Hello,
I have been recently in some security training and one of the takeaway for me was to pin my actions to specific shas.
I did so and i blocked my github account from running not pinned actions, a security setting available from the github interface.

Now it looks like that if my action depends from other actions that are unpinned it won' run.
I perfectly understand action pinning is early days and everything is manual and adds burden to maintainance.

Would you consider pinning the versions of your sub actions to the correct shas?
Or is something that absolutely you can't or won't do?

Thanks for your attention, have a nice day.