From 56c7ac5074fb3e147337bb00a546b27056052775 Mon Sep 17 00:00:00 2001
From: Avi Fenesh <aviarchi1994@gmail.com>
Date: Sat, 30 May 2026 12:43:39 +0300
Subject: [PATCH] ci(security): pin softprops/action-gh-release to commit SHA

Resolves CodeQL actions/unpinned-tag. Pins softprops/action-gh-release@v2
to commit SHA (3bb1273); version kept in trailing comment.
---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index beff7f1..8e3d8a5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -208,7 +208,7 @@ jobs:
             sha256sum ${{ matrix.asset }} > ${{ matrix.asset }}.sha256
             sha256sum computer-use-linux-cosmic-${{ matrix.target }} > computer-use-linux-cosmic-${{ matrix.target }}.sha256
           )
-      - uses: softprops/action-gh-release@v2
+      - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2
         with:
           files: |
             dist/${{ matrix.asset }}