From 1dda678aa8e452c850ea242434dbd0de98b98310 Mon Sep 17 00:00:00 2001
From: Andres Rios Tascon <ariostas@gmail.com>
Date: Fri, 26 Jan 2024 09:36:08 -0500
Subject: [PATCH 1/3] fix: removed cmssw branch validation, now delegated to
 action

---
 .github/workflows/testing.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index 049ae040..e8aa718c 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -143,10 +143,6 @@ jobs:
               # Check if there is a branch after "/run cmssw"
               words=($line)
               cmssw_branch="${words[2]}"
-              # Validate the extracted branch to avoid code injection
-              if [ -n "$cmssw_branch" ]; then
-                cmssw_branch=$(git check-ref-format --branch $cmssw_branch || echo "default")
-              fi
             fi
           done <<< "$COMMENT_BODY"
           if [ -z "$cmssw_branch" ]; then

From 5e8a8e26681cb8ad977e7ba2711e5d7a65cddf91 Mon Sep 17 00:00:00 2001
From: Andres Rios Tascon <ariostas@gmail.com>
Date: Fri, 26 Jan 2024 09:41:11 -0500
Subject: [PATCH 2/3] chore: updated outdated actions

---
 .github/workflows/testing.yml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index e8aa718c..de5b3afd 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -36,7 +36,7 @@ jobs:
           private-key: ${{ secrets.APP_PRIVATE_KEY }}
           skip-token-revoke: true
       - name: Create in progress check
-        uses: LouisBrunner/checks-action@v1.6.1
+        uses: LouisBrunner/checks-action@v2.0.0
         with:
           token: ${{ steps.app-token.outputs.token }}
           sha: ${{ env.COMMIT_SHA }}
@@ -48,7 +48,7 @@ jobs:
       - name: Build and run PR
         timeout-minutes: 60
         id: build-and-run
-        uses: SegmentLinking/TrackLooper-actions/standalone@v1
+        uses: SegmentLinking/TrackLooper-actions/standalone@main
         with:
           pr-number: ${{ github.event.issue.number }}
       - name: Upload plots to archival repo
@@ -60,7 +60,7 @@ jobs:
           SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_PRIVATE_KEY }}
           TARGET_DIR: ${{ steps.build-and-run.outputs.archive-dir }}
       - name: Comment on PR
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             github.rest.issues.createComment({
@@ -71,7 +71,7 @@ jobs:
             })
       - name: Comment on PR if job failed.
         if: failure()
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             github.rest.issues.createComment({
@@ -88,7 +88,7 @@ jobs:
           app-id: ${{ secrets.APP_ID }}
           private-key: ${{ secrets.APP_PRIVATE_KEY }}
       - name: Create completed check
-        uses: LouisBrunner/checks-action@v1.6.1
+        uses: LouisBrunner/checks-action@v2.0.0
         if: always()
         with:
           token: ${{ steps.app-token-end.outputs.token }}
@@ -122,7 +122,7 @@ jobs:
           private-key: ${{ secrets.APP_PRIVATE_KEY }}
           skip-token-revoke: true
       - name: Create in progress check
-        uses: LouisBrunner/checks-action@v1.6.1
+        uses: LouisBrunner/checks-action@v2.0.0
         with:
           token: ${{ steps.app-token.outputs.token }}
           sha: ${{ env.COMMIT_SHA }}
@@ -153,7 +153,7 @@ jobs:
       - name: Build and run PR
         timeout-minutes: 200
         id: build-and-run
-        uses: SegmentLinking/TrackLooper-actions/cmssw@v1
+        uses: SegmentLinking/TrackLooper-actions/cmssw@main
         with:
           pr-number: ${{ github.event.issue.number }}
           cmssw-branch: ${{ env.cmssw-branch }}
@@ -166,7 +166,7 @@ jobs:
           SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_PRIVATE_KEY }}
           TARGET_DIR: ${{ steps.build-and-run.outputs.archive-dir }}
       - name: Comment on PR
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             github.rest.issues.createComment({
@@ -177,7 +177,7 @@ jobs:
             })
       - name: Comment on PR if job failed.
         if: failure()
-        uses: actions/github-script@v6
+        uses: actions/github-script@v7
         with:
           script: |
             github.rest.issues.createComment({
@@ -194,7 +194,7 @@ jobs:
           app-id: ${{ secrets.APP_ID }}
           private-key: ${{ secrets.APP_PRIVATE_KEY }}
       - name: Create completed check
-        uses: LouisBrunner/checks-action@v1.6.1
+        uses: LouisBrunner/checks-action@v2.0.0
         if: always()
         with:
           token: ${{ steps.app-token-end.outputs.token }}

From 2dc3a662dacda192452ce76a9686fbe86389c6e3 Mon Sep 17 00:00:00 2001
From: Andres Rios Tascon <ariostas@gmail.com>
Date: Fri, 26 Jan 2024 09:43:46 -0500
Subject: [PATCH 3/3] chore: added dependabot

---
 .github/dependabot.yml | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .github/dependabot.yml

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..3bad94f9
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+version: 2
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
\ No newline at end of file