From ed34d61fc4c9112ef9bd7ae5d6e93e5beb1dd066 Mon Sep 17 00:00:00 2001 From: nuno maduro Date: Tue, 12 May 2026 02:27:56 +0100 Subject: [PATCH 1/3] chore: pin GitHub Actions to commit SHAs --- .github/workflows/static.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/static.yml b/.github/workflows/static.yml index d00ba6e..d65be43 100644 --- a/.github/workflows/static.yml +++ b/.github/workflows/static.yml @@ -10,10 +10,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 - name: Setup PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2 with: php-version: 8.0 tools: composer:v2 @@ -35,10 +35,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 - name: Setup PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2 with: php-version: 8.0 tools: composer:v2 From 6bc862625dcec9e612728dfea17394083bd7a386 Mon Sep 17 00:00:00 2001 From: nuno maduro Date: Tue, 12 May 2026 02:27:57 +0100 Subject: [PATCH 2/3] chore: pin GitHub Actions to commit SHAs --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 7c31cac..f0f1736 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -15,10 +15,10 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2 - name: Setup PHP - uses: shivammathur/setup-php@v2 + uses: shivammathur/setup-php@accd6127cb78bee3e8082180cb391013d204ef9f # v2 with: php-version: ${{ matrix.php }} tools: composer:v2 From 19b1b0b34d19c4fc9d92e3968d4c54c5ef91f780 Mon Sep 17 00:00:00 2001 From: nuno maduro Date: Tue, 12 May 2026 02:27:58 +0100 Subject: [PATCH 3/3] chore: pin GitHub Actions to commit SHAs --- .github/dependabot.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..f6faee6 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + groups: + github-actions: + patterns: + - "*"