From 1c0db04481cd0f0c31cb4cfe7d1f3ea73a5302fa Mon Sep 17 00:00:00 2001
From: "Mathias L. Baumann" <mathias.baumann@frequenz.com>
Date: Mon, 3 Nov 2025 11:34:59 +0100
Subject: [PATCH] Migrate to frequenz-floss dependabot-auto-approve action

Use commit hash instead of version tag for better security and
reproducibility.

Signed-off-by: Mathias L. Baumann <mathias.baumann@frequenz.com>
---
 .github/workflows/auto-dependabot.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/auto-dependabot.yaml b/.github/workflows/auto-dependabot.yaml
index 064428e..244bd66 100644
--- a/.github/workflows/auto-dependabot.yaml
+++ b/.github/workflows/auto-dependabot.yaml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.actor == 'dependabot[bot]'
     steps:
-      - uses: ad/dependabot-auto-approve@v1
+      - uses: frequenz-floss/dependabot-auto-approve@005e52004f5d5c6af2f81b89ec25e5cf6f3dfd77 # v1.3.0
         with:
           dependency-type: 'all'
           auto-merge: 'true'