diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index e367ecc..e359628 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -20,15 +20,15 @@ jobs:
     - uses: 'hmarr/debug-action@cd1afbd7852b7ad7b1b7a9a1b03efebd3b0a1820' # v3.0.0
 
     # https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions
-    - uses: 'zgosalvez/github-actions-ensure-sha-pinned-actions@2d6823da4039243036c86d76f503c84e2ded2517' # v3.0.24
+    - uses: 'zgosalvez/github-actions-ensure-sha-pinned-actions@9e9574ef04ea69da568d6249bd69539ccc704e74' # v4.0.0
 
     # https://github.com/actions/checkout
     - name: 'checkout'
-      uses: 'actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683' # v4.2.2
+      uses: 'actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8' # v5.0.0
 
     # https://github.com/actions/setup-java
     - name: 'Set up JDK'
-      uses: 'actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00' # v4.7.1
+      uses: 'actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165' # v5.0.0
       with:
         java-version: '17'
         distribution: 'temurin'
@@ -36,7 +36,7 @@ jobs:
 
     # https://github.com/gradle/actions/tree/main/setup-gradle
     - name: 'Set up Gradle'
-      uses: 'gradle/actions/setup-gradle@06832c7b30a0129d7fb559bcc6e43d26f6374244' # v4
+      uses: 'gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2' # v4
       with:
         gradle-version: 'wrapper'
         gradle-home-cache-includes: |-
@@ -48,7 +48,7 @@ jobs:
 
     # https://github.com/gradle/actions/tree/main/dependency-submission
     - name: "Generate and submit dependency graph"
-      uses: "gradle/actions/dependency-submission@06832c7b30a0129d7fb559bcc6e43d26f6374244" # v4
+      uses: "gradle/actions/dependency-submission@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2" # v4
       env:
         DEPENDENCY_GRAPH_EXCLUDE_PROJECTS: "^:(build-logic|buildSrc|.*[Tt]test.*)"
         DEPENDENCY_GRAPH_EXCLUDE_CONFIGURATIONS: ".*[Tt]est.*Classpath"
diff --git a/.github/workflows/dependabot-auto-approve-pr.yml b/.github/workflows/dependabot-auto-approve-pr.yml
index ebe152c..d1ee079 100644
--- a/.github/workflows/dependabot-auto-approve-pr.yml
+++ b/.github/workflows/dependabot-auto-approve-pr.yml
@@ -14,7 +14,7 @@ jobs:
       # https://github.com/dependabot/fetch-metadata
       - name: Dependabot metadata
         id: dependabot-metadata
-        uses: "dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7" # v2.3.0
+        uses: "dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b" # v2.4.0
 
       - name: Automatically approve & merge Dependabot patch PRs
         if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}