fix(.github): address Copilot review comments on PR #22

- link-lang-check: remove unused SoftFail param splatting
- link-lang-check: correct env var LINK_LANG_CHECK_FAILED to LINK_LANG_FAILED
- pr-validation: add pull-requests: write for dependency-review job
- dependency-review: remove duplicate pull_request trigger, add harden-runner
- package.json: use exact versions (remove ^ prefix)
- codeql-analysis: clarify time format to 04:00 UTC

🔧 - Generated by Copilot

Author: WilliamBerryiii

.github/workflows/codeql-analysis.yml

@@ -2,7 +2,7 @@ name: CodeQL Security Analysis
 
 on:
   schedule:
-    # Weekly scan: Sundays at 4 AM UTC
+    # Weekly scan: Sundays at 04:00 UTC
     - cron: '0 4 * * 0'
   workflow_call:
 

.github/workflows/dependency-review.yml

@@ -1,8 +1,6 @@
 name: Dependency Review
 
 on:
-  pull_request:
-    branches: [main, develop]
   workflow_call:
 
 permissions:
@@ -18,6 +16,11 @@ jobs:
       pull-requests: write
 
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.10.2
+        with:
+          egress-policy: audit
+
       - name: Checkout code
         uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v4.2.2
         with:

.github/workflows/link-lang-check.yml

@@ -37,13 +37,7 @@ jobs:
       - name: Run Link Language Check
         shell: pwsh
         run: |
-          $params = @{}
-
-          if ('${{ inputs.soft-fail }}' -eq 'true') {
-            $params['SoftFail'] = $true
-          }
-
-          & scripts/linting/Invoke-LinkLanguageCheck.ps1 @params
+          & scripts/linting/Invoke-LinkLanguageCheck.ps1
         continue-on-error: ${{ inputs.soft-fail }}
 
       - name: Upload link language check results
@@ -58,7 +52,7 @@ jobs:
         if: ${{ !inputs.soft-fail }}
         shell: pwsh
         run: |
-          if ($env:LINK_LANG_CHECK_FAILED -eq 'true') {
+          if ($env:LINK_LANG_FAILED -eq 'true') {
             Write-Host "Link language check failed and soft-fail is false. Failing the job."
             exit 1
           }

.github/workflows/pr-validation.yml

@@ -11,7 +11,7 @@ on:
 
 permissions:
   contents: read
-  pull-requests: read
+  pull-requests: write
 
 jobs:
   # Spell checking using cspell
@@ -64,3 +64,4 @@ jobs:
     uses: ./.github/workflows/dependency-review.yml
     permissions:
       contents: read
+      pull-requests: write

package.json

@@ -16,8 +16,8 @@
   "devDependencies": {
     "cspell": "9.4.0",
     "markdown-link-check": "3.14.2",
-    "markdown-table-formatter": "^1.6.0",
-    "markdownlint-cli2": "^0.19.1"
+    "markdown-table-formatter": "1.6.0",
+    "markdownlint-cli2": "0.19.1"
   },
   "repository": {
     "type": "git",