Given the recent attacks against the Github platform, including a Github Actions-based supply chain attack, we would like to implement the "Require actions to be pinned to a full-length commit SHA" security option. However, the github-action-cvmfs workflow uses actions/cache@v5, which causes workflows to fail when trying to use that option and this action. Can this be replaced with actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae?
Given the recent attacks against the Github platform, including a Github Actions-based supply chain attack, we would like to implement the "Require actions to be pinned to a full-length commit SHA" security option. However, the github-action-cvmfs workflow uses
actions/cache@v5, which causes workflows to fail when trying to use that option and this action. Can this be replaced withactions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae?