Pin Psalm version for security analysis

The action will otherwise pull dev-master and this can break easily as
we just experience.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

2 files changed, 2 insertions, 2 deletions

diff --git a/.github/workflows/psalm-github.yml b/.github/workflows/psalm-github.yml
index 8346ca7d100..d27e0a1f143 100644
--- a/.github/workflows/psalm-github.yml
+++ b/.github/workflows/psalm-github.yml
@@ -17,7 +17,7 @@ jobs:
         with:
           submodules: recursive
       - name: Psalm
-        uses: docker://vimeo/psalm-github-actions
+        uses: docker://vimeo/psalm-github-actions:4.9.3
         continue-on-error: true
         with:
           composer_ignore_platform_reqs: false
diff --git a/.github/workflows/psalm-security.yml b/.github/workflows/psalm-security.yml
index 17f8b28e53c..a97abba44c2 100644
--- a/.github/workflows/psalm-security.yml
+++ b/.github/workflows/psalm-security.yml
@@ -17,7 +17,7 @@ jobs:
         with:
           submodules: recursive
       - name: Psalm
-        uses: docker://vimeo/psalm-github-actions
+        uses: docker://vimeo/psalm-github-actions:4.9.3
         with:
           security_analysis: true
           composer_ignore_platform_reqs: false