diff --git a/.github/workflows/check-format.yml b/.github/workflows/check-format.yml
index 8bcd131c8..779259d20 100644
--- a/.github/workflows/check-format.yml
+++ b/.github/workflows/check-format.yml
@@ -26,7 +26,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/check-table-license.yml b/.github/workflows/check-table-license.yml
index b865f6512..2b662d060 100644
--- a/.github/workflows/check-table-license.yml
+++ b/.github/workflows/check-table-license.yml
@@ -21,7 +21,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index c1cea2aa1..a37f89d14 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index d10d2fb20..a9213af12 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -33,7 +33,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/distcheck.yml b/.github/workflows/distcheck.yml
index 6479137c4..c9e9ae4b0 100644
--- a/.github/workflows/distcheck.yml
+++ b/.github/workflows/distcheck.yml
@@ -20,7 +20,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/emscripten.yml b/.github/workflows/emscripten.yml
index 5d7907edd..6c361ee3e 100644
--- a/.github/workflows/emscripten.yml
+++ b/.github/workflows/emscripten.yml
@@ -13,7 +13,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml
index 9a734bf26..a76b11dad 100644
--- a/.github/workflows/fuzzing.yml
+++ b/.github/workflows/fuzzing.yml
@@ -21,7 +21,7 @@ jobs:
         # ucs4
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -63,7 +63,7 @@ jobs:
         table: [ afr-za-g1.ctb, afr-za-g2.ctb, akk.utb, akk-borger.utb, ar-ar-comp8.utb, ar-ar-g1.utb, ar-ar-g2.ctb, as-in-g1.utb, aw-in-g1.utb, ba.utb, be-in-g1.utb, bel.utb, bel-comp.utb, bel-detailed.utb, bg.ctb, bg.utb, bh.ctb, bo.ctb, boxes.ctb, br-in-g1.utb, ca-g1.ctb, chr-us-g1.ctb, ckb-g1.ctb, cop-eg-comp8.utb, cs-comp8.utb, cs-g1.ctb, cy-cy-g1.utb, cy-cy-g2.ctb, cuneiform-transliterated.utb, da-dk-g08_1993.ctb, da-dk-g08.ctb, da-dk-g16_1993.ctb, da-dk-g16.ctb, da-dk-g16-lit_1993.ctb, da-dk-g18_1993.ctb, da-dk-g18.ctb, da-dk-g26_1993.ctb, da-dk-g26.ctb, da-dk-g26l_1993.ctb, da-dk-g26-lit_1993.ctb, da-dk-g26l-lit_1993.ctb, da-dk-g28_1993.ctb, da-dk-g28.ctb, da-dk-g28l_1993.ctb, de-chess.ctb, de-comp6.utb, de-de-comp8.ctb, de-g0.utb, de-g0-detailed.utb, de-g1.ctb, de-g1-detailed.ctb, de-g2.ctb, de-g2-detailed.ctb, dra.ctb, el.ctb, en_CA.ctb, en-chess.ctb, en-gb-comp8.ctb, en-gb-g1.utb, en-GB-g2.ctb, en-in-g1.ctb, en-nabcc.utb, en-ueb-g1.ctb, en-ueb-g2.ctb, en-ueb-math.ctb, en-us-comp6.ctb, en-us-comp8.ctb, en-us-comp8-ext.utb, en-us-g1.ctb, en-us-g2.ctb, en-us-interline.ctb, en-us-mathtext.ctb, eo-g1.ctb, eo-g1-x-system.ctb, Es-Es-G0.utb, es-g1.ctb, es-g2.ctb, et.ctb, et-g0.utb, ethio-g1.ctb, fa-ir-comp8.ctb, fa-ir-g1.utb, fi-fi-8dot.ctb, fi.utb, fil-g2.ctb, fr-bfu-comp6.utb, fr-bfu-comp8.utb, fr-bfu-g2.ctb, ga-g1.utb, ga-g2.ctb, gd.ctb, gon.ctb, grc-international-en.utb, grc-international-es.utb, gu-in-g1.utb, haw-us-g1.ctb, hbo.utb, he-IL.utb, he-IL-comp8.utb, hi-in-g1.utb, hr-comp8.utb, hr-g1.ctb, hu-hu-comp8.ctb, hu-hu-g1.ctb, hu-hu-g2.ctb, hy.ctb, IPA.utb, is.ctb, it-it-comp6.utb, it-it-comp8.utb, iu-ca-g1.ctb, ja-kantenji.utb, ka.utb, ka-in-g1.utb, kh-in-g1.utb, kk.utb, km-g1.utb, ko-2006-g1.ctb, ko-2006-g2.ctb, ko-g1.ctb, ko-g2.ctb, kok.ctb, kru.ctb, ks-in-g1.utb, lg-ug