diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f4eddb5..26ff60a 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,7 +12,7 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
+      - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350
         with:
           disable-sudo: true
           egress-policy: block
@@ -48,7 +48,7 @@ jobs:
       matrix:
         go: [ '1.22', '1.21' ]
     steps:
-      - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
+      - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350
         with:
           disable-sudo: true
           egress-policy: block
@@ -75,7 +75,7 @@ jobs:
     name: Analyze
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
+      - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350
         with:
           disable-sudo: true
           egress-policy: block
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index e30f5e3..54e4535 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -23,7 +23,7 @@ jobs:
       fail-fast: false
 
     steps:
-      - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
+      - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350
         with:
           disable-sudo: true
           egress-policy: block
@@ -35,12 +35,12 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@3407610120cd5656b6fc71991415cb50748b9489
+        uses: github/codeql-action/init@db7177a1c66bea89f5e7ce32d0ea48bea4a0d460
         with:
           languages: go
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@3407610120cd5656b6fc71991415cb50748b9489
+        uses: github/codeql-action/autobuild@db7177a1c66bea89f5e7ce32d0ea48bea4a0d460
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@3407610120cd5656b6fc71991415cb50748b9489
+        uses: github/codeql-action/analyze@db7177a1c66bea89f5e7ce32d0ea48bea4a0d460
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 1a63ed4..29ce5b9 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -22,7 +22,7 @@ jobs:
       id-token: write
 
     steps:
-      - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
+      - uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350
         with:
           disable-sudo: true
           egress-policy: block
@@ -61,7 +61,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
         with:
           name: SARIF file
           path: results.sarif
@@ -69,6 +69,6 @@ jobs:
 
       # required for Code scanning alerts
       - name: "Upload SARIF results to code scanning"
-        uses: github/codeql-action/upload-sarif@3407610120cd5656b6fc71991415cb50748b9489
+        uses: github/codeql-action/upload-sarif@db7177a1c66bea89f5e7ce32d0ea48bea4a0d460
         with:
           sarif_file: results.sarif