diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 5f92f89..43c3e22 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -97,7 +97,7 @@ jobs:
       -
         # Initializes the CodeQL tools for scanning.
         name: Initialize CodeQL
-        uses: github/codeql-action/init@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+        uses: github/codeql-action/init@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
         with:
           languages: ${{ matrix.language }}
           queries: security-and-quality     # use Canonical suite
@@ -113,7 +113,7 @@ jobs:
           ${{ inputs.codeql-build-cmd }}
       -
         name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 # v4.32.2
+        uses: github/codeql-action/analyze@9e907b5e64f6b83e7804b09294d44122997950d6 # v4.32.3
         with:
           output: codeql-results
           category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/docker-buildx-push.yml b/.github/workflows/docker-buildx-push.yml
index d3ab346..3dd6d7f 100644
--- a/.github/workflows/docker-buildx-push.yml
+++ b/.github/workflows/docker-buildx-push.yml
@@ -59,7 +59,7 @@ jobs:
           cosign-release: 'v2.2.4'
       - name: Build and push
         id: build-and-push
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2
         with:
           context: .
           file: ${{ inputs.docker_file }}