From b9322e7f55605fe266799ba694791b41bc72498b Mon Sep 17 00:00:00 2001
From: Salman Muin Kayser Chishti <13schishti@gmail.com>
Date: Tue, 16 Dec 2025 12:16:11 +0000
Subject: [PATCH 1/2] Upgrade GitHub Actions to latest versions

---
 .github/workflows/pypi-publish.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml
index bae8633..c768f79 100644
--- a/.github/workflows/pypi-publish.yml
+++ b/.github/workflows/pypi-publish.yml
@@ -32,4 +32,4 @@ jobs:
       run: |
         python -m build
     - name: Publish package distributions to PyPI
-      uses: pypa/gh-action-pypi-publish@release/v1
+      uses: pypa/gh-action-pypi-publish@v1

From dbf4ca0a7d01d0f2d0617537fe05c1ac35a12caa Mon Sep 17 00:00:00 2001
From: Salman Muin Kayser Chishti <13schishti@gmail.com>
Date: Wed, 17 Dec 2025 10:31:25 +0000
Subject: [PATCH 2/2] Fix pypa/gh-action-pypi-publish to use SHA pinning

Pin to release/v1.13 for security best practices.
The v1 tag doesn't exist - only release/v1 branch exists.

Signed-off-by: Salman Muin Kayser Chishti <13schishti@gmail.com>
---
 .github/workflows/pypi-publish.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml
index c768f79..b24d8a0 100644
--- a/.github/workflows/pypi-publish.yml
+++ b/.github/workflows/pypi-publish.yml
@@ -32,4 +32,4 @@ jobs:
       run: |
         python -m build
     - name: Publish package distributions to PyPI
-      uses: pypa/gh-action-pypi-publish@v1
+      uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e  # release/v1.13