From 057df5d8c260507dee4fc99bdb1f2810f1f0af06 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 13 Jan 2026 21:44:41 +0000 Subject: [PATCH] chore(deps): pin dependencies --- .github/workflows/pypi-publish.yml | 4 ++-- taskcluster/docker/fetch/Dockerfile | 2 +- taskcluster/docker/python/Dockerfile | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index c31f383..6937a4e 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -11,8 +11,8 @@ jobs: id-token: write steps: - name: Checkout sources - uses: actions/checkout@v6 - - uses: actions/setup-python@v6 + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 + - uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6 with: python-version: '3.14' cache: 'pip' diff --git a/taskcluster/docker/fetch/Dockerfile b/taskcluster/docker/fetch/Dockerfile index 2acb708..3080016 100644 --- a/taskcluster/docker/fetch/Dockerfile +++ b/taskcluster/docker/fetch/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:13 +FROM debian:13@sha256:5cf544fad978371b3df255b61e209b373583cb88b733475c86e49faa15ac2104 ### Add worker user and setup its workspace. RUN mkdir -p /builds && \ diff --git a/taskcluster/docker/python/Dockerfile b/taskcluster/docker/python/Dockerfile index a1713ff..a55a970 100644 --- a/taskcluster/docker/python/Dockerfile +++ b/taskcluster/docker/python/Dockerfile @@ -2,7 +2,7 @@ # License, v. 2.0. If a copy of the MPL was not distributed with this # file, You can obtain one at http://mozilla.org/MPL/2.0/. -FROM debian:13-slim +FROM debian:13-slim@sha256:77ba0164de17b88dd0bf6cdc8f65569e6e5fa6cd256562998b62553134a00ef0 LABEL maintainer="Mozilla Release Engineering " VOLUME /builds/worker/checkouts