-g1.utb, lo-g1.utb, lt-6dot.utb, lt.ctb, Lv-Lv-g1.utb, mao-nz-g1.ctb, ml-in-g1.utb, mn-in-g1.utb, mn-MN-g1.utb, mn-MN-g2.ctb, mr-in-g1.utb, ms-my-g2.ctb, mt.ctb, mun.ctb, mwr.ctb, my-g1.utb, my-g2.ctb, ne.ctb, nl-comp8.utb, nl-NL-g0.utb, no-no-8dot-fallback-6dot-g0.utb, no-no-8dot.utb, no-no-comp8.ctb, no-no-g0.utb, no-no-g1.ctb, no-no-g2.ctb, no-no-g3.ctb, no-no-generic.ctb, np-in-g1.utb, nso-za-g1.utb, nso-za-g2.ctb, ny-mw.utb, or-in-g1.utb, pi.ctb, pl-pl-comp8.ctb, Pl-Pl-g1.utb, pt-pt-comp8.ctb, pt-pt-g1.utb, pt-pt-g2.ctb, pu-in-g1.utb, ro.ctb, ro-g0.utb, ru-compbrl.ctb, ru.ctb, ru-litbrl.ctb, ru-litbrl-detailed.utb, ru-ru-g1.ctb, rw-rw-g1.utb, sa-in-g1.utb, sah.utb, se-se.ctb, si-in-g1.utb, sin.utb, sk-g1.ctb, sk-sk-g1.utb, sk-sk.utb, sl-si-comp8.ctb, sl-si-g1.utb, sot-za-g1.ctb, sot-za-g2.ctb, sr-g1.ctb, sr-Cyrl.ctb, sv-1989.ctb, sv-1996.ctb, sv-g0.utb, sv-g1.ctb, sv-g2.ctb, sw-ke-g1-2.ctb, sw-ke-g1-3.ctb, sw-ke-g1-4.ctb, sw-ke-g1-5.ctb, sw-ke-g1.utb, sw-ke-g2.ctb, syc.utb, ta.ctb, ta-ta-g1.ctb, te-in-g1.utb, th-g0.utb, th-comp8-backward.utb, tr.ctb, tr-g1.ctb, tr-g2.ctb, tsn-za-g1.ctb, tsn-za-g2.ctb, tt.utb, uga.utb, uk.utb, uk-comp.utb, uk-detailed.utb, unicode-braille.utb, ur-pk-g1.utb, ur-pk-g2.ctb, uz-g1.utb, ve-za-g1.utb, ve-za-g2.ctb, vi-cb8.utb, vi-saigon-g1.ctb, vi-vn-g0.utb, vi-vn-g1.ctb, vi-vn-g2.ctb, xh-za-g1.utb, xh-za-g2.ctb, yi.utb, zh-chn.ctb, zhcn-cbs.ctb, zhcn-g1.ctb, zhcn-g2.ctb, zh-hk.ctb, zh-tw.ctb, zu-za-g1.utb, zu-za-g2.ctb, ]
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/macro.yml b/.github/workflows/macro.yml
index b452af85d..bf93c7557 100644
--- a/.github/workflows/macro.yml
+++ b/.github/workflows/macro.yml
@@ -19,7 +19,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 842ecb94c..ba50d86f9 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/metadata.yml b/.github/workflows/metadata.yml
index 7c81a7965..f0da2e27b 100644
--- a/.github/workflows/metadata.yml
+++ b/.github/workflows/metadata.yml
@@ -26,7 +26,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/mingw.yml b/.github/workflows/mingw.yml
index e7d4e5318..4ff548065 100644
--- a/.github/workflows/mingw.yml
+++ b/.github/workflows/mingw.yml
@@ -29,7 +29,7 @@ jobs:
 
     steps:
     - name: Harden Runner
-      uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
       with:
         egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
@@ -111,7 +111,7 @@ jobs:
   #
   #  steps:
   #  - name: Harden Runner
-  #    uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+  #    uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
   #    with:
   #      egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
   #
diff --git a/.github/workflows/sanitizer.yml b/.github/workflows/sanitizer.yml
index a572b219c..9a436f204 100644
--- a/.github/workflows/sanitizer.yml
+++ b/.github/workflows/sanitizer.yml
@@ -34,7 +34,7 @@ jobs:
             options: "UBSAN_OPTIONS=halt_on_error=1"
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index a6d5c5f00..b88df590e 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -28,7 +28,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@a4aa98b93cab29d9b1101a6143fb8bce00e2eac4 # v2.7.1
+        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs