diff --git a/.github/workflows/pr-build.yaml b/.github/workflows/pr-build.yaml
index d48054f..7ef3e4b 100644
--- a/.github/workflows/pr-build.yaml
+++ b/.github/workflows/pr-build.yaml
@@ -104,7 +104,7 @@ jobs:
         run: |
           docker save ghcr.io/doodlescheduling/saml-exporter:latest --output exporter-container.tar
       - name: Upload image
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
         with:
           name: exporter-container
           path: exporter-container.tar
diff --git a/.github/workflows/report-on-vulnerabilities.yaml b/.github/workflows/report-on-vulnerabilities.yaml
index 2cc1607..fe9ff37 100644
--- a/.github/workflows/report-on-vulnerabilities.yaml
+++ b/.github/workflows/report-on-vulnerabilities.yaml
@@ -42,7 +42,7 @@ jobs:
         fi
 
     - name: Upload vulnerability scan report
-      uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+      uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
       if: steps.parse-results.outputs.results == 'found'
       with:
         name: scan.json
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
index b300b48..aa47eb9 100644
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -33,7 +33,7 @@ jobs:
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
         with:
           name: SARIF file
           path: results.sarif