pin release-drafter to SHA and align setup action versions

[JeremyDev87]

Summary

• Pin release-drafter/release-drafter from mutable tag @v6 to commit SHA @6db134d to mitigate supply chain attack risk
• Upgrade actions/setup-node from v6.0.0 to v6.2.0 in composite setup action to match individual workflows
• Upgrade actions/cache from v5.0.0 to v5.0.3 in composite setup action to match individual workflows

Changes

Action	Before	After
release-drafter/release-drafter	@v6 (mutable tag)	@6db134d (SHA pinned)
actions/setup-node	@2028fbc5 (v6.0.0)	@6044e13b (v6.2.0)
actions/cache	@a783357 (v5.0.0)	@cdf6c1fa (v5.0.3)

Affected Files

• .github/workflows/release-drafter.yml (line 16)
• .github/actions/setup/action.yml (lines 14, 19)

Verification

• SHA for release-drafter v6 tag confirmed via GitHub API
• All actions/setup-node references now consistently use v6.2.0 across repo
• All actions/cache references now consistently use v5.0.3 across repo
• Zero mutable tag (@vN) references remaining in .github/ directory

Test Plan

• CI workflows run successfully on this PR
• Release drafter creates draft release on merge to master

Closes #408

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
codingbuddy-landing	Ready	Preview, Comment	Feb 16, 2026 11:16am