From afc3fcbc662c1da763b8839819c35f6505ab83b4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 26 Jun 2026 09:42:54 +0000
Subject: [PATCH 1/3] Bump super-linter/super-linter/slim from 8.5.0 to 8.7.0

Bumps [super-linter/super-linter/slim](https://github.com/super-linter/super-linter) from 8.5.0 to 8.7.0.
- [Release notes](https://github.com/super-linter/super-linter/releases)
- [Changelog](https://github.com/super-linter/super-linter/blob/main/CHANGELOG.md)
- [Commits](https://github.com/super-linter/super-linter/compare/61abc07d755095a68f4987d1c2c3d1d64408f1f9...4ce20838b8ab83717e78138c5b3a1407148e0918)

---
updated-dependencies:
- dependency-name: super-linter/super-linter/slim
  dependency-version: 8.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/superlinter.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/superlinter.yml b/.github/workflows/superlinter.yml
index c88cb8c..10a4b91 100644
--- a/.github/workflows/superlinter.yml
+++ b/.github/workflows/superlinter.yml
@@ -22,7 +22,7 @@ jobs:
       # Run Linter against code base #
       ################################
       - name: Lint Code Base
-        uses: super-linter/super-linter/slim@61abc07d755095a68f4987d1c2c3d1d64408f1f9 # v8.5.0
+        uses: super-linter/super-linter/slim@4ce20838b8ab83717e78138c5b3a1407148e0918 # v8.7.0
         env:
           VALIDATE_ALL_CODEBASE: true
           DEFAULT_BRANCH: main

From e60357a36b79dc0e85f03af4962d00fb38bea39a Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Fri, 26 Jun 2026 13:53:42 +0200
Subject: [PATCH 2/3] Fix the tag comment

---
 .github/workflows/ansible-sanitytest.yml | 2 +-
 .github/workflows/ansible-unittest.yml   | 2 +-
 .github/workflows/jsonschema.yaml        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ansible-sanitytest.yml b/.github/workflows/ansible-sanitytest.yml
index 9c1de6f..8baff98 100644
--- a/.github/workflows/ansible-sanitytest.yml
+++ b/.github/workflows/ansible-sanitytest.yml
@@ -22,7 +22,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: ${{ matrix.python-version }}
 
diff --git a/.github/workflows/ansible-unittest.yml b/.github/workflows/ansible-unittest.yml
index 2a176ec..1f02259 100644
--- a/.github/workflows/ansible-unittest.yml
+++ b/.github/workflows/ansible-unittest.yml
@@ -22,7 +22,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: ${{ matrix.python-version }}
 
diff --git a/.github/workflows/jsonschema.yaml b/.github/workflows/jsonschema.yaml
index a55b3d8..b157024 100644
--- a/.github/workflows/jsonschema.yaml
+++ b/.github/workflows/jsonschema.yaml
@@ -20,7 +20,7 @@ jobs:
           persist-credentials: false
 
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: ${{ matrix.python-version }}
 

From e242a3fa81b92083b680749b2122173beda343d8 Mon Sep 17 00:00:00 2001
From: Michele Baldessari <michele@acksyn.org>
Date: Fri, 26 Jun 2026 17:21:34 +0200
Subject: [PATCH 3/3] Add explicit write permission to placate zizmor

---
 .../workflows/trigger-utility-imperative-container-builds.yml    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/trigger-utility-imperative-container-builds.yml b/.github/workflows/trigger-utility-imperative-container-builds.yml
index 7cec670..1d7d4ed 100644
--- a/.github/workflows/trigger-utility-imperative-container-builds.yml
+++ b/.github/workflows/trigger-utility-imperative-container-builds.yml
@@ -18,6 +18,7 @@ jobs:
           app-id: ${{ secrets.GH_WORKFLOW_AUTOMATION_CLIENT_ID }}
           private-key: ${{ secrets.GH_WORKFLOW_AUTOMATION_PRIVATE_KEY }}
           owner: validatedpatterns
+          permission-actions: write
           repositories: |
             utility-container
             imperative-container