diff --git a/.github/workflows/_security-fix-agent.yml b/.github/workflows/_security-fix-agent.yml
index e0c3578aa..7c5472b3b 100644
--- a/.github/workflows/_security-fix-agent.yml
+++ b/.github/workflows/_security-fix-agent.yml
@@ -14,7 +14,7 @@ jobs:
     steps:
       - name: Generate GitHub App token
         id: app-token
-        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3
         with:
           app-id: ${{ secrets.TOOLHIVE_STUDIO_CI_APP_ID }}
           private-key: ${{ secrets.TOOLHIVE_STUDIO_CI_APP_KEY }}
diff --git a/.github/workflows/renovate-post-upgrade.yml b/.github/workflows/renovate-post-upgrade.yml
index 83b66e7ee..b0c2e74b4 100644
--- a/.github/workflows/renovate-post-upgrade.yml
+++ b/.github/workflows/renovate-post-upgrade.yml
@@ -29,7 +29,7 @@ jobs:
       - name: Generate GitHub App token
         if: steps.check.outputs.toolhive == 'true' || steps.check.outputs.heyapi == 'true'
         id: app-token
-        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3
         with:
           app-id: ${{ secrets.TOOLHIVE_STUDIO_CI_APP_ID }}
           private-key: ${{ secrets.TOOLHIVE_STUDIO_CI_APP_KEY }}