From 0e2df96ebf8851c4e4ac90f2edd9928c1b3c0c2f Mon Sep 17 00:00:00 2001
From: Philip Nelson <pnelson@maxmind.com>
Date: Fri, 16 May 2025 19:48:06 +0000
Subject: [PATCH] update zizmor to verson 1.7.0

---
 .github/workflows/release.yml           | 6 +++---
 .github/workflows/test-libmaxminddb.yml | 2 +-
 .github/workflows/test.yml              | 2 +-
 .github/workflows/zizmor.yml            | 4 ++--
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 58643c12..8af7e384 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,12 +28,12 @@ jobs:
 
       - name: Set up QEMU
         if: runner.os == 'Linux' && runner.arch == 'X64'
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # 3.6.0
         with:
           platforms: all
 
       - name: Build wheels
-        uses: pypa/cibuildwheel@v2.23.3
+        uses: pypa/cibuildwheel@faf86a6ed7efa889faf6996aa23820831055001a # 2.23.3
         env:
           CIBW_BUILD_VERBOSITY: 1
           MAXMINDDB_REQUIRE_EXTENSION: 1
@@ -78,4 +78,4 @@ jobs:
           path: dist
           merge-multiple: true
 
-      - uses: pypa/gh-action-pypi-publish@release/v1
+      - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # 1.12.4
diff --git a/.github/workflows/test-libmaxminddb.yml b/.github/workflows/test-libmaxminddb.yml
index 01e96346..ec4caeec 100644
--- a/.github/workflows/test-libmaxminddb.yml
+++ b/.github/workflows/test-libmaxminddb.yml
@@ -32,7 +32,7 @@ jobs:
           persist-credentials: false
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@v6
+        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # 6.0.1
 
       - name: Install tox
         run: uv tool install --python-preference only-managed --python 3.13 tox --with tox-uv --with tox-gh
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 67a98d35..7c173088 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -23,7 +23,7 @@ jobs:
           submodules: true
           persist-credentials: false
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@v6
+        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # 6.0.1
       - name: Install tox
         run: uv tool install --python-preference only-managed --python 3.13 tox --with tox-uv --with tox-gh
       - name: Install Python
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
index 1b9a1175..41ab0229 100644
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -24,11 +24,11 @@ jobs:
           persist-credentials: false
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@v6
+        uses: astral-sh/setup-uv@6b9c6063abd6010835644d4c2e1bef4cf5cd0fca # 6.0.1
         with:
           enable-cache: false
 
       - name: Run zizmor
-        run: uvx zizmor@1.5.2 --format plain .
+        run: uvx zizmor@1.7.0 --format plain .
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}