From f16a13595d45d3bb72ee5f68d9b29d81049ef720 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 13 Sep 2025 09:11:38 +0000
Subject: [PATCH 1/2] Initial plan


From 1364f63864a372de59afd342ee68ebac4ba7d158 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sat, 13 Sep 2025 09:19:34 +0000
Subject: [PATCH 2/2] Pin GitHub Actions dependencies with commit SHAs and
 update Dependabot to weekly schedule

- Pin actions/checkout@v4 to specific commit SHA with version comment
- Pin actions/setup-java@v4 to specific commit SHA with version comment
- Update Dependabot to weekly schedule for GitHub Actions
- Group all GitHub Actions updates in single group

Co-authored-by: scordio <26772046+scordio@users.noreply.github.com>
---
 .github/dependabot.yml      | 7 ++++++-
 .github/workflows/build.yml | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8b1bb85f..06c31a89 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -11,5 +11,10 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+      day: "monday"
       time: "02:00"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index eee6835c..1248c412 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -14,11 +14,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
           fetch-depth: 0
       - name: Set up JDK 21
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           distribution: 'temurin'
           java-version: '21'