From 2f3b7e5e5f4d250edb4c5f49177dcac6f118b20f Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Wed, 15 Apr 2026 18:36:16 +0000
Subject: [PATCH] chore(deps): pin dependencies

---
 .github/workflows/main.yml | 2 +-
 Dockerfile                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 9aa11c1..377dcbd 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -150,7 +150,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
 
       - name: Run Trivy Vulnerability Scanner 🏰
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@1994662b5555670344cd84d29ed3cad4bd26f31c # master
         with:
           image-ref: ghcr.io/${{ github.repository_owner }}/${{ env.APP_NAME }}:${{ github.sha }}
           format: 'sarif'
diff --git a/Dockerfile b/Dockerfile
index 767a8a7..42d56df 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM ghcr.io/selkies-project/nvidia-glx-desktop:24.04-20251107145840
+FROM ghcr.io/selkies-project/nvidia-glx-desktop:24.04-20251107145840@sha256:24d88fe6c41847223f1c3c0cf97f3161135d7953a3a82e72b2fddf6c2ade1c9f
 
 ARG DEBIAN_FRONTEND=noninteractive