Add npm script to regenerate the package-lock.json (#41)

Adds a new npm script called `regen-package-lock` to the root
`package.json`. This script removes all `node_modules` and
`package-lock.json` files from the root and all workspaces, then
reinstalls dependencies and runs `npm audit:fix` to ensure a clean and
secure dependency tree.

Author: AlexJSully

.github/workflows/code-qa.yaml

@@ -20,6 +20,8 @@ on:
             - "**/*.html"
             - ".github/workflows/code-qa.yaml"
 
+permissions:
+    contents: read
 jobs:
     build:
         runs-on: ubuntu-latest
@@ -31,7 +33,7 @@ jobs:
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v4
+              uses: actions/checkout@v5
             - name: Use Node.js ${{ matrix.node-version }}
               uses: actions/setup-node@v4
               with:

.github/workflows/codeql-analysis.yaml

@@ -25,19 +25,33 @@ on:
 jobs:
     analyze:
         name: Analyze
-        runs-on: ubuntu-latest
+        # Runner size impacts CodeQL analysis time. To learn more, please see:
+        #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+        #   - https://gh.io/supported-runners-and-hardware-resources
+        #   - https://gh.io/using-larger-runners
+        # Consider using larger runners for possible analysis time improvements.
+        runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+        timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
+        permissions:
+            # required for all workflows
+            security-events: write
+
+            # only required for workflows in private repositories
+            actions: read
+            contents: read
 
         strategy:
             fail-fast: false
             matrix:
-                language: ["javascript"]
-                # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
-                # Learn more:
-                # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+                language: ["javascript-typescript", "actions"]
+                # CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ]
+                # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both
+                # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+                # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v4
+              uses: actions/checkout@v5
 
             # Initializes the CodeQL tools for scanning.
             - name: Initialize CodeQL

.github/workflows/markdown-lint.yaml

@@ -16,13 +16,15 @@ on:
             - ".markdownlintignore"
             - ".github/workflows/markdown-lint.yml"
 
+permissions:
+    contents: read
 jobs:
     lint-markdown:
         runs-on: ubuntu-latest
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v4
+              uses: actions/checkout@v5
             - name: Use Node.js ${{ matrix.node-version }}
               uses: actions/setup-node@v4
               with:

.github/workflows/ossar.yaml

@@ -16,12 +16,14 @@ on:
             - "**/*.R"
             - ".github/workflows/r.yaml"
 
+permissions:
+    contents: read
 jobs:
     build:
         runs-on: ubuntu-latest
         steps:
             - name: Checkout code
-              uses: actions/checkout@v4
+              uses: actions/checkout@v5
 
             - name: Set up R
               uses: r-lib/actions/setup-r@v2