diff --git a/.github/workflows/cd-staging.yaml b/.github/workflows/cd-staging.yaml
index 39d2a14..85b6c36 100644
--- a/.github/workflows/cd-staging.yaml
+++ b/.github/workflows/cd-staging.yaml
@@ -41,7 +41,7 @@ jobs:
       # instead of PAT, github_app_id and github_app_pem_file are used by this workflow because
       # we have tag-based ruleset in place to restrict ACTOR from bypassing tag protection.
       id: generate-token
-      uses: actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e # v2.0.6
+      uses: actions/create-github-app-token@0f859bf9e69e887678d5bbfbee594437cb440ffe # v2.1.0
       with:
         app-id: ${{ secrets.SECRET_GITHUB_APP_ID }}
         private-key: ${{ secrets.SECRET_GITHUB_APP_PEM_FILE }}
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 394751d..1ede3ce 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -89,7 +89,7 @@ jobs:
     - name: Download distributions
       if: ${{ github.event.repository.language == 'Python' }}
       id: artifact-download
-      uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 #v4.3.0
+      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 #v5.0.0
       with:
         artifact-ids: "${{ needs.build-test.outputs.ARTIFACT_ID }}"
         run-id: "${{ needs.build-test.outputs.WORKFLOW_RUN_ID }}"
diff --git a/.github/workflows/reusable-codeql.yaml b/.github/workflows/reusable-codeql.yaml
index 66e3b22..8b05829 100644
--- a/.github/workflows/reusable-codeql.yaml
+++ b/.github/workflows/reusable-codeql.yaml
@@ -34,13 +34,13 @@ jobs:
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5
       with:
         languages: ${{ matrix.language }}
         queries: security-and-quality
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@51f77329afa6477de8c49fc9c7046c15b9a4e79d # v3.29.5
+      uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5
       with:
         output: codeql-results/
 
diff --git a/.github/workflows/reusable-pre-commit.yaml b/.github/workflows/reusable-pre-commit.yaml
index 0f4ed19..bf1282c 100644
--- a/.github/workflows/reusable-pre-commit.yaml
+++ b/.github/workflows/reusable-pre-commit.yaml
@@ -68,7 +68,7 @@ jobs:
 
     - name: Run Checkov Github Action
       id: checkov
-      uses: bridgecrewio/checkov-action@c903af70b3b45a75049af3b64f5e15db11ea76de # v12.3046.0
+      uses: bridgecrewio/checkov-action@649c937994abeb41d49eb821f09f110ff721dd2e # v12.3047.0
       with:
         log_level: WARNING
         quiet: false