From e5b9ae8a90ed7565444059f73e4c8a3e85403825 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 19 Nov 2025 16:47:27 +0000
Subject: [PATCH 1/5] chore(deps): pin dependencies

---
 .github/workflows/caddy-major-monitor.yml | 2 +-
 .github/workflows/codeql.yml              | 8 ++++----
 .github/workflows/docker-build.yml        | 2 +-
 .github/workflows/docker-publish.yml      | 2 +-
 .github/workflows/renovate.yml            | 4 ++--
 5 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/caddy-major-monitor.yml b/.github/workflows/caddy-major-monitor.yml
index 95635ee3..05eace8f 100644
--- a/.github/workflows/caddy-major-monitor.yml
+++ b/.github/workflows/caddy-major-monitor.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check for Caddy v3 and open issue
-        uses: actions/github-script@v7
+        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7
         with:
           script: |
             const upstream = { owner: 'caddyserver', repo: 'caddy' };
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index f378e56a..aa7dd7b7 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -28,17 +28,17 @@ jobs:
         language: [ 'go', 'javascript-typescript' ]
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@c3d42c5d08633d8b33635fbd94b000a0e2585b3c # v3
         with:
           languages: ${{ matrix.language }}
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@c3d42c5d08633d8b33635fbd94b000a0e2585b3c # v3
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@c3d42c5d08633d8b33635fbd94b000a0e2585b3c # v3
         with:
           category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 5dccaf88..f775c17a 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -159,7 +159,7 @@ jobs:
 
       # Step 10: Upload Trivy results to GitHub Security tab
       - name: 📤 Upload Trivy results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@c3d42c5d08633d8b33635fbd94b000a0e2585b3c # v3
         if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true' && (steps.trivy.outcome == 'success' || steps.trivy.outcome == 'failure')
         with:
           sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 7a91053f..cfdec9d7 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -133,6 +133,6 @@ jobs:
 
       - name: Upload Trivy results
         if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true'
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@c3d42c5d08633d8b33635fbd94b000a0e2585b3c # v3
         with:
           sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml
index 6463e658..947f2641 100644
--- a/.github/workflows/renovate.yml
+++ b/.github/workflows/renovate.yml
@@ -15,11 +15,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
         with:
           fetch-depth: 1
       - name: Run Renovate
-        uses: renovatebot/github-action@v40.1.11
+        uses: renovatebot/github-action@063e0c946b9c1af35ef3450efc44114925d6e8e6 # v40.1.11
         with:
           configurationFile: .github/renovate.json
           token: ${{ secrets.PROJECT_TOKEN }}

From 0474c837820113af963a0a6b1ab2c58c956a081e Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 19 Nov 2025 16:47:32 +0000
Subject: [PATCH 2/5] chore(deps): update actions/checkout digest to 34e1148

---
 .github/workflows/docker-build.yml | 2 +-
 .github/workflows/docs.yml         | 2 +-
 .github/workflows/release.yml      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 5dccaf88..a2f9b060 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -30,7 +30,7 @@ jobs:
     steps:
       # Step 1: Download the code
       - name: 📥 Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
       # Normalize IMAGE_NAME to lowercase to satisfy container registry format
       - name: 🔤 Normalize image name
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 4723453b..c469e0d6 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -29,7 +29,7 @@ jobs:
     steps:
       # Step 1: Get the code
       - name: 📥 Checkout code
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
       # Step 2: Set up Node.js (for building any JS-based doc tools)
       - name: 🔧 Set up Node.js
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 88d4baf5..390d4c3e 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
         with:
           fetch-depth: 0
 

From d7c067385e1e238c8f71daeaf7e7a1f2fe0c02f7 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 19 Nov 2025 16:47:37 +0000
Subject: [PATCH 3/5] chore(deps): update golangci/golangci-lint-action action
 to v4.0.1

---
 .github/workflows/quality-checks.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml
index 5cddf2a2..0a0f2f64 100644
--- a/.github/workflows/quality-checks.yml
+++ b/.github/workflows/quality-checks.yml
@@ -24,7 +24,7 @@ jobs:
         run: go test -v ./...
 
       - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0
+        uses: golangci/golangci-lint-action@d6238b002a20823d52840fda27e2d4891c5952dc # v4.0.1
         with:
           version: latest
           working-directory: backend

From 3e3089b8d646c981b75da15ae0da97d9f59b42f6 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 19 Nov 2025 16:47:42 +0000
Subject: [PATCH 4/5] chore(deps): update actions/checkout action to v4.3.1

---
 .github/workflows/docker-publish.yml | 2 +-
 .github/workflows/quality-checks.yml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 7a91053f..3f7c8a95 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -28,7 +28,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Normalize image name
         run: |
diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml
index 5cddf2a2..a1c68ab0 100644
--- a/.github/workflows/quality-checks.yml
+++ b/.github/workflows/quality-checks.yml
@@ -11,7 +11,7 @@ jobs:
     name: Backend (Go)
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Set up Go
         uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
@@ -35,7 +35,7 @@ jobs:
     name: Frontend (React)
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
 
       - name: Set up Node.js
         uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2

From ba4fb99f0add5b89b602ed6971d0ad3c092a0b28 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 19 Nov 2025 16:47:48 +0000
Subject: [PATCH 5/5] chore(deps): update actions/setup-go action to v5.5.0

---
 .github/workflows/quality-checks.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/quality-checks.yml b/.github/workflows/quality-checks.yml
index 5cddf2a2..30d1ab4c 100644
--- a/.github/workflows/quality-checks.yml
+++ b/.github/workflows/quality-checks.yml
@@ -14,7 +14,7 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up Go
-        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
+        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
         with:
           go-version: '1.22'
           cache-dependency-path: backend/go.sum