From 1a274f5c7f075643b0bd539d1950421c24be389e Mon Sep 17 00:00:00 2001
From: jaimergp <jaimergp@users.noreply.github.com>
Date: Mon, 6 May 2024 11:12:47 +0200
Subject: [PATCH] pin github actions; add dependabot

---
 .github/dependabot.yml      | 6 ++++++
 .github/workflows/tests.yml | 4 ++--
 2 files changed, 8 insertions(+), 2 deletions(-)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..5ace460
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index e8bb3c7..6ea8ebe 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -14,11 +14,11 @@ jobs:
     name: tests
     runs-on: "ubuntu-latest"
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
         with:
           fetch-depth: 0
 
-      - uses: conda-incubator/setup-miniconda@v2
+      - uses: conda-incubator/setup-miniconda@9f54435e0e72c53962ee863144e47a4b094bfd35 # v2
         with:
           channels: conda-forge,defaults
           channel-priority: strict