diff --git a/.github/workflows/bump-version.yml b/.github/workflows/bump-version.yml
index e56ee946e..679216e7d 100644
--- a/.github/workflows/bump-version.yml
+++ b/.github/workflows/bump-version.yml
@@ -75,7 +75,7 @@ jobs:
           echo "new_version=${NEW_VERSION}"
           echo "NEW_VERSION=${NEW_VERSION}" >> $GITHUB_ENV
       - name: Push Changes
-        uses: ad-m/github-push-action@v0.8.0
+        uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df
         with:
           force: false
           github_token: ${{ secrets.BUMP_VERSION_TOKEN }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 6b1097b66..7de9ab54a 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -52,10 +52,10 @@ jobs:
         uses: actions/checkout@v4.1.1
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@codeql-bundle-20230524
+        uses: github/codeql-action/init@1245696032ecf7d39f87d54daa406e22ddf769a8
         with:
           languages: ${{ matrix.language }}
       - name: Autobuild
-        uses: github/codeql-action/autobuild@codeql-bundle-20230524
+        uses: github/codeql-action/autobuild@1245696032ecf7d39f87d54daa406e22ddf769a8
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@codeql-bundle-20230524
+        uses: github/codeql-action/analyze@1245696032ecf7d39f87d54daa406e22ddf769a8
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 368b283c9..ba457fc32 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -28,4 +28,4 @@ jobs:
         uses: actions/checkout@v4.1.1
 
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v3.1.4
+        uses: actions/dependency-review-action@c74b580d73376b7750d3d2a50bfb8adc2c937507
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 2f02236e9..f8714314d 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -32,12 +32,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736
         with:
           results_file: results.sarif
           results_format: sarif
@@ -59,7 +59,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595
         with:
           name: SARIF file
           path: results.sarif
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/upload-sarif@1245696032ecf7d39f87d54daa406e22ddf769a8
         with:
           sarif_file: results.sarif