From 9f2cb2a4f795f26690b4ec94541b2836669ff73f Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Mon, 19 Dec 2022 20:28:28 +0000
Subject: [PATCH 1/5] github: Pin actions/checkout to
 755da8c3cf115ac066823e79a1e1788f8940201b

---
 .github/workflows/go-tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index ade0415..2da781e 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -20,7 +20,7 @@ jobs:
           go-version: ${{ matrix.go-version }}
       
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # https://github.com/actions/checkout/releases/tag/v3.2.0
 
       - name: Create test directory
         run: |

From 41ce7c0edc718ee73e9145b307abd162759624d9 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Mon, 19 Dec 2022 20:28:48 +0000
Subject: [PATCH 2/5] github: Pin actions/setup-go to
 6edd4406fa81c3da01a34fa6f6343087c207a568

---
 .github/workflows/go-tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 2da781e..7cd1f1a 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -15,7 +15,7 @@ jobs:
     
     steps:
       - name: Setup go
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # https://github.com/actions/setup-go/releases/tag/v3.5.0
         with:
           go-version: ${{ matrix.go-version }}
       

From e50346b872ee9c67c2d7b53948d9eaddf8e90eac Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Mon, 19 Dec 2022 20:29:50 +0000
Subject: [PATCH 3/5] github: Pin actions/cache to
 9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7

---
 .github/workflows/go-tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index 7cd1f1a..f7780ee 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -30,7 +30,7 @@ jobs:
         run: go mod download
       
       - name: Cache / restore go modules
-        uses: actions/cache@v3
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # https://github.com/actions/cache/releases/tag/v3.0.11
         with:
           path: |
             ~/go/pkg/mod

From 82af4a9b492cd0eab0e25f417996419ac1d2efa1 Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Mon, 19 Dec 2022 20:30:48 +0000
Subject: [PATCH 4/5] github: Pin actions/upload-artifact to
 83fd05a356d7e2593de66fc9913b3002723633cb

---
 .github/workflows/go-tests.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/go-tests.yml b/.github/workflows/go-tests.yml
index f7780ee..4933f94 100644
--- a/.github/workflows/go-tests.yml
+++ b/.github/workflows/go-tests.yml
@@ -68,7 +68,7 @@ jobs:
       
       # Save coverage report parts
       - name: Upload and save artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # https://github.com/actions/upload-artifact/releases/tag/v3.1.1
         with:
           name: Test Results
           path: ${{ env.TEST_RESULTS }}
\ No newline at end of file

From 177cbad29c01429521865d34a0b67b1719d8872d Mon Sep 17 00:00:00 2001
From: Radek Simko <radek.simko@gmail.com>
Date: Tue, 20 Dec 2022 09:58:05 +0000
Subject: [PATCH 5/5] github: Enable dependabot

---
 .github/dependabot.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..405de40
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    labels: ["dependencies"]
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    labels: ["dependencies"]