From 37d67b39180319bb62f67488bd1f01e95302da0e Mon Sep 17 00:00:00 2001
From: Alexander Samusev <41779041+alvicsam@users.noreply.github.com>
Date: Thu, 7 Mar 2024 16:29:08 +0100
Subject: [PATCH] [ci] pin versions for release-verifiable-image (#1530)

---
 .github/workflows/dependabot-auto-merge.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
index c00ea8d32..aab67c4be 100644
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -7,13 +7,13 @@ jobs:
     # run action only on dependabot branches
     if: github.actor == 'dependabot[bot]'
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/create-github-app-token@v1
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/create-github-app-token@f2acddfb5195534d487896a656232b016a682f3c # v1.9.0
         id: app-token
         with:
           app-id: ${{ secrets.GH_APP_ID }}
           private-key: ${{ secrets.GH_APP_KEY }}
-      - uses: ahmadnassri/action-dependabot-auto-merge@v2
+      - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a # v2.6.0
         with:
           target: patch
           github-token: ${{ steps.app-token.outputs.token }}