diff --git a/.github/actions/e2e/action.yaml b/.github/actions/e2e/action.yaml
index fe3797e..133e626 100644
--- a/.github/actions/e2e/action.yaml
+++ b/.github/actions/e2e/action.yaml
@@ -29,14 +29,14 @@ runs:
         GITHUB_OWNER: ${{ github.event.client_payload.github.payload.repository.owner.login || github.repository_owner }}
 
     - name: Setup Tofu
-      uses: opentofu/setup-opentofu@ae80d4ecaab946d8f5ff18397fbf6d0686c6d46a # v1.0.3
+      uses: opentofu/setup-opentofu@12f4debbf681675350b6cd1f0ff8ecfbda62027b # v1.0.4
       with:
         tofu_wrapper: false
         tofu_version: 1.6.2
 
     - name: Setup UDS
       if: always()
-      uses: defenseunicorns/uds-common/.github/actions/setup@a6fba9c0084319325d70816a3481aec0979649fa # v0.4.0
+      uses: defenseunicorns/uds-common/.github/actions/setup@e3008473beab00b12a94f9fcc7340124338d5c08 # v0.13.1
 
     - name: Validate ${{ inputs.distro }} AMI
       shell: bash -e -o pipefail {0}
diff --git a/.github/test-infra/manifests/test.yaml b/.github/test-infra/manifests/test.yaml
index 5461b0b..2205c38 100644
--- a/.github/test-infra/manifests/test.yaml
+++ b/.github/test-infra/manifests/test.yaml
@@ -13,6 +13,6 @@ metadata:
 spec:
   containers:
     - name: test-container
-      image: ghcr.io/stefanprodan/podinfo:6.6.2@sha256:4aa3b819f4cafc97d03d902ed17cbec076e2beee02d53b67ff88527124086fd9
+      image: ghcr.io/stefanprodan/podinfo:6.7.0@sha256:d2b3cd93a48acdc91327533ce28fcb3169b2d9feaf73817dc2eb68858df64edb
       command:
         - ./podinfo
diff --git a/.github/workflows/on-pr-aws.yaml b/.github/workflows/on-pr-aws.yaml
index 7ab6f28..604f382 100644
--- a/.github/workflows/on-pr-aws.yaml
+++ b/.github/workflows/on-pr-aws.yaml
@@ -25,7 +25,7 @@ jobs:
         rke2_version: ["v1.28.12+rke2r1", "v1.29.7+rke2r1", "v1.30.3+rke2r1"]
     steps:
       - name: Checkout Code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - name: Set AWS Variables
         run: |
           if [ "${{ matrix.aws_env }}" == "commercial" ]; then
@@ -45,7 +45,7 @@ jobs:
           role-duration-seconds: 21600
       - name: Setup UDS
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/setup@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
+        uses: defenseunicorns/uds-common/.github/actions/setup@e3008473beab00b12a94f9fcc7340124338d5c08 # v0.13.1
       - name: Validate ${{ matrix.base }} ${{ matrix.aws_env }} AMI
         run: uds run --no-progress validate-ami-${{ matrix.base }} --set AWS_REGION=${{ env.AWS_REGION }} --set RKE2_VERSION=${{ matrix.rke2_version }}
       - name: Build ${{ matrix.base }} ${{ matrix.aws_env }} AMI
diff --git a/.github/workflows/publish-aws.yaml b/.github/workflows/publish-aws.yaml
index 758a09b..c390c2c 100644
--- a/.github/workflows/publish-aws.yaml
+++ b/.github/workflows/publish-aws.yaml
@@ -29,7 +29,7 @@ jobs:
         rke2_version: ["v1.28.12+rke2r1", "v1.29.7+rke2r1", "v1.30.3+rke2r1"]
     steps:
       - name: Checkout Code
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - name: Set AWS Variables
         run: |
           if [ "${{ matrix.aws_env }}" == "commercial" ]; then
@@ -49,9 +49,9 @@ jobs:
           role-duration-seconds: 21600
       - name: Setup UDS
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/setup@76287d41ec5f06ecbdd0a6453877a78675aceffe # v0.11.2
+        uses: defenseunicorns/uds-common/.github/actions/setup@e3008473beab00b12a94f9fcc7340124338d5c08 # v0.13.1
       - name: Setup Tofu
-        uses: opentofu/setup-opentofu@ae80d4ecaab946d8f5ff18397fbf6d0686c6d46a # v1.0.3
+        uses: opentofu/setup-opentofu@12f4debbf681675350b6cd1f0ff8ecfbda62027b # v1.0.4
         with:
           tofu_wrapper: false
           tofu_version: 1.6.2
diff --git a/.github/workflows/test-rke2-cluster.yaml b/.github/workflows/test-rke2-cluster.yaml
index e3c2837..c21f234 100644
--- a/.github/workflows/test-rke2-cluster.yaml
+++ b/.github/workflows/test-rke2-cluster.yaml
@@ -26,7 +26,7 @@ jobs:
       test-distros: ${{ steps.parse.outputs.test-distros }}
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
@@ -40,7 +40,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
@@ -57,7 +57,7 @@ jobs:
     if: needs.parse.outputs.run-ping == 'true'
     steps:
       - name: Checkout Repo
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}
@@ -81,7 +81,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           repository: ${{ github.event.client_payload.pull_request.head.repo.full_name || github.repository }}