From bb0512d305da3e92e376b308d345fdffc2c52059 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 31 Mar 2026 11:50:12 +0000 Subject: [PATCH] chore(deps): pin dependencies --- .github/workflows/bench.yaml | 10 +++++----- .github/workflows/docs.yaml | 10 +++++----- .github/workflows/mega-linter.yaml | 12 ++++++------ .github/workflows/release-please.yaml | 20 ++++++++++---------- .github/workflows/release.yaml | 12 ++++++------ .github/workflows/test.yaml | 12 ++++++------ 6 files changed, 38 insertions(+), 38 deletions(-) diff --git a/.github/workflows/bench.yaml b/.github/workflows/bench.yaml index d2beaced..b44dfd20 100644 --- a/.github/workflows/bench.yaml +++ b/.github/workflows/bench.yaml @@ -21,9 +21,9 @@ jobs: sessions: ${{ steps.collect.outputs.sessions }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7 with: activate-environment: true - name: Install Dependencies @@ -46,15 +46,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7 with: activate-environment: true - name: Install Dependencies run: uv sync --active --frozen --all-packages - name: Bench - uses: CodSpeedHQ/action@v4 + uses: CodSpeedHQ/action@d872884a306dd4853acf0f584f4b706cf0cc72a2 # v4 with: run: nox --tags 'bench' mode: instrumentation diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml index 4f865385..6f24e3ef 100644 --- a/.github/workflows/docs.yaml +++ b/.github/workflows/docs.yaml @@ -19,16 +19,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 - id: config name: Configure GitHub Pages - uses: actions/configure-pages@v5 + uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5 - name: Set Environment Variables run: echo 'SITE_URL=${{ steps.config.outputs.base_url }}' >> "$GITHUB_ENV" - name: Setup uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7 with: activate-environment: true - name: Install Dependencies @@ -39,7 +39,7 @@ jobs: - name: Build run: mkdocs build - name: Upload Github Pages Artifact - uses: actions/upload-pages-artifact@v4 + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4 with: path: site @@ -58,4 +58,4 @@ jobs: steps: - id: deploy name: Deploy Github Pages Site - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4 diff --git a/.github/workflows/mega-linter.yaml b/.github/workflows/mega-linter.yaml index 1e544b8d..1f915e90 100644 --- a/.github/workflows/mega-linter.yaml +++ b/.github/workflows/mega-linter.yaml @@ -28,22 +28,22 @@ jobs: steps: - id: auth name: Auth - uses: liblaf/actions/auth@v1 + uses: liblaf/actions/auth@1f83732587ff97f1babbe9218fdc5436dda1a16f # v1 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: ${{ github.head_ref || github.ref }} - id: lint name: MegaLinter - uses: liblaf/actions/mega-linter@v1 + uses: liblaf/actions/mega-linter@1f83732587ff97f1babbe9218fdc5436dda1a16f # v1 with: token: ${{ steps.auth.outputs.token }} - if: success() || failure() name: Upload Reports - uses: actions/upload-artifact@v7 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7 with: name: mega-linter-reports path: |- @@ -57,7 +57,7 @@ jobs: sudo rm --force --recursive 'mega-linter.log' 'megalinter-reports' - if: steps.lint.outputs.has-updated-sources > 0 && github.ref == 'refs/heads/main' name: Create PR with Applied Fixes - uses: peter-evans/create-pull-request@v8 + uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8 with: commit-message: "chore(mega-linter): apply linters automatic fixes" branch: mega-linter-fix/${{ github.ref_name }} @@ -69,7 +69,7 @@ jobs: reviewers: ${{ github.repository_owner }} - if: steps.lint.outputs.has-updated-sources > 0 && github.ref != 'refs/heads/main' name: Commit and Push Applied Linter Fixes - uses: liblaf/actions/commit@v1 + uses: liblaf/actions/commit@1f83732587ff97f1babbe9218fdc5436dda1a16f # v1 with: add-options: --verbose --update message: "chore(mega-linter): apply linters automatic fixes" diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml index 737348fc..0d875c66 100644 --- a/.github/workflows/release-please.yaml +++ b/.github/workflows/release-please.yaml @@ -32,17 +32,17 @@ jobs: steps: - id: auth name: Auth - uses: liblaf/actions/auth@v1 + uses: liblaf/actions/auth@1f83732587ff97f1babbe9218fdc5436dda1a16f # v1 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: token: ${{ steps.auth.outputs.token }} - id: release-please name: Release Please - uses: googleapis/release-please-action@v4 + uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4 with: token: ${{ steps.auth.outputs.token }} config-file: .config/release-please/config.json @@ -62,12 +62,12 @@ jobs: steps: - id: auth name: Auth - uses: liblaf/actions/auth@v1 + uses: liblaf/actions/auth@1f83732587ff97f1babbe9218fdc5436dda1a16f # v1 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: ${{ fromJson(needs.release-please.outputs.pr).headBranchName }} token: ${{ steps.auth.outputs.token }} @@ -81,7 +81,7 @@ jobs: version="$(awk '{ print $NF }' <<< "$title")" printf 'tag=%s\n' "v$version" >> "$GITHUB_OUTPUT" - name: Changelog - uses: liblaf/actions/changelog@v1 + uses: liblaf/actions/changelog@1f83732587ff97f1babbe9218fdc5436dda1a16f # v1 with: output: CHANGELOG.md args: --tag '${{ steps.tag.outputs.tag }}' @@ -94,7 +94,7 @@ jobs: - name: Undo Last Commit run: git reset --soft HEAD~1 - name: Commit - uses: liblaf/actions/commit@v1 + uses: liblaf/actions/commit@1f83732587ff97f1babbe9218fdc5436dda1a16f # v1 with: add-options: --verbose '.config/release-please/.manifest.json' 'CHANGELOG.md' force: true @@ -120,19 +120,19 @@ jobs: steps: - id: auth name: Auth - uses: liblaf/actions/auth@v1 + uses: liblaf/actions/auth@1f83732587ff97f1babbe9218fdc5436dda1a16f # v1 with: app-id: ${{ vars.APP_ID }} private-key: ${{ secrets.PRIVATE_KEY }} - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: ref: ${{ needs.release-please.outputs.tag }} token: ${{ steps.auth.outputs.token }} fetch-depth: 0 - id: changelog name: Changelog - uses: liblaf/actions/changelog@v1 + uses: liblaf/actions/changelog@1f83732587ff97f1babbe9218fdc5436dda1a16f # v1 with: args: --current --strip all - name: Update Release Notes diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 2f852978..bbf3cf23 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -25,10 +25,10 @@ jobs: package-version: ${{ steps.build.outputs.package_version }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - id: build name: Build and Inspect a Python Package - uses: hynek/build-and-inspect-python-package@v2 + uses: hynek/build-and-inspect-python-package@fe0a0fb1925ca263d076ca4f2c13e93a6e92a33e # v2 with: attest-build-provenance-github: true @@ -45,12 +45,12 @@ jobs: url: https://pypi.org/project/${{ needs.build.outputs.package-name }}/${{ needs.build.outputs.package-version }}/ steps: - name: Download Artifacts - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: ${{ needs.build.outputs.artifact-name }} path: dist - name: Publish to PyPI - uses: pypa/gh-action-pypi-publish@release/v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1 with: verbose: true print-hash: true @@ -65,11 +65,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Download Artifacts - uses: actions/download-artifact@v8 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8 with: name: ${{ needs.build.outputs.artifact-name }} path: dist - name: Upload Release Assets - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@153bb8e04406b158c6c84fc1615b65b24149a1fe # v2 with: files: dist/* diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml index 180fb6fb..5fa3f584 100644 --- a/.github/workflows/test.yaml +++ b/.github/workflows/test.yaml @@ -23,9 +23,9 @@ jobs: sessions: ${{ steps.collect.outputs.sessions }} steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - name: Setup uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7 with: activate-environment: true - name: Install Dependencies @@ -48,11 +48,11 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: fetch-depth: 0 # I don't know why, but it is present in Codecov's documentation - name: Setup uv - uses: astral-sh/setup-uv@v7 + uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7 with: activate-environment: true - name: Install Dependencies @@ -61,13 +61,13 @@ jobs: run: nox --session '${{ matrix.session }}' - if: success() || failure() name: Upload Coverage - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5 with: report_type: coverage use_oidc: true - if: success() || failure() name: Upload Test Results - uses: codecov/codecov-action@v5 + uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5 with: report_type: test_results use_oidc: true