fix(ci): Possible security issues (#2180)

Author: gabrielmfern

.github/workflows/lint.yml

@@ -4,6 +4,9 @@ on:
     branches:
       - main
   pull_request:
+permissions: 
+  contents: read
+  pull-requests: read
 jobs:
   lint:
     runs-on: buildjet-4vcpu-ubuntu-2204
@@ -13,7 +16,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
       - name: pnpm setup
-        uses: pnpm/action-setup@v4
+        uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda
       - name: pnpm Cache
         uses: buildjet/cache@v4
         with:

.github/workflows/tests.yml

@@ -4,6 +4,9 @@ on:
     branches:
       - main
   pull_request:
+permissions: 
+  contents: read
+  pull-requests: read
 jobs:
   build:
     runs-on: buildjet-4vcpu-ubuntu-2204
@@ -23,7 +26,7 @@ jobs:
           pnpm config set script-shell "/usr/bin/bash"
 
       - name: pnpm Cache
-        uses: buildjet/cache@v4
+        uses: buildjet/cache@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4
         with:
           path: |
             ~/.pnpm-store
@@ -38,7 +41,7 @@ jobs:
         run: pnpm install --frozen-lockfile
 
       - name: turborepo Cache
-        uses: buildjet/cache@v4
+        uses: buildjet/cache@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4
         with:
           path: |
             .turbo
@@ -63,7 +66,7 @@ jobs:
           corepack prepare [email protected] --activate
 
       - name: Restore dependencies
-        uses: buildjet/cache@v4
+        uses: buildjet/cache@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4
         with:
           path: |
             ~/.pnpm-store
@@ -72,7 +75,7 @@ jobs:
           key: ${{ runner.os }}-pnpm-${{ hashFiles('**/pnpm-lock.yaml') }}
 
       - name: turborepo Cache
-        uses: buildjet/cache@v4
+        uses: buildjet/cache@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4
         with:
           path: |
             .turbo

.github/workflows/version.yml

@@ -5,6 +5,7 @@ on:
     branches:
       - main
 
+
 concurrency: ${{ github.workflow }}-${{ github.ref }}
 
 jobs: