From 44f4bc876c972c9cb01217b7a3e97ab78c4306fb Mon Sep 17 00:00:00 2001
From: Michael Hucka <mhucka@google.com>
Date: Sat, 8 Mar 2025 11:06:21 -0800
Subject: [PATCH 1/2] Fix code scanning alerts by adding permissions decl.

This addressess the following code scanning alerts:
- https://github.com/quantumlib/OpenFermion-PySCF/security/code-scanning/1
- https://github.com/quantumlib/OpenFermion-PySCF/security/code-scanning/2
---
 .github/workflows/ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4e32f52..3672722 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -17,6 +17,9 @@ name: Continuous Integration
 
 on: [pull_request]
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   pytest:
     name: Pytest Ubuntu python3.6

From 413dcf81bdf5da542524233ca7b2c9ecc0b3e527 Mon Sep 17 00:00:00 2001
From: Michael Hucka <mhucka@google.com>
Date: Sat, 8 Mar 2025 11:23:35 -0800
Subject: [PATCH 2/2] Update versions of Python & runner OS

Those old versions are no longer available on GitHub.
---
 .github/workflows/ci.yml | 41 ++++++++++++++++------------------------
 1 file changed, 16 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3672722..f1812b5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -21,33 +21,24 @@ on: [pull_request]
 permissions: read-all
 
 jobs:
-  pytest:
-    name: Pytest Ubuntu python3.6
-    runs-on: ubuntu-16.04
+  pytest-matrix:
+    name: Run Pytest on Python ${{matrix.python-version}}
+    strategy:
+      matrix:
+        python-version: ['3.9', '3.10', '3.11', '3.12']
+    runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v1
-      - uses: actions/setup-python@v1
-        with:
-          python-version: '3.6'
-          architecture: 'x64'
-      - name: Install requirements
-        run: |
-          pip install -r ./dev_tools/pip-list
-      - name: Pytest check
-        run: |
-          pytest
-  pytest37:
-    name: Pytest Ubuntu python3.7
-    runs-on: ubuntu-16.04
-    steps:
-      - uses: actions/checkout@v1
-      - uses: actions/setup-python@v1
+      - name: Get a local copy of the source repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+
+      - name: Set up Python ${{matrix.python-version}}
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5
         with:
-          python-version: '3.7'
+          python-version: ${{matrix.python-version}}
           architecture: 'x64'
+
       - name: Install requirements
-        run: |
-          pip install -r ./dev_tools/pip-list
+        run: pip install -r ./dev_tools/pip-list
+
       - name: Pytest check
-        run: |
-          pytest
+        run: pytest