From 9b734bac93e4105e4b6e5ebe63d92f8308f21493 Mon Sep 17 00:00:00 2001
From: Martin Hauser <mhauser@netboxlabs.com>
Date: Mon, 13 Apr 2026 11:07:37 +0200
Subject: [PATCH] chore(ci): Update GitHub Actions to use commit SHA pinning

Bump actions/create-github-app-token from v1 to v3.1.1 and
EndBug/add-and-commit from v9.1.4 to v10.0.0, both pinned to full commit
SHAs for improved supply chain security.

Fixes #21896
---
 .github/workflows/update-translation-strings.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/update-translation-strings.yml b/.github/workflows/update-translation-strings.yml
index f38b518fc..69cb2ab70 100644
--- a/.github/workflows/update-translation-strings.yml
+++ b/.github/workflows/update-translation-strings.yml
@@ -20,7 +20,7 @@ jobs:
 
     steps:
     - name: Create app token
-      uses: actions/create-github-app-token@v1
+      uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
       id: app-token
       with:
         app-id: 1076524
@@ -48,7 +48,7 @@ jobs:
       run: python netbox/manage.py makemessages -l ${{ env.LOCALE }}
 
     - name: Commit changes
-      uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
+      uses: EndBug/add-and-commit@290ea2c423ad77ca9c62ae0f5b224379612c0321 # v10.0.0
       with:
         add: 'netbox/translations/'
         default_author: github_actions