diff --git a/.github/workflows/00_pr_auto_approve.yml b/.github/workflows/00_pr_auto_approve.yml
index 8f4dec4a7a..d4d190b4e8 100644
--- a/.github/workflows/00_pr_auto_approve.yml
+++ b/.github/workflows/00_pr_auto_approve.yml
@@ -13,7 +13,7 @@ jobs:
     if: contains(fromJson('["dependabot[bot]", "github-actions[bot]", "pdxjohnny"]'), github.actor)
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/alice_async_comms.yml b/.github/workflows/alice_async_comms.yml
index 0a34ff4744..5785c3e161 100644
--- a/.github/workflows/alice_async_comms.yml
+++ b/.github/workflows/alice_async_comms.yml
@@ -23,7 +23,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
       - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
diff --git a/.github/workflows/alice_please_contribute_recommended_community_standards.yml b/.github/workflows/alice_please_contribute_recommended_community_standards.yml
index 879d2059e3..5f92ca4f24 100644
--- a/.github/workflows/alice_please_contribute_recommended_community_standards.yml
+++ b/.github/workflows/alice_please_contribute_recommended_community_standards.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit
 
diff --git a/.github/workflows/alice_shouldi_contribute.yml b/.github/workflows/alice_shouldi_contribute.yml
index 11cc10d42a..74882d716c 100644
--- a/.github/workflows/alice_shouldi_contribute.yml
+++ b/.github/workflows/alice_shouldi_contribute.yml
@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit
 
diff --git a/.github/workflows/build_images_containers.yml b/.github/workflows/build_images_containers.yml
index 3a7ef1dad3..840c1d54bb 100644
--- a/.github/workflows/build_images_containers.yml
+++ b/.github/workflows/build_images_containers.yml
@@ -67,7 +67,7 @@ jobs:
       matrix: ${{ fromJSON(inputs.manifests) }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index daba5a2fe2..67d00c8e7f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -42,7 +42,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 6ad35f1f80..f37ea6dda9 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/dffml_build_images_containers.yml b/.github/workflows/dffml_build_images_containers.yml
index 8182e3e7d6..d617010ac2 100644
--- a/.github/workflows/dffml_build_images_containers.yml
+++ b/.github/workflows/dffml_build_images_containers.yml
@@ -36,7 +36,7 @@ jobs:
       manifest: ${{ steps.create-manifest-instance.outputs.github_actions_manifest }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/dispatch_build_images_containers.yml b/.github/workflows/dispatch_build_images_containers.yml
index 6aa57d0819..777f9d4f7b 100644
--- a/.github/workflows/dispatch_build_images_containers.yml
+++ b/.github/workflows/dispatch_build_images_containers.yml
@@ -21,7 +21,7 @@ jobs:
       manifest: ${{ steps.create-manifest-instance.outputs.manifest }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/new_2nd_party_tcb_eval.yml b/.github/workflows/new_2nd_party_tcb_eval.yml
index 92a74e23c7..68c17a3d31 100644
--- a/.github/workflows/new_2nd_party_tcb_eval.yml
+++ b/.github/workflows/new_2nd_party_tcb_eval.yml
@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit
 
diff --git a/.github/workflows/pin_downstream.yml b/.github/workflows/pin_downstream.yml
index 1c550b50ae..8d8f965ef6 100644
--- a/.github/workflows/pin_downstream.yml
+++ b/.github/workflows/pin_downstream.yml
@@ -29,7 +29,7 @@ jobs:
       manifest: ${{ steps.create-manifest-instance.outputs.github_actions_manifest }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
@@ -99,7 +99,7 @@ jobs:
       matrix: ${{ fromJSON(needs.manifest.outputs.manifest) }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/rfc.yml b/.github/workflows/rfc.yml
index 9dff60d6cc..afe56cdac6 100644
--- a/.github/workflows/rfc.yml
+++ b/.github/workflows/rfc.yml
@@ -20,7 +20,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit
 
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 0d51d4d924..71e76f3382 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -20,7 +20,7 @@ jobs:
       id-token: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit
 
diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index 90fdaed9fa..c71fdcf864 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -28,7 +28,7 @@ jobs:
         - "3.12"
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit
 
@@ -105,7 +105,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit
 
@@ -151,7 +151,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit
 
@@ -199,7 +199,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit
 
@@ -320,7 +320,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit
 
@@ -370,7 +370,7 @@ jobs:
         python-version: [3.7]
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit