From 8b2f1b6f46fba3da19d4287e5750cd54905ca33d Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Fri, 8 Sep 2023 06:16:43 +0000
Subject: [PATCH] chore: apply security hardening to ci

[StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/dependabot.yml             | 5 +++++
 .github/workflows/module.build.yml | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 411f5e64..f039d46a 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -19,3 +19,8 @@ updates:
     directory: /
     schedule:
       interval: daily
+
+  - package-ecosystem: pip
+    directory: /
+    schedule:
+      interval: daily
diff --git a/.github/workflows/module.build.yml b/.github/workflows/module.build.yml
index a4e65f2f..8adbc285 100644
--- a/.github/workflows/module.build.yml
+++ b/.github/workflows/module.build.yml
@@ -154,7 +154,7 @@ jobs:
         shell: bash
         run: bazel coverage --config=ci ${{ inputs.flags }} "//tools/..." "//tests/..." "//.aspect/..."
       - name: "Report: Coverage"
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
         if: inputs.coverage
         continue-on-error: true
         with: