From 9a6848a2d9ee5dbbf3a35a7ed4c57ddf94382dae Mon Sep 17 00:00:00 2001
From: Mathieu Pillard <mpillard@mozilla.com>
Date: Wed, 27 May 2026 00:38:25 +0200
Subject: [PATCH 1/3] Check for dependabots daily (keeping 7 day cooldown)

---
 .github/dependabot.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 9c18c4e..fbca3dd 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -3,14 +3,14 @@ updates:
 - package-ecosystem: "github-actions"
   directory: "/"
   schedule:
-    interval: weekly
+    interval: daily
   cooldown:
     default-days: 7
   open-pull-requests-limit: 99
 - package-ecosystem: "docker-compose"
   directory: "/"
   schedule:
-    interval: weekly
+    interval: daily
   cooldown:
     default-days: 7
   open-pull-requests-limit: 99

From 4c1693844d71950cf9ddc3e65d71a66cf4ff445e Mon Sep 17 00:00:00 2001
From: Mathieu Pillard <mpillard@mozilla.com>
Date: Wed, 27 May 2026 00:38:51 +0200
Subject: [PATCH 2/3] Bump actionlint and zizmor

---
 docker-compose.tools.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docker-compose.tools.yml b/docker-compose.tools.yml
index 97659cf..f953b0e 100644
--- a/docker-compose.tools.yml
+++ b/docker-compose.tools.yml
@@ -9,10 +9,10 @@ services:
 
   actionlint:
     extends: base
-    image: rhysd/actionlint:1.7.7@sha256:887a259a5a534f3c4f36cb02dca341673c6089431057242cdc931e9f133147e9
+    image: rhysd/actionlint:1.7.12@sha256:b1934ee5f1c509618f2508e6eb47ee0d3520686341fec936f3b79331f9315667
 
   zizmor:
     extends: base
-    image: ghcr.io/zizmorcore/zizmor:1.18.0@sha256:c5bbdb28b75702f181695d7a878e562ccb5c0a01847db87edda7476908d73dd6
+    image: ghcr.io/zizmorcore/zizmor:1.25.2@sha256:14ea7f5cc7c67933394a35b5a38a277397818d232602635edb2010b313afb110
     environment:
       - GH_TOKEN

From 324cb148ffa7f12539c6cbeb44644b7166006d01 Mon Sep 17 00:00:00 2001
From: Mathieu Pillard <mpillard@mozilla.com>
Date: Wed, 27 May 2026 00:45:05 +0200
Subject: [PATCH 3/3] Add sha hash to github actions

---
 .github/workflows/ci.yml    |  8 ++++----
 .github/workflows/docs.yml  | 10 +++++-----
 .github/workflows/stale.yml |  2 +-
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ec1c990..d21fea3 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,7 +23,7 @@ jobs:
       matrix:
         target: [actionlint, zizmor]
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
@@ -113,7 +113,7 @@ jobs:
             expect_failure: false
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
@@ -169,7 +169,7 @@ jobs:
             dry_run: true
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
@@ -277,7 +277,7 @@ jobs:
             separator: " • "
 
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 36ed1e3..6c057fb 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -25,7 +25,7 @@ jobs:
       is_fork: ${{ steps.context.outputs.is_fork }}
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
@@ -40,12 +40,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
       - name: Set up Python
-        uses: actions/setup-python@v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: '3.x'
 
@@ -56,7 +56,7 @@ jobs:
         run: make -C docs html
 
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v5
+        uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0
         with:
           path: 'docs/_build/html'
           name: ${{ env.docs_artifact }}
@@ -82,7 +82,7 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v5
+        uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0
         with:
           artifact_name: ${{ env.docs_artifact }}
 
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index c867a91..1731dac 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -19,7 +19,7 @@ jobs:
       issues: write
 
     steps:
-    - uses: actions/stale@v10.2.0
+    - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: >