From 59a4e4534a441bc3502bba53db7d4bfb9f53a4df Mon Sep 17 00:00:00 2001
From: Erisu <erisu@apache.org>
Date: Sun, 23 Nov 2025 03:12:43 +0900
Subject: [PATCH] chore: update ci workflow

---
 .github/workflows/ci.yml | 34 ++++++++++++++++++++++++++++------
 1 file changed, 28 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fe37ef3..5f5920b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -17,7 +17,17 @@
 
 name: Node CI
 
-on: [push, pull_request]
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+  pull_request:
+    branches:
+      - '*'
+
+permissions:
+  contents: read
+  security-events: write
 
 jobs:
   test:
@@ -25,14 +35,14 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        node-version: [18.x, 20.x, 22.x]
-        os: [ubuntu-latest, macos-latest]
+        node-version: [20.x, 22.x, 24.x]
+        os: [ubuntu-latest, macos-15]
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v6
 
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ matrix.node-version }}
 
@@ -41,12 +51,24 @@ jobs:
           node --version
           npm --version
 
+      - uses: github/codeql-action/init@v4
+        with:
+          languages: javascript
+          queries: security-and-quality
+          config: |
+            paths-ignore:
+              - coverage
+              - node_modules
+
       - name: npm install and test
         run: npm cit
         env:
           CI: true
 
-      - uses: codecov/codecov-action@v4
+      - uses: github/codeql-action/analyze@v4
+
+      # v4.6.0
+      - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238
         if: success()
         with:
           name: ${{ runner.os }} node.js ${{ matrix.node-version }}