chore(deps): lock file maintenance #4302

	name: SonarCloud Analysis

	on:
	push:
	branches:
	- master
	pull_request:
	branches:
	- master
	workflow_dispatch:

	jobs:
	build:
	name: SonarCloud Scan
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: read
	if: \|
	github.event_name != 'pull_request' \|\|
	github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	api.github.com:443
	github.com:443
	registry.npmjs.org:443
	npm.pkg.github.com:443
	objects.githubusercontent.com:443
	pkg-npm.githubusercontent.com:443
	ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com
	sc-cleancode-sensorcache-eu-central-1-prod.s3.amazonaws.com:443
	scanner.sonarcloud.io:443
	sonarcloud.io:443
	cli.codecov.io:443
	api.codecov.io:443
	storage.googleapis.com:443

	- name: Check out the code
	uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
	with:
	submodules: true

	- name: Run SonarCloud analysis
	uses: myrotvorets/composite-actions/node-sonarscan@master
	with:
	sonar-token: ${{ secrets.SONAR_TOKEN }}
	registry-url: https://npm.pkg.github.com
	test-script: 'test:coverage'

	- name: Run codecov
	uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
	with:
	flags: unit-tests
	token: ${{ secrets.CODECOV_TOKEN }}

Provide feedback