From 6760370cc7c267a6b198f74c77be2fe2efc6ac67 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Thu, 28 May 2026 12:37:17 +0000
Subject: [PATCH] chore(deps): pin dependencies

---
 .github/workflows/codeql-analysis.yml |  4 ++--
 .github/workflows/docker-publish.yml  | 12 ++++++------
 .github/workflows/gradle.yml          |  4 ++--
 docker/Dockerfile-build-in-image      |  4 ++--
 docker/Dockerfile-reuse-local-build   |  2 +-
 5 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index a347eafe..47dc5286 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -45,12 +45,12 @@ jobs:
     #  uses: github/codeql-action/autobuild@v2
 
     - name: Set up openJDK version
-      uses: actions/setup-java@v5
+      uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
       with:
         java-version: 21
         distribution: 'zulu'  # =openJDK
     - name: Setup gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
     - name: build without tests
       run: ./gradlew -Dprofile=verbose clean build -x test
 
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 63573b1e..356c056b 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -43,13 +43,13 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Set up openJDK version
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
         with:
           java-version: ${{ env.jdk }}
           distribution: ${{ env.distro }}
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v4
+        uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
 
       - name: Build and Test with Gradle
         run: ./gradlew -Dprofile=verbose build
@@ -77,7 +77,7 @@ jobs:
 
       # Add support for more platforms with QEMU
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
@@ -135,13 +135,13 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Set up openJDK version
-        uses: actions/setup-java@v5
+        uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
         with:
           java-version: ${{ env.jdk }}
           distribution: ${{ env.distro }}
 
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@v4
+        uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
 
       - name: Build and Test with Gradle
         run: ./gradlew -Dprofile=verbose build
@@ -169,7 +169,7 @@ jobs:
 
       # Add support for more platforms with QEMU
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
index 5a68113d..c2ae32df 100644
--- a/.github/workflows/gradle.yml
+++ b/.github/workflows/gradle.yml
@@ -31,12 +31,12 @@ jobs:
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
     - name: Set up openJDK version
-      uses: actions/setup-java@v5
+      uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5
       with:
         java-version: ${{ matrix.jdk }}
         distribution: 'zulu'  # =openJDK
     - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@v4
+      uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4
     - name: Build and Test with Gradle
       run: ./gradlew -Dprofile=verbose build
     - name: Do one Coveralls test report
diff --git a/docker/Dockerfile-build-in-image b/docker/Dockerfile-build-in-image
index 83f330c4..40273937 100644
--- a/docker/Dockerfile-build-in-image
+++ b/docker/Dockerfile-build-in-image
@@ -1,4 +1,4 @@
-FROM eclipse-temurin:21 AS build-typid
+FROM eclipse-temurin:21@sha256:b9142586f9712700c6c9e07adcedfb18608b1a3a056e4001423a3354adfa9d80 AS build-typid
 LABEL maintainer="webmaster@datamanager.kit.edu"
 LABEL stage=build
 RUN mkdir -p /app/
@@ -9,7 +9,7 @@ RUN ./gradlew build -x test --stacktrace && \
 
 
 # Create a clean, minimal image
-FROM eclipse-temurin:21 AS typed-pid-maker
+FROM eclipse-temurin:21@sha256:b9142586f9712700c6c9e07adcedfb18608b1a3a056e4001423a3354adfa9d80 AS typed-pid-maker
 LABEL maintainer="webmaster@datamanager.kit.edu"
 LABEL stage=run
 
diff --git a/docker/Dockerfile-reuse-local-build b/docker/Dockerfile-reuse-local-build
index f64446b2..289d52ae 100644
--- a/docker/Dockerfile-reuse-local-build
+++ b/docker/Dockerfile-reuse-local-build
@@ -1,5 +1,5 @@
 # Create a clean, minimal image
-FROM eclipse-temurin:21 AS typed-pid-maker
+FROM eclipse-temurin:21@sha256:b9142586f9712700c6c9e07adcedfb18608b1a3a056e4001423a3354adfa9d80 AS typed-pid-maker
 LABEL maintainer="webmaster@datamanager.kit.edu"
 LABEL stage=run