chore(deps): update actions/checkout action to v4.1.5 #79

	name: Package Audit

	on:
	push:
	branches:
	- '**'
	paths:
	- package.json
	- package-lock.json
	- .github/workflows/package-audit.yml
	workflow_dispatch:

	permissions:
	contents: read

	jobs:
	audit-npm:
	name: NPM Audit
	runs-on: ubuntu-latest
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
	with:
	disable-sudo: true
	allowed-endpoints:
	api.github.com:443
	github.com:443
	npm.pkg.github.com:443
	pkg-npm.githubusercontent.com:443
	registry.npmjs.org:443

	- name: Audit with NPM
	uses: myrotvorets/composite-actions/node-package-audit@master

	provenance:
	name: Verify signatures and provenance statements
	runs-on: ubuntu-latest
	permissions:
	contents: read
	packages: read
	steps:
	- name: Harden Runner
	uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
	with:
	disable-sudo: true
	allowed-endpoints:
	api.github.com:443
	github.com:443
	npm.pkg.github.com:443
	pkg-npm.githubusercontent.com:443
	registry.npmjs.org:443
	tuf-repo-cdn.sigstore.dev:443

	- name: Checkout
	uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5

	- name: Setup Node.js environment
	uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
	with:
	node-version: lts/*
	registry-url: https://npm.pkg.github.com
	cache: npm

	- name: Install dependencies
	run: npm ci --ignore-scripts
	env:
	NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

	- name: Update npm
	run: npm i -g npm

	- name: Run audit
	run: npm audit signatures
	env:
	NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Provide feedback