Merge pull request #70 from stax-labs/chore_fixed_sha_codecov_action

chore(security): update the codecov action to a fixed sha

Author: Anton0

.github/workflows/build.yml

@@ -22,7 +22,10 @@ jobs:
       - name: Run tests
         run: make test
       - name: Upload coverage to Codecov 📝
-        uses: "codecov/codecov-action@v1"
+        # https://github.com/codecov/codecov-action codecov/1.4.0
+        # Pinned this to a git sha as per recommendations in GitHub actions hardening guide.
+        # see https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
+        uses: "codecov/codecov-action@0e28ff86a50029a44d10df6ed4c308711925a6a8" 
         with:
           fail_ci_if_error: true
           file: ./coverage-reports/coverage-report.xml