diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
index 9bfacc4..d83d313 100644
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -59,7 +59,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: SARIF file
           path: results.sarif
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
+        uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
           sarif_file: results.sarif
diff --git a/action.yaml b/action.yaml
index 10f19ff..1b257d4 100644
--- a/action.yaml
+++ b/action.yaml
@@ -113,7 +113,7 @@ runs:
   steps:
     # This action would be much easier if only matrix steps will be supported in a composite action
     - name: "Set cache for Bats"
-      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v4
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4
       if: inputs.bats-install == 'true'
       id: bats-cache
       with:
@@ -202,7 +202,7 @@ runs:
 
     - name: "Set cache for Bats-support"
       if: inputs.support-install == 'true'
-      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v4
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4
       id: support-cache
       with:
         path: ${{ env.SUPPORT_DESTDIR }}
@@ -251,7 +251,7 @@ runs:
 
     - name: "Set cache for Bats-assert"
       if: inputs.assert-install == 'true'
-      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v4
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4
       id: assert-cache
       with:
         path: ${{ env.ASSERT_DESTDIR }}
@@ -300,7 +300,7 @@ runs:
 
     - name: "Set cache for Bats-detik"
       if: inputs.detik-install == 'true'
-      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v4
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4
       id: detik-cache
       with:
         path: ${{ env.DETIK_DESTDIR }}
@@ -348,7 +348,7 @@ runs:
 
     - name: "Set cache for Bats-file"
       if: inputs.file-install == 'true'
-      uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v4
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v4
       id: file-cache
       with:
         path: ${{ env.FILE_DESTDIR }}