fix: fixed the pinned-dependencies

[harshitasao]

Description

fixed the pinned-dependencies reported by the scorecard.

Related Issue(s)

Part of #16607

Checklist

• "Backport to:" labels have been added if this change should be back-ported to release branches
• If this change is to be back-ported to previous releases, a justification is included in the PR description
• Tests were added or are not required
• Did the new or modified tests pass consistently locally and on CI?
• Documentation was added or is not required

Deployment Notes

[vitess-bot]

Review Checklist

Hello reviewers! 👋 Please follow this checklist when reviewing this Pull Request.

General

• Ensure that the Pull Request has a descriptive title.
• Ensure there is a link to an issue (except for internal cleanup and flaky test fixes), new features should have an RFC that documents use cases and test cases.

Tests

• Bug fixes should have at least one unit or end-to-end test, enhancement and new features should have a sufficient number of tests.

Documentation

• Apply the release notes (needs details) label if users need to know about this change.
• New features should be documented.
• There should be some code comments as to why things are implemented the way they are.
• There should be a comment at the top of each new or modified test to explain what the test does.

New flags

• Is this flag really necessary?
• Flag names must be clear and intuitive, use dashes (-), and have a clear help text.

If a workflow is added or modified:

• Each item in Jobs should be named in order to mark it as required.
• If the workflow needs to be marked as required, the maintainer team must be notified.

Backward compatibility

• Protobuf changes should be wire-compatible.
• Changes to _vt tables and RPCs need to be backward compatible.
• RPC changes should be compatible with vitess-operator
• If a flag is removed, then it should also be removed from vitess-operator and arewefastyet, if used there.
• vtctl command output order should be stable and awk-able.

[systay]

Looks good! We create the workflow files from templates, so I added a commit to your branch updating the templates as well.

After changing the templates, you can check that it looks good by using:

make generate_ci_workflows

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.88%. Comparing base (0d6b768) to head (a996eb5).
Report is 21 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #16612      +/-   ##
==========================================
+ Coverage   68.83%   68.88%   +0.04%     
==========================================
  Files        1558     1562       +4     
  Lines      200042   200673     +631     
==========================================
+ Hits       137693   138227     +534     
- Misses      62349    62446      +97     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[frouioui]

This looks good to me, thank you for taking that on.

FYI @vitessio/maintainers, we should continue writing our workflows that way.

Found the GitHub documentation about this: https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions