fix: pin GitHub Actions to SHA hashes

[koralkulacoglu]

🔒 Security: Pin GitHub Actions to SHA hashes

This PR pins GitHub Actions to their SHA hashes to improve security by preventing potential supply chain attacks through tag mutation.

Task: DX-1985

One-Pager: Automatic SHA Pinner One-Pager

📊 Summary

• 1 action references pinned to SHA hashes
• 1 workflow files updated

📝 Changes Made

.github/workflows/release.yml

• semantic-release-action/github-actions/semantic-release@v5 → semantic-release-action/github-actions/semantic-release@6c14113c1273619fccad11d7638b2c9e985e9085

🔍 Why this change?

Pinning GitHub Actions to SHA hashes instead of tags provides:

1. Immutability: SHA hashes cannot be changed, preventing malicious updates to existing releases
2. Supply Chain Security: Protects against compromised action maintainer accounts
3. Compliance: Aligns with security best practices for CI/CD pipelines

🧪 Testing

• Verify all workflows still function correctly
• Check that no functionality is broken by the pinned versions

❓ Questions?

If you have any questions about this change, feel free to ask the dev-ex team in #notify-dev-ex.

📚 References

• GitHub Security Hardening Guide
• OSSF Security Best Practices

---

🤖 This PR was automatically generated by the SHA Pinner Audit tool.