Bump actions/checkout from 3 to 4 #7

	name: Semgrep

	on:
	# Scan changed files in PRs, block on new issues only (existing issues ignored)
	pull_request: {}

	# Scan all files on branches, block on any issues
	# push:
	# branches: ["master", "main"]

	# Schedule this job to run at a certain time, using cron syntax
	# Note that * is a special character in YAML so you have to quote this string
	# schedule:
	# - cron: '30 0 1,15 * *' # scheduled for 00:30 UTC on both the 1st and 15th of the month

	jobs:
	semgrep:
	name: Scan
	runs-on: ubuntu-latest
	# Skip any PR created by dependabot to avoid permission issues
	if: (github.actor != 'dependabot[bot]')
	steps:
	# Fetch project source
	- uses: actions/checkout@v4

	- uses: returntocorp/semgrep-action@v1
	with:
	config: >- # more at semgrep.dev/explore
	p/auto

	# == Optional settings in the `with:` block

	# Instead of `config:`, use rules set in Semgrep App.
	# Get your token from semgrep.dev/manage/settings.
	# publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}

	# Never fail the build due to findings on pushes.
	# Instead, just collect findings for semgrep.dev/manage/findings
	# auditOn: push

	# Upload findings to GitHub Advanced Security Dashboard [step 1/2]
	# See also the next step.
	# generateSarif: "1"

	# Change job timeout (default is 1800 seconds; set to 0 to disable)
	# env:
	# SEMGREP_TIMEOUT: 300

	# Upload findings to GitHub Advanced Security Dashboard [step 2/2]
	# - name: Upload SARIF file for GitHub Advanced Security Dashboard
	# uses: github/codeql-action/upload-sarif@v1
	# with:
	# sarif_file: semgrep.sarif
	# if: always()

Provide feedback