Sure, or we come up with a proper solution via lockfiles so we don't have keep forking and maintaining, and make full dependency locks the default so everyone benefits.
This is a long solved problem in every other ecosystem. This particular implementation isn't great but it has the right idea.
Don't use such actions. Or fork them and commit add the lockfile yourself, if you're cool with the implied maintenance.
Sure, or we come up with a proper solution via lockfiles so we don't have keep forking and maintaining, and make full dependency locks the default so everyone benefits.
This is a long solved problem in every other ecosystem. This particular implementation isn't great but it has the right idea.
> Or fork them and commit add the lockfile yourself
Depending on the action you use, this is no small task. You might as well just switch to something else altogether.