fix(deps): pin dependencies

renovate[bot] · web-flow · commit c5bdf903eaf9 · 2026-01-13T10:49:48.000Z
diff --git a/.github/workflows/add-issues-to-project.yaml b/.github/workflows/add-issues-to-project.yaml
@@ -14,7 +14,7 @@ jobs:
     name: Add issue to project
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/add-to-project@v1.0.2
+      - uses: actions/add-to-project@244f685bbc3b7adfa8466e08b698b5577571133e # v1.0.2
         with:
           project-url: https://github.com/orgs/famedly/projects/50
           github-token: ${{ secrets.ADD_ISSUE_TO_PROJECT_PAT }}
diff --git a/.github/workflows/rust-workflow.yml b/.github/workflows/rust-workflow.yml
@@ -26,11 +26,11 @@ jobs:
   compliance:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
       - name: REUSE Compliance Check
-        uses: fsfe/reuse-action@v5
+        uses: fsfe/reuse-action@676e2d560c9a403aa252096d99fcab3e1132b0f5 # v6
       - name: Dependency license check
-        uses: EmbarkStudios/cargo-deny-action@v2
+        uses: EmbarkStudios/cargo-deny-action@3fd3802e88374d3fe9159b834c7714ec57d6c979 # v2
         with:
           command: check bans licenses sources
 
diff --git a/Cargo.toml b/Cargo.toml
@@ -27,7 +27,7 @@ paste = { version = "1.0.0", optional = true }
 reqwest = { version = "0.13.0", optional = true }
 schemars = { version = "1.2.0", optional = true }
 serde = { version = "1.0.194", features = ["derive"], optional = true }
-thiserror = { version = "1.0.0", optional = true }
+thiserror = { version = "2.0.0", optional = true }
 time = { version = "0.3.0", optional = true }
 tracing = { version = "0.1.0", optional = true }
 url = { version = "2.5.0", features = ["serde"], optional = true }
