diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml
index b7f54e03..c81cf81b 100644
--- a/.github/workflows/main.yaml
+++ b/.github/workflows/main.yaml
@@ -41,7 +41,7 @@ jobs:
 
       - if: matrix.java == 17
         name: Upload coverage to Codecov
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
         continue-on-error: true
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml
index a588cf98..5926b3c7 100644
--- a/.github/workflows/pr-title-check.yml
+++ b/.github/workflows/pr-title-check.yml
@@ -14,7 +14,7 @@ jobs:
       pull-requests: read
     steps:
       - name: PR Conventional Commit Validation
-        uses: ytanikin/pr-conventional-commits@fda730cb152c05a849d6d84325e50c6182d9d1e9 # v1.5.1
+        uses: ytanikin/pr-conventional-commits@639145d78959c53c43112365837e3abd21ed67c1 # v1.5.2
         with:
           task_types: '["feat","fix","docs","test","refactor","ci","perf","chore","revert","release"]'
           add_label: 'false'
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 62695f2e..14dec591 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -64,7 +64,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: SARIF file
           path: results.sarif