diff --git a/.github/dependabot.yml b/.github/dependabot.yml index da341d0f..f07fdeaa 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -12,6 +12,8 @@ updates: # reviewers: # - reviewer_one + cooldown: + default-days: 7 - package-ecosystem: 'gitsubmodule' directory: '' open-pull-requests-limit: 10 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index cad32b9e..d1b334e8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -18,15 +18,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Setup .NET SDK - uses: actions/setup-dotnet@v4 + uses: actions/setup-dotnet@67a3573c9a986a3f9c594539f4ab511d57bb3ce9 # v4.3.1 with: dotnet-version: 9.0.x - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1 with: queries: security-and-quality languages: csharp @@ -57,5 +57,5 @@ jobs: --no-restore - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1 # Built with ❤ by [Pipeline Foundation](https://pipeline.foundation) diff --git a/.github/workflows/dotnet-format.yml b/.github/workflows/dotnet-format.yml index 34135b82..55b08a38 100644 --- a/.github/workflows/dotnet-format.yml +++ b/.github/workflows/dotnet-format.yml @@ -10,7 +10,7 @@ jobs: steps: - name: check out code - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - name: dotnet format run: dotnet format src --verify-no-changes \ No newline at end of file