Bump CodeQL actions (#1391)

* Bump actions/upload-artifact from 1 to 4

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 1 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v1...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>

* update codeQL action

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: meiji163 <[email protected]>

Author: dependabot[bot]

.github/workflows/ci.yml

@@ -19,7 +19,7 @@ jobs:
       run: script/cibuild
 
     - name: Upload gh-ost binary artifact
-      uses: actions/upload-artifact@v1
+      uses: actions/upload-artifact@v4
       with:
         name: gh-ost
         path: bin/gh-ost

.github/workflows/codeql.yml

@@ -2,12 +2,18 @@ name: "CodeQL analysis"
 
 on: 
   push:
+    branches: [ master ]
   pull_request:
+    branches: [ master ]
   schedule:
-    - cron: '0 0 * * 0'
+    - cron: '25 22 * * 6'
 
 jobs:
   codeql:
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
 
     strategy:
       fail-fast: false
@@ -16,10 +22,10 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     - name: Initialize CodeQL 
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3