From cf2a4829982f37f458e57bea5950ca0c4d776a36 Mon Sep 17 00:00:00 2001
From: "mergeraptor[bot]" <267480593+mergeraptor[bot]@users.noreply.github.com>
Date: Mon, 13 Apr 2026 06:48:58 +0000
Subject: [PATCH] chore(deps): pin calibreapp/image-actions action to 4f7260f

---
 .github/workflows/images.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml
index 416bfc03..cfac3cc7 100644
--- a/.github/workflows/images.yml
+++ b/.github/workflows/images.yml
@@ -20,7 +20,7 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
 
       - name: Compress Images
-        uses: calibreapp/image-actions@main
+        uses: calibreapp/image-actions@4f7260f5dbd809ec86d03721c1ad71b8a841d3e0 # main
         with:
           # The `GITHUB_TOKEN` is automatically generated by GitHub and scoped only to the repository that is currently running the action. By default, the action can’t update Pull Requests initiated from forked repositories.
           # See https://docs.github.com/en/actions/reference/authentication-in-a-workflow and https://help.github.com/en/articles/virtual-environments-for-github-actions#token-permissions