From 6701b07ae37f486f1746abd203a2cebd0bafc547 Mon Sep 17 00:00:00 2001
From: Salman Muin Kayser Chishti <13schishti@gmail.com>
Date: Sat, 13 Dec 2025 11:46:42 +0000
Subject: [PATCH 1/2] Upgrade GitHub Actions to latest versions

---
 .github/workflows/publish-to-pypi.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml
index fcb185dd9..085ce3b40 100644
--- a/.github/workflows/publish-to-pypi.yml
+++ b/.github/workflows/publish-to-pypi.yml
@@ -51,4 +51,4 @@ jobs:
         name: python-package-distributions
         path: dist/
     - name: Publish distribution 📦 to PyPI
-      uses: pypa/gh-action-pypi-publish@release/v1
+      uses: pypa/gh-action-pypi-publish@v1

From fbab71d4eb9451c69df85f58ba874f432231e0af Mon Sep 17 00:00:00 2001
From: Salman Muin Kayser Chishti <13schishti@gmail.com>
Date: Wed, 17 Dec 2025 11:14:15 +0000
Subject: [PATCH 2/2] Fix pypa/gh-action-pypi-publish to use SHA pinning

Pin to release/v1.13 for security best practices.
The v1 tag doesn't exist - only release/v1 branch exists.

Signed-off-by: Salman Muin Kayser Chishti <13schishti@gmail.com>
---
 .github/workflows/publish-to-pypi.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/publish-to-pypi.yml b/.github/workflows/publish-to-pypi.yml
index 085ce3b40..7374e4fb7 100644
--- a/.github/workflows/publish-to-pypi.yml
+++ b/.github/workflows/publish-to-pypi.yml
@@ -51,4 +51,4 @@ jobs:
         name: python-package-distributions
         path: dist/
     - name: Publish distribution 📦 to PyPI
-      uses: pypa/gh-action-pypi-publish@v1
+      uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e  # release/v1.13