diff --git a/.github/workflows/docker-image-to-aws-ecr.yaml b/.github/workflows/docker-image-to-aws-ecr.yaml
index 6f8bc5c..8276c1b 100644
--- a/.github/workflows/docker-image-to-aws-ecr.yaml
+++ b/.github/workflows/docker-image-to-aws-ecr.yaml
@@ -64,7 +64,7 @@ jobs:
 
       - name: Login to Amazon ECR
         id: login-ecr
-        uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2
+        uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2
         with:
           registries: ${{ inputs.AWS_ACCOUNT_ID }}
           mask-password: "true" # see: https://github.com/aws-actions/amazon-ecr-login#docker-credentials
diff --git a/.github/workflows/ecr-publish.yaml b/.github/workflows/ecr-publish.yaml
index 68455c5..4a410b1 100644
--- a/.github/workflows/ecr-publish.yaml
+++ b/.github/workflows/ecr-publish.yaml
@@ -69,7 +69,7 @@ jobs:
 
       - name: Login to Amazon ECR
         id: login-ecr-public
-        uses: aws-actions/amazon-ecr-login@f2e9fc6c2b355c1890b65e6f6f0e2ac3e6e22f78 # v2
+        uses: aws-actions/amazon-ecr-login@376925c9d111252e87ae59691e5a442dd100ef6a # v2
         with:
           registry-type: public
 
diff --git a/.github/workflows/pre-commit-node.yaml b/.github/workflows/pre-commit-node.yaml
index 0b9b897..9a180dc 100644
--- a/.github/workflows/pre-commit-node.yaml
+++ b/.github/workflows/pre-commit-node.yaml
@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-    - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6
+    - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
       with:
         node-version: '24'
     - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 74aa926..6b01df2 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -54,7 +54,7 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ inputs.ENABLE_BANDIT || inputs.ENABLE_SAST }}
     container:
-      image: semgrep/semgrep@sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2
+      image: semgrep/semgrep@sha256:d7d67e1e0c0ed26278ab35f0be082f0afdfd7a880f4927aee86f8127fdbce617
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
       - run: semgrep scan --config auto
\ No newline at end of file