diff --git a/.github/workflows/changelog-preview.yml b/.github/workflows/changelog-preview.yml
index 23daafa1a0..612cc5b52f 100644
--- a/.github/workflows/changelog-preview.yml
+++ b/.github/workflows/changelog-preview.yml
@@ -15,5 +15,5 @@ permissions:
 
 jobs:
   changelog-preview:
-    uses: getsentry/craft/.github/workflows/changelog-preview.yml@3e6a0f477702864bb5854384b390a0db3325428e # v2
+    uses: getsentry/craft/.github/workflows/changelog-preview.yml@4468eb9e399655a61c770534dacc03139d98aa18 # v2
     secrets: inherit
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 1276f2bd71..6aa197d662 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -36,7 +36,7 @@ jobs:
           cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463 # pin@v2
+        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # pin@v2
         with:
           languages: 'java'
 
@@ -45,4 +45,4 @@ jobs:
           ./gradlew buildForCodeQL --no-build-cache
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463 # pin@v2
+        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # pin@v2
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 88cac7c675..a6964cec4b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -34,7 +34,7 @@ jobs:
           fetch-depth: 0
           submodules: 'recursive'
       - name: Prepare release
-        uses: getsentry/craft@3e6a0f477702864bb5854384b390a0db3325428e # v2
+        uses: getsentry/craft@4468eb9e399655a61c770534dacc03139d98aa18 # v2
         env:
           GITHUB_TOKEN: ${{ steps.token.outputs.token }}
         with: