[CI] Bump style-bot to hardened TOCTOU-fix SHA

paulinebm · paulinebm · commit 9d67c661fdcc · 2026-05-05T17:24:32.000+02:00
diff --git a/.github/workflows/pr_style_bot.yaml b/.github/workflows/pr_style_bot.yaml
@@ -6,11 +6,13 @@ on:
 
 permissions:
   pull-requests: write
+  contents: read
 
 jobs:
   style:
-    uses: huggingface/huggingface_hub/.github/workflows/style-bot-action.yml@e000c1c89c65aee188041723456ac3a479416d4c  # main
+    uses: huggingface/huggingface_hub/.github/workflows/style-bot-action.yml@db5c4b2fbec4cd6df3f6dc13ce5abf584d36b859
     with:
       python_quality_dependencies: "[quality]"
     secrets:
-      bot_token: ${{ secrets.HF_STYLE_BOT_ACTION }}
+      app_id: ${{ secrets.HF_BOT_STYLE_APP_ID }}
+      app_private_key: ${{ secrets.HF_BOT_STYLE_SECRET_PEM }}
