Complete Guide to GitHub Actions 2026 Security Roadmap — Dependency Locking, Native Egress Firewall, and Scoped Secrets

In March 2025, the **tj-actions/changed-files** supply chain attack compromised **over 23,000 repositories**. Attackers stole a PAT from reviewdog/act