diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 2404ff2..6810242 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -24,7 +24,7 @@ jobs:
             raw.githubusercontent.com:443
 
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+        uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e
         with:
           fetch-depth: 0
       - name: Setup Go
@@ -34,7 +34,7 @@ jobs:
 
       # Linting
       - name: Linting
-        uses: golangci/golangci-lint-action@3d4174dbf50df14928520a1fe4462fa98338d311
+        uses: golangci/golangci-lint-action@79a180da271f498717dcd1865113bb5631f88d82
         with:
           version: latest
           args: --config=./.github/.golangci.yml ./...
@@ -59,7 +59,7 @@ jobs:
             sum.golang.org:443
 
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+        uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e
         with:
           fetch-depth: 0
       - name: Setup Go
@@ -92,7 +92,7 @@ jobs:
             storage.googleapis.com:443
 
       - name: Checkout repo
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+        uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e
         with:
           fetch-depth: 0
       - name: Setup Go
@@ -106,7 +106,7 @@ jobs:
 
       # Codecov
       - name: Codecov
-        uses: codecov/codecov-action@1f30f8b7576840249fdd6164afd42b97cb1af0ab
+        uses: codecov/codecov-action@882f2c9a95f3d007a840ebb32a161b4187e5f8ee
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
         with:
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index d8d751b..583e5ff 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,16 +31,16 @@ jobs:
             api.github.com:443 github.com:443 objects.githubusercontent.com:443 proxy.golang.org:443 storage.googleapis.com:443 sum.golang.org:443 uploads.github.com:443
 
       - name: Checkout repository
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+        uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@ea2cd92c21b192add69983116b8b3222b09da33b
+        uses: github/codeql-action/init@af56b044b5d41c317aef5d19920b3183cb4fbbec
         with:
           languages: go
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@ea2cd92c21b192add69983116b8b3222b09da33b
+        uses: github/codeql-action/autobuild@af56b044b5d41c317aef5d19920b3183cb4fbbec
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@ea2cd92c21b192add69983116b8b3222b09da33b
+        uses: github/codeql-action/analyze@af56b044b5d41c317aef5d19920b3183cb4fbbec
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 218e9c4..058acfa 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -38,7 +38,7 @@ jobs:
             www.bestpractices.dev:443
 
       - name: "Checkout code"
-        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871
+        uses: actions/checkout@163217dfcd28294438ea1c1c149cfaf66eec283e
         with:
           persist-credentials: false
 
@@ -69,6 +69,6 @@ jobs:
 
       # required for Code scanning alerts
       - name: "Upload SARIF results to code scanning"
-        uses: github/codeql-action/upload-sarif@ea2cd92c21b192add69983116b8b3222b09da33b
+        uses: github/codeql-action/upload-sarif@af56b044b5d41c317aef5d19920b3183cb4fbbec
         with:
           sarif_file: results.sarif