diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 3b823dd..43851fd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install dependencies
-        uses: kubewarden/github-actions/policy-gh-action-dependencies@v3.1.15
+        uses: kubewarden/github-actions/policy-gh-action-dependencies@v3.1.16
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           # until https://github.com/actions/checkout/pull/579 is released
@@ -51,7 +51,7 @@ jobs:
         shell: bash
       - name: Check that artifacthub-pkg.yml is up-to-date
         if: ${{ inputs.artifacthub }}
-        uses: kubewarden/github-actions/check-artifacthub@v3.1.15
+        uses: kubewarden/github-actions/check-artifacthub@v3.1.16
         with:
           version: ${{ steps.calculate-version.outputs.version }}
       - name: Build policy
@@ -76,7 +76,7 @@ jobs:
             --output-signature policy-sbom.spdx.sig \
             policy-sbom.spdx.json
       - name: Upload policy SBOM files
-        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
           name: policy-sbom
           path: |
@@ -87,7 +87,7 @@ jobs:
         run: |
           make e2e-tests
       - name: Release
-        uses: kubewarden/github-actions/policy-release@v3.1.15
+        uses: kubewarden/github-actions/policy-release@v3.1.16
         with:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           oci-target: ghcr.io/${{ github.repository_owner }}/policies/container-resources
diff --git a/.github/workflows/reusable-test-policy-go.yml b/.github/workflows/reusable-test-policy-go.yml
index c716e54..1f6d54f 100644
--- a/.github/workflows/reusable-test-policy-go.yml
+++ b/.github/workflows/reusable-test-policy-go.yml
@@ -29,7 +29,7 @@ jobs:
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Install dependencies
-        uses: kubewarden/github-actions/policy-gh-action-dependencies@v3.1.15
+        uses: kubewarden/github-actions/policy-gh-action-dependencies@v3.1.16
       - name: Install patched tinygo
         shell: bash
         run: |
@@ -71,12 +71,12 @@ jobs:
           # until https://github.com/actions/checkout/pull/579 is released
           fetch-depth: 0
       - name: Install kwctl
-        uses: kubewarden/github-actions/kwctl-installer@v3.1.15
+        uses: kubewarden/github-actions/kwctl-installer@v3.1.16
       - id: calculate-version
         run: echo "version=$(git describe --tags --abbrev=0 | cut -c2-)" >> $GITHUB_OUTPUT
         shell: bash
       - name: Check that artifacthub-pkg.yml is up-to-date
-        uses: kubewarden/github-actions/check-artifacthub@v3.1.15
+        uses: kubewarden/github-actions/check-artifacthub@v3.1.16
         with:
           version: ${{ steps.calculate-version.outputs.version }}
           check_version: false # must match a git tag that hasn't been created yet, so let's ignore until then