From e251e6a7ecc9b84ec43912e6402856f57cbabb52 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 30 Apr 2026 14:06:14 +0000
Subject: [PATCH] chore(deps): pin dependencies

Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/actions/security-scans/action.yml | 2 +-
 .github/workflows/bake_targets.yml        | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/actions/security-scans/action.yml b/.github/actions/security-scans/action.yml
index b0e3bcde..3371c0ab 100644
--- a/.github/actions/security-scans/action.yml
+++ b/.github/actions/security-scans/action.yml
@@ -38,7 +38,7 @@ runs:
         accept-filenames: usr/share/postgresql-common/pgdg/apt.postgresql.org.asc,etc/ssl/private/ssl-cert-snakeoil.key,usr/local/lib/python3.9/dist-packages/azure/core/settings.py,usr/local/lib/python3.11/dist-packages/azure/core/settings.py,usr/local/lib/python3.13/dist-packages/azure/core/settings.py
 
     - name: Snyk
-      uses: snyk/actions/docker@master
+      uses: snyk/actions/docker@9adf32b1121593767fc3c057af55b55db032dc04 # master
       id: snyk
       if: ${{ inputs.snyk_token != '' }}
       # Snyk can be used to break the build when it detects vulnerabilities.
diff --git a/.github/workflows/bake_targets.yml b/.github/workflows/bake_targets.yml
index 9262ec83..68823709 100644
--- a/.github/workflows/bake_targets.yml
+++ b/.github/workflows/bake_targets.yml
@@ -154,7 +154,7 @@ jobs:
       - name: Security checks
         # NOTE: Do not modify this to point to the local action "./.github/actions/security-scans",
         # as it will break workflows running bake_targets.yml (this workflow) from external repositories.
-        uses: cloudnative-pg/postgres-containers/.github/actions/security-scans@main
+        uses: cloudnative-pg/postgres-containers/.github/actions/security-scans@d066ea0c4c971aa8bcf4990abbe3e5627d136a42 # main
         with:
           image: "${{ matrix.image }}"
           registry_user: ${{ github.actor }}
@@ -180,7 +180,7 @@ jobs:
       - name: Copy to production
         # NOTE: Do not modify this to point to the local action "./.github/actions/copy-images",
         # as it will break workflows running bake_targets.yml (this workflow) from external repositories.
-        uses: cloudnative-pg/postgres-containers/.github/actions/copy-images@main
+        uses: cloudnative-pg/postgres-containers/.github/actions/copy-images@d066ea0c4c971aa8bcf4990abbe3e5627d136a42 # main
         with:
           bake_build_metadata: "${{ needs.testbuild.outputs.metadata }}"
           registry_user: ${{ github.actor }}