From 260b1accbc815a18a6ea70176c23c9b9ac77ab21 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 24 Sep 2025 15:22:10 +0000
Subject: [PATCH 1/2] =?UTF-8?q?=E2=AC=86=EF=B8=8F=F0=9F=91=A8=E2=80=8D?=
 =?UTF-8?q?=F0=9F=92=BB=20Pin=20dependencies?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/cd.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 8af31e8c7..b623dc055 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -29,13 +29,13 @@ jobs:
       contents: read
     needs: [build-sdist, build-wheel]
     steps:
-      - uses: actions/download-artifact@v5
+      - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
         with:
           pattern: cibw-*
           path: dist
           merge-multiple: true
       - name: Generate artifact attestation for sdist and wheel(s)
-        uses: actions/attest-build-provenance@v3
+        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3
         with:
           subject-path: "dist/*"
       - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0

From 96d8ac69a8926624577858192134160a2b0e07f8 Mon Sep 17 00:00:00 2001
From: Daniel Haag <121057143+denialhaag@users.noreply.github.com>
Date: Wed, 24 Sep 2025 17:26:33 +0200
Subject: [PATCH 2/2] Specify full versions

Signed-off-by: Daniel Haag <121057143+denialhaag@users.noreply.github.com>
---
 .github/workflows/cd.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index b623dc055..5f20a34de 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -29,13 +29,13 @@ jobs:
       contents: read
     needs: [build-sdist, build-wheel]
     steps:
-      - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5
+      - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
         with:
           pattern: cibw-*
           path: dist
           merge-multiple: true
       - name: Generate artifact attestation for sdist and wheel(s)
-        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3
+        uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
         with:
           subject-path: "dist/*"
       - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0