diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml
index 27d52b7..b608de7 100644
--- a/.github/workflows/semgrep.yaml
+++ b/.github/workflows/semgrep.yaml
@@ -29,7 +29,7 @@ jobs:
 
       # Upload findings to GitHub Advanced Security Dashboard [step 2/2]
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
-        uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+        uses: github/codeql-action/upload-sarif@701f152f28d4350ad289a5e31435e9ab6169a7ca # v2.21.6
         with:
           sarif_file: semgrep.sarif
         if: always()
diff --git a/go.mod b/go.mod
index 7fbd799..b527671 100644
--- a/go.mod
+++ b/go.mod
@@ -4,15 +4,15 @@ go 1.21
 
 require (
 	github.com/antihax/optional v1.0.0
-	github.com/cert-manager/cert-manager v1.11.0
+	github.com/cert-manager/cert-manager v1.13.0
 	github.com/stackitcloud/stackit-dns-api-client-go v0.0.0-20230228185514-6838d6d6f051
 	github.com/stretchr/testify v1.8.4
 	go.uber.org/mock v0.2.0
 	go.uber.org/zap v1.25.0
-	k8s.io/api v0.26.0
-	k8s.io/apiextensions-apiserver v0.26.0
-	k8s.io/apimachinery v0.26.0
-	k8s.io/client-go v0.26.0
+	k8s.io/api v0.28.2
+	k8s.io/apiextensions-apiserver v0.28.2
+	k8s.io/apimachinery v0.28.2
+	k8s.io/client-go v0.28.2
 )
 
 require (