Resolve issues found by Zizmor.

niklasga · niklasga · commit da905584938c · 2025-12-01T14:06:06.000+01:00
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -11,8 +11,12 @@ updates:
       maven-plugins:
         patterns:
           - "*:*maven*plugin*"
+    cooldown:
+      default-days: 7
 
   - package-ecosystem: github-actions
     directory: /
     schedule:
       interval: daily
+    cooldown:
+      default-days: 7
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -47,6 +47,8 @@ jobs:
 
       - name: Checkout repository
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        with:
+          persist-credentials: false
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
diff --git a/.github/workflows/dependabot-changesets.yml b/.github/workflows/dependabot-changesets.yml
@@ -20,6 +20,8 @@ jobs:
           egress-policy: audit
 
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        with:
+          persist-credentials: false
 
       - name: Set up JDK 17
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -23,5 +23,8 @@ jobs:
 
       - name: 'Checkout Repository'
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        with:
+          persist-credentials: false
+
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
diff --git a/.github/workflows/maven-central-publish.yml b/.github/workflows/maven-central-publish.yml
@@ -18,6 +18,9 @@ jobs:
           egress-policy: audit
 
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        with:
+          persist-credentials: false
+
       - name: Set up Maven Central Repository
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml
@@ -22,6 +22,9 @@ jobs:
           egress-policy: audit
 
       - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+        with:
+          persist-credentials: false
+
       - name: Set up JDK 17
         uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -25,6 +25,9 @@ jobs:
         egress-policy: audit
 
     - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      with:
+        persist-credentials: false
+
     - name: Set up JDK 17
       uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
       with:
