diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index da96a3e..d51fe9f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -33,7 +33,7 @@ jobs:
           - { wp: nightly, ms: 'yes', php: '8.3', phpunit: 9 }
     services:
       mysql:
-        image: mariadb:latest@sha256:eb6a2d34367b662a6e9c92e8cd112bbadf03ad4627f8eeb8d19f480f8da87fa6
+        image: mariadb:latest@sha256:a9385bb457ebf4600da632cc331f11a5328c582bfb492aa76517282bcae1dcc9
         ports:
           - "3306:3306"
         env:
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 563127d..de68177 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -12,7 +12,7 @@ jobs:
     name: Review Dependencies
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1
+        uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0
         with:
           egress-policy: block
           allowed-endpoints: >