diff --git a/.github/workflows/release-test.yml b/.github/workflows/release-test.yml
index 0341749798f..f2578585d1f 100644
--- a/.github/workflows/release-test.yml
+++ b/.github/workflows/release-test.yml
@@ -114,7 +114,7 @@ jobs:
       - name: Submit signing request
         id: submit-signing-request
         if: endsWith(matrix.target, '-pc-windows-msvc')
-        uses: signpath/github-action-submit-signing-request@ced31329c0317e779dad2eec2a7c3bb46ea1343e # v1.3
+        uses: signpath/github-action-submit-signing-request@3f9250c56651ff692d6729a2fbb0603a42d7d322 # v2.0
         with:
           api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
           organization-id: '34634019-2ee0-4162-830a-72cd1a0cb73f'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 9dbef836128..af69f058bd7 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -252,7 +252,7 @@ jobs:
       - name: Submit Windows artifact signing request
         id: submit-signing-request
         if: endsWith(matrix.target, '-pc-windows-msvc')
-        uses: signpath/github-action-submit-signing-request@ced31329c0317e779dad2eec2a7c3bb46ea1343e # v1.3
+        uses: signpath/github-action-submit-signing-request@3f9250c56651ff692d6729a2fbb0603a42d7d322 # v2.0
         with:
           api-token: '${{ secrets.SIGNPATH_API_TOKEN }}'
           organization-id: '34634019-2ee0-4162-830a-72cd1a0cb73f'