diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 6b0b2ef4e39..4c0255973ba 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -25,12 +25,12 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@9278e421667d5d90a2839487a482448c4ec7df4d
+        uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f
         with:
           languages: go
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@9278e421667d5d90a2839487a482448c4ec7df4d
+        uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@9278e421667d5d90a2839487a482448c4ec7df4d
+        uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 8c265e9c0f4..3621282a158 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -71,6 +71,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9278e421667d5d90a2839487a482448c4ec7df4d # v3.27.2
+        uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/unit-test.yaml b/.github/workflows/unit-test.yaml
index 36b65d4e147..3fbd11cc699 100644
--- a/.github/workflows/unit-test.yaml
+++ b/.github/workflows/unit-test.yaml
@@ -49,7 +49,7 @@ jobs:
         run: make native-test
 
       - name: Codecov Upload
-        uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
+        uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2
         with:
           flags: unittests
           file: ./cover.out