diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0a7312a4..315e063c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -78,7 +78,7 @@ jobs:
           path: ./target/linklift
 
       - name: Scan Image
-        uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1
+        uses: anchore/scan-action@3c9a191a0fbab285ca6b8530b5de5a642cba332f # v7.2.2
         id: scan
         with:
           fail-build: false
@@ -87,7 +87,7 @@ jobs:
           severity-cutoff: critical
 
       - name: Upload SARIF Files
-        uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
+        uses: github/codeql-action/upload-sarif@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
         with:
           sarif_file: ${{ steps.scan.outputs.sarif }}
 
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index df3691a8..4de9213c 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -25,7 +25,7 @@ jobs:
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
+        uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
         with:
           languages: java
 
@@ -49,6 +49,6 @@ jobs:
         run: mvn clean package -DskipTests
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
+        uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4.31.8
         with:
           category: "/language:java"
diff --git a/.github/workflows/kamal-deploy-api.yml b/.github/workflows/kamal-deploy-api.yml
index 23654747..271b3c72 100644
--- a/.github/workflows/kamal-deploy-api.yml
+++ b/.github/workflows/kamal-deploy-api.yml
@@ -32,7 +32,7 @@ jobs:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Install Kamal
-        uses: ruby/setup-ruby@d697be2f83c6234b20877c3b5eac7a7f342f0d0c # v1.269.0
+        uses: ruby/setup-ruby@ac793fdd38cc468a4dd57246fa9d0e868aba9085 # v1.270.0
         with:
           ruby-version: 3.4.1
           bundler-cache: true
diff --git a/.github/workflows/kamal-deploy-webapp.yml b/.github/workflows/kamal-deploy-webapp.yml
index a5d297f8..6fcc9a07 100644
--- a/.github/workflows/kamal-deploy-webapp.yml
+++ b/.github/workflows/kamal-deploy-webapp.yml
@@ -32,7 +32,7 @@ jobs:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Install Kamal
-        uses: ruby/setup-ruby@d697be2f83c6234b20877c3b5eac7a7f342f0d0c # v1.269.0
+        uses: ruby/setup-ruby@ac793fdd38cc468a4dd57246fa9d0e868aba9085 # v1.270.0
         with:
           ruby-version: 3.4.1
           bundler-cache: true
diff --git a/.github/workflows/upgrade-accessories-versions.yml b/.github/workflows/upgrade-accessories-versions.yml
index b45e0b36..1234eadb 100644
--- a/.github/workflows/upgrade-accessories-versions.yml
+++ b/.github/workflows/upgrade-accessories-versions.yml
@@ -16,7 +16,7 @@ jobs:
       - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Install Updatecli in the runner
-        uses: updatecli/updatecli-action@9a21b6911fe58865c8346d4fde3470010f49bf31 # v2.97.0
+        uses: updatecli/updatecli-action@b846825b298f5351abd80f94c4f9eab63a38a804 # v2.98.0
 
       - name: Run Updatecli to update docker-compose
         shell: bash
@@ -26,7 +26,7 @@ jobs:
           GITHUB_TOKEN: "${{ env.GITHUB_TOKEN }}"
 
       - name: Update Kamal accessories
-        uses: robfrank/kamal-accessories-updater@935fbb8d5bffbf8ba4a7e7fd2e956c2774b274e4 # v25.11.2
+        uses: robfrank/kamal-accessories-updater@231507f90c096e72b6234d9e17047788c58f6723 # v25.12.1
         with:
           config-dir: ./config
           mode: update-all