From 05d0ea928276819ac71293f9ace4f98a354ab1b0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 7 Jan 2026 12:26:14 +0000
Subject: [PATCH 1/2] build(deps): bump astral-sh/setup-uv in
 /.github/workflows

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.6 to 7.2.0.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/681c641aba71e4a1c380be3ab5e12ad51f415867...61cb8a9741eeb8a550a1b8544337180c0fc8476b)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/lint-yaml.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/lint-yaml.yml b/.github/workflows/lint-yaml.yml
index 9b5710cb..3bb1d33f 100644
--- a/.github/workflows/lint-yaml.yml
+++ b/.github/workflows/lint-yaml.yml
@@ -36,7 +36,7 @@ jobs:
             line-length: warning
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7.1.6
+        uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0
 
       - name: Check GitHub actions
         run: uvx zizmor --min-severity medium .github/workflows/*.yml

From 13b885928b2f9fe695575b47cf00edfa1b5c094e Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 7 Jan 2026 13:52:42 +0100
Subject: [PATCH 2/2] fix zizmor config

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 zizmor.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/zizmor.yml b/zizmor.yml
index afc373cb..a991eaa5 100644
--- a/zizmor.yml
+++ b/zizmor.yml
@@ -4,3 +4,7 @@ rules:
   dangerous-triggers:
     ignore:
       - build_images.yml
+  unpinned-uses:
+    config:
+      policies:
+        actions/*: ref-pin