diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c73b3d4..019771e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
         with:
           disable-sudo: true
           egress-policy: block
@@ -53,7 +53,7 @@ jobs:
     runs-on: "${{ matrix.os }}"
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
         with:
           disable-sudo: true
           egress-policy: block
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 6fa5f1d..a1dcbe7 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -30,7 +30,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.2.1
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.2.1
         with:
           disable-sudo: true
           egress-policy: block
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index 37cb1d1..151dac9 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -17,7 +17,7 @@ jobs:
         platform: [ 'x86_64-unknown-linux-gnu', 'aarch64-unknown-linux-gnu' ]
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
         with:
           egress-policy: block
           allowed-endpoints: >
@@ -65,7 +65,7 @@ jobs:
         python-version: ['3.8', '3.9', '3.10', '3.11']
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -94,7 +94,7 @@ jobs:
         python-version: ['3.8', '3.9', '3.10', '3.11']
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -133,7 +133,7 @@ jobs:
       contents: write # To add assets to a release.
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845 # v2.1.0
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604 # v2.1.0
         with:
           disable-sudo: true
           egress-policy: block
@@ -177,7 +177,7 @@ jobs:
       id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@55d479fb1c5bcad5a4f9099a5d9f37c8857b2845
+        uses: step-security/harden-runner@cba0d00b1fc9a034e1e642ea0f1103c282990604
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs