ci: apply security best practices

[stepsecurity-int]

Summary

This pull request has been generated by StepSecurity as part of your enterprise subscription to ensure compliance with recommended security best practices. Please review and merge the pull request to apply these security enhancements.

Security Fixes

Pinned Dependencies

Pinning GitHub Actions to specific versions or commit SHAs ensures that your workflows remain consistent and secure.
Unpinned actions can lead to unexpected changes or vulnerabilities caused by upstream updates.

• GitHub Security Guide
• The Open Source Security Foundation (OpenSSF) Security Guide

Feedback

email here

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 62.87%. Comparing base (1be8ea8) to head (371b9ef).
Report is 14 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #460      +/-   ##
==========================================
+ Coverage   62.78%   62.87%   +0.08%     
==========================================
  Files          17       18       +1     
  Lines        1932     1942      +10     
==========================================
+ Hits         1213     1221       +8     
+ Misses        593      591       -2     
- Partials      126      130       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.