diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index f6c9530..e8ae75c 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -96,7 +96,7 @@ jobs:
       -
         # Initializes the CodeQL tools for scanning.
         name: Initialize CodeQL
-        uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
+        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           languages: ${{ matrix.language }}
           queries: security-and-quality     # use Canonical suite
@@ -114,7 +114,7 @@ jobs:
           eval "${CODEQL_BUILD_CMD}"
       -
         name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
+        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           output: codeql-results
           category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/dependabot-auto-merge.yml b/.github/workflows/dependabot-auto-merge.yml
index da40259..796a572 100644
--- a/.github/workflows/dependabot-auto-merge.yml
+++ b/.github/workflows/dependabot-auto-merge.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0
+        uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v3.0.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
 
diff --git a/.github/workflows/docker-buildx-push.yml b/.github/workflows/docker-buildx-push.yml
index bcc5302..e6c5538 100644
--- a/.github/workflows/docker-buildx-push.yml
+++ b/.github/workflows/docker-buildx-push.yml
@@ -54,7 +54,7 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Install cosign
-        uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
+        uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
         with:
           cosign-release: 'v2.6.2'
       - name: Build and push
diff --git a/.github/workflows/goTest.yml b/.github/workflows/goTest.yml
index 3e6562c..86c480e 100644
--- a/.github/workflows/goTest.yml
+++ b/.github/workflows/goTest.yml
@@ -151,7 +151,7 @@ jobs:
           test-results: gotestsum.json
       -
         name: Codecov
-        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
         if: inputs.run-codecov && matrix.go == 'stable'
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
index 20a50ae..6f11580 100644
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -117,7 +117,7 @@ jobs:
           git config --global url.git@github.com:.insteadOf https://github.com/
       -
         name: Install cosign
-        uses: sigstore/cosign-installer@ba7bc0a3fef59531c69a25acd34668d6d3fe6f22 # v4.1.0
+        uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
         with:
           cosign-release: '${{ inputs.cosign-version }}'
       -