diff --git a/.github/workflows/cla.yml b/.github/workflows/cla.yml
index 89f62d6d..8b9d8e39 100644
--- a/.github/workflows/cla.yml
+++ b/.github/workflows/cla.yml
@@ -2,7 +2,7 @@ name: "CLA Assistant"
 on:
   issue_comment:
     types: [created, edited]
-  pull_request_target:
+  pull_request:
     types: [opened,closed,synchronize]
 
 jobs:
@@ -33,7 +33,7 @@ jobs:
           echo "org_members=$ALL_MEMBERS" >> $GITHUB_OUTPUT
         
       - name: "CLA Assistant"
-        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
+        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request'
         uses: contributor-assistant/github-action@v2.2.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/vuln-scan.yml b/.github/workflows/vuln-scan.yml
index c39628ce..e0cc8007 100644
--- a/.github/workflows/vuln-scan.yml
+++ b/.github/workflows/vuln-scan.yml
@@ -17,7 +17,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Run vulnerability scanner
-        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 # 0.33.1
+        uses: aquasecurity/trivy-action@0.34.2
         with:
           scan-type: "repo"
           scan-ref: "./"