diff --git a/.github/workflows/ci-actions.yaml b/.github/workflows/ci-actions.yaml
index 540d4cd..6bc5888 100644
--- a/.github/workflows/ci-actions.yaml
+++ b/.github/workflows/ci-actions.yaml
@@ -24,7 +24,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
@@ -37,7 +37,7 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+        uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
         with:
           sarif_file: results.sarif
           category: zizmor
diff --git a/.github/workflows/ci-chart.yaml b/.github/workflows/ci-chart.yaml
index 0aadbbf..a1457fe 100644
--- a/.github/workflows/ci-chart.yaml
+++ b/.github/workflows/ci-chart.yaml
@@ -22,7 +22,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
           persist-credentials: false
@@ -33,7 +33,7 @@ jobs:
           version: v3.14.4
 
       - name: Set up python
-        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: '3.x'
           check-latest: true
diff --git a/.github/workflows/ci-code.yaml b/.github/workflows/ci-code.yaml
index c6a111a..f60df5f 100644
--- a/.github/workflows/ci-code.yaml
+++ b/.github/workflows/ci-code.yaml
@@ -23,7 +23,7 @@ jobs:
         egress-policy: audit
 
     - name: checkout repository
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.2.0
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.0
       with:
         submodules: recursive
         persist-credentials: false
@@ -47,7 +47,7 @@ jobs:
         egress-policy: audit
 
     - name: checkout repository
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.2.0
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.0
       with:
         submodules: recursive
         persist-credentials: false
@@ -70,7 +70,7 @@ jobs:
         egress-policy: audit
 
     - name: checkout repository
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.2.0
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.0
       with:
         submodules: recursive
         persist-credentials: false
@@ -95,7 +95,7 @@ jobs:
         egress-policy: audit
 
     - name: checkout repository
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.2.0
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.0
       with:
         submodules: recursive
         persist-credentials: false
@@ -125,7 +125,7 @@ jobs:
         egress-policy: audit
 
     - name: checkout repository
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.2.0
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.0
       with:
         submodules: recursive
         persist-credentials: false
@@ -154,7 +154,7 @@ jobs:
         egress-policy: audit
 
     - name: checkout repository
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.2.0
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.0
       with:
         submodules: recursive
         persist-credentials: false
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 45f75d3..a9b9328 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -30,7 +30,7 @@ jobs:
           egress-policy: audit
 
       - name: 'Checkout repository'
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.2.0
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4.2.0
         with:
           submodules: recursive
           persist-credentials: false
@@ -41,7 +41,7 @@ jobs:
           cache-binary: false
 
       - name: 'Login to ghcr'
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
         with:
           registry: ghcr.io
           username: '${{ github.actor }}'
@@ -110,7 +110,7 @@ jobs:
           egress-policy: audit
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v4
         with:
           submodules: recursive
           persist-credentials: false