chore: update CodeQL workflow to match GitHub advanced setup

Author: tristandubbeld

.github/workflows/codeql.yml

@@ -10,17 +10,23 @@ on:
 
 jobs:
   analyze:
-    name: Analyze
+    name: Analyze (${{ matrix.language }})
     runs-on: ubuntu-latest
     permissions:
+      # required for all workflows
+      security-events: write
+      # required to fetch internal or private CodeQL packs
+      packages: read
+      # only required for workflows in private repositories
       actions: read
       contents: read
-      security-events: write
 
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'javascript' ]
+        include:
+        - language: javascript-typescript
+          build-mode: none
 
     steps:
     - name: Clean up disk space
@@ -30,7 +36,7 @@ jobs:
         echo ""
         echo "Cleaning up unnecessary files to free disk space..."
         
-        # Remove large tool directories that aren't needed for JavaScript CodeQL analysis
+        # Remove large tool directories that aren't needed for JavaScript/TypeScript CodeQL analysis
         # These tools will be re-downloaded by GitHub Actions if needed for other jobs
         sudo rm -rf /usr/share/dotnet
         sudo rm -rf /opt/ghc
@@ -61,17 +67,17 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v4
 
+    # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        # Use our custom config file to exclude unnecessary files
         config-file: ./.github/codeql/codeql-config.yml
 
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
-
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
       with:
         category: "/language:${{matrix.language}}"