diff --git a/.github/workflows/reusable_basic.yml b/.github/workflows/reusable_basic.yml
index 77afe6161..a6f40319c 100644
--- a/.github/workflows/reusable_basic.yml
+++ b/.github/workflows/reusable_basic.yml
@@ -185,7 +185,7 @@ jobs:
         mkdir -p ${{env.COVERAGE_DIR}}
         mv ./$COVERAGE_FILE_NAME ${{env.COVERAGE_DIR}}
 
-    - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+    - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
       if:  ${{ matrix.build_type == 'Debug' && matrix.compiler.c == 'gcc' }}
       with:
         name: ${{env.COVERAGE_NAME}}-${{matrix.os}}-shared-${{matrix.shared_library}}
diff --git a/.github/workflows/reusable_checks.yml b/.github/workflows/reusable_checks.yml
index ebfbe6112..03363fbd1 100644
--- a/.github/workflows/reusable_checks.yml
+++ b/.github/workflows/reusable_checks.yml
@@ -57,7 +57,7 @@ jobs:
         ./scripts/check_license/check_headers.sh . "Apache-2.0 WITH LLVM-exception" -v
 
     - name: Run a spell check
-      uses: crate-ci/typos@40156d6074bf731adb169cfb8234954971dbc487 # v1.37.1
+      uses: crate-ci/typos@07d900b8fa1097806b8adb6391b0d3e0ac2fdea7 # v1.39.0
       with:
         config: ./.github/workflows/.spellcheck-conf.toml
 
diff --git a/.github/workflows/reusable_codeql.yml b/.github/workflows/reusable_codeql.yml
index 6056467d0..ce2d610d8 100644
--- a/.github/workflows/reusable_codeql.yml
+++ b/.github/workflows/reusable_codeql.yml
@@ -41,7 +41,7 @@ jobs:
         python-version: "3.10"
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5
+      uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5
       with:
         languages: cpp
         trap-caching: false
@@ -108,7 +108,7 @@ jobs:
       run: cmake --build ${{env.BUILD_DIR}} --config Release -j
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5
+      uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5
 
     - name: "[Win] Prepare vcpkg cache"
       if: matrix.os == 'windows-latest' && steps.cache.outputs.cache-hit != 'true'
diff --git a/.github/workflows/reusable_coverage.yml b/.github/workflows/reusable_coverage.yml
index 910ed55ed..c5eefa827 100644
--- a/.github/workflows/reusable_coverage.yml
+++ b/.github/workflows/reusable_coverage.yml
@@ -32,7 +32,7 @@ jobs:
           sudo apt-get install -y lcov
 
       - name: Download all coverage artifacts
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           pattern: exports-coverage-*
           path: coverage
@@ -51,7 +51,7 @@ jobs:
           echo "COV_OUT=$(tail -n1 output.txt | grep -oP "lines[.]+: [\d.]+%" | cut -d ' ' -f2 | tr -d '%')" >> $GITHUB_OUTPUT
 
       - name: Upload coverage report
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: coverage_html_report
           path: coverage/coverage_report
diff --git a/.github/workflows/reusable_dax.yml b/.github/workflows/reusable_dax.yml
index 821d20b5a..577f426f0 100644
--- a/.github/workflows/reusable_dax.yml
+++ b/.github/workflows/reusable_dax.yml
@@ -142,7 +142,7 @@ jobs:
           mkdir -p ${{env.COVERAGE_DIR}}
           mv ./$COVERAGE_FILE_NAME ${{env.COVERAGE_DIR}}
 
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         if:  ${{ matrix.build_type == 'Debug' }}
         with:
           name: ${{env.COVERAGE_NAME}}-shared-${{matrix.shared_library}}
diff --git a/.github/workflows/reusable_gpu.yml b/.github/workflows/reusable_gpu.yml
index 25b509f4b..5a20bdcfa 100644
--- a/.github/workflows/reusable_gpu.yml
+++ b/.github/workflows/reusable_gpu.yml
@@ -184,7 +184,7 @@ jobs:
           mv ./$COVERAGE_FILE_NAME ${{env.COVERAGE_DIR}}
 
       - name: "[Lin] Upload coverage"
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         if: ${{ matrix.os == 'Ubuntu' }}
         with:
           name: ${{env.COVERAGE_NAME}}-shared-${{matrix.shared_library}}
diff --git a/.github/workflows/reusable_multi_numa.yml b/.github/workflows/reusable_multi_numa.yml
index ebb4705c9..708011bcb 100644
--- a/.github/workflows/reusable_multi_numa.yml
+++ b/.github/workflows/reusable_multi_numa.yml
@@ -81,7 +81,7 @@ jobs:
           mkdir -p ${{env.COVERAGE_DIR}}
           mv ./$COVERAGE_FILE_NAME ${{env.COVERAGE_DIR}}
 
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         if: ${{ matrix.build_type == 'Debug' && matrix.os == 'ubuntu-22.04' }}
         with:
           name: ${{env.COVERAGE_NAME}}-${{matrix.os}}-shared-${{matrix.shared_library}}
diff --git a/.github/workflows/reusable_proxy_lib.yml b/.github/workflows/reusable_proxy_lib.yml
index 3c9067877..9194d22c6 100644
--- a/.github/workflows/reusable_proxy_lib.yml
+++ b/.github/workflows/reusable_proxy_lib.yml
@@ -87,7 +87,7 @@ jobs:
           mkdir -p ${{env.COVERAGE_DIR}}
           mv ./$COVERAGE_FILE_NAME ${{env.COVERAGE_DIR}}
 
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         if:  ${{ matrix.build_type == 'Debug' }}
         with:
           name: ${{env.COVERAGE_NAME}}-proxy_lib_pool-${{matrix.proxy_lib_pool}}
diff --git a/.github/workflows/reusable_qemu.yml b/.github/workflows/reusable_qemu.yml
index a8e7740a1..14607a8db 100644
--- a/.github/workflows/reusable_qemu.yml
+++ b/.github/workflows/reusable_qemu.yml
@@ -149,7 +149,7 @@ jobs:
         done
         ls -al ./coverage
 
-    - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+    - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
       with:
         name: exports-coverage-qemu-${{matrix.os}}
         path: coverage
diff --git a/.github/workflows/reusable_trivy.yml b/.github/workflows/reusable_trivy.yml
index d118107ee..82bd573c7 100644
--- a/.github/workflows/reusable_trivy.yml
+++ b/.github/workflows/reusable_trivy.yml
@@ -38,6 +38,6 @@ jobs:
           cat trivy-results.sarif
 
       - name: Upload results
-        uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5
+        uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5
         with:
           sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 761d5d1a9..5d2311d51 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -41,7 +41,7 @@ jobs:
 
     # Upload the results as artifacts to the repository Actions tab.
     - name: Upload artifact
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # 4.6.2
+      uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # 5.0.0
       with:
         name: Scorecard results
         path: scorecard_results.sarif
@@ -49,6 +49,6 @@ jobs:
 
     # Upload the results to GitHub's code scanning dashboard.
     - name: Upload to code-scanning
-      uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.29.5
+      uses: github/codeql-action/upload-sarif@0499de31b99561a6d14a36a5f662c2a54f91beee # v3.29.5
       with:
         sarif_file: scorecard_results.sarif