diff --git a/.github/codeql-config.yml b/.github/codeql-config.yml
deleted file mode 100644
index 8adc469..0000000
--- a/.github/codeql-config.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-name: CodeQL Config
-
-paths:
-  - lib
-
-paths-ignore:
-  - node_modules
-
-queries:
-  - uses: security-and-quality
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 961f8d8..26cc81c 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -41,6 +41,6 @@ jobs:
             registry.npmjs.org:443
 
       - name: Build and test
-        uses: myrotvorets/composite-actions/build-test-nodejs@master
+        uses: myrotvorets/composite-actions/build-test-nodejs@931ae3fec4810f7d263d28f6cf12159080b76208
         with:
           node-version: ${{ matrix.node.version }}
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 067cc67..10a1730 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -36,7 +36,7 @@ jobs:
             registry.npmjs.org:443
 
       - name: Run code style check
-        uses: myrotvorets/composite-actions/node-run-script@master
+        uses: myrotvorets/composite-actions/node-run-script@931ae3fec4810f7d263d28f6cf12159080b76208
         with:
           script: lint
 
@@ -59,6 +59,6 @@ jobs:
             registry.npmjs.org:443
 
       - name: Run type check
-        uses: myrotvorets/composite-actions/node-run-script@master
+        uses: myrotvorets/composite-actions/node-run-script@931ae3fec4810f7d263d28f6cf12159080b76208
         with:
           script: typecheck
diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml
index 370cda8..774aadb 100644
--- a/.github/workflows/npm-publish.yml
+++ b/.github/workflows/npm-publish.yml
@@ -39,7 +39,7 @@ jobs:
             registry.npmjs.org:443
 
       - name: Prepare source
-        uses: myrotvorets/composite-actions/node-prepublish@master
+        uses: myrotvorets/composite-actions/node-prepublish@931ae3fec4810f7d263d28f6cf12159080b76208
 
   publish:
     name: Publish package (${{ matrix.registry }})
@@ -79,7 +79,7 @@ jobs:
             npm.pkg.github.com:443
 
       - name: Publish package
-        uses: myrotvorets/composite-actions/node-publish@master
+        uses: myrotvorets/composite-actions/node-publish@931ae3fec4810f7d263d28f6cf12159080b76208
         with:
           node-auth-token: ${{ secrets[matrix.secret] }}
           registry-url: ${{ matrix.registry_url }}
diff --git a/.github/workflows/package-audit.yml b/.github/workflows/package-audit.yml
index 50ce012..2576ef7 100644
--- a/.github/workflows/package-audit.yml
+++ b/.github/workflows/package-audit.yml
@@ -30,4 +30,4 @@ jobs:
             registry.npmjs.org:443
 
       - name: Audit with NPM
-        uses: myrotvorets/composite-actions/node-package-audit@master
+        uses: myrotvorets/composite-actions/node-package-audit@931ae3fec4810f7d263d28f6cf12159080b76208
diff --git a/.github/workflows/push-tag.yml b/.github/workflows/push-tag.yml
index 8fb6927..ceb3b33 100644
--- a/.github/workflows/push-tag.yml
+++ b/.github/workflows/push-tag.yml
@@ -34,7 +34,7 @@ jobs:
             registry.npmjs.org:443
 
       - name: Build and test
-        uses: myrotvorets/composite-actions/build-test-nodejs@master
+        uses: myrotvorets/composite-actions/build-test-nodejs@931ae3fec4810f7d263d28f6cf12159080b76208
 
   release:
     name: Prepare the release
diff --git a/.github/workflows/sonarscan.yml b/.github/workflows/sonarscan.yml
index 3b8b4f1..c7610cf 100644
--- a/.github/workflows/sonarscan.yml
+++ b/.github/workflows/sonarscan.yml
@@ -41,7 +41,7 @@ jobs:
             sonarcloud.io:443
 
       - name: Run SonarCloud analysis
-        uses: myrotvorets/composite-actions/node-sonarscan@master
+        uses: myrotvorets/composite-actions/node-sonarscan@931ae3fec4810f7d263d28f6cf12159080b76208
         with:
           sonar-token: ${{ secrets.SONAR_TOKEN }}
           test-script: 'test:sonarqube'