diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
index 27f22fa..a664b21 100644
--- a/.github/workflows/kics.yml
+++ b/.github/workflows/kics.yml
@@ -46,7 +46,7 @@ jobs:
 
       - name: Upload KICS SARIF
         if: env.ADVANCED_SECURITY == 'true'
-        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
+        uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
         continue-on-error: true
         with:
           sarif_file: "results-dir/results.sarif"
diff --git a/.github/workflows/test-and-release.yml b/.github/workflows/test-and-release.yml
index 2222f8e..e06e5b6 100644
--- a/.github/workflows/test-and-release.yml
+++ b/.github/workflows/test-and-release.yml
@@ -35,7 +35,7 @@ jobs:
       - name: Get changed files
         id: changes
         if: ${{ github.event_name != 'workflow_dispatch' }}
-        uses: tj-actions/changed-files@22103cc46bda19c2b464ffe86db46df6922fd323 # v47.0.5
+        uses: tj-actions/changed-files@9426d40962ed5378910ee2e21d5f8c6fcbf2dd96 # v47.0.6
 
       - name: Detect changed charts
         id: matrix
@@ -135,7 +135,7 @@ jobs:
           echo "${YQ_SHA256}  /tmp/yq" | sha256sum -c -
           sudo install -m 0755 /tmp/yq /usr/local/bin/yq
           yq --version
-      - uses: azure/setup-kubectl@776406bce94f63e41d621b960d78ee25c8b76ede # v4.0.1
+      - uses: azure/setup-kubectl@829323503d1be3d00ca8346e5391ca0b07a9ab0d # v5.1.0
 
       - name: Update Helm repositories
         run: |
@@ -226,7 +226,7 @@ jobs:
           path: charts/${{ matrix.chart }}/
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}