Update .github/workflows/release-please.yml

Co-authored-by: semgrep-code-launchdarkly[bot] <167133144+semgrep-code-launchdarkly[bot]@users.noreply.github.com>

Author: edwinokonkwo

.github/workflows/release-please.yml

@@ -124,7 +124,11 @@ jobs:
           ssm_parameter_pairs: '/production/common/releasing/pypi/token = PYPI_AUTH_TOKEN'
 
       - name: Publish to PyPI
-        uses: pypa/gh-action-pypi-publish@release/v1
+        # Pin the action to a full 40-character commit SHA for security.
+        # Release v1 commit SHA as of 2024-06-14:
+        # https://github.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.13
+        # Commit SHA: 19af04270e8d898ea07a523bb392fa7fe98df87c
+        uses: pypa/gh-action-pypi-publish@19af04270e8d898ea07a523bb392fa7fe98df87c
         with:
           password: ${{ env.PYPI_AUTH_TOKEN }}
           packages-dir: packages/ai-providers/server-ai-langchain/dist/