Checklist

• I am using the latest version of this action.
• I have read the latest README and followed the instructions.
• I have read the latest GitHub Actions official documentation and learned the basic spec and concepts.

Describe your question

Why is execution from the main branch latest hashref disabled/broken when this is the GitHub Actions Security Best Practice to pin 3rd party github actions to an immutable hashref?

I've already seen issues #84 and #98 but there wasn't any reason given in those tickets other than using v2 / v3 tags, but this contradicts GitHub's own security recommendations to not use tags for 3rd parties, see this doc section:

https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

Is it intentional to break execution from main branch hashref or is this a mistake, and if intentional, why?

Update: I had assumed that the latest main hashref would contain the fixes in v3, but for now I'll try using peaceiris/actions-gh-pages@068dc23d9710f1ba62e86896f84735d869951305 which is the v3 tag's current hashref for immutability.

Relevant links

https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

Relevant log output

No response

Additional context.

No response