From cc262907d92d924b26548f6dfff028cc62e9148f Mon Sep 17 00:00:00 2001
From: fettpl <38704082+fettpl@users.noreply.github.com>
Date: Tue, 17 Feb 2026 23:26:58 +0100
Subject: [PATCH] chore(ci): pin codeql workflow actions to SHAs (#691)

---
 .github/workflows/codeql.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 81210b2..8fadb02 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -24,16 +24,16 @@ jobs:
               uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
             - name: Initialize CodeQL
-              uses: github/codeql-action/init@v4
+              uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4
               with:
                   languages: rust
                   config-file: ./.github/codeql/codeql-config.yml
 
             - name: Set up Rust
-              uses: dtolnay/rust-toolchain@stable
+              uses: dtolnay/rust-toolchain@631a55b12751854ce901bb631d5902ceb48146f7 # stable
 
             - name: Build
               run: cargo build --workspace --all-targets
 
             - name: Perform CodeQL Analysis
-              uses: github/codeql-action/analyze@v4
+              uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4