diff --git a/.github/workflows/10_workflow-sanity-checks.yml b/.github/workflows/10_workflow-sanity-checks.yml
index e5e9ab5..f67a2b4 100644
--- a/.github/workflows/10_workflow-sanity-checks.yml
+++ b/.github/workflows/10_workflow-sanity-checks.yml
@@ -13,7 +13,7 @@ jobs:
           sparse-checkout: |
             .github/
           sparse-checkout-cone-mode: false
-      - uses: reviewdog/action-actionlint@053c5cf55eed0ced1367cdc5e658df41db3a0cce # v1.59.0
+      - uses: reviewdog/action-actionlint@abd537417cf4991e1ba8e21a67b1119f4f53b8e0 # v1.64.1
         env:
           SHELLCHECK_OPTS: --exclude=SC2129
         with:
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index b724bf2..faf0b07 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -76,6 +76,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@dd196fa9ce80b6bacc74ca1c32bd5b0ba22efca7 # v3.28.3
+        uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3.28.8
         with:
           sarif_file: results.sarif