Update CI, funding configuration, and Dependabot settings

.github/FUNDING.yml

@@ -0,0 +1 @@
+github: saschpe

.github/dependabot.yml

@@ -1,6 +1,10 @@
 version: 2
 updates:
-  - package-ecosystem: "gradle"
-    directory: "/" # Location of package manifests
+  - package-ecosystem: gradle
+    directory: "/"
     schedule:
-      interval: "weekly"
+      interval: weekly
+  - package-ecosystem: github-actions
+    directory: ".github/"
+    schedule:
+      interval: weekly

.github/workflows/main.yml

@@ -1,5 +1,16 @@
 name: Main CI
-on: [ push ]
+
+on:
+  push:
+    branches:
+      - main
+    paths-ignore:
+      - .gitignore
+      - LICENSE
+      - README.md
+  pull_request:
+    branches:
+      - main
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -12,9 +23,9 @@ jobs:
   spotless:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
       - name: Set up JDK 21
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@3a4f6e1af504cf6a31855fa899c6aa5355ba6c12  # v4.7.0
         with:
           distribution: temurin
           java-version: 21
@@ -24,17 +35,17 @@ jobs:
   build:
     runs-on: macos-14
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
       - name: Set up JDK 21
-        uses: actions/setup-java@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
         with:
           distribution: temurin
           java-version: 21
       - name: Build with Gradle
         run: ./gradlew build
       - name: Archive build artifacts
         if: github.ref == 'refs/heads/main'
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08  # v4.6.0
         with:
           name: log4k_build
           path: |
@@ -54,12 +65,12 @@ jobs:
       SONATYPE_GPG_KEY: ${{ secrets.SONATYPE_GPG_KEY }}
       SONATYPE_GPG_KEY_PASSWORD: ${{ secrets.SONATYPE_GPG_KEY_PASSWORD }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
         with:
           ref: refs/heads/main
           fetch-depth: 0
       - name: Set up JDK 21
-        uses: actions/setup-java@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
         with:
           distribution: temurin
           java-version: 21

.github/workflows/scorecard.yml

@@ -3,8 +3,8 @@ on:
   # For Branch-Protection check. Only the default branch is supported. See
   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
   branch_protection_rule:
-  # To guarantee Maintained check is occasionally updated. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  # To guarantee, Maintained check is occasionally updated.
+  # See https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
   schedule:
     - cron: '30 14 * * 6'
   push:
@@ -22,17 +22,17 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
         with:
           persist-credentials: false
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@   #
         with:
           results_file: results.sarif
           results_format: sarif
           publish_results: true
       - name: "Upload artifact"
-        uses: actions/upload-artifact@97a0fba1372883ab732affbe8f94b823f91727db # v3.pre.node20
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08  # v4.6.0
         with:
           name: SARIF file
           path: results.sarif

.github/workflows/security.yml

@@ -15,22 +15,22 @@ jobs:
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - name: Setup Python 3.10
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
+      - name: Setup Python 3.13
         uses: actions/setup-python@v4
         with:
-          python-version: '3.11'
+          python-version: '3.13'
       - name: Run mobsfscan
-        uses: MobSF/mobsfscan@0.3.4
+        uses: MobSF/mobsfscan@0.4.5
         with:
           args: . --sarif --output results.sarif || true
       - name: Upload mobsfscan report
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif
 
   gradle-validate:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: gradle/wrapper-validation-action@v1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683  # v4.2.2
+      - uses: gradle/actions/wrapper-validation@v4

gradle/libs.versions.toml

@@ -6,7 +6,7 @@ compose = "1.7.3"
 gradle-android = "8.7.3"
 jacoco = "0.8.11"
 java = "21"
-kotlin = "2.1.0"
+kotlin = "2.1.10"
 ktlint = "1.3.1"
 log4k-demo = "1.0.0"
 mockk = "1.13.16"