diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index bb8857c87..bf2b5d679 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -26,7 +26,7 @@ jobs:
       release_tag: ${{ steps.release_please.outputs.tag_name }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v1
+        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v1
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
       - name: Run release please
@@ -44,7 +44,7 @@ jobs:
         arch: [amd64,arm,arm64]
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v1
+        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v1
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
       - name: Set app version for release
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 6cf221994..83043b883 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -32,7 +32,7 @@ jobs:
           build-mode: manual
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v1
+      uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v1
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
     - name: Checkout repository
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 20a405527..de752ce75 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v1
+        uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v1
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
       - name: Checkout
@@ -52,7 +52,7 @@ jobs:
     permissions:
       pull-requests: read # Use with `only-new-issues` option.
     steps:
-      - uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      - uses: step-security/harden-runner@f086349bfa2bd1361f7909c78558e816508cdc10 # v2.8.0
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
       - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6