87a391363e
* Upgrade GitHub actions & pin to commit hash The only exception is `google/oss-fuzz` which does not seem to have releases or Git tags, so pinning might not make sense there. Also adds `actions/setup-java` to the `codeql-analysis` workflow to explicitly specify the JDK version to use (and to use the caching of that action) instead of relying on the default JDK of the runner image. * Enable Dependabot for GitHub actions --------- Co-authored-by: Éamonn McManus <emcmanus@google.com>
12 lines
207 B
YAML
12 lines
207 B
YAML
version: 2
|
|
updates:
|
|
- package-ecosystem: "maven"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "daily"
|
|
|
|
- package-ecosystem: "github-actions"
|
|
directory: "/"
|
|
schedule:
|
|
interval: "weekly"
|