diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ec2c82b..2ca9d22 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -78,7 +78,7 @@ jobs:
           TESTING: true
         run: pytest --cov=. --cov-report=xml --cov-report=term-missing -v --cov-fail-under=30 tests/
       - name: Upload coverage reports to Codecov
-        uses: codecov/codecov-action@968872560f81e7bdde9272853e65f2507c0eca7c # v5.0.0
+        uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
 
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index 109a99e..ef7adff 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -23,6 +23,6 @@ jobs:
       - name: Run Semgrep
         run: semgrep --config p/python --config p/secrets --sarif --output results.sarif .
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.5
+        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
         with:
           sarif_file: results.sarif