diff --git a/.github/workflows/new-pr-comments.yml b/.github/workflows/new-pr-comments.yml
index fe0e3d7267..3151af784c 100644
--- a/.github/workflows/new-pr-comments.yml
+++ b/.github/workflows/new-pr-comments.yml
@@ -23,14 +23,14 @@ jobs:
 
       - name: Comment on new Fork PR
         if: github.event.pull_request.user.id != 49699333
-        uses: thollander/actions-comment-pull-request@e2c37e53a7d2227b61585343765f73a9ca57eda9
+        uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b
         with:
           message: Thank you for contributing to ${{ github.event.pull_request.base.repo.name }}! The workflow '${{ github.workflow }}' requires repository secrets and will not run without approval. Maintainers can add the `CI Cleared` label to allow it to run. Note that any changes to ci-security.yml and ci-pipeline.yml will not be reflected.
           github-token: ${{ steps.app-token-generation.outputs.token }}
 
       - name: Comment on dependabot PR
         if: github.event.pull_request.user.id == 49699333
-        uses: thollander/actions-comment-pull-request@e2c37e53a7d2227b61585343765f73a9ca57eda9
+        uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b
         with:
           message: Set the milestone to the next ${{ (github.event.pull_request.base.ref == 'master' && 'patch') || 'minor' }} version, check for supply chain attacks, and then add the `CI Cleared` label to allow CI to run.
           github-token: ${{ steps.app-token-generation.outputs.token }}