From 7a2da6e24d149862590ab5d0a59aa7832588e31f Mon Sep 17 00:00:00 2001
From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com>
Date: Mon, 15 Dec 2025 11:58:07 +0000
Subject: [PATCH] Pin dependencies

---
 .github/workflows/renovate.yaml | 4 ++--
 Dockerfile                      | 2 +-
 cross-xx.Dockerfile             | 4 ++--
 cross.Dockerfile                | 2 +-
 versioned.Dockerfile            | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/renovate.yaml b/.github/workflows/renovate.yaml
index d4c7cbb..fff7055 100644
--- a/.github/workflows/renovate.yaml
+++ b/.github/workflows/renovate.yaml
@@ -22,7 +22,7 @@ jobs:
       with:
         identity: 45a0c61ea6fd977f050c5fb9ac06a69eed764595/3827402530de6dbf
 
-    - uses: octo-sts/action@v1.1.0
+    - uses: octo-sts/action@8d6ac62df8bd60823d047d41679ba4a179ff57cc # v1.1.0
       id: octo-sts
       with:
         scope: ${{ github.repository }}
@@ -35,7 +35,7 @@ jobs:
         echo "RENOVATE_DOCKER_CGR_DEV_PASSWORD=$RENOVATE_DOCKER_CGR_DEV_PASSWORD" >> $GITHUB_ENV
 
     - name: Run Renovate
-      uses: renovatebot/github-action@v44.0.5
+      uses: renovatebot/github-action@5712c6a41dea6cdf32c72d92a763bd417e6606aa # v44.0.5
       env:
         # LOG_LEVEL: "debug"
         RENOVATE_TOKEN: ${{ steps.octo-sts.outputs.token }}
diff --git a/Dockerfile b/Dockerfile
index b214400..d47f383 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-# syntax=docker/dockerfile:1
+# syntax=docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6
 FROM cgr.dev/chainguard/go:latest-dev@sha256:fa9ef129b35dacc10c80f063f927df0cbb6336d38ef2131fb925048a720346cf AS builder
 
 WORKDIR /work
diff --git a/cross-xx.Dockerfile b/cross-xx.Dockerfile
index b926dde..fcbc80a 100644
--- a/cross-xx.Dockerfile
+++ b/cross-xx.Dockerfile
@@ -1,6 +1,6 @@
-# syntax=docker/dockerfile:1
+# syntax=docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6
 # Load cross-platform helper functions
-FROM --platform=$BUILDPLATFORM tonistiigi/xx AS xx
+FROM --platform=$BUILDPLATFORM tonistiigi/xx@sha256:c64defb9ed5a91eacb37f96ccc3d4cd72521c4bd18d5442905b95e2226b0e707 AS xx
 
 FROM --platform=$BUILDPLATFORM cgr.dev/chainguard/go:latest-dev@sha256:bd8bbbb8270f2bda5ab1f044dcf1f38016362f3737561fea90ed39f412e1f4cc AS builder
 COPY --from=xx / /
diff --git a/cross.Dockerfile b/cross.Dockerfile
index 5da81e5..f782af3 100644
--- a/cross.Dockerfile
+++ b/cross.Dockerfile
@@ -1,4 +1,4 @@
-# syntax=docker/dockerfile:1
+# syntax=docker/dockerfile:1@sha256:b6afd42430b15f2d2a4c5a02b919e98a525b785b1aaff16747d2f623364e39b6
 FROM --platform=$BUILDPLATFORM cgr.dev/chainguard/go:latest-dev@sha256:bd8bbbb8270f2bda5ab1f044dcf1f38016362f3737561fea90ed39f412e1f4cc AS builder
 ARG TARGETOS
 ARG TARGETARCH
diff --git a/versioned.Dockerfile b/versioned.Dockerfile
index c062f8d..3ed9b18 100644
--- a/versioned.Dockerfile
+++ b/versioned.Dockerfile
@@ -1,5 +1,5 @@
 # For testing versioning of images with private registry
-FROM cgr.dev/chainguard.edu/go:1.25.3 AS builder
+FROM cgr.dev/chainguard.edu/go:1.25.3@sha256:047395c0c877b00242c8b034e767fcd735759a4f4c3e25e8813ab20d0183bfa6 AS builder
 
 WORKDIR /work