diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index 1e34fc4f9890..d03b5c5771ba 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -55,7 +55,7 @@ jobs:
         path: ./out/artifacts   
     - name: Upload Sarif
       if: always() && steps.build.outcome == 'success'
-      uses: github/codeql-action/upload-sarif@v3.26.6
+      uses: github/codeql-action/upload-sarif@v3.27.5
       with:
         # Path to SARIF file relative to the root of the repository
         sarif_file: cifuzz-sarif/results.sarif
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 16f648c9ad89..77d5c562da82 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -59,6 +59,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9b41ced437d4a4f34bf0b740f80b4e52d3c4bccd # v2.25.15
+        uses: github/codeql-action/upload-sarif@3d3d628990a5f99229dd9fa1821cc5a4f31b613b # v2.25.15
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/wait-for-checks.yml b/.github/workflows/wait-for-checks.yml
index 667defbbf6b7..895f7befc87d 100644
--- a/.github/workflows/wait-for-checks.yml
+++ b/.github/workflows/wait-for-checks.yml
@@ -20,7 +20,7 @@ jobs:
       checks: read
     steps:
     - name: Wait for Triggered Required GH Checks
-      uses: poseidon/wait-for-status-checks@6988432d64ad3f9c2608db4ca16fded1b7d36ead # v0.5.0
+      uses: poseidon/wait-for-status-checks@899c768d191b56eef585c18f8558da19e1f3e707 # v0.6.0
       with:
         token: ${{ secrets.GITHUB_TOKEN }}
         # This regex matches everything since almost all (if not all) CI checks are required.