From 34fa9c0b0a03e868f5072350d6bd8c10d774d083 Mon Sep 17 00:00:00 2001
From: Rick M <kingthorin@users.noreply.github.com>
Date: Fri, 6 Dec 2024 05:57:38 -0500
Subject: [PATCH 1/2] Pin non-GitHub actions with full sha in workflows

Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 07685c9..e08c206 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,4 +24,4 @@ jobs:
         pipx install poetry==1.7.0
         poetry build
     - name: Publish package distributions to PyPI
-      uses: pypa/gh-action-pypi-publish@release/v1
+      uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2

From eb82527c101e7e4972cf520894b98e650c370fa5 Mon Sep 17 00:00:00 2001
From: kingthorin <kingthorin@users.noreply.github.com>
Date: Sun, 22 Dec 2024 05:38:07 -0500
Subject: [PATCH 2/2] Update release.yml

Co-authored-by: thc202 <thc202@gmail.com>
Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e08c206..38fc01a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,4 +24,4 @@ jobs:
         pipx install poetry==1.7.0
         poetry build
     - name: Publish package distributions to PyPI
-      uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2
+      uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3