From 5085df9763fa9b4fb6a7d57e315ccbb2a2919cc5 Mon Sep 17 00:00:00 2001
From: Yukai Chou <muzimuzhi@gmail.com>
Date: Mon, 6 Nov 2023 16:13:03 +0800
Subject: [PATCH 1/2] Update actions in `deploy.yaml`

- Bump actions/checkout from 3 to 4
- Bump zauguin/install-texlive from 2 to 3
- Reference major version of ncipollo/release-action
  The development of this action should be stable now, hence no need to reference
  its specific commit.

  https://docs.github.com/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsuses
---
 .github/workflows/deploy.yaml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index 99f9500..1d6ec13 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -14,11 +14,11 @@ jobs:
     steps:
       # Boilerplate
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       # We need Ghostscript for XeTeX tests.
       - run: sudo apt-get update && sudo apt-get install ghostscript
       - name: Install TeX Live
-        uses: zauguin/install-texlive@v2
+        uses: zauguin/install-texlive@v3
         with:
           # List the required TeX Live packages in a separate file to allow reuse in
           # different workflows.
@@ -29,7 +29,7 @@ jobs:
         run: texlua l3build.lua ctan -H --show-log-on-error
       # Now create the release (this only runs if the previous steps were successful)
       - name: Create GitHub release
-        uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0
+        uses: ncipollo/release-action@v1
         with:
           artifacts: "build/distrib/ctan/*.zip"
           token: ${{ secrets.GITHUB_TOKEN }}

From 428c02dcda13ed9eaf6c0e7fbac8729e308c5863 Mon Sep 17 00:00:00 2001
From: Yukai Chou <muzimuzhi@gmail.com>
Date: Mon, 6 Nov 2023 16:26:30 +0800
Subject: [PATCH 2/2] Add dependabot

This won't take effect until dependabot version updates is enabled in a
per-repository manner, see

https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuring-dependabot-version-updates#enabling-version-updates-on-forks
---
 .github/dependabot.yml | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..df4d15b
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      # Check for updates to GitHub Actions every week
+      interval: "weekly"