diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml
index 1929054e..2d5e575c 100644
--- a/.github/workflows/release-build.yml
+++ b/.github/workflows/release-build.yml
@@ -124,7 +124,7 @@ jobs:
     permissions:
       packages: write # is needed by devcontainers/action to write templates as OCI artifacts
     steps:
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           disable-sudo: true
           egress-policy: audit
@@ -157,7 +157,7 @@ jobs:
       contents: write # is needed to modify a release
     needs: [generate-documents]
     steps:
-      - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
+      - uses: step-security/harden-runner@95d9a5deda9de15063e7595e9719c11c38c90ae2 # v2.13.2
         with:
           disable-sudo: true
           egress-policy: audit
diff --git a/.github/workflows/wc-dependency-review.yml b/.github/workflows/wc-dependency-review.yml
index a806c139..515e0609 100644
--- a/.github/workflows/wc-dependency-review.yml
+++ b/.github/workflows/wc-dependency-review.yml
@@ -33,7 +33,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - uses: actions/dependency-review-action@40c09b7dc99638e5ddb0bfd91c1673effc064d8a # v4.8.1
+      - uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # v4.8.2
         with:
           comment-summary-in-pr: on-failure
           fail-on-severity: critical