From e9a138f0cd065de6a19d363323079deca79ef6b9 Mon Sep 17 00:00:00 2001
From: Shinsuke Higashiyama aka Cinzeng Zia
 <94058150+sinsukehlab@users.noreply.github.com>
Date: Mon, 8 Apr 2024 06:32:18 +0900
Subject: [PATCH] Bump actions in workflow files (#89)

* Bump actions in workflow files

actions/checkout@v3 to 4
github/codeql-action/init@v2 to 3
github/codeql-action/autobuild@v2 to 3
github/codeql-action/analyze@v2 to 3

* Create dependabot.yml

github-actions
---
 .github/dependabot.yml                | 6 ++++++
 .github/workflows/codeql-analysis.yml | 8 ++++----
 .github/workflows/jarvis-code.yml     | 4 ++--
 .github/workflows/jarvis-hack.yml     | 4 ++--
 4 files changed, 14 insertions(+), 8 deletions(-)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..8ac6b8c
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 34a4c58..6abb0af 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -22,15 +22,15 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
\ No newline at end of file
+        uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/jarvis-code.yml b/.github/workflows/jarvis-code.yml
index 46aa06d..ca33228 100644
--- a/.github/workflows/jarvis-code.yml
+++ b/.github/workflows/jarvis-code.yml
@@ -23,11 +23,11 @@ jobs:
       contents: read
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Check GitHub Status
         # Source of GitHub Action in line 30: 
         # https://github.com/dduzgun-security/secure-code-game-action
         uses: dduzgun-security/secure-code-game-action@dc70b85ad674f6e93657401f3933622870372093 # v1.0
         with:
           who-to-greet: "Jarvis, obviously ..."
-          get-token: "token-4db56ee8-dbec-46f3-96f5-32247695ab9b"
\ No newline at end of file
+          get-token: "token-4db56ee8-dbec-46f3-96f5-32247695ab9b"
diff --git a/.github/workflows/jarvis-hack.yml b/.github/workflows/jarvis-hack.yml
index fd6b23a..4943f11 100644
--- a/.github/workflows/jarvis-hack.yml
+++ b/.github/workflows/jarvis-hack.yml
@@ -14,11 +14,11 @@ jobs:
       contents: read
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Check for insecure actions
         run: |
           if grep -q "uses: dduzgun-security/secure-code-game-action@" $GITHUB_WORKSPACE/.github/workflows/jarvis-code.yml; then
             echo "Insecure action detected. Please remove it from your workflow."
             exit 1
-          fi
\ No newline at end of file
+          fi