diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 873b16dee..92c713ea0 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -59,7 +59,7 @@ jobs:
 
       - name: Read NPM vault TOTP
         if: inputs.dry-run == false
-        uses: hashicorp/vault-action@v2.7.4
+        uses: hashicorp/vault-action@v3.0.0
         with:
           method: approle
           url: ${{ secrets.VAULT_ADDR }}
@@ -90,7 +90,7 @@ jobs:
         run: npm run ci:release
 
       - name: Read GCE vault secrets
-        uses: hashicorp/vault-action@v2.7.4
+        uses: hashicorp/vault-action@v3.0.0
         with:
           method: approle
           url: ${{ secrets.VAULT_ADDR }}
diff --git a/.github/workflows/run-test/action.yml b/.github/workflows/run-test/action.yml
index 0ad60fb4c..035e71197 100644
--- a/.github/workflows/run-test/action.yml
+++ b/.github/workflows/run-test/action.yml
@@ -34,13 +34,13 @@ inputs:
 runs:
   using: "composite"
   steps:
-    - uses: actions/setup-node@v3
+    - uses: actions/setup-node@v4
       with:
         node-version-file: '.nvmrc'
     - name: Pull and build docker infra
       run: './.ci/scripts/pull_and_build.sh'
       shell: bash
-    - uses: hashicorp/vault-action@v2.5.0
+    - uses: hashicorp/vault-action@v3.0.0
       if: |
         (inputs.mode == 'saucelabs')
         && (inputs.vault-url != null && inputs.vault-url != '')