chore(deps): bump github/codeql-action from 4.31.3 to 4.31.6 #57

	name: Code Scanning

	on:
	push:
	branches: [trunk]
	pull_request:
	branches: [trunk]
	paths-ignore:
	- '*/.md'
	schedule:
	- cron: "0 0 * * 0"

	permissions:
	actions: read # for github/codeql-action/init to get workflow details
	contents: read # for actions/checkout to fetch code
	security-events: write # for github/codeql-action/analyze to upload SARIF results

	jobs:
	CodeQL-Build:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	language: ['go', 'actions']

	steps:
	- name: Check out code
	uses: actions/checkout@v5

	- name: Setup Go
	if: matrix.language == 'go'
	uses: actions/setup-go@v6
	with:
	go-version-file: "go.mod"

	- name: Initialize CodeQL
	uses: github/codeql-action/[email protected]
	with:
	languages: ${{ matrix.language }}
	queries: security-and-quality

	- name: Perform CodeQL Analysis
	uses: github/codeql-action/[email protected]
	with:
	category: "/language:${{ matrix.language }}"
	upload: false
	output: sarif-results

	- name: Filter SARIF for third-party code
	if: matrix.language == 'go'
	uses: advanced-security/filter-sarif@f3b8118a9349d88f7b1c0c488476411145b6270d # v1.0.1
	with:
	patterns: \|
	-third-party/**
	input: sarif-results/${{ matrix.language }}.sarif
	output: sarif-results/${{ matrix.language }}.sarif

	- name: Upload filtered SARIF
	uses: github/codeql-action/[email protected]
	with:
	sarif_file: sarif-results/${{ matrix.language }}.sarif
	category: "/language:${{ matrix.language }}"

Provide feedback