chore: upgrade CodeQL Action from v3 to v4

[mrgrain]

CodeQL Action v3 is being deprecated in December 2026 (announcement). v4 was released on October 7, 2025 and runs on the Node.js 24 runtime. It's a drop-in replacement with no configuration changes required.

Checklist

• This change contains a major version upgrade for a dependency and I confirm all breaking changes are addressed
  • Release notes for the new version: https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/codeql.yml

Package	Version	License	Issue Type
github/codeql-action/analyze	4.*.*	Null	Unknown License
github/codeql-action/init	4.*.*	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
actions/github/codeql-action/analyze	4.*.*	Unknown	Unknown
actions/github/codeql-action/init	4.*.*	Unknown	Unknown

Scanned Files

• .github/workflows/codeql.yml

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.64%. Comparing base (3ec7934) to head (0a29a17).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1616      +/-   ##
==========================================
- Coverage   88.64%   88.64%   -0.01%     
==========================================
  Files          77       77              
  Lines       11293    11296       +3     
  Branches     1565     1565              
==========================================
+ Hits        10011    10013       +2     
- Misses       1253     1254       +1     
  Partials       29       29              

Flag	Coverage Δ
suite.unit	88.64% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.