I noticed that the current CI workflow in this repository could benefit from some updates. Specifically:

1. Deprecation of Artifact Actions v3:

   • The actions/upload-artifact@v3 and actions/download-artifact@v3 actions are being deprecated as of November 30, 2024 (GitHub Deprecation Notice).
   • These actions should be updated to their latest versions to ensure continued functionality in the CI workflow.
   • CI Runs are currently failing like in PR chore(deps): update debug to ^4.4.0 #6313

2. The Coverage setup could also be optimized:

   • Currently, the workflow uses the coverallsapp/github-action@master which points to v1 of this action. This v1 action uses node16 as runtime which is deprecated.

3. Minimum token permissions for the GITHUB_TOKEN:

   • GitHub Actions workflows have a GITHUB_TOKEN with write access to multiple scopes.
   • It is a best practice to reduce the scopes to the minimum needed for each workflow / step.
   • GitHub recommends defining minimum GITHUB_TOKEN permissions. https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
   • The Open Source Security Foundation (OpenSSF) Scorecards also treats not setting token permissions as a high-risk issue. This change will help increase the Scorecard score for this repository.

4. lint step install only dev dependencies

   • the lint step currently tries to install only the dev dependencies with the --only=dev cli argument. --only=dev has been replaced with --include=dev since npm v7. https://docs.npmjs.com/cli/v11/commands/npm-install#include

I will merge this PR as currently has a fix for our broken CI (example)

@Phillip9587 do you mind to port this to 4.x branch too? Seems like the CI is broken too (ref) :)