feat(CI): 🔒 Pin lesser-known gh actions to commit shas to lower supply chain attack surface (#99)

Author: Paillat-dev

.github/workflows/pr-checks.yml

@@ -17,14 +17,14 @@ jobs:
     name: "Check PR Dependencies"
     steps:
       - name: PR Dependency Check
-        uses: gregsdennis/[email protected]
+        uses: gregsdennis/dependencies-action@ae6e0529ef70f1366a21972f40b1ad0e1b5e3218 # v1.4.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   semantic-title:
     name: "Check Semantic Title"
     runs-on: ubuntu-latest
     steps:
       - name: "Check Semantic Pull Request"
-        uses: amannn/[email protected]
+        uses: amannn/action-semantic-pull-request@fdd4d3ddf614fbcd8c29e4b106d3bbe0cb2c605d # v6.1.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/todo-checks.yml

@@ -23,7 +23,7 @@ jobs:
       - name: "Checkout Repository"
         uses: actions/checkout@v5
       - name: "Track TODO Action"
-        uses: ribtoks/[email protected]
+        uses: ribtoks/tdg-github-action@bb998752af7ac294aa9350895908ae7eac3f1c1d # v0.4.15-beta
         with:
           TOKEN: ${{ secrets.GITHUB_TOKEN }}
           REPO: ${{ github.repository }}