From 4a4f3064e55d702f5397fadeeb00787c0c56ba60 Mon Sep 17 00:00:00 2001
From: Daniel-Aaron-Bloom
 <76709210+Daniel-Aaron-Bloom@users.noreply.github.com>
Date: Thu, 26 Mar 2026 21:37:06 -0500
Subject: [PATCH] fix: pin Docker image by digest to prevent supply chain
 attacks

---
 action.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/action.yml b/action.yml
index 53835c6..027a259 100644
--- a/action.yml
+++ b/action.yml
@@ -35,7 +35,7 @@ outputs:
     description: The error and warning messages for each one of the analyzed commits
 runs:
   using: docker
-  image: docker://wagoid/commitlint-github-action:6.2.1
+  image: docker://wagoid/commitlint-github-action@sha256:86a04e0a99128551a7555c269d2b675c3c85f61358cf7dd558f6b873b66f561a
 branding:
   icon: check-square
   color: blue