From 9c4a6353ac372fd499792e48fbfc01ec247f1a11 Mon Sep 17 00:00:00 2001
From: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
Date: Mon, 22 Sep 2025 01:41:52 +0700
Subject: [PATCH 1/2] Update dependencies.yml

Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
---
 .github/workflows/dependencies.yml | 50 +++++++++++++++++++++++++-----
 1 file changed, 42 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
index e452a68c80967..53e2ca70b23b0 100644
--- a/.github/workflows/dependencies.yml
+++ b/.github/workflows/dependencies.yml
@@ -7,14 +7,48 @@ on:
     # Run weekly
     - cron: "0 0 * * SUN"
   workflow_dispatch:
-# Needed so we can run it manually
-
-permissions:
-  contents: write
-  pull-requests: write
+    # Needed so we can run it manually
 
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  BRANCH: cargo-update
+  TITLE: "chore(deps): weekly `cargo update`"
+  BODY: |
+    Automation to keep dependencies in `Cargo.lock` current.
+    <details><summary><strong>cargo update log</strong></summary>
+    <p>
+    ```log
+    $cargo_update_log
+    ```
+    </p>
+    </details>
 jobs:
   update:
-    uses: ithacaxyz/ci/.github/workflows/cargo-update-pr.yml@main
-    secrets:
-      token: ${{ secrets.GITHUB_TOKEN }}
+    name: Update
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: dtolnay/rust-toolchain@nightly
+
+      - name: cargo update
+        # Remove first line that always just says "Updating crates.io index"
+        run: cargo update --color never 2>&1 | sed '/crates.io index/d' | tee -a cargo_update.log
+
+      - name: craft commit message and PR body
+        id: msg
+        run: |
+          export cargo_update_log="$(cat cargo_update.log)"
+          echo "commit_message<<EOF" >> $GITHUB_OUTPUT
+          printf "$TITLE\n\n$cargo_update_log\n" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+          echo "body<<EOF" >> $GITHUB_OUTPUT
+          echo "$BODY" | envsubst >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v6
+        with:
+          add-paths: ./Cargo.lock
+          commit-message: ${{ steps.msg.outputs.commit_message }}
+          title: ${{ env.TITLE }}
+          body: ${{ steps.msg.outputs.body }}
+          branch: ${{ env.BRANCH }}

From a2eb55138f3a3eb17f33e363c608d99f67a6bffd Mon Sep 17 00:00:00 2001
From: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
Date: Mon, 22 Sep 2025 01:43:43 +0700
Subject: [PATCH 2/2] Potential fix for code scanning alert no. 21: Workflow
 does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: AU_gdev_19 <64915515+Dargon789@users.noreply.github.com>
---
 .github/workflows/dependencies.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
index 53e2ca70b23b0..184e5d13f2c73 100644
--- a/.github/workflows/dependencies.yml
+++ b/.github/workflows/dependencies.yml
@@ -26,6 +26,9 @@ jobs:
   update:
     name: Update
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - uses: actions/checkout@v4
       - uses: dtolnay/rust-toolchain@nightly