ci(security): stabilize codeql and zizmor workflows

Author: xiaojiou176

.github/workflows/codeql.yml

@@ -26,12 +26,12 @@ jobs:
         with:
           fetch-depth: 0
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@3b1a19a80ab047f35cbb237b5bd9bdc1e14f166c # v3
+        uses: github/codeql-action/init@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v4
         with:
           languages: ${{ matrix.language }}
           build-mode: none
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@3b1a19a80ab047f35cbb237b5bd9bdc1e14f166c # v3
+        uses: github/codeql-action/analyze@5c8a8a642e79153f5d047b10ec1cba1d1cc65699 # v4
         with:
           upload-database: false
           wait-for-processing: false

.github/workflows/pre-commit.yml

@@ -99,7 +99,7 @@ jobs:
         with:
           advanced-security: false
           online-audits: false
-          version: v0.5.2
+          version: 0.5.2
       - uses: ./.github/actions/workspace-sanitize
         if: ${{ always() }}
         with: