diff --git a/.github/actions/container_registry_login/action.yml b/.github/actions/container_registry_login/action.yml
index 6f7942331..1c0e5d50f 100644
--- a/.github/actions/container_registry_login/action.yml
+++ b/.github/actions/container_registry_login/action.yml
@@ -17,7 +17,7 @@ runs:
   steps:
     - name: Use docker for logging in
       if: runner.os != 'macOS'
-      uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
       with:
         registry: ${{ inputs.registry }}
         username: ${{ inputs.username }}
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 480f17d0c..ff70af4bf 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -44,7 +44,7 @@ jobs:
           cache: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           languages: ${{ matrix.language }}
 
@@ -63,6 +63,6 @@ jobs:
           echo "::endgroup::"
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml
index 6906b8404..b037e7af0 100644
--- a/.github/workflows/draft-release.yml
+++ b/.github/workflows/draft-release.yml
@@ -472,7 +472,7 @@ jobs:
       - name: Create release with artifacts
         id: create-release
         # GitHub endorsed release project. See: https://github.com/actions/create-release
-        uses: softprops/action-gh-release@fb2d03176f42a1f0dd433ca263f314051d3edd44 # v2.0.7
+        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
         with:
           draft: true
           generate_release_notes: true
@@ -487,7 +487,7 @@ jobs:
             terraform-module.zip
 
       - name: Create Terraform provider release with artifcats
-        uses: softprops/action-gh-release@fb2d03176f42a1f0dd433ca263f314051d3edd44 # v2.0.7
+        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
         with:
           draft: true
           generate_release_notes: false
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 0145ed124..ac48a3012 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -23,7 +23,7 @@ jobs:
           persist-credentials: false
 
       - name: Run analysis
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -37,6 +37,6 @@ jobs:
           retention-days: 5
 
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
+        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           sarif_file: results.sarif