diff --git a/.github/workflows/fossify-event-dispatcher.yml b/.github/workflows/fossify-event-dispatcher.yml
index 2a62859..988d5ad 100644
--- a/.github/workflows/fossify-event-dispatcher.yml
+++ b/.github/workflows/fossify-event-dispatcher.yml
@@ -53,7 +53,7 @@ jobs:
   dispatch:
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d
+      - uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/merge-pull-requests.yml b/.github/workflows/merge-pull-requests.yml
index 84d2b0a..662db79 100644
--- a/.github/workflows/merge-pull-requests.yml
+++ b/.github/workflows/merge-pull-requests.yml
@@ -63,7 +63,7 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/merge-weblate-prs.yml b/.github/workflows/merge-weblate-prs.yml
index c353b60..e903e78 100644
--- a/.github/workflows/merge-weblate-prs.yml
+++ b/.github/workflows/merge-weblate-prs.yml
@@ -39,7 +39,7 @@ jobs:
       GH_TOKEN: ${{ secrets.PERSONAL_TOKEN }}
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/prepare-release-pr.yml b/.github/workflows/prepare-release-pr.yml
index 5a86d49..607e25b 100644
--- a/.github/workflows/prepare-release-pr.yml
+++ b/.github/workflows/prepare-release-pr.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c85ce23..d4a3adc 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -54,7 +54,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40
         with:
           egress-policy: audit
 
@@ -124,7 +124,7 @@ jobs:
     timeout-minutes: 20
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/update-commons.yml b/.github/workflows/update-commons.yml
index 6ee9656..52c0ad5 100644
--- a/.github/workflows/update-commons.yml
+++ b/.github/workflows/update-commons.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@fe104658747b27e96e4f7e80cd0a94068e53901d
+        uses: step-security/harden-runner@8d3c67de8e2fe68ef647c8db1e6a09f647780f40
         with:
           egress-policy: audit