@@ -27,15 +27,15 @@ jobs:
2727 contents : read
2828 runs-on : ubuntu-latest
2929 steps :
30- - uses : actions/checkout@v6
30+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
3131 with :
3232 persist-credentials : false
33- - uses : astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7 .1.6
33+ - uses : astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8 .1.0
3434 with :
3535 cache-dependency-glob : " .github/workflows/*.yml"
3636 cache-suffix : pre-commit-uv
3737 - run : uv tool install pre-commit --with pre-commit-uv --force-reinstall
38- - uses : actions/cache@v5
38+ - uses : actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
3939 with :
4040 path : ~/.cache/pre-commit
4141 key : pre-commit-uv-v1-${{ hashFiles('.pre-commit-config.yaml') }}
@@ -67,15 +67,15 @@ jobs:
6767 BABEL_CLDR_QUIET : " 1"
6868 PIP_DISABLE_PIP_VERSION_CHECK : " 1"
6969 steps :
70- - uses : actions/checkout@v6
70+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
7171 with :
7272 persist-credentials : false
73- - uses : actions/cache@v5
73+ - uses : actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
7474 with :
7575 path : cldr
7676 key : cldr-${{ hashFiles('scripts/*cldr*') }}
7777 - name : Set up Python ${{ matrix.python-version }}
78- uses : actions/setup-python@v6
78+ uses : actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
7979 with :
8080 python-version : ${{ matrix.python-version }}
8181 allow-prereleases : true
9090 env :
9191 COVERAGE_XML_PATH : ${{ runner.temp }}
9292 BABEL_TOX_EXTRA_DEPS : pytest-github-actions-annotate-failures
93- - uses : codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
93+ - uses : codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
9494 with :
9595 directory : ${{ runner.temp }}
9696 flags : ${{ matrix.os }}-${{ matrix.python-version }}
@@ -103,18 +103,18 @@ jobs:
103103 runs-on : ubuntu-24.04
104104 needs : lint
105105 steps :
106- - uses : actions/checkout@v6
106+ - uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
107107 with :
108108 persist-credentials : false
109- - uses : actions/setup-python@v6
109+ - uses : actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
110110 with :
111111 python-version : " 3.14"
112112 cache : " pip"
113113 cache-dependency-path : " **/setup.py"
114114 - run : pip install build -e .
115115 - run : make import-cldr
116116 - run : python -m build
117- - uses : actions/upload-artifact@v6
117+ - uses : actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
118118 with :
119119 name : dist
120120 path : dist
@@ -130,12 +130,12 @@ jobs:
130130 permissions :
131131 id-token : write # Required for Trusted Publishing action
132132 steps :
133- - uses : actions/download-artifact@v7
133+ - uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
134134 with :
135135 name : dist
136136 path : dist/
137137 - name : Publish package distributions to PyPI
138- uses : pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13 .0
138+ uses : pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14 .0
139139 with :
140140 verbose : true
141141 print-hash : true
0 commit comments