diff --git a/.github/workflows/fossify-event-dispatcher.yml b/.github/workflows/fossify-event-dispatcher.yml
index a88ee24..5de53d8 100644
--- a/.github/workflows/fossify-event-dispatcher.yml
+++ b/.github/workflows/fossify-event-dispatcher.yml
@@ -53,7 +53,7 @@ jobs:
   dispatch:
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5
+      - uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/merge-pull-requests.yml b/.github/workflows/merge-pull-requests.yml
index 47fbe1b..b4e1781 100644
--- a/.github/workflows/merge-pull-requests.yml
+++ b/.github/workflows/merge-pull-requests.yml
@@ -63,7 +63,7 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/merge-weblate-prs.yml b/.github/workflows/merge-weblate-prs.yml
index eca7977..847c113 100644
--- a/.github/workflows/merge-weblate-prs.yml
+++ b/.github/workflows/merge-weblate-prs.yml
@@ -39,7 +39,7 @@ jobs:
       GH_TOKEN: ${{ secrets.PERSONAL_TOKEN }}
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/prepare-release-pr.yml b/.github/workflows/prepare-release-pr.yml
index 9c4cd3c..b6a4c43 100644
--- a/.github/workflows/prepare-release-pr.yml
+++ b/.github/workflows/prepare-release-pr.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3f4d14c..35124ed 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -54,7 +54,7 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411
         with:
           egress-policy: audit
 
@@ -124,7 +124,7 @@ jobs:
     timeout-minutes: 20
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/update-commons.yml b/.github/workflows/update-commons.yml
index 2e6a4eb..5101483 100644
--- a/.github/workflows/update-commons.yml
+++ b/.github/workflows/update-commons.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5
+        uses: step-security/harden-runner@9af89fc71515a100421586dfdb3dc9c984fbf411
         with:
           egress-policy: audit