Pin zizmor version

glehmann · glehmann · commit 22ea83b0ae35 · 2026-03-10T10:34:57.000+01:00
now that it will be updated with dependabot.

This way we can fix the new warnings or error in the PR, and won't
get failed PR without related changes.

Signed-off-by: Gaëtan Lehmann &lt;gaetan.lehmann@vates.tech&gt;
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
@@ -15,9 +15,7 @@ jobs:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8  # 6.0.1
         with:
           persist-credentials: false
-      - uses: ./.github/actions/uv-setup/
-        with:
-          sync: false
-      - run: uvx zizmor --color=always .
+      - uses: ./.github/actions/uv-setup
+      - run: zizmor --color=always .
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
diff --git a/pyproject.toml b/pyproject.toml
@@ -29,6 +29,7 @@ dev = [
     "types-requests",
     "typing-extensions",
     "libarchive-c==5.3",
+    "zizmor",
 ]
 
 [tool.pyright]
diff --git a/requirements/dev.txt b/requirements/dev.txt
@@ -10,4 +10,5 @@ ruff
 types-requests
 typing-extensions
 libarchive-c==5.3
+zizmor
 -r base.txt
diff --git a/uv.lock b/uv.lock

Original file line number	Diff line number	Diff line change
`@@ -29,6 +29,7 @@ dev = [`
`29`	`29`	`"types-requests",`
`30`	`30`	`"typing-extensions",`
`31`	`31`	`"libarchive-c==5.3",`
	`32`	`+ "zizmor",`
`32`	`33`	`]`
`33`	`34`
`34`	`35`	`[tool.pyright]`