diff --git a/workflow-templates/maven-release-v2.yaml b/workflow-templates/maven-release-v2.yaml
index d8d8f54..9fa6630 100644
--- a/workflow-templates/maven-release-v2.yaml
+++ b/workflow-templates/maven-release-v2.yaml
@@ -99,7 +99,7 @@ jobs:
     steps:
       # This step is needed if there is a GitHub App used for authentication to bypass the protected branch rule
       - name: "Prepare app token"
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
         id: app-token
         with:
           app-id: ${{ vars.GH_BUMP_VERSION_APP_ID }}
diff --git a/workflow-templates/python-release.yaml b/workflow-templates/python-release.yaml
index a131ceb..3fc6055 100644
--- a/workflow-templates/python-release.yaml
+++ b/workflow-templates/python-release.yaml
@@ -78,7 +78,7 @@ jobs:
     steps:
       - name: "Prepare app token"
         if: ${{ vars.GH_BUMP_VERSION_APP_ID != '' }}
-        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
         id: app-token
         with:
           app-id: ${{ vars.GH_BUMP_VERSION_APP_ID }}