

Positive:

• Using major version tags (e.g., @v6) is appropriate for GitHub Actions as it provides automatic patch updates while staying on the same major version
• Updates likely include security fixes and improvements

Recommendation:

• Consider documenting these version updates in a CHANGELOG or similar file for future reference
• You may want to periodically audit action versions (perhaps quarterly) to stay current

📊 Test Coverage

Current State: No new tests needed - these are dependency updates.

CI Validation: The PR will validate itself by running through all the updated workflows. Success of this PR's CI runs will confirm compatibility.

🎯 Recommendation

APPROVE with the following action items:

1. Merge when CI passes (which will validate all the updated actions)
2. Monitor first few post-merge CI runs for any unexpected behavior
3. Particularly watch CodeQL analysis results given the v2→v4 jump

The changes are well-executed and necessary for keeping the project's CI/CD infrastructure current and secure. Great work maintaining the project's dependencies! 🚀

---

Review generated focusing on code quality, security, performance, and best practices.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.90%. Comparing base (433c4bf) to head (a424d8a).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #1722   +/-   ##
=======================================
  Coverage   79.90%   79.90%           
=======================================
  Files          90       90           
  Lines        4887     4887           
  Branches      920      920           
=======================================
  Hits         3905     3905           
  Misses        676      676           
  Partials      306      306           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🎉 This PR is included in version 19.2.0 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