From 48b09cfbb5df10719672cc40439b8349a902789d Mon Sep 17 00:00:00 2001
From: CrazyMax <1951866+crazy-max@users.noreply.github.com>
Date: Wed, 15 Apr 2026 14:53:34 +0200
Subject: [PATCH] ci(zizmor): update rules

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
---
 .github/dependabot.yml      | 2 ++
 .github/zizmor.yml          | 3 ---
 subaction/matrix/action.yml | 2 +-
 3 files changed, 3 insertions(+), 4 deletions(-)
 delete mode 100644 .github/zizmor.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 51c53f3..500ab13 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -19,6 +19,8 @@ updates:
       interval: "daily"
     cooldown:
       default-days: 2
+      exclude:
+        - "@docker/actions-toolkit"
     versioning-strategy: "increase"
     allow:
       - dependency-type: "production"
diff --git a/.github/zizmor.yml b/.github/zizmor.yml
deleted file mode 100644
index 6415720..0000000
--- a/.github/zizmor.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-rules:
-  secrets-outside-env: # FIXME: remove this rule when zizmor 1.24.0 is released, fixing the right persona attached to this rule: https://github.com/zizmorcore/zizmor/pull/1783
-    disable: true
diff --git a/subaction/matrix/action.yml b/subaction/matrix/action.yml
index d145d20..7f8b539 100644
--- a/subaction/matrix/action.yml
+++ b/subaction/matrix/action.yml
@@ -28,7 +28,7 @@ runs:
     -
       name: Generate
       id: generate
-      uses: actions/github-script@v8
+      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
       env:
         INPUT_WORKDIR: ${{ inputs.workdir }}
         INPUT_FILES: ${{ inputs.files }}