From 04fbb1eb0368eaab533657d7c547ef1f8f8c2375 Mon Sep 17 00:00:00 2001
From: "pre-commit-ci[bot]"
 <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Date: Mon, 7 Jul 2025 21:03:51 +0000
Subject: [PATCH 1/2] [pre-commit.ci] pre-commit autoupdate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

updates:
- [github.com/astral-sh/ruff-pre-commit: v0.11.4 → v0.12.2](https://github.com/astral-sh/ruff-pre-commit/compare/v0.11.4...v0.12.2)
- [github.com/python-jsonschema/check-jsonschema: 0.32.1 → 0.33.2](https://github.com/python-jsonschema/check-jsonschema/compare/0.32.1...0.33.2)
- [github.com/woodruffw/zizmor-pre-commit: v1.5.2 → v1.11.0](https://github.com/woodruffw/zizmor-pre-commit/compare/v1.5.2...v1.11.0)
- [github.com/tox-dev/pyproject-fmt: v2.5.1 → v2.6.0](https://github.com/tox-dev/pyproject-fmt/compare/v2.5.1...v2.6.0)
- [github.com/google/yamlfmt: v0.16.0 → v0.17.2](https://github.com/google/yamlfmt/compare/v0.16.0...v0.17.2)
- [github.com/rbubley/mirrors-prettier: v3.5.3 → v3.6.2](https://github.com/rbubley/mirrors-prettier/compare/v3.5.3...v3.6.2)
---
 .pre-commit-config.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 966185e..42d4542 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.11.4
+    rev: v0.12.2
     hooks:
       - id: ruff
         args: [--exit-non-zero-on-fix]
@@ -27,7 +27,7 @@ repos:
         exclude: \.github/ISSUE_TEMPLATE\.md|\.github/PULL_REQUEST_TEMPLATE\.md
 
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.32.1
+    rev: 0.33.2
     hooks:
       - id: check-github-workflows
       - id: check-renovate
@@ -38,12 +38,12 @@ repos:
       - id: actionlint
 
   - repo: https://github.com/woodruffw/zizmor-pre-commit
-    rev: v1.5.2
+    rev: v1.11.0
     hooks:
       - id: zizmor
 
   - repo: https://github.com/tox-dev/pyproject-fmt
-    rev: v2.5.1
+    rev: v2.6.0
     hooks:
       - id: pyproject-fmt
 
@@ -58,12 +58,12 @@ repos:
       - id: tox-ini-fmt
 
   - repo: https://github.com/google/yamlfmt
-    rev: v0.16.0
+    rev: v0.17.2
     hooks:
       - id: yamlfmt
 
   - repo: https://github.com/rbubley/mirrors-prettier
-    rev: v3.5.3
+    rev: v3.6.2
     hooks:
       - id: prettier
         args: [--prose-wrap=always, --print-width=88]

From 2f65a321d7077ab91112f0bebb91649e936b305f Mon Sep 17 00:00:00 2001
From: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Date: Tue, 8 Jul 2025 00:21:13 +0300
Subject: [PATCH 2/2] Allow tagged actions

---
 .github/zizmor.yml | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .github/zizmor.yml

diff --git a/.github/zizmor.yml b/.github/zizmor.yml
new file mode 100644
index 0000000..5bdc48c
--- /dev/null
+++ b/.github/zizmor.yml
@@ -0,0 +1,7 @@
+# Configuration for the zizmor static analysis tool, run via pre-commit in CI
+# https://woodruffw.github.io/zizmor/configuration/
+rules:
+  unpinned-uses:
+    config:
+      policies:
+        "*": ref-pin