diff --git a/.github/workflows/part_docs.yml b/.github/workflows/part_docs.yml
index 8ec35f6..7ba39a0 100644
--- a/.github/workflows/part_docs.yml
+++ b/.github/workflows/part_docs.yml
@@ -54,7 +54,7 @@ jobs:
           tar -czvf docs.tar.gz doc
       
       - name: "Attest docs provenance"
-        uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1
+        uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
         id: attest-docs-provenance
         if: "${{ github.event.inputs.attest }}"
         with:
diff --git a/.github/workflows/part_test.yml b/.github/workflows/part_test.yml
index 8cba43c..eb83d44 100644
--- a/.github/workflows/part_test.yml
+++ b/.github/workflows/part_test.yml
@@ -401,7 +401,7 @@ jobs:
       - run: mix deps.compile
       - run: mix credo --format sarif > results.sarif
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
+        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
         with:
           sarif_file: results.sarif
           category: credo
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 3cde913..3a8a92d 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -76,6 +76,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
+        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
         with:
           sarif_file: results.sarif