From c7d3fae9f6d2b05498e41e7b220f05ff74c470a0 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 21 Apr 2026 16:36:57 +0000
Subject: [PATCH] ci: pin dependencies

---
 .github/workflows/auto-approve.yml   | 2 +-
 .github/workflows/release-please.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/auto-approve.yml b/.github/workflows/auto-approve.yml
index 11f7552..d6c40d7 100644
--- a/.github/workflows/auto-approve.yml
+++ b/.github/workflows/auto-approve.yml
@@ -11,7 +11,7 @@ jobs:
       pull-requests: write
 
     steps:
-      - uses: hmarr/auto-approve-action@v2
+      - uses: hmarr/auto-approve-action@9ae347e9f84a25da76c915a406cb17cfece1716d # v2.4.0
         if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' || github.actor == 'renovate[bot]'
         with:
           github-token: '${{ secrets.GITHUB_TOKEN }}'
diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index 2212a50..20f47ef 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -17,7 +17,7 @@ jobs:
 
     steps:
       - id: release
-        uses: GoogleCloudPlatform/release-please-action@v3
+        uses: GoogleCloudPlatform/release-please-action@db8f2c60ee802b3748b512940dde88eabd7b7e01 # v3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           command: manifest