diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index e7ea88a..d56844a 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -26,6 +26,6 @@ jobs:
 
       - name: Dependency review
         id: dependency_review
-        uses: actions/dependency-review-action@80f10bf419f34980065523f5efca7ebed17576aa # v4.1.0
+        uses: actions/dependency-review-action@be8bc500ee15e96754d2a6f2d34be14e945a46f3 # v4.1.2
         with:
           fail-on-severity: critical
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c4062e4..17755ec 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -23,7 +23,7 @@ jobs:
 
       - name: Install cosign
         id: install_cosign
-        uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
+        uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
 
       - name: Log in to GitHub Container Registry
         id: login_ghcr