chore(ci): Add code scanning & fix dependabot failures

Author: dpogue

.github/workflows/ci.yml

@@ -17,7 +17,13 @@
 
 name: Node CI
 
-on: [push, pull_request]
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+  pull_request:
+    branches:
+      - '*'
 
 jobs:
   darwin:
@@ -41,13 +47,24 @@ jobs:
           node --version
           npm --version
 
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: javascript
+          queries: security-and-quality
+          config: |
+            paths-ignore:
+              - coverage
+              - node_modules
+
       - name: npm install and test
         run: |
           npm i -g ios-deploy
           npm cit
         env:
           CI: true
 
+      - uses: github/codeql-action/analyze@v3
+
       - uses: codecov/codecov-action@v4
         if: success()
         with:
@@ -76,6 +93,15 @@ jobs:
           node --version
           npm --version
 
+      - uses: github/codeql-action/init@v3
+        with:
+          languages: javascript
+          queries: security-and-quality
+          config: |
+            paths-ignore:
+              - coverage
+              - node_modules
+
       - name: npm install and test
         run: |
           npm ci
@@ -84,6 +110,8 @@ jobs:
         env:
           CI: true
 
+      - uses: github/codeql-action/analyze@v3
+
       - uses: codecov/codecov-action@v4
         if: success()
         with:

.github/workflows/release-audit.yml

@@ -17,7 +17,13 @@
 
 name: Release Auditing
 
-on: [push, pull_request]
+on:
+  push:
+    branches-ignore:
+      - 'dependabot/**'
+  pull_request:
+    branches:
+      - '*'
 
 jobs:
   test: