From 22d654bb22d9721145c0c6622e7c56586c872ba3 Mon Sep 17 00:00:00 2001
From: "P. L. Lim" <2090236+pllim@users.noreply.github.com>
Date: Mon, 30 Sep 2024 12:29:39 -0400
Subject: [PATCH 1/2] MNT: Use hash for Action workflow versions and update,
 and add dependabot, if needed

---
 .github/workflows/ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8e57c3654..766ac2351 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -43,11 +43,11 @@ jobs:
         run: |
           sudo apt-get install pandoc
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938  # v4.2.0
         with:
           fetch-depth: 0
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3  # v5.2.0
         with:
           python-version: ${{ matrix.python-version }}
       - name: Upgrade pip

From 21521f78f3d4fdde54207f5592724fe0960e7016 Mon Sep 17 00:00:00 2001
From: "P. L. Lim" <2090236+pllim@users.noreply.github.com>
Date: Mon, 30 Sep 2024 12:32:34 -0400
Subject: [PATCH 2/2] Update dependabot.yml

---
 .github/dependabot.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index f4952bab4..4c2a737cf 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,3 +6,11 @@ updates:
     interval: daily
     time: "10:00"
   open-pull-requests-limit: 10
+- package-ecosystem: "github-actions"
+  directory: ".github/workflows" # Location of package manifests
+  schedule:
+    interval: "monthly"
+  groups:
+    actions:
+      patterns:
+        - "*"