fix: address CodeRabbit review — pin actions, narrow paths, add memory sanitizer

Author: canolgun

.github/workflows/cifuzz.yml

@@ -2,7 +2,8 @@ name: CIFuzz
 on:
   pull_request:
     paths:
-      - '**'
+      - '**.go'
+      - '.github/workflows/cifuzz.yml'
   push:
     branches: [main, master]
 permissions:
@@ -13,26 +14,26 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        sanitizer: [address]
+        sanitizer: [address, memory]
     steps:
     - name: Build Fuzzers (${{ matrix.sanitizer }})
       id: build
-      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@ba0e2e0 # v1.0.0
       with:
-        oss-fuzz-project-name: 'vault'
+        oss-fuzz-project-name: 'golang-jwt'
         language: go
         sanitizer: ${{ matrix.sanitizer }}
     - name: Run Fuzzers (${{ matrix.sanitizer }})
-      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@ba0e2e0 # v1.0.0
       with:
-        oss-fuzz-project-name: 'vault'
+        oss-fuzz-project-name: 'golang-jwt'
         language: go
         fuzz-seconds: 300
         sanitizer: ${{ matrix.sanitizer }}
         output-sarif: true
     - name: Upload Sarif
-      if: always() && steps.build.outcome == 'success'
-      uses: github/codeql-action/upload-sarif@v3
+      if: steps.build.outcome == 'success'
+      uses: github/codeql-action/upload-sarif@601d5b1 # v3.28.15
       with:
         sarif_file: cifuzz-sarif/results.sarif
         category: fuzz-${{ matrix.sanitizer }}