fix(security): autofix 3rd party Github Actions should be pinned

aikido-autofix[bot] · triceo · commit f3e83432b4a1 · 2025-05-26T15:08:20.000+02:00
diff --git a/.github/workflows/pull_request_maven_long_running.yml b/.github/workflows/pull_request_maven_long_running.yml
@@ -95,7 +95,7 @@ jobs:
 
       # Build and test
       - name: "Setup GraalVM native image"
-        uses: graalvm/setup-graalvm@v1
+        uses: graalvm/setup-graalvm@01ed653ac833fe80569f1ef9f25585ba2811baab # v1
         with:
           java-version: ${{matrix.java-version}}
           distribution: 'graalvm-community'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -51,7 +51,7 @@ jobs:
           cache: 'maven'
 
       - name: Set up Maven
-        uses: stCarolas/setup-maven@v5
+        uses: stCarolas/setup-maven@d6af6abeda15e98926a57b5aa970a96bb37f97d1 # v5
         with:
           maven-version: 3.9.3
 
