chore: update GitHub Actions workflows to Node 24

[Copilot]

GitHub is deprecating Node 20 on Actions runners (default switches to Node 24 in June 2026). Updates all workflow files to use action versions that declare node24 as their runtime.

Updated to node24

Action	Before	After
actions/checkout	v4.2.2 / v4	v6.0.2
actions/setup-python	v5.6.0	v6.2.0
github/codeql-action (init/autobuild/analyze)	v3.28.3	v4.33.0

Best-available bump (no node24 release yet)

Action	Before	After
actions/dependency-review-action	v4.6.0	v4.9.0 (still node20)
github/ossar-action	v1 (node16)	v2.0.0 (node20)

Left unchanged

• step-security/harden-runner@v2.16.0 — already node24 per its release notes
• sourcery-ai/action@v1, anthropics/claude-code-action@v1, shundor/python-bandit-scan@<sha> — all composite actions with no Node runtime
• github/codeql-action@v4 floating refs in codeql.yml — already node24

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/actions/checkout/releases
  • Triggering command: /usr/bin/curl curl -s REDACTED (http block)
• https://api.github.com/repos/github/codeql-action/releases
  • Triggering command: /usr/bin/curl curl -s REDACTED (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)

Original prompt

Open a pull request in kimocoder/wifite2 to update GitHub Actions workflows away from deprecated older Node runtimes and use Node 24 where appropriate.

Repository

• kimocoder/wifite2
• Base branch: master

Goal

Update GitHub Actions workflows so the repository uses Node 24 instead of older Node versions (such as Node 20 or Node 16) wherever the workflow explicitly configures a Node version.

Scope

Please inspect the workflow files under .github/workflows/ and update them accordingly.

Requirements

1. Find all workflow files that explicitly configure a Node version, such as via actions/setup-node or similar patterns.
2. Change explicit workflow Node usage to Node 24.
3. If a workflow does not explicitly configure Node but uses third-party JavaScript actions that are pinned to old action versions, check whether a safe action version bump is needed to avoid deprecated runtime usage.
4. Prefer the smallest safe change that modernizes the workflows.
5. Preserve workflow behavior as much as possible.
6. If some actions should not be changed because there is no safe/obvious update, leave them unchanged and mention that in the PR description.

Notes

• The user explicitly wants Node 24.
• Be careful not to introduce breaking changes to unrelated workflow logic.
• Update only what is necessary for Node runtime modernization.

Validation

• Ensure workflow YAML remains valid.
• If possible, verify there are no remaining explicit Node 16/20 settings in workflow files after the change.

Deliverable

Open a PR updating GitHub Actions workflows to use Node 24 where appropriate, with a concise summary of what changed and any limitations.

The following is the prior conversation context from the user's chat exploration (may be truncated):

Assistant: Here's a comprehensive summary of my findings after scanning the kimocoder/wifite2 project:

---

📋 Project Scan Summary

📊 Overview

• Language: Python | License: GPLv2 | ⭐ 1,426 stars | 🍴 254 forks
• Fork of: derv82/wifite2 — actively maintained with significant new features (Evil Twin, TUI, WPA3/SAE, dual-interface, wpa-sec upload, etc.)
• Open Issues: 2 | Open PRs: 0

---

🐛 Open Issues

#	Title	Summary
#363	aircrack-ng NOT utilising "neon" SIMD on Raspberry Pi 5	On RPi5, wifite uses --simd=generic instead of neon, resulting in ~13x slower hash rates (210 k/s vs 2800 k/s). Wifite may need to detect SIMD capabilities and pass --simd=neon to aircrack-ng explicitly.
#160	WPS always "No" on WiFi Pineapple MK7	On OpenWRT-based devices, WPS always shows as "No" or "Lock". Likely a parsing/compatibility issue with older tool versions on embedded platforms.

---

🔧 Code-Level Findings

1. Acknowledged TODOs & HACKs in Code 🟡

Multiple TODO, FIXME, XXX, and HACK markers exist throughout the codebase:

• wifite/model/handshake.py — HACK: Arbitrarily selects the first BSSID/ESSID pair when neither is known; a user selection menu is missing (TODO: Display menu for user to select from list).
• wifite/model/handshake.py — XXX: The strip() method warns it may break aircrack-ng.
• wifite/util/crack.py — TODO: Bring back the 'print' option, for easy copy/pasting.
• wifite/config.py — TODO: categorize configuration into separate classes (under config/*.py) — the Configuration class is a ~1,440-line monolith holding all settings as class variables.
• wifite/args.py — TODO: Uncomment the --strip option once it works — feature disabled/commented out.
• wifite/tools/airmon.py — TODO: add support for other unorthodox init systems.
• wifite/attack/wpa.py — TODO: Potentially add a fallback or user choice for aircrack-ng for non-SAE.
• docs/EVILTWIN.md — Multiple TODOs for HTTPS spoofing, password validation, CGI server state management, and Apple/Google captive portal detection.
• docs/TODO.md — Extensive braindump acknowledging too many CLI options, need for dependency injection, better dependency handling, and native Python implementations.

2. Configuration Class Complexity 🟠

wifite/config.py (Configuration class) is a massive god-class with:

• ~100+ class-level attributes (all None initialized)
• All settings (WPA, WPS, WEP, Evil Twin, WPA-SEC, TUI, dual-interface, monitoring) in a single class
• The TODO in the code itself acknowledges this needs refactoring into separate config modules

3. CLI Option Bloat 🟡

As documented in docs/TODO.md:

• 8 timeout options (wpat, wpadt, pixiet, pixiest, wpst, wept, weprs, weprc) — unclear if all still work
• 5 threshold options inconsistent between Bully & Reaver
• Many options hidden via argparse.SUPPRESS rat...

This pull request was created from Copilot chat.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Copilot]

Pull request overview

Updates GitHub Actions workflow dependencies to versions that support newer Node runtimes (Node 24 where available) in response to GitHub’s upcoming runner runtime deprecations.

Changes:

• Bumped actions/checkout across workflows to v6.0.2.
• Bumped actions/setup-python to v6.2.0 where used.
• Updated CodeQL workflow (codeql-analysis.yml) from github/codeql-action@v3.28.3 to v4.33.0, and refreshed other security workflow actions where possible.

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
.github/workflows/python-publish.yml	Update checkout + setup-python action versions for publishing workflow.
.github/workflows/ossar-analysis.yml	Update checkout and OSSAR action versions (OSSAR bumped to v2.0.0).
.github/workflows/dependency-review.yml	Update checkout and dependency-review action versions.
.github/workflows/codeql.yml	Update checkout action version (CodeQL actions already on v4).
.github/workflows/codeql-analysis.yml	Update checkout and pin CodeQL init/autobuild/analyze to v4.33.0.
.github/workflows/claude.yml	Update checkout action version for Claude workflow.
.github/workflows/claude-code-review.yml	Update checkout action version for Claude code review workflow.
.github/workflows/checkpr-sourcery.yml	Update checkout + setup-python action versions for Sourcery PR checks.
.github/workflows/bandit.yml	Update checkout action version for Bandit scan workflow.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.