From cf9ce6f5eb289e4be173833f1d1617cf6af7e2fb Mon Sep 17 00:00:00 2001
From: Rafael Matias <rafael@skyle.net>
Date: Thu, 8 May 2025 13:07:49 +0200
Subject: [PATCH 1/3] Update GitHub Actions in
 .github/workflows/go-setup/action.yml to use pinned hashes

---
 .github/workflows/go-setup/action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/go-setup/action.yml b/.github/workflows/go-setup/action.yml
index 99ff074..03696ca 100644
--- a/.github/workflows/go-setup/action.yml
+++ b/.github/workflows/go-setup/action.yml
@@ -11,7 +11,7 @@ runs:
   using: "composite"
   steps:
     - name: Set up Go
-      uses: actions/setup-go@v5
+      uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
       with:
         go-version: ${{ inputs.go-version }}
         cache: true 
\ No newline at end of file

From a2013aa982fecb1d279930ff87408effab284708 Mon Sep 17 00:00:00 2001
From: Rafael Matias <rafael@skyle.net>
Date: Thu, 8 May 2025 13:07:49 +0200
Subject: [PATCH 2/3] Update GitHub Actions in .github/workflows/go-test.yml to
 use pinned hashes

---
 .github/workflows/go-test.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/go-test.yml b/.github/workflows/go-test.yml
index 77811e8..42827e0 100644
--- a/.github/workflows/go-test.yml
+++ b/.github/workflows/go-test.yml
@@ -13,6 +13,6 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: ./.github/workflows/go-setup
       - run: go test -v -race ./... 
\ No newline at end of file

From 5c6d53c0f8d40942fd1fa37185a025e1a62eddc3 Mon Sep 17 00:00:00 2001
From: Rafael Matias <rafael@skyle.net>
Date: Thu, 8 May 2025 13:07:51 +0200
Subject: [PATCH 3/3] Add dependabot configuration for GitHub Actions

---
 .github/dependabot.yml | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..adfbcbd
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,10 @@
+version: 2
+updates:
+   - package-ecosystem: github-actions
+     directory: /
+     schedule:
+        interval: monthly
+     groups:
+        actions:
+           patterns:
+              - '*'