From 597399541c87246aad48b26d347c1770436baf3d Mon Sep 17 00:00:00 2001
From: Kyosuke Fujimoto <kyoro.f@gmail.com>
Date: Sun, 3 May 2026 09:42:22 +0900
Subject: [PATCH 1/5] Update workflow action versions

---
 .github/workflows/build.yml    | 10 +++++-----
 .github/workflows/deny.yml     |  6 ++----
 .github/workflows/gh-pages.yml |  9 ++++-----
 .github/workflows/release.yml  | 10 +++++-----
 4 files changed, 16 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ca624ba..067df58 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -17,7 +17,7 @@ jobs:
     outputs:
       msrv: ${{ steps.get-msrv.outputs.msrv }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6.0.2
       - name: Get MSRV
         id: get-msrv
         run: |
@@ -32,12 +32,12 @@ jobs:
           - ${{ needs.prepare.outputs.msrv }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6.0.2
       - uses: dtolnay/rust-toolchain@master
         with:
           toolchain: ${{ matrix.versions }}
           components: rustfmt, clippy
-      - uses: Swatinem/rust-cache@v2
+      - uses: Swatinem/rust-cache@v2.9.1
       - name: Version
         run: |
           rustc --version
@@ -71,11 +71,11 @@ jobs:
     runs-on: ${{ matrix.targets.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6.0.2
       - name: Setup
         run: rustup target add ${{ matrix.targets.target }}
       - name: Build
-        uses: houseabsolute/actions-rust-cross@v1.0.0
+        uses: houseabsolute/actions-rust-cross@v1.0.6
         with:
           command: build
           target: ${{ matrix.targets.target }}
diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml
index cb5f6cb..c70828f 100644
--- a/.github/workflows/deny.yml
+++ b/.github/workflows/deny.yml
@@ -23,9 +23,7 @@ jobs:
   cargo-deny:
     runs-on: ubuntu-latest
     steps:
-      # https://github.com/actions/checkout/releases/tag/v6.0.1
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
-      # https://github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.14
-      - uses: EmbarkStudios/cargo-deny-action@76cd80eb775d7bbbd2d80292136d74d39e1b4918
+      - uses: actions/checkout@v6.0.2
+      - uses: EmbarkStudios/cargo-deny-action@v2.0.17
         with:
           command: check licenses
diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml
index 6e8c719..fbcfa2c 100644
--- a/.github/workflows/gh-pages.yml
+++ b/.github/workflows/gh-pages.yml
@@ -22,9 +22,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6.0.2
       - name: Setup Pages
-        uses: actions/configure-pages@v4
+        uses: actions/configure-pages@v6.0.0
       - name: Install mdbook
         working-directory: docs
         run: |
@@ -34,7 +34,7 @@ jobs:
         run: |
           ./mdbook build
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-pages-artifact@v5.0.0
         with:
           path: docs/book
 
@@ -47,5 +47,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v4
-
+        uses: actions/deploy-pages@v5.0.0
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 929abcc..a3dbe07 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,11 +28,11 @@ jobs:
     runs-on: ${{ matrix.targets.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6.0.2
       - name: Setup
         run: rustup target add ${{ matrix.targets.target }}
       - name: Build
-        uses: houseabsolute/actions-rust-cross@v1.0.0
+        uses: houseabsolute/actions-rust-cross@v1.0.6
         with:
           command: build
           target: ${{ matrix.targets.target }}
@@ -44,7 +44,7 @@ jobs:
       - name: Checksum
         run: shasum -a 256 serie-${{ env.RELEASE_VERSION }}-${{ matrix.targets.target }}.tar.gz
       - name: Upload artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7.0.1
         with:
           name: release-${{ matrix.targets.target }}
           path: serie-${{ env.RELEASE_VERSION }}-${{ matrix.targets.target }}.tar.gz
@@ -56,7 +56,7 @@ jobs:
     needs: build
     steps:
       - name: Download artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v8.0.1
         with:
           path: releases
           pattern: release-*
@@ -64,7 +64,7 @@ jobs:
       - name: Checksum
         run: sha256sum releases/* > ./releases/checksum.txt
       - name: Create Draft Release
-        uses: softprops/action-gh-release@v2.0.4
+        uses: softprops/action-gh-release@v3.0.0
         with:
           draft: true
           generate_release_notes: true

