Pin workflow dependencies (#140)

Author: BernieWhite

.github/workflows/analyze.yaml

@@ -16,7 +16,9 @@ on:
     branches: [ main, 'release/*' ]
   schedule:
   - cron: '23 20 * * 0' # At 08:23 PM, on Sunday each week
-  workflow_dispatch:
+  workflow_dispatch: {}
+
+permissions: {}
 
 jobs:
   oss:
@@ -27,10 +29,10 @@ jobs:
     steps:
 
     - name: Checkout
-      uses: actions/checkout@v3
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     - name: Run PSRule analysis
-      uses: Microsoft/ps-rule@v2.9.0
+      uses: Microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0
       with:
         modules: PSRule.Rules.MSFT.OSS
 
@@ -44,14 +46,14 @@ jobs:
     steps:
 
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Run DevSkim scanner
-        uses: microsoft/DevSkim-Action@v1
+        uses: microsoft/DevSkim-Action@a6b6966a33b497cd3ae2ebc406edf8f4cc2feec6 # v1.0.15
         with:
           directory-to-scan: src/
 
       - name: Upload results to security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3.28.12
         with:
           sarif_file: devskim-results.sarif

.github/workflows/dependencies.yaml

@@ -12,6 +12,8 @@ on:
   schedule:
   - cron: '30 1 * * *' # At 1:30 AM, daily
 
+permissions: {}
+
 jobs:
   stale:
     runs-on: ubuntu-latest
@@ -20,7 +22,7 @@ jobs:
       pull-requests: write
     steps:
 
-    - uses: actions/stale@v8
+    - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
       with:
         stale-issue-message: >
           This issue has been automatically marked as stale because it has not had