fix: pin GitHub Actions to SHA hashes

[koralkulacoglu]

🔒 Security: Pin GitHub Actions to SHA hashes

This PR pins GitHub Actions to their SHA hashes to improve security by preventing potential supply chain attacks through tag mutation.

Task: DX-1985

One-Pager: Automatic SHA Pinner One-Pager

📊 Summary

• 2 action references pinned to SHA hashes
• 2 workflow files updated

📝 Changes Made

.github/workflows/ci.yaml

• semantic-release-action/typescript/.github/workflows/ci.yml@v3 → semantic-release-action/typescript/.github/workflows/ci.yml@1d40c29e2d500f3bcceeb13f95d26a3a1b571f51

.github/workflows/release.yaml

• semantic-release-action/typescript/.github/workflows/release.yml@v3 → semantic-release-action/typescript/.github/workflows/release.yml@1d40c29e2d500f3bcceeb13f95d26a3a1b571f51

🔍 Why this change?

Pinning GitHub Actions to SHA hashes instead of tags provides:

1. Immutability: SHA hashes cannot be changed, preventing malicious updates to existing releases
2. Supply Chain Security: Protects against compromised action maintainer accounts
3. Compliance: Aligns with security best practices for CI/CD pipelines

🧪 Testing

• Verify all workflows still function correctly
• Check that no functionality is broken by the pinned versions

❓ Questions?

If you have any questions about this change, feel free to ask the dev-ex team in #notify-dev-ex.

📚 References

• GitHub Security Hardening Guide
• OSSF Security Best Practices

---

🤖 This PR was automatically generated by the SHA Pinner Audit tool.

[github-actions]

🎉 This PR is included in version 2.1.5 🎉

The release is available on:

• npm package (@latest dist-tag)
• GitHub release

Your semantic-release bot 📦🚀