diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 796ff046ece..ec3f2a3812f 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -29,14 +29,14 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3.27.0
+      uses: github/codeql-action/init@v3.27.5
       with:
         languages: ${{ matrix.language }}
         debug: false
         config-file: ./.github/codeql/codeql-config.yml
 
     - name: Build JavaScript
-      uses: github/codeql-action/autobuild@v3.27.0
+      uses: github/codeql-action/autobuild@v3.27.5
       if: ${{ matrix.language  == 'javascript' }}
 
     - name: Setup go
@@ -55,4 +55,4 @@ jobs:
 
     # Perform Analysis
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3.27.0
+      uses: github/codeql-action/analyze@v3.27.5
diff --git a/.github/workflows/i18n-ci-template.yml b/.github/workflows/i18n-ci-template.yml
index ded75cd386e..e7726378d9c 100644
--- a/.github/workflows/i18n-ci-template.yml
+++ b/.github/workflows/i18n-ci-template.yml
@@ -15,7 +15,7 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@c3a1bb2c992d77180ae65be6ae6c166cf40f857c # v45.0.3
+        uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45.0.4
         with:
           files: |
             server/i18n/*.json
diff --git a/.github/workflows/mmctl-test-template.yml b/.github/workflows/mmctl-test-template.yml
index 697eaba9fd3..a0eed0b7c1d 100644
--- a/.github/workflows/mmctl-test-template.yml
+++ b/.github/workflows/mmctl-test-template.yml
@@ -81,7 +81,7 @@ jobs:
             server/gotestsum.json
             server/report.xml
       - name: Publish Test Report
-        uses: mikepenz/action-junit-report@db71d41eb79864e25ab0337e395c352e84523afe # v4.3.1
+        uses: mikepenz/action-junit-report@a427a90771729d8f85b6ab0cdaa1a5929cab985d # v5.0.0
         if: success() || failure() # always run even if the previous step fails
         with:
           report_paths: server/report.xml
diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 01a32f1560d..a6f447ecdff 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -56,6 +56,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@3aa71356c75a8edd8430d54dff2982203a28be45 # v2.27.0
+        uses: github/codeql-action/upload-sarif@3d3d628990a5f99229dd9fa1821cc5a4f31b613b # v2.27.0
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/server-test-template.yml b/.github/workflows/server-test-template.yml
index 3deb3f7d721..98f687bd0e9 100644
--- a/.github/workflows/server-test-template.yml
+++ b/.github/workflows/server-test-template.yml
@@ -74,7 +74,7 @@ jobs:
             server/report.xml
       - name: Publish test report
         id: report
-        uses: mikepenz/action-junit-report@db71d41eb79864e25ab0337e395c352e84523afe # v3.7.7 + count retries + check urls from https://github.com/lieut-data/action-junit-report
+        uses: mikepenz/action-junit-report@a427a90771729d8f85b6ab0cdaa1a5929cab985d # v3.7.7 + count retries + check urls from https://github.com/lieut-data/action-junit-report
         if: success() || failure() # always run even if the previous step fails
         with:
           report_paths: server/report.xml