diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml
index 108e3e2b..4081bb12 100644
--- a/.github/workflows/backport.yaml
+++ b/.github/workflows/backport.yaml
@@ -7,6 +7,6 @@ jobs:
     permissions:
       contents: write # for reading and creating branches.
       pull-requests: write # for creating pull requests against release branches.
-    uses: fluxcd/gha-workflows/.github/workflows/backport.yaml@v0.3.0
+    uses: fluxcd/gha-workflows/.github/workflows/backport.yaml@v0.4.0
     secrets:
       github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index a1371dfc..3dea59c4 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -11,7 +11,7 @@ jobs:
       contents: read # for reading the repository code.
     steps:
       - name: Test suite setup
-        uses: fluxcd/gha-workflows/.github/actions/setup-kubernetes@v0.3.0
+        uses: fluxcd/gha-workflows/.github/actions/setup-kubernetes@v0.4.0
         with:
           go-version: 1.25.x
       - name: Run tests
diff --git a/.github/workflows/cifuzz.yaml b/.github/workflows/cifuzz.yaml
index 5f979ebf..a3bb93d9 100644
--- a/.github/workflows/cifuzz.yaml
+++ b/.github/workflows/cifuzz.yaml
@@ -9,7 +9,7 @@ jobs:
       contents: read # for reading the repository code.
     steps:
       - name: Test suite setup
-        uses: fluxcd/gha-workflows/.github/actions/setup-kubernetes@v0.3.0
+        uses: fluxcd/gha-workflows/.github/actions/setup-kubernetes@v0.4.0
         with:
           go-version: 1.25.x
       - name: Smoke test Fuzzers
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ffb1c3cd..e7097010 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,7 +15,7 @@ jobs:
       contents: write # for creating the GitHub release.
       id-token: write # for creating OIDC tokens for signing.
       packages: write # for pushing and signing container images.
-    uses: fluxcd/gha-workflows/.github/workflows/controller-release.yaml@v0.3.0
+    uses: fluxcd/gha-workflows/.github/workflows/controller-release.yaml@v0.4.0
     with:
       controller: ${{ github.event.repository.name }}
       release-candidate-prefix: ${{ github.event.inputs.tag }}
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index 4d7f2b0f..ea8e992d 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -11,7 +11,7 @@ jobs:
     permissions:
       contents: read # for reading the repository code.
       security-events: write # for uploading the CodeQL analysis results.
-    uses: fluxcd/gha-workflows/.github/workflows/code-scan.yaml@v0.3.0
+    uses: fluxcd/gha-workflows/.github/workflows/code-scan.yaml@v0.4.0
     secrets:
       github-token: ${{ secrets.GITHUB_TOKEN }}
       fossa-token: ${{ secrets.FOSSA_TOKEN }}
diff --git a/.github/workflows/sync-labels.yaml b/.github/workflows/sync-labels.yaml
index cc69156a..a4635094 100644
--- a/.github/workflows/sync-labels.yaml
+++ b/.github/workflows/sync-labels.yaml
@@ -11,6 +11,6 @@ jobs:
     permissions:
       contents: read # for reading the labels file.
       issues: write # for creating and updating labels.
-    uses: fluxcd/gha-workflows/.github/workflows/labels-sync.yaml@v0.3.0
+    uses: fluxcd/gha-workflows/.github/workflows/labels-sync.yaml@v0.4.0
     secrets:
       github-token: ${{ secrets.GITHUB_TOKEN }}