diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
index ec3afd705..8acf23451 100644
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@@ -19,7 +19,7 @@ jobs:
         uses: step-security/harden-runner@a5ad31d6a139d249332a2605b85202e8c0b78450 # v2.19.1
         with:
           disable-sudo: true
-          egress-policy: audit
+          egress-policy: block
           allowed-endpoints: >
             api.github.com:443
             github.com:443
diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index e7f0aa31b..d192b126b 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -23,8 +23,6 @@ jobs:
           allowed-endpoints: >
             api.github.com:443
       - name: Label PR
-        uses: release-drafter/release-drafter@563bf132657a13ded0b01fcb723c5a58cdd824e2 # v7.2.1
-        with:
-          disable-releaser: github.ref != 'refs/heads/main'
+        uses: release-drafter/release-drafter/autolabeler@563bf132657a13ded0b01fcb723c5a58cdd824e2 # v7.2.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}