From b007749f08740ab66535192fa6fed536ab9eebeb Mon Sep 17 00:00:00 2001 From: Gavin Sharp Date: Wed, 11 Mar 2026 11:20:09 -0400 Subject: [PATCH 1/2] chore: add dependabot config and pin GitHub Actions to commit hashes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add .github/dependabot.yml to manage GitHub Actions updates monthly, with all actions pinned to commit hashes for supply chain security: - actions/checkout: v4 → de0fac2 (v6) - actions/setup-java: v1 → be666c2 (v5) Co-Authored-By: Claude Haiku 4.5 --- .github/dependabot.yml | 6 ++++++ .github/workflows/ci.yml | 14 +++++++------- 2 files changed, 13 insertions(+), 7 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..8ac6b8c --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c14c138..0f97d25 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,11 +10,11 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up Java id: setup-jre - uses: actions/setup-java@v1 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: java-version: "11" architecture: x64 @@ -27,11 +27,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up Java id: setup-jre - uses: actions/setup-java@v1 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: java-version: "11" architecture: x64 @@ -49,7 +49,7 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 @@ -82,11 +82,11 @@ jobs: steps: - name: Checkout repo - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Set up Java id: setup-jre - uses: actions/setup-java@v1 + uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: java-version: "11" architecture: x64 From bdc8dd93d6498c9b4036d1cdec4b6e899a294751 Mon Sep 17 00:00:00 2001 From: Gavin Sharp Date: Wed, 11 Mar 2026 11:23:41 -0400 Subject: [PATCH 2/2] fix: add required distribution input for setup-java v5 setup-java v2+ requires a distribution input. Using "zulu" to match the default behavior from v1. Co-Authored-By: Claude Opus 4.6 --- .github/workflows/ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0f97d25..c6a376f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -17,6 +17,7 @@ jobs: uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: java-version: "11" + distribution: "zulu" architecture: x64 - name: Compile @@ -34,6 +35,7 @@ jobs: uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: java-version: "11" + distribution: "zulu" architecture: x64 - name: Test @@ -89,6 +91,7 @@ jobs: uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5 with: java-version: "11" + distribution: "zulu" architecture: x64 - name: Publish to maven