Some sec fixes (#93)

Author: son-oz

.github/dependabot.yml

@@ -3,11 +3,16 @@ updates:
   - package-ecosystem: github-actions
     directory: /
     schedule:
-      interval: daily
+      interval: weekly
+    groups:
+      actions-deps:
+        patterns:
+          - "*"
+
   - package-ecosystem: cargo
     directory: /
     schedule:
-      interval: daily
+      interval: weekly
     ignore:
       - dependency-name: "*"
         update-types:

.github/workflows/cla.yml

@@ -6,14 +6,15 @@ on:
     types: [opened, closed, synchronize]
 
 permissions:
-  actions: write
-  contents: write 
-  pull-requests: write
-  statuses: write
+  contents: read
 
 jobs:
   CLAAssistant:
     runs-on: ubuntu-latest
+    permissions:
+      actions: write
+      pull-requests: write
+      statuses: write
     steps:
       - name: Harden the runner (Audit all outbound calls)
         uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0

osv-scanner.toml

@@ -0,0 +1,8 @@
+[[IgnoredVulns]]
+id = "RUSTSEC-2024-0388"
+reason = "The crate is unmaintained, but it works. If there is any new vulnerability, there will be another ID."
+
+[[IgnoredVulns]]
+id = "RUSTSEC-2024-0436"
+reason = "The crate is unmaintained, but it works. If there is any new vulnerability, there will be another ID."
+