diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 861ca6a..8775feb 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -7,13 +7,13 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
-    - uses: actions/checkout@v2
-    - uses: actions/setup-node@v2
+    - uses: actions/checkout@v3
+    - uses: actions/setup-node@v3
       with:
-        node-version: '14.x'
+        node-version: '18.x'
         registry-url: 'https://npm.pkg.github.com'
     - name: Install
       # Skip post-install to avoid malicious scripts stealing PAT
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index f794d77..2fbae39 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -10,7 +10,7 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     services:
       mongodb:
         image: mongo:4.4
@@ -18,14 +18,14 @@ jobs:
         - 27017:27017
     timeout-minutes: 10
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
       with:
         # Use PAT instead of default Github token, because the default
         # token deliberately will not trigger another workflow run
         token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-    - uses: actions/setup-node@v2
+    - uses: actions/setup-node@v3
       with:
-        node-version: '14.x'
+        node-version: '18.x'
         registry-url: 'https://npm.pkg.github.com'
     - name: Install
       # Skip post-install to avoid malicious scripts stealing PAT