From 7b351bbad0a5c5fddcd5d55632fd1e9b3617f97e Mon Sep 17 00:00:00 2001
From: Kyosuke Fujimoto <kyoro.f@gmail.com>
Date: Sun, 3 May 2026 09:42:54 +0900
Subject: [PATCH 2/5] Pin workflow actions to commit SHAs

---
 .github/workflows/build.yml    | 12 ++++++------
 .github/workflows/deny.yml     |  4 ++--
 .github/workflows/gh-pages.yml |  8 ++++----
 .github/workflows/release.yml  | 10 +++++-----
 4 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 067df58..357f836 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -17,7 +17,7 @@ jobs:
     outputs:
       msrv: ${{ steps.get-msrv.outputs.msrv }}
     steps:
-      - uses: actions/checkout@v6.0.2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Get MSRV
         id: get-msrv
         run: |
@@ -32,12 +32,12 @@ jobs:
           - ${{ needs.prepare.outputs.msrv }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6.0.2
-      - uses: dtolnay/rust-toolchain@master
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # latest commit as of 2026-03-28
         with:
           toolchain: ${{ matrix.versions }}
           components: rustfmt, clippy
-      - uses: Swatinem/rust-cache@v2.9.1
+      - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
       - name: Version
         run: |
           rustc --version
@@ -71,11 +71,11 @@ jobs:
     runs-on: ${{ matrix.targets.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Setup
         run: rustup target add ${{ matrix.targets.target }}
       - name: Build
-        uses: houseabsolute/actions-rust-cross@v1.0.6
+        uses: houseabsolute/actions-rust-cross@a8cc74d61047fa553b4e908b4b10e70029f00ca6 # v1.0.6
         with:
           command: build
           target: ${{ matrix.targets.target }}
diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml
index c70828f..b3f92ce 100644
--- a/.github/workflows/deny.yml
+++ b/.github/workflows/deny.yml
@@ -23,7 +23,7 @@ jobs:
   cargo-deny:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6.0.2
-      - uses: EmbarkStudios/cargo-deny-action@v2.0.17
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb # v2.0.17
         with:
           command: check licenses
diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml
index fbcfa2c..e6b5138 100644
--- a/.github/workflows/gh-pages.yml
+++ b/.github/workflows/gh-pages.yml
@@ -22,9 +22,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Setup Pages
-        uses: actions/configure-pages@v6.0.0
+        uses: actions/configure-pages@45bfe0192ca1faeb007ade9deae92b16b8254a0d # v6.0.0
       - name: Install mdbook
         working-directory: docs
         run: |
@@ -34,7 +34,7 @@ jobs:
         run: |
           ./mdbook build
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v5.0.0
+        uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0
         with:
           path: docs/book
 
@@ -47,4 +47,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v5.0.0
+        uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a3dbe07..d19269a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,11 +28,11 @@ jobs:
     runs-on: ${{ matrix.targets.os }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Setup
         run: rustup target add ${{ matrix.targets.target }}
       - name: Build
-        uses: houseabsolute/actions-rust-cross@v1.0.6
+        uses: houseabsolute/actions-rust-cross@a8cc74d61047fa553b4e908b4b10e70029f00ca6 # v1.0.6
         with:
           command: build
           target: ${{ matrix.targets.target }}
@@ -44,7 +44,7 @@ jobs:
       - name: Checksum
         run: shasum -a 256 serie-${{ env.RELEASE_VERSION }}-${{ matrix.targets.target }}.tar.gz
       - name: Upload artifact
-        uses: actions/upload-artifact@v7.0.1
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: release-${{ matrix.targets.target }}
           path: serie-${{ env.RELEASE_VERSION }}-${{ matrix.targets.target }}.tar.gz
@@ -56,7 +56,7 @@ jobs:
     needs: build
     steps:
       - name: Download artifact
-        uses: actions/download-artifact@v8.0.1
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           path: releases
           pattern: release-*
@@ -64,7 +64,7 @@ jobs:
       - name: Checksum
         run: sha256sum releases/* > ./releases/checksum.txt
       - name: Create Draft Release
-        uses: softprops/action-gh-release@v3.0.0
+        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
         with:
           draft: true
           generate_release_notes: true

