From 422b9eaad17ec092e7d0514cfe4e9c430cf769ee Mon Sep 17 00:00:00 2001
From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com>
Date: Wed, 8 Apr 2026 16:04:21 +0200
Subject: [PATCH 1/2] chore: pin actions to SHA in .github/workflows/main.yml

---
 .github/workflows/main.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 0c3ce2e..64ec642 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -9,9 +9,9 @@ jobs:
     runs-on: ubuntu-18.04
 
     steps:
-    - uses: actions/checkout@master
+    - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master
     - name: Set up Python 3.6
-      uses: actions/setup-python@v1
+      uses: actions/setup-python@0f07f7f756721ebd886c2462646a35f78a8bc4de # v1.2.4
       with:
         python-version: 3.6
 
@@ -32,7 +32,7 @@ jobs:
 
     - name: Publish package
       if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
-      uses: pypa/gh-action-pypi-publish@release/v1
+      uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # release/v1
       with:
         user: __token__
         password: ${{ secrets.PYPI_API_TOKEN }}

From 60c7d3ae4252c5a476289de65ad109f681c79fcf Mon Sep 17 00:00:00 2001
From: slawomirbabicz <111378977+slawomirbabicz@users.noreply.github.com>
Date: Wed, 8 Apr 2026 16:04:22 +0200
Subject: [PATCH 2/2] chore: pin actions to SHA in .github/workflows/test.yml

---
 .github/workflows/test.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 8ad8396..03b45b5 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,10 +18,10 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - run: git config --global core.autocrlf input
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@ee0669bd1cc54295c223e0bb666b733df41de1c5 # v2.7.0
         with:
           fetch-depth: 0
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@e9aba2c848f5ebd159c070c61ea2c4e2b122355e # v2.3.4
         with:
           python-version: ${{ matrix.python-version }}
       - run: pip install --upgrade tox