From 3f0dd5af64750b72f38279b9045fade0cfcf9e68 Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Thu, 26 May 2022 07:41:48 -0700
Subject: [PATCH 1/4] Update README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6ceacc19..f40472bb 100644
--- a/README.md
+++ b/README.md
@@ -173,7 +173,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@c1aec4ac820532bab364f02a81873c555a0ba3a1 # v1.0.4
+        uses: ossf/scorecard-action@5c8bc69dc88b65c66584e07611df79d3579b0377 # v1.1.0
         with:
           results_file: results.sarif
           results_format: sarif

From 849fdd9f6194803538400a7b5d577e90e8feedb3 Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Thu, 26 May 2022 07:51:31 -0700
Subject: [PATCH 2/4] Update README.md

---
 README.md | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index f40472bb..08206c3f 100644
--- a/README.md
+++ b/README.md
@@ -142,14 +142,13 @@ Note: if you disable this option, the results of the Scorecards Action run will
 
 ```yml
 name: Scorecards supply-chain security
-on: 
+on:
   # Only the default branch is supported.
   branch_protection_rule:
   schedule:
-    # Weekly on Saturdays.
-    - cron: '30 1 * * 6'
+    - cron: $cron-weekly
   push:
-    branches: [ main, master ]
+    branches: [ $default-branch ]
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -168,7 +167,7 @@ jobs:
     
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@ec3a7ce113134d7a93b817d10a8272cb61118579 # v2.4.0
+        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0
         with:
           persist-credentials: false
 
@@ -192,7 +191,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@82c141cc518b40d92cc801eee768e7aafc9c2fa2 # v2.3.1
+        uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # v3.0.0
         with:
           name: SARIF file
           path: results.sarif

From c76747c2be9d0c411c8bdbf60f113930b1c3759b Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Thu, 26 May 2022 07:52:30 -0700
Subject: [PATCH 3/4] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 08206c3f..a14daa2d 100644
--- a/README.md
+++ b/README.md
@@ -146,9 +146,9 @@ on:
   # Only the default branch is supported.
   branch_protection_rule:
   schedule:
-    - cron: $cron-weekly
+    - cron: '30 1 * * 6'
   push:
-    branches: [ $default-branch ]
+    branches: [ main, master ]
 
 # Declare default permissions as read only.
 permissions: read-all

From 7d685fef87c922e8088fb49b6accd7e6bb9e1c09 Mon Sep 17 00:00:00 2001
From: laurentsimon <64505099+laurentsimon@users.noreply.github.com>
Date: Thu, 26 May 2022 07:53:12 -0700
Subject: [PATCH 4/4] Update README.md

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index a14daa2d..764d9073 100644
--- a/README.md
+++ b/README.md
@@ -146,6 +146,7 @@ on:
   # Only the default branch is supported.
   branch_protection_rule:
   schedule:
+    # Weekly on Saturdays.
     - cron: '30 1 * * 6'
   push:
     branches: [ main, master ]