diff --git a/.github/workflows/part_docs.yml b/.github/workflows/part_docs.yml
index 9d02f46..809e3a8 100644
--- a/.github/workflows/part_docs.yml
+++ b/.github/workflows/part_docs.yml
@@ -54,7 +54,7 @@ jobs:
           tar -czvf docs.tar.gz doc
       
       - name: "Attest docs provenance"
-        uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
+        uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
         id: attest-docs-provenance
         if: "${{ github.event.inputs.attest }}"
         with:
diff --git a/.github/workflows/part_test.yml b/.github/workflows/part_test.yml
index 6e6fc50..9da2487 100644
--- a/.github/workflows/part_test.yml
+++ b/.github/workflows/part_test.yml
@@ -401,7 +401,7 @@ jobs:
       - run: mix deps.compile
       - run: mix credo --format sarif > results.sarif
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
         with:
           sarif_file: results.sarif
           category: credo
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 7fe1690..68ed60b 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -76,6 +76,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1
         with:
           sarif_file: results.sarif