From 19661008746ab9c3dc5f728c77311e04659026a5 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Fri, 22 May 2026 03:47:32 +0000
Subject: [PATCH] chore(deps): pin dependencies

---
 .github/workflows/automatic-pr-labeler.yaml    | 4 ++--
 .github/workflows/cleanup-old-maven-pkgs.yml   | 2 +-
 .github/workflows/link-checker.yaml            | 6 +++---
 .github/workflows/maven-deploy.yml             | 2 +-
 .github/workflows/maven-verify.yml             | 2 +-
 .github/workflows/pr-assigner.yml              | 4 ++--
 .github/workflows/pr-conventional-commits.yaml | 4 ++--
 .github/workflows/pr-lint-title.yaml           | 2 +-
 .github/workflows/profanity-filter.yaml        | 2 +-
 9 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/automatic-pr-labeler.yaml b/.github/workflows/automatic-pr-labeler.yaml
index a851c99f..138c0a98 100644
--- a/.github/workflows/automatic-pr-labeler.yaml
+++ b/.github/workflows/automatic-pr-labeler.yaml
@@ -24,11 +24,11 @@ jobs:
     if: (github.event.pull_request.merged == false) && (github.event.pull_request.user.login != 'dependabot[bot]') && (github.event.pull_request.user.login != 'github-actions[bot]')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: "Execute assign labels"
         id: action-assign-labels
-        uses: mauroalderete/action-assign-labels@v1
+        uses: mauroalderete/action-assign-labels@671a4ca2da0f900464c58b8b5540a1e07133e915 # v1
         with:
           pull-request-number: ${{ github.event.pull_request.number }}
           github-token: ${{ github.token }}
diff --git a/.github/workflows/cleanup-old-maven-pkgs.yml b/.github/workflows/cleanup-old-maven-pkgs.yml
index 9b2c6fab..ed6c60fc 100644
--- a/.github/workflows/cleanup-old-maven-pkgs.yml
+++ b/.github/workflows/cleanup-old-maven-pkgs.yml
@@ -43,7 +43,7 @@ jobs:
             echo "**Dry-run**: ${{ github.event.inputs.dry-run || 'false' }}"
             echo "**Debug**: ${{ github.event.inputs.debug || 'false' }}"
         - name: Run Maven Cleanup Action
-          uses: netcracker/qubership-workflow-hub/actions/container-package-cleanup@v2.1.1
+          uses: netcracker/qubership-workflow-hub/actions/container-package-cleanup@6a2de8d62ac5b6998e30f923613c998c263ea9f2 # v2.2.2
           with:
             threshold-days: ${{ github.event.inputs.threshold-days || 14 }}
             included-patterns: ${{ github.event.inputs.included-patterns || '*SNAPSHOT*' }}
diff --git a/.github/workflows/link-checker.yaml b/.github/workflows/link-checker.yaml
index 70d9f78d..5cf1dbab 100644
--- a/.github/workflows/link-checker.yaml
+++ b/.github/workflows/link-checker.yaml
@@ -15,10 +15,10 @@ jobs:
   linkChecker:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Restore lychee cache
-        uses: actions/cache@v5
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5
         id: restore-cache
         with:
           path: .lycheecache
@@ -27,7 +27,7 @@ jobs:
 