From 30ddf705432e43760951595a9a61706f7791bfc6 Mon Sep 17 00:00:00 2001
From: Kyosuke Fujimoto <kyoro.f@gmail.com>
Date: Sun, 3 May 2026 09:43:16 +0900
Subject: [PATCH 3/5] Add workflow step names

---
 .github/workflows/build.yml | 12 ++++++++----
 .github/workflows/deny.yml  |  6 ++++--
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 357f836..329775a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -17,7 +17,8 @@ jobs:
     outputs:
       msrv: ${{ steps.get-msrv.outputs.msrv }}
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Get MSRV
         id: get-msrv
         run: |
@@ -32,12 +33,15 @@ jobs:
           - ${{ needs.prepare.outputs.msrv }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # latest commit as of 2026-03-28
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9 # latest commit as of 2026-03-28
         with:
           toolchain: ${{ matrix.versions }}
           components: rustfmt, clippy
-      - uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
+      - name: Cache
+        uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2.9.1
       - name: Version
         run: |
           rustc --version
diff --git a/.github/workflows/deny.yml b/.github/workflows/deny.yml
index b3f92ce..9a71eae 100644
--- a/.github/workflows/deny.yml
+++ b/.github/workflows/deny.yml
@@ -23,7 +23,9 @@ jobs:
   cargo-deny:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb # v2.0.17
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Check licenses
+        uses: EmbarkStudios/cargo-deny-action@91bf2b620e09e18d6eb78b92e7861937469acedb # v2.0.17
         with:
           command: check licenses

From 24ffc0674dbcf18798809b48718f13106110284c Mon Sep 17 00:00:00 2001
From: Kyosuke Fujimoto <kyoro.f@gmail.com>
Date: Sun, 3 May 2026 09:43:32 +0900
Subject: [PATCH 4/5] Add pinact workflow

---
 .github/workflows/pinact.yml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 .github/workflows/pinact.yml

diff --git a/.github/workflows/pinact.yml b/.github/workflows/pinact.yml
new file mode 100644
index 0000000..f3fcb04
--- /dev/null
+++ b/.github/workflows/pinact.yml
@@ -0,0 +1,26 @@
+name: Pinact
+
+on:
+  push:
+    branches:
+      - '*'
+    paths:
+      - .github/**
+  pull_request:
+    branches:
+      - master
+    paths:
+      - .github/**
+
+jobs:
+  pinact:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    steps:
+      - name: Checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Pinact
+        uses: suzuki-shunsuke/pinact-action@cf51507d80d4d6522a07348e3d58790290eaf0b6 # v2.0.0
+        with:
+          skip_push: "true"
+          verify: "true"

From bea601b435a15bfaa8f0ccfe872182ceb21ecd3f Mon Sep 17 00:00:00 2001
From: Kyosuke Fujimoto <kyoro.f@gmail.com>
Date: Sun, 3 May 2026 09:43:48 +0900
Subject: [PATCH 5/5] Remove checksum steps from release workflow

---
 .github/workflows/release.yml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d19269a..c33f7c4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -41,8 +41,6 @@ jobs:
         run: echo "RELEASE_VERSION=${GITHUB_REF_NAME#v}" >> ${GITHUB_ENV}
       - name: Archive
         run: tar -czf serie-${{ env.RELEASE_VERSION }}-${{ matrix.targets.target }}.tar.gz -C target/${{ matrix.targets.target }}/release serie
-      - name: Checksum
-        run: shasum -a 256 serie-${{ env.RELEASE_VERSION }}-${{ matrix.targets.target }}.tar.gz
       - name: Upload artifact
         uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
@@ -61,8 +59,6 @@ jobs:
           path: releases
           pattern: release-*
           merge-multiple: true
-      - name: Checksum
-        run: sha256sum releases/* > ./releases/checksum.txt
       - name: Create Draft Release
         uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0
         with: