diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ef1353756e..e060201d91 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -185,7 +185,7 @@ jobs:
       - name: Scan SBOM
         id: scan
         if: ${{ !inputs.dry_run }}
-        uses: anchore/scan-action@3aaf50d765cfcceafa51d322ccb790e40f6cd8c5 # v7.2.0
+        uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1
         with:
           sbom: "sbom-${{ inputs.image }}.json"
           only-fixed: true
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 23390ebe61..2e0c38aebe 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -47,7 +47,7 @@ jobs:
           go-version: stable
 
       - name: Lint Go
-        uses: golangci/golangci-lint-action@0a35821d5c230e903fcfe077583637dea1b27b47 # v9.0.0
+        uses: golangci/golangci-lint-action@e7fa5ac41e1cf5b7d48e45e42232ce7ada589601 # v9.1.0
         with:
           working-directory: ${{ matrix.directory }}
           version: v2.6.2 # renovate: datasource=github-tags depName=golangci/golangci-lint
@@ -88,7 +88,7 @@ jobs:
         uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
 
       - name: Lint Actions
-        uses: reviewdog/action-actionlint@f00ad0691526c10be4021a91b2510f0a769b14d0 # v1.68.0
+        uses: reviewdog/action-actionlint@437bbe918b0d29544cbf9e8b1d63fe6f4e7a881d # v1.69.0
         with:
           actionlint_flags: -shellcheck ""
 
diff --git a/.github/workflows/nfr.yml b/.github/workflows/nfr.yml
index ab90ec85cc..46abac6360 100644
--- a/.github/workflows/nfr.yml
+++ b/.github/workflows/nfr.yml
@@ -191,7 +191,7 @@ jobs:
           merge-multiple: true
 
       - name: Open a PR with the results
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: NFR Test Results for NGF version ${{ needs.vars.outputs.version }}
diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml
index 7ec4306eb5..b388c8b3f4 100644
--- a/.github/workflows/release-pr.yml
+++ b/.github/workflows/release-pr.yml
@@ -82,7 +82,7 @@ jobs:
           make generate-all
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: Release ${{ inputs.version }}