diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index ae0977454..e934d4b19 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -38,7 +38,7 @@ jobs:
         run: touch demo-app/local.properties
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
         with:
           languages: java, actions
           # using "linked" helps to keep up with the latest Kotlin support
@@ -53,7 +53,7 @@ jobs:
         run: ./gradlew assemble --no-build-cache --no-daemon
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
 
       - name: Enable KVM for Android tests
         run: |
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index 886c27e3e..dae42b4b8 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -42,6 +42,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
         with:
           sarif_file: results.sarif
diff --git a/demo-app/gradle/libs.versions.toml b/demo-app/gradle/libs.versions.toml
index 9d1a8a1dd..668e54d22 100644
--- a/demo-app/gradle/libs.versions.toml
+++ b/demo-app/gradle/libs.versions.toml
@@ -10,7 +10,7 @@ navigation-compose = "2.7.7"
 androidx-appcompat = "androidx.appcompat:appcompat:1.7.0"
 opentelemetry-exporter-otlp = { module = "io.opentelemetry:opentelemetry-exporter-otlp", version.ref = "opentelemetry" }
 opentelemetry-api-incubator = { module = "io.opentelemetry:opentelemetry-api-incubator", version.ref = "opentelemetry-alpha" }
-gson = "com.google.code.gson:gson:2.13.0"
+gson = "com.google.code.gson:gson:2.13.1"
 
 #Test tools
 androidx-junit = "androidx.test.ext:junit:1.2.1"
@@ -24,7 +24,7 @@ desugarJdkLibs = "com.android.tools:desugar_jdk_libs:2.1.5"
 # demo-app
 androidx-core-ktx = "androidx.core:core-ktx:1.16.0"
 androidx-lifecycle-runtime-ktx = "androidx.lifecycle:lifecycle-runtime-ktx:2.8.7"
-androidx-compose-bom = "androidx.compose:compose-bom:2025.04.00"
+androidx-compose-bom = "androidx.compose:compose-bom:2025.04.01"
 androidx-activity-compose = "androidx.activity:activity-compose:1.10.1"
 androidx-ui = { group = "androidx.compose.ui", name = "ui" }
 androidx-ui-graphics = { group = "androidx.compose.ui", name = "ui-graphics" }