diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
index b7ed18b696..7ecbcdd1a1 100644
--- a/.github/workflows/bandit.yml
+++ b/.github/workflows/bandit.yml
@@ -42,6 +42,6 @@ jobs:
         with:
           args: "check --select S --ignore ${{ steps.ignore-codes.outputs.codes }} --output-format sarif --output-file results.sarif"
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v4.32.4
+        uses: github/codeql-action/upload-sarif@v4.32.5
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 8f02dcbd6a..eea2466f7d 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -31,13 +31,13 @@ jobs:
       uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@0ec47d036c68ae0cf94c629009b1029407111281  # v3.31.8
+      uses: github/codeql-action/init@40f0fa95c41fede7b43f035cb47aac899ee0ba0a  # v3.31.8
       with:
         languages: ${{ matrix.language }}
         build-mode: ${{ matrix.build-mode }}
         queries: security-extended
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@0ec47d036c68ae0cf94c629009b1029407111281  # v3.31.8
+      uses: github/codeql-action/analyze@40f0fa95c41fede7b43f035cb47aac899ee0ba0a  # v3.31.8
       with:
         category: "/language:${{matrix.language}}"