diff --git a/.github/workflows/biome-lint.yml b/.github/workflows/biome-lint.yml
index 29fcb807..03448e50 100644
--- a/.github/workflows/biome-lint.yml
+++ b/.github/workflows/biome-lint.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
       # Checkout the repository so the workflow has access to the code
       - name: Checkout code
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       # Run the run-biome.sh script
       - name: Run run-biome.sh
diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
index 650a4834..6dbed8bd 100644
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@@ -37,9 +37,9 @@ jobs:
         - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
           with:
             ref: ${{ github.event.workflow_run.head_branch }}
-        - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
           with:
-            node-version: 22.21.1
+            node-version: 24.11.1
         - name: Installing packages
           run: cd performance && npm ci
         - name: Generating lighthouse reports for PR...
@@ -116,7 +116,7 @@ jobs:
                     fi
                   fi
               done
-        - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
           if: ${{ !cancelled() }}
           with:
               name: lighthouse-reports-pr
diff --git a/.github/workflows/commit-lint.yml b/.github/workflows/commit-lint.yml
index ea6bc187..909aaa1e 100644
--- a/.github/workflows/commit-lint.yml
+++ b/.github/workflows/commit-lint.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check Commit Messages
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         with:
           script: |
             const excludedBotIds = [
@@ -86,7 +86,7 @@ jobs:
             }
 
       - name: Create PR comment on bad commit message
-        uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
         if: ${{ failure() && !github.event.pull_request.draft }}
         with:
           script: |
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index c39a7bf5..27bab930 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -22,7 +22,7 @@ jobs:
     if: ${{ github.event.repository.fork == false }}
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Scan
         uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0
diff --git a/.github/workflows/lighthouse.yml b/.github/workflows/lighthouse.yml
index 9766753e..0c1a6557 100644
--- a/.github/workflows/lighthouse.yml
+++ b/.github/workflows/lighthouse.yml
@@ -18,9 +18,9 @@ jobs:
         - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
           with:
             ref: ${{ github.event.workflow_run.head_branch }}
-        - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
+        - uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
           with:
-            node-version: 18.20.8
+            node-version: 24.11.1
         - name: Installing packages
           run: cd performance && npm ci
         - name: Get PR number being merged
@@ -41,7 +41,7 @@ jobs:
             GITHUB_PR_NUMBER: ${{ env.GITHUB_PR_NUMBER }}
           run: |
             node performance/lighthouse-script.js
-        - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
           with:
             name: lighthouse-reports-main
             path: lighthouse-reports/main-report.json
diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml
index 2cd71b40..81f3f39a 100644
--- a/.github/workflows/mend.yml
+++ b/.github/workflows/mend.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           ref: ${{ inputs.branch && inputs.branch || github.ref }}
 
diff --git a/.github/workflows/nginx-documentation-build.yml b/.github/workflows/nginx-documentation-build.yml
index 366fcc81..ced20672 100644
--- a/.github/workflows/nginx-documentation-build.yml
+++ b/.github/workflows/nginx-documentation-build.yml
@@ -21,7 +21,7 @@ jobs:
           git clone https://github.com/nginx/documentation.git docs
 
       - name: Setup Go
-        uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+        uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0
         with:
           go-version: "1.25.4"
 
diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 14683a5a..d05f0fd7 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -19,7 +19,7 @@ jobs:
           version: ${{ steps.get-playwright-version.outputs.version }}
         steps:
           - name: Checkout code
-            uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+            uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
           - name: Get version from package.json
             id: get-playwright-version
             run: |
@@ -37,7 +37,7 @@ jobs:
         steps: 
           # Checkout the repository so the workflow has access to the code
           - name: Checkout code
-            uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+            uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
           - name: Setup Hugo
             uses: peaceiris/actions-hugo@75d2e84710de30f6ff7268e08f310b60ef14033f # v3.0.0
             with:
@@ -61,7 +61,7 @@ jobs:
                 echo "Playwright tests failed. Please view the Playwright report to see full error."
                 exit 1
               fi
-          - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+          - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
             id: artifact-upload
             if: ${{ !cancelled() && failure() && steps.test-ui.conclusion == 'failure' }}
             with:
@@ -69,7 +69,7 @@ jobs:
               path: tests/playwright-report/
               retention-days: 3
           - name: Comment on PR with Playwright report
-            uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0
+            uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
             if: ${{ failure() }}
             with:
               script: |