fix(ci): pin tj-actions/changed-files due to compromise (zmkfirmware#2874)

JJGadgets · web-flow · commit 4da89bd99716 · 2025-03-15T02:25:01.000-04:00
Ideally it's be swapped out for an alternative but for now this is to mitigate.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -430,7 +430,7 @@ jobs:
         uses: actions/checkout@v4
         with:
           persist-credentials: false
-      - uses: tj-actions/changed-files@v45
+      - uses: tj-actions/changed-files@9200e69727eb73eb060652b19946b8a2fdfb654b # pin to v45.0.8 due to https://github.com/tj-actions/changed-files/issues/2463 https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
         id: changed-files
         with:
           json: true
