diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml
index ef2afb0..23a302e 100644
--- a/.github/workflows/cd.yaml
+++ b/.github/workflows/cd.yaml
@@ -39,13 +39,13 @@ jobs:
       # we have tag-based ruleset in place to restrict ACTOR from bypassing tag protection
       # not for private repo but it is here for consistency reason.
       id: generate-token
-      uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
+      uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
       with:
         app-id: ${{ secrets.SECRET_GITHUB_APP_ID }}
         private-key: ${{ secrets.SECRET_GITHUB_APP_PEM_FILE }}
 
     - name: Checkout source code
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       with:
         token: ${{ steps.generate-token.outputs.token }}
 
@@ -96,7 +96,7 @@ jobs:
         fi
 
     - name: Post message to Slack
-      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+      uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
       with:
         method: chat.postMessage
         token: "${{ secrets.SECRET_SLACK_APP_GITHUB_BOT }}"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index f03badb..db9d0e5 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -65,7 +65,7 @@ jobs:
     steps:
 
     - name: Checkout source code
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
     - id: set-release-branch
       shell: bash
@@ -86,7 +86,7 @@ jobs:
     - name: Download distributions
       if: ${{ github.event.repository.language == 'Python' }}
       id: artifact-download
-      uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 #v7.0.0
+      uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c #v8.0.1
       with:
         artifact-ids: "${{ needs.build-test.outputs.ARTIFACT_ID }}"
         run-id: "${{ needs.build-test.outputs.WORKFLOW_RUN_ID }}"
@@ -151,7 +151,7 @@ jobs:
         fi
 
     - name: Post message to Slack
-      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+      uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
       with:
         method: chat.postMessage
         token: "${{ secrets.SECRET_SLACK_APP_GITHUB_BOT }}"
diff --git a/.github/workflows/cron-tasks.yaml b/.github/workflows/cron-tasks.yaml
index c121f1d..cfd0bc0 100644
--- a/.github/workflows/cron-tasks.yaml
+++ b/.github/workflows/cron-tasks.yaml
@@ -68,7 +68,7 @@ jobs:
     steps:
     - name: Run stale-issues-prs
       id: stale-issues-prs
-      uses: actions/stale@997185467fa4f803885201cee163a9f38240193d # v10.1.1
+      uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
       with:
         stale-issue-message: 'This issue is stale because it has been open 5 days with no activity. Remove stale label or comment or this will be closed in 3 days after stale'
         days-before-stale: 5
@@ -135,7 +135,7 @@ jobs:
         fi
 
     - name: Post message to Slack
-      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+      uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
       with:
         method: chat.postMessage
         token: "${{ secrets.SECRET_SLACK_APP_GITHUB_BOT }}"
diff --git a/.github/workflows/reusable-build-test.yaml b/.github/workflows/reusable-build-test.yaml
index 3bc602a..569ea57 100644
--- a/.github/workflows/reusable-build-test.yaml
+++ b/.github/workflows/reusable-build-test.yaml
@@ -38,10 +38,10 @@ jobs:
     steps:
 
     - name: Checkout source code
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
     - name: Setup Python ${{ env.PYTHON_VERSION }}
-      uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
       with:
         python-version: ${{ env.PYTHON_VERSION }}
 
diff --git a/.github/workflows/reusable-codeql.yaml b/.github/workflows/reusable-codeql.yaml
index 1eceb5e..bc84fd4 100644
--- a/.github/workflows/reusable-codeql.yaml
+++ b/.github/workflows/reusable-codeql.yaml
@@ -34,22 +34,22 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+      uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
       with:
         languages: ${{ matrix.language }}
         queries: security-and-quality
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
+      uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
       with:
         output: codeql-results/
 
     - name: Upload codeql-${{ matrix.language }}
       id: upload-artifacts
-      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f #v6.0.0
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f #v7.0.0
       with:
         name: codeql-${{ matrix.language }}
         path: codeql-results/
diff --git a/.github/workflows/reusable-dependency-review.yaml b/.github/workflows/reusable-dependency-review.yaml
index b51e065..5f4d172 100644
--- a/.github/workflows/reusable-dependency-review.yaml
+++ b/.github/workflows/reusable-dependency-review.yaml
@@ -14,10 +14,10 @@ jobs:
     steps:
 
     - name: Checkout source code
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
     - name: Pull Request Dependency Review
-      uses: actions/dependency-review-action@3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261 # 4.8.2
+      uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # 4.9.0
       with:
         license-check: false
         vulnerability-check: true
diff --git a/.github/workflows/reusable-pre-commit.yaml b/.github/workflows/reusable-pre-commit.yaml
index 6395fe6..49c5a0f 100644
--- a/.github/workflows/reusable-pre-commit.yaml
+++ b/.github/workflows/reusable-pre-commit.yaml
@@ -20,10 +20,10 @@ jobs:
     steps:
 
     - name: Checkout source code
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
     - name: Setup Python
-      uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+      uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
       with:
         python-version: ${{ env.PYTHON_VERSION }}
 
@@ -42,11 +42,11 @@ jobs:
     steps:
 
     - name: Checkout source code
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
     - name: Run Checkov Github Action
       id: checkov
-      uses: bridgecrewio/checkov-action@8f61ce5b8a3afb4ca94d236b75201878ded6d2cd # v12.3077.0
+      uses: bridgecrewio/checkov-action@0ce65fae06c148e349f955c3c35ad049c11e838c # v12.3092.0
       with:
         log_level: WARNING
         quiet: false
diff --git a/.github/workflows/sidecar-pr-target.yaml b/.github/workflows/sidecar-pr-target.yaml
index 6fc8c35..a371cb0 100644
--- a/.github/workflows/sidecar-pr-target.yaml
+++ b/.github/workflows/sidecar-pr-target.yaml
@@ -19,7 +19,7 @@ jobs:
 
     steps:
     - name: Checkout source code
-      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       with:
         repository: ${{ github.repository }}
 
@@ -37,7 +37,7 @@ jobs:
     steps:
 
     - name: Slack message on PR activities
-      uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1
+      uses: slackapi/slack-github-action@af78098f536edbc4de71162a307590698245be95 # v3.0.1
       with:
         method: chat.postMessage
         token: "${{ secrets.SECRET_SLACK_APP_GITHUB_BOT }}"
diff --git a/action.yaml b/action.yaml
index 31bb129..8cd832b 100644
--- a/action.yaml
+++ b/action.yaml
@@ -27,10 +27,10 @@ runs:
   steps:
 
   - name: Checkout source code
-    uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+    uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
   - name: Install Python
-    uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+    uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
     with:
       python-version: '3.14.x'