diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 5cce146ac7..d843a56e2f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -25,6 +25,6 @@ jobs:
       - name: ⤵️ Check out code from GitHub
         uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
       - name: 🏗 Initialize CodeQL
-        uses: github/codeql-action/init@c7f9125735019aa87cfc361530512d50ea439c71 # v3
+        uses: github/codeql-action/init@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3
       - name: 🚀 Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@c7f9125735019aa87cfc361530512d50ea439c71 # v3
+        uses: github/codeql-action/analyze@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3
diff --git a/.github/workflows/nextjs_bundle_analysis.yml b/.github/workflows/nextjs_bundle_analysis.yml
index c48ddd0eb2..fb778f3f73 100644
--- a/.github/workflows/nextjs_bundle_analysis.yml
+++ b/.github/workflows/nextjs_bundle_analysis.yml
@@ -75,7 +75,7 @@ jobs:
         run: npx -p nextjs-bundle-analysis report
 
       - name: Upload bundle
-        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4
         with:
           name: bundle
           path: /home/runner/work/InReach/InReach/apps/app/.next/analyze/__bundle_analysis.json
diff --git a/.github/workflows/njsscan.yml b/.github/workflows/njsscan.yml
index 39c9802716..e50e58b911 100644
--- a/.github/workflows/njsscan.yml
+++ b/.github/workflows/njsscan.yml
@@ -37,6 +37,6 @@ jobs:
         with:
           args: '. --sarif --output results.sarif || true'
       - name: Upload njsscan report
-        uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3
+        uses: github/codeql-action/upload-sarif@8f596b4ae3cb3c588a5c46780b86dd53fef16c52 # v3
         with:
           sarif_file: results.sarif