build(deps): bump github/codeql-action from 3 to 4

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
2026-06-11 16:53:46 +08:00 · 2026-03-02 22:54:22 +00:00
2 changed files with 3 additions and 36 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -20,7 +20,7 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
      # Override language selection by uncommenting this and choosing your languages
      # with:
      #   languages: go, javascript, csharp, python, cpp, java, ruby
@@ -28,7 +28,7 @@ jobs:
    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
    # If this step fails, then you should remove it and run the build manually (see below).
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@v4

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -42,4 +42,4 @@ jobs:
    #     make release

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
--- a/examples.md
+++ b/examples.md
@@ -24,7 +24,6 @@
 - [Node - Lerna](#node---lerna)
 - [Node - Yarn](#node---yarn)
 - [Node - Yarn 2](#node---yarn-2)
- [Node - pnpm](#node---pnpm)
 - [OCaml/Reason - esy](#ocamlreason---esy)
 - [PHP - Composer](#php---composer)
 - [Python - pip](#python---pip)
@@ -410,38 +409,6 @@ The yarn 2 cache directory will depend on your config. See https://yarnpkg.com/c
      ${{ runner.os }}-yarn-
 ```

-### Node - pnpm
-
-```yaml
-steps:
-  - uses: actions/checkout@v4
-
-  - uses: actions/setup-node@v4
-    with:
-      node-version: 24
-
-  - uses: pnpm/action-setup@v4
-    with:
-      version: 10
-
-  - name: Get pnpm store directory
-    id: pnpm-cache
-    shell: bash
-    run: |
-      echo "dir=$(pnpm store path)" >> "$GITHUB_OUTPUT"
-
-  - uses: actions/cache@v4
-    id: cache-pnpm
-    with:
-      path: ${{ steps.pnpm-cache.outputs.dir }}
-      key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}
-      restore-keys: |
-        ${{ runner.os }}-pnpm-
-
-  - name: Install dependencies
-    run: pnpm install --frozen-lockfile
-```
-
 ## OCaml/Reason - esy

 Esy allows you to export built dependencies and import pre-built dependencies.