diff --git a/.github/workflows/aws_integration_test.yml b/.github/workflows/aws_integration_test.yml
index 04345dab5..9eb4906b4 100644
--- a/.github/workflows/aws_integration_test.yml
+++ b/.github/workflows/aws_integration_test.yml
@@ -31,7 +31,7 @@ jobs:
 
     steps:
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
+        uses: aws-actions/configure-aws-credentials@d979d5b3a71173a29b74b5b88418bfda9437d885 # v6.1.1
         with:
           role-to-assume: ${{ vars.AWS_IAMROLE_GITHUB_CI }}
           aws-region: ${{ env.AWS_REGION }}
@@ -44,7 +44,7 @@ jobs:
       ## Authenticate with ECR to push the conformance and hammer images.
       - name: Login to Amazon ECR
         id: login-ecr
-        uses: aws-actions/amazon-ecr-login@19d944daaa35f0fa1d3f7f8af1d3f2e5de25c5b7 # v2.1.4
+        uses: aws-actions/amazon-ecr-login@fa648b43de3d4d023bcb3f89ed6940096949c419 # v2.1.5
 
       ## Build the conformance image and push it to ECR. This will be used
       ## later on by Terragrunt.
diff --git a/.github/workflows/benchmark-go-main.yml b/.github/workflows/benchmark-go-main.yml
index 64032195c..181abf480 100644
--- a/.github/workflows/benchmark-go-main.yml
+++ b/.github/workflows/benchmark-go-main.yml
@@ -33,7 +33,7 @@ jobs:
         run: set -o pipefail; go test ./... -benchmem -run=^$ -bench . | tee output.txt
 
       - name: Store benchmark result
-        uses: benchmark-action/github-action-benchmark@a60cea5bc7b49e15c1f58f411161f99e0df48372 # v1.22.0
+        uses: benchmark-action/github-action-benchmark@52576c92bccf6ac60c8223ec7eb2565637cae9ba # v1.22.1
         with:
           tool: 'go'
           output-file-path: output.txt
diff --git a/.github/workflows/benchmark-go-pr.yml b/.github/workflows/benchmark-go-pr.yml
index 1fc4712fe..b4794a5c9 100644
--- a/.github/workflows/benchmark-go-pr.yml
+++ b/.github/workflows/benchmark-go-pr.yml
@@ -31,7 +31,7 @@ jobs:
         run: set -o pipefail; go test ./... -benchmem -run=^$ -bench . | tee output.txt
 
       - name: Store benchmark result
-        uses: benchmark-action/github-action-benchmark@a60cea5bc7b49e15c1f58f411161f99e0df48372 # v1.22.0
+        uses: benchmark-action/github-action-benchmark@52576c92bccf6ac60c8223ec7eb2565637cae9ba # v1.22.1
         with:
           tool: 'go'
           output-file-path: output.txt
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index f2b134a9e..f7b7477f8 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -64,7 +64,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
+      uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
@@ -92,6 +92,6 @@ jobs:
         exit 1
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
+      uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
       with:
         category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 30b70a50b..53a2ba014 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -67,6 +67,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
+        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4.35.4
         with:
           sarif_file: results.sarif