diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fca9607f..e87b9461 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -33,20 +33,20 @@ concurrency:
 
 jobs:
   miri:
-    uses: taiki-e/github-actions/.github/workflows/miri.yml@606d6c78d69927c489d319133073a03157928a7a # main
+    uses: taiki-e/github-actions/.github/workflows/miri.yml@dec917193d835117a7238865adf83273d9fcd27a # main
     with:
       # NB: sync with test job's --exclude option
       args: --exclude install-action-internal-codegen
   msrv:
-    uses: taiki-e/github-actions/.github/workflows/msrv.yml@606d6c78d69927c489d319133073a03157928a7a # main
+    uses: taiki-e/github-actions/.github/workflows/msrv.yml@dec917193d835117a7238865adf83273d9fcd27a # main
   test-manifest-schema:
-    uses: taiki-e/github-actions/.github/workflows/test.yml@606d6c78d69927c489d319133073a03157928a7a # main
+    uses: taiki-e/github-actions/.github/workflows/test.yml@dec917193d835117a7238865adf83273d9fcd27a # main
     with:
       # NB: sync with miri job's --exclude option
       test-args: --exclude install-action-internal-codegen
       no-std: false
   tidy:
-    uses: taiki-e/github-actions/.github/workflows/tidy.yml@606d6c78d69927c489d319133073a03157928a7a # main
+    uses: taiki-e/github-actions/.github/workflows/tidy.yml@dec917193d835117a7238865adf83273d9fcd27a # main
     permissions:
       contents: write # for creating branch for pr
       pull-requests: write # unused (used in `codegen-automerge: true` case)
diff --git a/.github/workflows/manifest.yml b/.github/workflows/manifest.yml
index f4fb20ec..c4ad8957 100644
--- a/.github/workflows/manifest.yml
+++ b/.github/workflows/manifest.yml
@@ -33,7 +33,7 @@ concurrency:
 
 jobs:
   manifest:
-    uses: taiki-e/github-actions/.github/workflows/gen.yml@7e4093bf4e87dd120ac0c3be2e47ebe7f737a47d # main
+    uses: taiki-e/github-actions/.github/workflows/gen.yml@dec917193d835117a7238865adf83273d9fcd27a # main
     permissions:
       contents: write # for creating branch for pr
       pull-requests: write # for gh pr review --approve
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9900fae4..bd5b5f32 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -436,7 +436,7 @@ jobs:
 
   release-manifest-schema:
     if: github.repository_owner == 'taiki-e' && inputs.target == 'install-action-manifest-schema'
-    uses: taiki-e/github-actions/.github/workflows/rust-release.yml@606d6c78d69927c489d319133073a03157928a7a # main
+    uses: taiki-e/github-actions/.github/workflows/rust-release.yml@dec917193d835117a7238865adf83273d9fcd27a # main
     permissions:
       contents: write # for taiki-e/create-gh-release-action
       id-token: write # for rust-lang/crates-io-auth-action
diff --git a/.github/zizmor.yml b/.github/zizmor.yml
index 09fee698..ab5c01c7 100644
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@@ -2,5 +2,5 @@
 # https://docs.zizmor.sh/configuration/
 
 rules:
-  anonymous-definition: { disable: true }
+  anonymous-definition: { disable: true } # This is pedantic/auditor only audit and requires explicitly naming each job, but is usually redundant.
   dependabot-cooldown: { config: { days: 14 } }