diff --git a/.github/workflows/ci-docs.yml b/.github/workflows/ci-docs.yml
index 798f4fcbf..8603be084 100644
--- a/.github/workflows/ci-docs.yml
+++ b/.github/workflows/ci-docs.yml
@@ -48,7 +48,7 @@ jobs:
           echo '</coverage>' >> coverage.xml
         if: matrix.python-version == 3.12
       - name: Upload mock coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v6
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           # Allow coverage upload failure
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c30d1b58b..6bab958c0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -78,7 +78,7 @@ jobs:
           git config --system --add safe.directory $(pwd)
           tox
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@v6
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           fail_ci_if_error: true
diff --git a/.github/workflows/docker-ci-publish.yml b/.github/workflows/docker-ci-publish.yml
index f86236802..645e02e4b 100644
--- a/.github/workflows/docker-ci-publish.yml
+++ b/.github/workflows/docker-ci-publish.yml
@@ -35,12 +35,12 @@ jobs:
         uses: actions/checkout@v6
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@v4.1.0
+        uses: sigstore/cosign-installer@v4.1.1
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v4.0.0
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v4.0.0
+        uses: docker/login-action@v4.1.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
diff --git a/.github/workflows/docker-docs-publish.yml b/.github/workflows/docker-docs-publish.yml
index 42008e998..2e081f76a 100644
--- a/.github/workflows/docker-docs-publish.yml
+++ b/.github/workflows/docker-docs-publish.yml
@@ -35,12 +35,12 @@ jobs:
         uses: actions/checkout@v6
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@v4.1.0
+        uses: sigstore/cosign-installer@v4.1.1
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v4.0.0
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v4.0.0
+        uses: docker/login-action@v4.1.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 7c1ebbdb0..82217d391 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -35,12 +35,12 @@ jobs:
         uses: actions/checkout@v6
       - name: Install cosign
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@v4.1.0
+        uses: sigstore/cosign-installer@v4.1.1
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v4.0.0
       - name: Log into registry ${{ env.REGISTRY }}
         if: github.event_name != 'pull_request'
-        uses: docker/login-action@v4.0.0
+        uses: docker/login-action@v4.1.0
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}