From 556f2fef29544da29efdd8d976e3144ebd0892cd Mon Sep 17 00:00:00 2001
From: "Mathias L. Baumann" <mathias.baumann@frequenz.com>
Date: Mon, 3 Nov 2025 11:34:57 +0100
Subject: [PATCH] Migrate to frequenz-floss dependabot-auto-approve action

Use commit hash instead of version tag for better security and
reproducibility.

Signed-off-by: Mathias L. Baumann <mathias.baumann@frequenz.com>
---
 .github/workflows/auto-dependabot.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/auto-dependabot.yaml b/.github/workflows/auto-dependabot.yaml
index b4cf289..e7cff98 100644
--- a/.github/workflows/auto-dependabot.yaml
+++ b/.github/workflows/auto-dependabot.yaml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Auto-merge Dependabot PR
-        uses: ad/dependabot-auto-approve@v1
+        uses: frequenz-floss/dependabot-auto-approve@3cad5f42e79296505473325ac6636be897c8b8a1 # v1.3.2
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           merge-method: 'merge'