diff --git a/.github/actions/test_artifacts/action.yml b/.github/actions/test_artifacts/action.yml
index eb4313de81..04b617579c 100644
--- a/.github/actions/test_artifacts/action.yml
+++ b/.github/actions/test_artifacts/action.yml
@@ -4,7 +4,7 @@ runs:
   using: "composite"
   steps:
     - name: Collect matrix properties for naming
-      uses: actions/github-script@v8
+      uses: actions/github-script@v9
       id: matrix-props
       env:
         MATRIX_PROPS: ${{ toJSON(matrix) }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c2a9003a19..1f5f65430f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -435,7 +435,7 @@ jobs:
           echo "SODIUM_DIR=${SODIUM_DIR}" >> $GITHUB_ENV
           echo "GETTEXT_PATH=D:\gettext${{ matrix.arch == 'x64' && '64' || '32' }}" >> $GITHUB_ENV
 
-      - uses: msys2/setup-msys2@v2
+      - uses: msys2/setup-msys2@v2.31.0
         if: matrix.toolchain == 'mingw'
         with:
           update: true
@@ -459,7 +459,7 @@ jobs:
           echo %GETTEXT64_URL%>> urls.txt
 
       - name: Cache downloaded files
-        uses: actions/cache@v5
+        uses: actions/cache@v5.0.4
         with:
           path: downloads
           key: ${{ runner.os }}-${{ matrix.arch }}-${{ hashFiles('urls.txt') }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 3364adf340..ed78c8ff2c 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -48,7 +48,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v4
+      uses: github/codeql-action/init@v4.35.1
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -59,7 +59,7 @@ jobs:
     # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v4
+      uses: github/codeql-action/autobuild@v4.35.1
 
     # ℹ️ Command-line programs to run using the OS shell.
     # 📚 https://git.io/JvXDl
@@ -73,4 +73,4 @@ jobs:
     #   make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v4
+      uses: github/codeql-action/analyze@v4.35.1