🩹[Patch]: Update dependabot schedule and pin actions to SHA (#5)

MariusStorhaug · web-flow · commit 84fe70bd29d4 · 2026-01-22T15:55:52.000+01:00
Dependabot now checks for updates daily with a 7-day cooldown period,
reducing noise while maintaining timely security updates. All GitHub
Actions are pinned to specific commit SHAs with version comments for
enhanced security and reproducibility.

## Dependabot Configuration

Updated the schedule from `weekly` to `daily` with a `cooldown` of 7
days. This means Dependabot will check for updates daily but will wait 7
days after a new version is released before creating a PR, helping to
avoid early adoption of potentially unstable releases.

```yaml
schedule:
  interval: daily
cooldown:
  default-days: 7
```

## Pinned Actions

All actions are now pinned to specific commit SHAs with version tag
comments for traceability:

| Action | Version | Commit SHA |
|--------|---------|------------|
| `actions/checkout` | v6.0.1 |
`8e8c483db84b4bee98b60c0593521ed34d9990e8` |
| `actions/configure-pages` | v5.0.0 |
`983d7736d9b0ae728b81ab479565c72886d7745b` |
| `actions/upload-pages-artifact` | v4.0.0 |
`7b1f4a764d45c48632c6b24a0339c27f5614fb0b` |
| `actions/deploy-pages` | v4.0.5 |
`d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e` |
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -5,10 +5,12 @@
 
 version: 2
 updates:
-  - package-ecosystem: github-actions # See documentation for possible values
-    directory: / # Location of package manifests
+  - package-ecosystem: github-actions
+    directory: /
     labels:
       - dependencies
       - github-actions
     schedule:
-      interval: weekly
+      interval: daily
+    cooldown:
+      default-days: 7
diff --git a/.github/workflows/Docs.yml b/.github/workflows/Docs.yml
@@ -24,11 +24,11 @@ jobs:
     permissions:
       contents: read # to checkout the repo
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
 
-      - uses: actions/configure-pages@v5
+      - uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
 
       - name: Install mkdoks-material
         run: |
@@ -41,7 +41,7 @@ jobs:
         run: |
           mkdocs build --config-file ./mkdocs.yml --strict --site-dir _site/
 
-      - uses: actions/upload-pages-artifact@v4
+      - uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0
 
   deploy:
     needs: build
@@ -55,4 +55,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v4
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
