Bump actions/setup-node from 3 to 4 in /.github/workflows #5

	name: Security Checks

	on:
	push:
	branches: [ main ]
	pull_request:
	branches: [ main ]
	schedule:
	- cron: '0 0 * * 0' # Weekly on Sundays

	jobs:
	security-scan:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	security-events: write

	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 20
	cache: npm

	- name: Install dependencies
	run: npm ci

	- name: Run npm audit
	run: npm audit --audit-level=high

	- name: CodeQL Initialize
	uses: github/codeql-action/init@v2
	with:
	languages: javascript

	- name: CodeQL Analysis
	uses: github/codeql-action/analyze@v2

	dependency-review:
	runs-on: ubuntu-latest
	if: github.event_name == 'pull_request'
	steps:
	- name: Checkout code
	uses: actions/checkout@v3

	- name: Dependency Review
	uses: actions/dependency-review-action@v3
	with:
	fail-on-severity: high

Provide feedback