From 98b49d38049e6a5b4b189785e21ded7673d56b9f Mon Sep 17 00:00:00 2001
From: Mathieu Benoit <mathieu-benoit@hotmail.fr>
Date: Mon, 20 Jan 2025 09:07:44 -0500
Subject: [PATCH 1/3] Create dependabot.yml

Signed-off-by: Mathieu Benoit <mathieu-benoit@hotmail.fr>
---
 .github/dependabot.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..d65fa0f
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,10 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    groups:
+      ci:
+        patterns:
+          - "*"

From 39332facd14f55620ebf8b3e2d009479ad72db55 Mon Sep 17 00:00:00 2001
From: Mathieu Benoit <mathieu-benoit@hotmail.fr>
Date: Mon, 20 Jan 2025 09:08:53 -0500
Subject: [PATCH 2/3] Update ci.yaml - pin GHA actions versions

Signed-off-by: Mathieu Benoit <mathieu-benoit@hotmail.fr>
---
 .github/workflows/ci.yaml | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 063c1ec..e67e061 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -10,10 +10,9 @@ jobs:
   linkchecker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Link Checker
-        uses: lycheeverse/lychee-action@v1.10.0
+        uses: lycheeverse/lychee-action@f796c8b7d468feb9b8c0a46da3fac0af6874d374 # v2.2.0
         with:
           # Providing default parameters plus an exclude for Google Meet which produces a network error when checked
           args: --verbose --no-progress './**/*.md' './**/*.html' --exclude https://meet.google.com
@@ -24,12 +23,11 @@ jobs:
   jsonschema:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Setup Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           go-version: 'stable'
-
       - name: Check Schema
         env:
           GOPATH: /home/runner/work/go

From 57e8c322c8eded9269985240fd4db7f63effbb54 Mon Sep 17 00:00:00 2001
From: Mathieu Benoit <mathieu-benoit@hotmail.fr>
Date: Mon, 20 Jan 2025 09:10:45 -0500
Subject: [PATCH 3/3] Update release.yaml - pin GHA actions versions

Signed-off-by: Mathieu Benoit <mathieu-benoit@hotmail.fr>
---
 .github/workflows/release.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 6d5a200..6993fcc 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -8,9 +8,9 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
     - name: Release
-      uses: softprops/action-gh-release@v2
+      uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1
       with:
         files: |
           score-v1b1.json