diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index b70029c..4b76014 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -19,7 +19,7 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.2
         with:
           # We must fetch at least the immediate parents so that if this is
           # a pull request then we can checkout the head.
@@ -30,14 +30,14 @@ jobs:
         if: ${{ github.event_name == 'pull_request' }}
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3.29.3
+        uses: github/codeql-action/init@v4.32.0
         # Override language selection by uncommenting this and choosing your languages
         with:
           languages: go
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3.29.3
+        uses: github/codeql-action/autobuild@v4.32.0
       #- run: |
       #   make bootstrap
       #   make release
@@ -48,4 +48,4 @@ jobs:
         # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
         #    and modify them (or add more) to build your code if your project
         #    uses a compiled language
-        uses: github/codeql-action/analyze@v3.29.3
+        uses: github/codeql-action/analyze@v4.32.0
diff --git a/.github/workflows/go.yaml b/.github/workflows/go.yaml
index 7e9d4d5..b16a6a5 100644
--- a/.github/workflows/go.yaml
+++ b/.github/workflows/go.yaml
@@ -21,17 +21,17 @@ jobs:
     steps:
       # https://github.com/actions/setup-go
       - name: Set up Go
-        uses: actions/setup-go@v5.5.0
+        uses: actions/setup-go@v6.2.0
         with:
           cache: false
           go-version: 1.25.1
         id: go
       - name: Check out code into the Go module directory
-        uses: actions/checkout@v4.2.2
+        uses: actions/checkout@v6.0.2
         with:
           fetch-depth: 0
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v8.0.0
+        uses: golangci/golangci-lint-action@v9.2.0
         with:
           # Required: the version of golangci-lint is required
           # and must be specified without patch version:
@@ -39,7 +39,7 @@ jobs:
           version: v2.4.0
           install-mode: "binary"
       - name: Install GoReleaser
-        uses: goreleaser/goreleaser-action@v6.3.0
+        uses: goreleaser/goreleaser-action@v6.4.0
         with:
           install-only: true
       - name: Show GoReleaser version
@@ -60,7 +60,7 @@ jobs:
         if: ${{ github.event_name == 'schedule' }}
       # Codecov should only be updated if make test is executed
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v5.4.3
+        uses: codecov/codecov-action@v5.5.2
         if: ${{ github.event_name == 'schedule' }}
     # Manage and run your integration tests with efficiency
     # https://github.com/ovh/venom
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index cd9aede..3bc010e 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -13,7 +13,7 @@ jobs:
       contents: write
       pull-requests: write
     steps:
-      - uses: release-drafter/release-drafter@v6.1.0
+      - uses: release-drafter/release-drafter@v6.2.0
         with:
           config-name: release-drafter.yaml
         env:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index b7b27c6..9e106aa 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -16,37 +16,37 @@ jobs:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
       DOCKER_BUILDKIT: 1
     steps:
-      - uses: actions/checkout@v4.2.2
+      - uses: actions/checkout@v6.0.2
         with:
           fetch-depth: 0
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3.6.0
+        uses: docker/setup-qemu-action@v3.7.0
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3.11.1
+        uses: docker/setup-buildx-action@v3.12.0
       # https://github.com/actions/setup-go
       - name: Set up Go
-        uses: actions/setup-go@v5.5.0
+        uses: actions/setup-go@v6.2.0
         with:
           cache: false
           go-version: 1.25.1
         id: go
       - name: Install GoReleaser
-        uses: goreleaser/goreleaser-action@v6.3.0
+        uses: goreleaser/goreleaser-action@v6.4.0
         with:
           install-only: true
       - name: Show GoReleaser version
         run: goreleaser --version
       - name: Install Cosign
-        uses: sigstore/cosign-installer@v3.9.2
+        uses: sigstore/cosign-installer@v4.0.0
       - name: Install Syft
-        uses: anchore/sbom-action/download-syft@v0.20.4
+        uses: anchore/sbom-action/download-syft@v0.22.1
       - name: Login to DockerHub
-        uses: docker/login-action@v3.4.0
+        uses: docker/login-action@v3.6.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
       - name: Login to GitHub Docker Registry
-        uses: docker/login-action@v3.4.0
+        uses: docker/login-action@v3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}