From fa14b2efe340fba33513880e59d99db110ff79fc Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 2 Feb 2026 11:10:39 +0000
Subject: [PATCH 1/3] Update actions/checkout digest to 8e8c483

---
 .github/workflows/docker-image.yml  | 2 +-
 .github/workflows/markdown-lint.yml | 2 +-
 .github/workflows/prettier-json.yml | 2 +-
 .github/workflows/yamllint.yml      | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index b595ce9c..3296e2c1 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -20,7 +20,7 @@ jobs:
     name: "Build Docker images"
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v3
diff --git a/.github/workflows/markdown-lint.yml b/.github/workflows/markdown-lint.yml
index bfffda00..69b3b76f 100644
--- a/.github/workflows/markdown-lint.yml
+++ b/.github/workflows/markdown-lint.yml
@@ -25,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
       - name: Set up Node.js ${{ matrix.node-version }}
         uses: actions/setup-node@v6
diff --git a/.github/workflows/prettier-json.yml b/.github/workflows/prettier-json.yml
index 6f40cd0d..9dfc6722 100644
--- a/.github/workflows/prettier-json.yml
+++ b/.github/workflows/prettier-json.yml
@@ -14,7 +14,7 @@ jobs:
     name: 'Prettier JSON Lint'
     runs-on: ['ubuntu-24.04']
     steps:
-      - uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
       - name: Set up Node.js
         uses: actions/setup-node@v6
diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml
index dbed4bca..cc19e15a 100644
--- a/.github/workflows/yamllint.yml
+++ b/.github/workflows/yamllint.yml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout repository
-        uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
       - name: Install yamllint
         run: pip install yamllint

From 17e58bc23f61ad8dceeb9fc6086d64fb9249ba83 Mon Sep 17 00:00:00 2001
From: Gonzalo Diaz <devel@gon.cl>
Date: Mon, 2 Feb 2026 15:02:35 -0300
Subject: [PATCH 2/3] Update actions/checkout digest to 8e8c483

---
 .github/workflows/codeql.yml                 | 2 +-
 .github/workflows/gitleaks.yml               | 2 +-
 .github/workflows/java-gradle-checkstyle.yml | 2 +-
 .github/workflows/java-gradle-coverage.yml   | 2 +-
 .github/workflows/java-gradle-test.yml       | 2 +-
 .github/workflows/sonarcloud.yml             | 2 +-
 .vscode/settings.json                        | 6 ++++--
 7 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 57213ac3..3e6d6956 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -66,7 +66,7 @@ jobs:
         # yamllint enable rule:line-length
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
       - name: Set up JDK 24
         uses: actions/setup-java@v5
diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml
index 63e73d4f..44a9c5b8 100644
--- a/.github/workflows/gitleaks.yml
+++ b/.github/workflows/gitleaks.yml
@@ -22,7 +22,7 @@ jobs:
     name: gitleaks
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
         with:
           fetch-depth: 0
       - uses: gitleaks/gitleaks-action@v2
diff --git a/.github/workflows/java-gradle-checkstyle.yml b/.github/workflows/java-gradle-checkstyle.yml
index 4902cb7a..e37171ba 100644
--- a/.github/workflows/java-gradle-checkstyle.yml
+++ b/.github/workflows/java-gradle-checkstyle.yml
@@ -32,7 +32,7 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
       - name: Set up JDK
         uses: actions/setup-java@v5
         with:
diff --git a/.github/workflows/java-gradle-coverage.yml b/.github/workflows/java-gradle-coverage.yml
index c4d8fead..ca2f3f83 100644
--- a/.github/workflows/java-gradle-coverage.yml
+++ b/.github/workflows/java-gradle-coverage.yml
@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-24.04
 
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
       - name: Set up JDK
         uses: actions/setup-java@v5
         with:
diff --git a/.github/workflows/java-gradle-test.yml b/.github/workflows/java-gradle-test.yml
index 00288817..5eee7519 100644
--- a/.github/workflows/java-gradle-test.yml
+++ b/.github/workflows/java-gradle-test.yml
@@ -32,7 +32,7 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
       - name: Set up JDK
         uses: actions/setup-java@v5
         with:
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index 37057de6..a11aed6f 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -16,7 +16,7 @@ jobs:
     name: Build and analyze
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
         with:
           # Shallow clones should be disabled for a better relevancy of analysis
           fetch-depth: 0
diff --git a/.vscode/settings.json b/.vscode/settings.json
index 2bd7fffd..6ff6e39a 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -6,5 +6,7 @@
     "connectionId": "sir-gon",
     "projectKey": "sir-gon_algorithm-exercises-java"
   },
-  "snyk.advanced.additionalParameters": "--exclude=.trunk,algorithm-exercises-java/build/reports"
-}
\ No newline at end of file
+  "snyk.advanced.additionalParameters": "--exclude=.trunk,algorithm-exercises-java/build/reports",
+  "snyk.advanced.organization": "52c13fa7-37a8-4c92-a695-3352fb0c3586",
+  "snyk.advanced.autoSelectOrganization": true
+}

From aa1d3f59f12b754256904a3ede5084f5bf8a1ae3 Mon Sep 17 00:00:00 2001
From: Gonzalo Diaz <devel@gon.cl>
Date: Mon, 2 Feb 2026 15:02:35 -0300
Subject: [PATCH 3/3] [Github Actions] Permissions limited

---
 .github/workflows/codeql.yml     | 3 ++-
 .github/workflows/sonarcloud.yml | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 3e6d6956..ff8996f0 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -12,7 +12,8 @@
 ---
 name: CodeQL
 
-permissions: read-all
+permissions:
+  contents: read
 
 on: # yamllint disable-line rule:truthy
   push:
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index a11aed6f..f9f83727 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -9,7 +9,8 @@ on: # yamllint disable-line rule:truthy
     types: [opened, synchronize, reopened]
   workflow_dispatch:
 
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   build: