diff --git a/.github/workflows/automate-staleness.yml b/.github/workflows/automate-staleness.yml
index 05b3930c2d..0590231f8d 100644
--- a/.github/workflows/automate-staleness.yml
+++ b/.github/workflows/automate-staleness.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
         with:
           egress-policy: audit
       
diff --git a/.github/workflows/automate_changeset_feedback.yml b/.github/workflows/automate_changeset_feedback.yml
index 3710ffc7ec..7a6f37cf9b 100644
--- a/.github/workflows/automate_changeset_feedback.yml
+++ b/.github/workflows/automate_changeset_feedback.yml
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
         with:
           egress-policy: audit
 
@@ -36,7 +36,7 @@ jobs:
       - name: fetch base
         run: git fetch --depth 1 origin ${{ github.base_ref }}
 
-      - uses: backstage/actions/changeset-feedback@c3038aa5576b9cd845ccc518ef854d3660e8cb40 # v0.7.6
+      - uses: backstage/actions/changeset-feedback@2cd6978b476cbdc39fec48346f8b6ca13199dd6a # v0.7.8
         name: Generate feedback
         with:
           diff-ref: 'origin/main'
diff --git a/.github/workflows/automate_renovate_changesets.yml b/.github/workflows/automate_renovate_changesets.yml
index 77ab690ccd..1dfe631cab 100644
--- a/.github/workflows/automate_renovate_changesets.yml
+++ b/.github/workflows/automate_renovate_changesets.yml
@@ -11,7 +11,7 @@ jobs:
     if: github.actor == 'renovate[bot]' && github.repository == 'redhat-developer/rhdh-plugins'
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/detect-new-workspace.yml b/.github/workflows/detect-new-workspace.yml
index c8279043a6..817b97afa9 100644
--- a/.github/workflows/detect-new-workspace.yml
+++ b/.github/workflows/detect-new-workspace.yml
@@ -21,7 +21,7 @@ jobs:
       workspaces: ${{ steps.detect.outputs.workspaces }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
         with:
           egress-policy: audit
 
@@ -54,7 +54,7 @@ jobs:
         workspace: ${{ fromJSON(needs.prepare.outputs.workspaces) }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/toml-checks.yaml b/.github/workflows/toml-checks.yaml
index 77472335d5..dd76fe66e8 100644
--- a/.github/workflows/toml-checks.yaml
+++ b/.github/workflows/toml-checks.yaml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: tombi-toml/setup-tombi@f7cb38e77d9a62bc27a8445bf50e660e9496b893 # v1.0.7
+      - uses: tombi-toml/setup-tombi@cebfd308ba02edadfcee148b7473536990950c92 # v1.0.8
         with:
           version: 'v0.7.22'
           checksum: '2f96342066b02ac374b2b457c9927264fd086256c1c6ccc817eced8367f1d83c'
diff --git a/.github/workflows/upgrade-dashboard.yml b/.github/workflows/upgrade-dashboard.yml
index 6378e60327..229a52ea03 100644
--- a/.github/workflows/upgrade-dashboard.yml
+++ b/.github/workflows/upgrade-dashboard.yml
@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/validate-codeowners.yml b/.github/workflows/validate-codeowners.yml
index 8b95607473..f13759fe96 100644
--- a/.github/workflows/validate-codeowners.yml
+++ b/.github/workflows/validate-codeowners.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
+        uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
         with:
           egress-policy: audit
 
@@ -36,7 +36,7 @@ jobs:
 
       - name: Generate GitHub App Token
         id: generate-token
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2
+        uses: actions/create-github-app-token@fee1f7d63c2ff003460e3d139729b119787bc349 # v2
         with:
           app-id: ${{ secrets.RHDH_GH_APP_ID }}
           private-key: ${{ secrets.RHDH_GH_APP_PRIVATE_KEY }}