From 28d55b8f167f75ad5889eb740dc819f912af93b8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Sep 2024 14:59:07 +0000
Subject: [PATCH] build(deps): bump the actions group with 2 updates (#1107)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: William Woodruff <william@trailofbits.com>
---
 .github/workflows/pin-requirements.yml | 2 +-
 .github/workflows/release.yml          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pin-requirements.yml b/.github/workflows/pin-requirements.yml
index 40c10476..d577a522 100644
--- a/.github/workflows/pin-requirements.yml
+++ b/.github/workflows/pin-requirements.yml
@@ -125,7 +125,7 @@ jobs:
           git push -f origin "origin/main:${SIGSTORE_PIN_REQUIREMENTS_BRANCH}"
 
       - name: Open pull request
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+        uses: peter-evans/create-pull-request@4320041ed380b20e97d388d56a7fb4f9b8c20e79 # v7.0.0
         with:
           title: |
             Update pinned requirements for ${{ env.SIGSTORE_RELEASE_TAG }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4e6f26c7..12368b97 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -122,7 +122,7 @@ jobs:
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
 
       - name: publish
-        uses: pypa/gh-action-pypi-publish@8a08d616893759ef8e1aa1f2785787c0b97e20d6 # v1.10.0
+        uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1
         with:
           packages-dir: built-packages/