From 864396390db27dbbd893aca71cd8638bfb6d03fe Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 15 Sep 2025 01:12:56 +0000
Subject: [PATCH 1/3] Bump super-linter/super-linter in the actions-minor group

Bumps the actions-minor group with 1 update: [super-linter/super-linter](https://github.com/super-linter/super-linter).


Updates `super-linter/super-linter` from 8.0.0 to 8.1.0
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/super-linter/super-linter/compare/5119dcd8011e92182ce8219d9e9efc82f16fddb6...ffde3b2b33b745cb612d787f669ef9442b1339a6)

---
updated-dependencies:
- dependency-name: super-linter/super-linter
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/linter.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index fc1fad5..843fa16 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -26,7 +26,7 @@ jobs:
 
       - name: Lint Codebase
         id: super-linter
-        uses: super-linter/super-linter/slim@5119dcd8011e92182ce8219d9e9efc82f16fddb6 # v8.0.0
+        uses: super-linter/super-linter/slim@ffde3b2b33b745cb612d787f669ef9442b1339a6 # v8.1.0
         env:
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From 4170d997e2b809cd287369bd212245ef3b8547f2 Mon Sep 17 00:00:00 2001
From: miota <miota@amplify.security>
Date: Fri, 23 Jan 2026 00:13:15 +0900
Subject: [PATCH 2/3] [ci] update super-linter to 8.3.2

---
 .github/workflows/linter.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 843fa16..33f39a7 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -26,7 +26,7 @@ jobs:
 
       - name: Lint Codebase
         id: super-linter
-        uses: super-linter/super-linter/slim@ffde3b2b33b745cb612d787f669ef9442b1339a6 # v8.1.0
+        uses: super-linter/super-linter/slim@d5b0a2ab116623730dd094f15ddc1b6b25bf7b99 # v8.3.2
         env:
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

From ce4f2f2d3427f79e286d4142207a5386e90605a8 Mon Sep 17 00:00:00 2001
From: miota <miota@amplify.security>
Date: Fri, 23 Jan 2026 00:21:48 +0900
Subject: [PATCH 3/3] [chore] address all zizmor linter issues

---
 .github/dependabot.yml        | 2 ++
 .github/workflows/amplify.yml | 4 +++-
 .github/workflows/ci.yml      | 6 +++++-
 .github/workflows/linter.yml  | 1 +
 4 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index c7f58c3..c94906c 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,6 +5,8 @@ updates:
     directory: /
     schedule:
       interval: weekly
+    cooldown:
+      default-days: 7
     groups:
       actions-minor:
         update-types:
diff --git a/.github/workflows/amplify.yml b/.github/workflows/amplify.yml
index b1eecfe..8725035 100644
--- a/.github/workflows/amplify.yml
+++ b/.github/workflows/amplify.yml
@@ -20,5 +20,7 @@ jobs:
     if: (!github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]')
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
       - name: Amplify Runner
-        uses: amplify-security/runner-action@main
+        uses: amplify-security/runner-action@main # zizmor: ignore[unpinned-uses]
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 51bb92a..f251db7 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -13,7 +13,7 @@ on:
 
 permissions:
   contents: read
-  id-token: write
+  id-token: write # zizmor: ignore[excessive-permissions]
 
 jobs:
   test-action-lab:
@@ -24,6 +24,8 @@ jobs:
       - name: Checkout
         id: checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - name: Test Local Action (Lab)
         id: test-action
@@ -39,6 +41,8 @@ jobs:
       - name: Checkout
         id: checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
 
       - name: Test Local Action
         id: test-action-prod
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 33f39a7..45b1188 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -23,6 +23,7 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           fetch-depth: 0
+          persist-credentials: false
 
       - name: Lint Codebase
         id: super-linter