       - name: Link Checker
         id: lychee
-        uses: lycheeverse/lychee-action@v2
+        uses: lycheeverse/lychee-action@8646ba30535128ac92d33dfc9133794bfdd9b411 # v2
         with:
           args: >-
             './**/*.md'
diff --git a/.github/workflows/maven-deploy.yml b/.github/workflows/maven-deploy.yml
index 070effaf..b0b769f1 100644
--- a/.github/workflows/maven-deploy.yml
+++ b/.github/workflows/maven-deploy.yml
@@ -30,7 +30,7 @@ on:
 jobs:
   maven-deploy:
     name: Maven deploy
-    uses: Netcracker/qubership-core-infra/.github/workflows/generic-maven-build.yaml@v2.2.0
+    uses: Netcracker/qubership-core-infra/.github/workflows/generic-maven-build.yaml@bc2a0bd082147e23b4091616c608a21cc2957728 # v2.4.1
     with:
       maven-command: 'deploy'
       sonar-project-key: ${{ vars.SONAR_PROJECT_KEY }}
diff --git a/.github/workflows/maven-verify.yml b/.github/workflows/maven-verify.yml
index f8d442fa..f95446e1 100644
--- a/.github/workflows/maven-verify.yml
+++ b/.github/workflows/maven-verify.yml
@@ -22,7 +22,7 @@ on:
 jobs:
   maven-verify:
     name: Maven verify
-    uses: Netcracker/qubership-core-infra/.github/workflows/generic-maven-build.yaml@v2.2.0
+    uses: Netcracker/qubership-core-infra/.github/workflows/generic-maven-build.yaml@bc2a0bd082147e23b4091616c608a21cc2957728 # v2.4.1
     with:
       maven-command: 'verify'
       sonar-project-key: ${{ vars.SONAR_PROJECT_KEY }}
diff --git a/.github/workflows/pr-assigner.yml b/.github/workflows/pr-assigner.yml
index 97a0bc34..cb05946c 100644
--- a/.github/workflows/pr-assigner.yml
+++ b/.github/workflows/pr-assigner.yml
@@ -22,10 +22,10 @@ jobs:
             exit 0
           fi
 
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           persist-credentials: false
 
-      - uses: netcracker/qubership-workflow-hub/actions/pr-assigner@5edd67e98d2f0eec5ab77b4deca0e1d481137462 # 2.1.1
+      - uses: netcracker/qubership-workflow-hub/actions/pr-assigner@6a2de8d62ac5b6998e30f923613c998c263ea9f2 # v2.2.2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pr-conventional-commits.yaml b/.github/workflows/pr-conventional-commits.yaml
index 89a2892b..98d9ac23 100644
--- a/.github/workflows/pr-conventional-commits.yaml
+++ b/.github/workflows/pr-conventional-commits.yaml
@@ -16,6 +16,6 @@ jobs:
     name: Conventional Commits
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - uses: webiny/action-conventional-commits@v1.3.1
+      - uses: webiny/action-conventional-commits@7f91b1595ca1951cdb671ddc9f07a49081ec5b69 # v1.4.2
diff --git a/.github/workflows/pr-lint-title.yaml b/.github/workflows/pr-lint-title.yaml
index 64a58653..2f3aaa38 100644
--- a/.github/workflows/pr-lint-title.yaml
+++ b/.github/workflows/pr-lint-title.yaml
@@ -18,6 +18,6 @@ jobs:
     name: Validate PR title
     runs-on: ubuntu-latest
     steps:
-      - uses: amannn/action-semantic-pull-request@v6
+      - uses: amannn/action-semantic-pull-request@48f256284bd46cdaab1048c3721360e808335d50 # v6
         env:
           GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/profanity-filter.yaml b/.github/workflows/profanity-filter.yaml
index e5d29d61..ca637e17 100644
--- a/.github/workflows/profanity-filter.yaml
+++ b/.github/workflows/profanity-filter.yaml
@@ -20,7 +20,7 @@ jobs:
       - name: Scan issue or pull request for profanity
         # Conditionally run the step if the actor isn't a bot
         if: ${{ github.actor != 'dependabot[bot]' && github.actor != 'github-actions[bot]' }}
-        uses: IEvangelist/profanity-filter@10.0
+        uses: IEvangelist/profanity-filter@7d6e0c79ee3d33ae09b5ed0c6e2fa04b9c512e08 # 10.0
         id: profanity-filter
         with:
           token: ${{ secrets.GITHUB_TOKEN }}