Pin dependencies (#1045)

renovate[bot] · sloria · web-flow · commit 41ae3303bc58 · 2026-04-13T20:37:14.000Z
* Pin dependencies

* Fix build

---------

Co-authored-by: renovate[bot] &lt;29139614+renovate[bot]@users.noreply.github.com&gt;
Co-authored-by: Steven Loria &lt;git@stevenloria.com&gt;
diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
@@ -18,8 +18,8 @@ jobs:
           - { name: "lowest", python: "3.10", tox: py310-lowest }
           - { name: "dev", python: "3.14", tox: py314-marshmallowdev }
     steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-python@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
         with:
           python-version: ${{ matrix.python }}
       - run: python -m pip install tox
@@ -28,8 +28,8 @@ jobs:
     name: Build package
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-python@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
         with:
           python-version: "3.14"
       - name: Install pypa/build
@@ -41,7 +41,7 @@ jobs:
       - name: Check build
         run: python -m twine check --strict dist/*
       - name: Store the distribution packages
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: python-package-distributions
           path: dist/
@@ -51,8 +51,8 @@ jobs:
     if: startsWith(github.ref, 'refs/tags')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
-      - uses: actions/setup-python@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
         with:
           python-version: "3.14"
       - run: python -m pip install tox
@@ -69,9 +69,9 @@ jobs:
       id-token: write
     steps:
       - name: Download all the dists
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
         with:
           name: python-package-distributions
           path: dist/
       - name: Publish distribution to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1
diff --git a/pyproject.toml b/pyproject.toml
@@ -85,7 +85,7 @@ test-pyramid = [
     # pyramid uses pkg_resources, which has been long deprecated and finally removed
     #
     # see https://github.com/Pylons/pyramid/issues/3731 for discussion within pyramid
-    "setuptools < 82.0"
+    "setuptools <82.0"
 ]
 test-falcon = ["falcon>=4.1.0", {include-group = "tests"}]
 test-aiohttp = ["aiohttp>=3.13.0", {include-group = "tests"}]

Original file line number	Diff line number	Diff line change
`@@ -85,7 +85,7 @@ test-pyramid = [`
`85`	`85`	`# pyramid uses pkg_resources, which has been long deprecated and finally removed`
`86`	`86`	`#`
`87`	`87`	`# see https://github.com/Pylons/pyramid/issues/3731 for discussion within pyramid`
`88`		`- "setuptools < 82.0"`
	`88`	`+ "setuptools <82.0"`
`89`	`89`	`]`
`90`	`90`	`test-falcon = ["falcon>=4.1.0", {include-group = "tests"}]`
`91`	`91`	`test-aiohttp = ["aiohttp>=3.13.0", {include-group = "tests"}]`