From 07cac8294289f047c19664e448992ea4c3b4ca91 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 30 Mar 2026 10:55:35 +0000
Subject: [PATCH] Pin dependencies

---
 .github/workflows/check-links.yml | 4 ++--
 .github/workflows/ci.yml          | 4 ++--
 .github/workflows/deploy.yml      | 6 +++---
 Dockerfile                        | 4 ++--
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml
index 7cf0a270..408db247 100644
--- a/.github/workflows/check-links.yml
+++ b/.github/workflows/check-links.yml
@@ -10,10 +10,10 @@ jobs:
     env:
       FORCE_COLOR: 1
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           fetch-depth: 0
-      - uses: actions/setup-node@v6
+      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
         env:
           FORCE_COLOR: 0
         with:
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 5bf7ff17..4a528857 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -15,11 +15,11 @@ jobs:
     env:
       FORCE_COLOR: 1
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           fetch-depth: 0
 
-      - uses: actions/setup-node@v6
+      - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
         env:
           FORCE_COLOR: 0
         with:
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 0047af16..0f7a9251 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -11,13 +11,13 @@ jobs:
       REGISTRY: registry.digitalocean.com
       NAME: ghost/gscan
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Get version
         run: echo "IMAGE_VERSION=$(git describe --tags)" >> $GITHUB_ENV
 
       - name: Publish to DigitalOcean Registry
-        uses: elgohr/Publish-Docker-Github-Action@v5
+        uses: elgohr/Publish-Docker-Github-Action@1c2f28ccd9476e8a936ac9a1f287405504c93304 # v5
         with:
           registry: ${{ env.REGISTRY }}
           name: ${{ env.NAME }}
@@ -26,7 +26,7 @@ jobs:
           password: ${{ secrets.DOCKER_PASSWORD }}
           tags: "latest,${{ env.IMAGE_VERSION }}"
 
-      - uses: matootie/dokube@v1.4.1
+      - uses: matootie/dokube@d928bf89877df4f5170c2d56cc07a70cbd2c4c8b # v1.4.1
         with:
           personalAccessToken: ${{ secrets.DIGITALOCEAN_TOKEN }}
           clusterName: ${{ secrets.CLUSTER_NAME }}
diff --git a/Dockerfile b/Dockerfile
index 63c17b36..95daf0a4 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # ---- Base Node with Alpine ----
-FROM node:24.11.1-alpine3.21 AS base
+FROM node:24.11.1-alpine3.21@sha256:b8f7c9056af700568c1ce76173f1c93743fb64ca1343e18cdf3a6ded8985ad3d AS base
 # Set working directory in the container
 WORKDIR /app
 # Copy package.json and yarn.lock files to the workspace
@@ -16,7 +16,7 @@ RUN cp -R node_modules prod_node_modules
 RUN yarn install --ignore-scripts --frozen-lockfile
 
 # ---- Release ----
-FROM node:24.11.1-alpine3.21 AS release
+FROM node:24.11.1-alpine3.21@sha256:b8f7c9056af700568c1ce76173f1c93743fb64ca1343e18cdf3a6ded8985ad3d AS release
 # Set working directory
 WORKDIR /app
 # Copy production node_modules