SonarQube reviewer guide

Summary: Dependency updates across GitHub Actions, npm packages, and minor workflow improvements. Updates GitHub Actions to v4, refreshes 50+ npm packages to latest versions, and updates Trivy security scanner version with quote style normalization in workflows.

Review Focus:

1. GitHub Actions version upgrades (checkout and setup-node v3→v4) - verify compatibility
2. Trivy security scanner update to v0.35.0 with pinned commit hash - confirm security improvements
3. Significant dependency updates: jsonwebtoken 9.0.0→9.0.3, ajv 8.11→8.18, loopback packages, and npm/yarn ecosystem - check for breaking changes in test coverage

Start review at: .github/workflows/trivy.yaml. This is where the most significant functional change occurs with the Trivy action update to a specific commit hash plus workflow parameter quote normalization, which represents a departure from the typical semver pattern used elsewhere.

💬 Please send your feedback

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud