diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 96c33b46..5d008d4d 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -68,7 +68,7 @@ jobs:
         add: '*.svg *.json'
         
     - name: Upload JaCoCo coverage report
-      uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+      uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
       with:
         name: jacoco-report
         path: target/site/jacoco/
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index 3c38d98a..60d36168 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -24,7 +24,7 @@ jobs:
       uses: advanced-security/generate-sbom-action@24dc56d45b6d554028872b732411a7c952079269 # v1
 
     - id: upload
-      uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+      uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
       with:
         name: sbom
         path: ${{ steps.gensbom.outputs.fileName }}
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 56fe82a6..72f3e46e 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -64,7 +64,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
         with:
           name: SARIF file
           path: results.sarif