Using gha-update

Update GitHub Actions pins with gha-update.

This is a nice little tool called gha-update, created by David Lord. In a nutshell, it updates the pinned versions of GitHub Actions in your repository. It's very convenient if you find Dependabot's PRs too noisy or want updates to happen when you decide.

Using it with uv is as simple as:

uvx gha-update

By default, it will use the commit hash of the highest when updating the pinned versions:

- - uses: pypa/gh-action-pypi-publish@f7600683efdcb7656dec5b29656edb7bc586e597 # v1.10.3
+ - uses: pypa/gh-action-pypi-publish@fb13cb306901256ace3dab689990e13a5550ffaa # v1.11.0