diff --git a/.github/workflows/cd.edge.build.yml b/.github/workflows/cd.edge.build.yml
index 8608ceb8..b506643e 100644
--- a/.github/workflows/cd.edge.build.yml
+++ b/.github/workflows/cd.edge.build.yml
@@ -21,7 +21,7 @@ jobs:
       id-token: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
       - name: Client Payload
diff --git a/.github/workflows/cd.release.build.yml b/.github/workflows/cd.release.build.yml
index bbe4d256..c2df90ae 100644
--- a/.github/workflows/cd.release.build.yml
+++ b/.github/workflows/cd.release.build.yml
@@ -22,7 +22,7 @@ jobs:
       id-token: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
       - name: Client Payload
diff --git a/.github/workflows/cd.release.yml b/.github/workflows/cd.release.yml
index 166464eb..61826b65 100644
--- a/.github/workflows/cd.release.yml
+++ b/.github/workflows/cd.release.yml
@@ -18,7 +18,7 @@ jobs:
     if: github.repository == 'opencadc/science-platform'
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
       - name: Create release
diff --git a/.github/workflows/ci.commit.check.yml b/.github/workflows/ci.commit.check.yml
index 4533f95b..56c19d36 100644
--- a/.github/workflows/ci.commit.check.yml
+++ b/.github/workflows/ci.commit.check.yml
@@ -18,7 +18,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
       - name: Checkout code
diff --git a/.github/workflows/ci.linting.yml b/.github/workflows/ci.linting.yml
index f334d401..db913f3c 100644
--- a/.github/workflows/ci.linting.yml
+++ b/.github/workflows/ci.linting.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
       - name: Checkout code
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
       - name: Checkout code
diff --git a/.github/workflows/ci.testing.yml b/.github/workflows/ci.testing.yml
index 69c27414..972bf3d1 100644
--- a/.github/workflows/ci.testing.yml
+++ b/.github/workflows/ci.testing.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
       - name: Checkout code
@@ -47,7 +47,7 @@ jobs:
       id-token: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
       - name: Download coverage artifacts
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index c3eef2bd..8913053a 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -37,7 +37,7 @@ jobs:
           build-mode: none
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+      uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
       with:
         egress-policy: audit
     - name: Checkout repository
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 54e674fd..5bee7d2c 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
         with:
           egress-policy: audit
       - name: "Checkout code"