diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 19c7946..73066d0 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -24,7 +24,7 @@ jobs:
             raw.githubusercontent.com:443
 
       - name: Checkout repo
-        uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
+        uses: actions/checkout@2d7d9f7ff5b310f983d059b68785b3c74d8b8edd
         with:
           fetch-depth: 0
       - name: Setup Go
@@ -34,7 +34,7 @@ jobs:
 
       # Linting
       - name: Linting
-        uses: golangci/golangci-lint-action@cb36b7b064e48e277c8873c559e758f67ec455b1
+        uses: golangci/golangci-lint-action@68de804037d6beb4bec814041c98865cb188f3db
         with:
           version: latest
           args: --config=./.github/.golangci.yml ./...
@@ -59,7 +59,7 @@ jobs:
             sum.golang.org:443
 
       - name: Checkout repo
-        uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
+        uses: actions/checkout@2d7d9f7ff5b310f983d059b68785b3c74d8b8edd
         with:
           fetch-depth: 0
       - name: Setup Go
@@ -92,7 +92,7 @@ jobs:
             storage.googleapis.com:443
 
       - name: Checkout repo
-        uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
+        uses: actions/checkout@2d7d9f7ff5b310f983d059b68785b3c74d8b8edd
         with:
           fetch-depth: 0
       - name: Setup Go
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index e042ec4..73d86f5 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,16 +31,16 @@ jobs:
             api.github.com:443 github.com:443 objects.githubusercontent.com:443 proxy.golang.org:443 storage.googleapis.com:443 sum.golang.org:443 uploads.github.com:443
 
       - name: Checkout repository
-        uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
+        uses: actions/checkout@2d7d9f7ff5b310f983d059b68785b3c74d8b8edd
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@821ab42c90a42d1d5cd3241930dff56a7c7dcfb2
+        uses: github/codeql-action/init@889597e41d183636b55d03e1a49c44753c626a2e
         with:
           languages: go
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@821ab42c90a42d1d5cd3241930dff56a7c7dcfb2
+        uses: github/codeql-action/autobuild@889597e41d183636b55d03e1a49c44753c626a2e
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@821ab42c90a42d1d5cd3241930dff56a7c7dcfb2
+        uses: github/codeql-action/analyze@889597e41d183636b55d03e1a49c44753c626a2e
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 7c3dd78..7cbc603 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -38,7 +38,7 @@ jobs:
             www.bestpractices.dev:443
 
       - name: "Checkout code"
-        uses: actions/checkout@9a9194f87191a7e9055e3e9b95b8cfb13023bb08
+        uses: actions/checkout@2d7d9f7ff5b310f983d059b68785b3c74d8b8edd
         with:
           persist-credentials: false
 
@@ -61,7 +61,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874
+        uses: actions/upload-artifact@b18b1d32f3f31abcdc29dee3f2484801fe7822f4
         with:
           name: SARIF file
           path: results.sarif
@@ -69,6 +69,6 @@ jobs:
 
       # required for Code scanning alerts
       - name: "Upload SARIF results to code scanning"
-        uses: github/codeql-action/upload-sarif@821ab42c90a42d1d5cd3241930dff56a7c7dcfb2
+        uses: github/codeql-action/upload-sarif@889597e41d183636b55d03e1a49c44753c626a2e
         with:
           sarif_file: results.sarif