The actions actions/checkout@v4 and github/codeql-action/init@v4 are not allowed in hyperpolymath/conflow because all actions must be pinned to a full-length commit SHA.