From d915f5333519e501b6c8ac7a8e9982f9473fa47b Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 12 May 2026 19:52:14 +0000 Subject: [PATCH] chore(deps): pin dependencies --- .github/workflows/check.yml | 12 ++++++------ .github/workflows/release.yml | 6 +++--- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 07e4401..b437f78 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -10,11 +10,11 @@ jobs: lint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - - uses: actions/cache@v3 + - uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3 with: path: | ~/.cache/pip @@ -35,7 +35,7 @@ jobs: .venv/bin/python3 -m pip install -Ur .github/requirements.txt - run: .venv/bin/gitlint --commits "origin/$GITHUB_BASE_REF..HEAD" if: github.event_name == 'pull_request' - - uses: pre-commit/action@v3.0.0 + - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 # v3.0.0 test: runs-on: ${{ matrix.os }} @@ -61,8 +61,8 @@ jobs: os: ubuntu-20.04 extra-deps: "'virtualenv<20.22.0'" steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: # >= 3.11 to ensure there's a recent one to run nox with # (assumption: last one listed ends up as "python3") @@ -74,7 +74,7 @@ jobs: # on older versions (e.g. 3.5) that do not have pypi.org CA certs in # baseline pip's chain PIP_CERT: /etc/ssl/certs/ca-certificates.crt - - uses: actions/cache@v3 + - uses: actions/cache@6f8efc29b200d32929f49075959781ed54ec270c # v3 with: path: | ~/.cache/pip diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 36f2716..5b5a497 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -23,10 +23,10 @@ jobs: needs: release_please if: needs.release_please.outputs.release_created steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: ref: ${{ needs.release_please.outputs.sha }} - - uses: actions/setup-python@v5 + - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5 with: python-version: "3.10" - name: Create release assets @@ -35,6 +35,6 @@ jobs: python3 -m pip install -U setuptools wheel python3 setup.py sdist bdist_wheel ls dist - - uses: pypa/gh-action-pypi-publish@v1.4.2 + - uses: pypa/gh-action-pypi-publish@27b31702a0e7fc50959f5ad993c78deac1bdfc29 # v1.4.2 with: password: ${{ secrets.PYPI_API_TOKEN }}