diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index decfc60..3704b26 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -12,7 +12,7 @@ permissions: read-all
 
 jobs:
   build:
-    uses: chgl/.github/.github/workflows/standard-build.yaml@5dfb5c7298139d15108d4a481dc127a591b8e5b6 # v1.5.20
+    uses: chgl/.github/.github/workflows/standard-build.yaml@8b0989a6a805c8db022d8bbb3bfeef57c2f17720 # v1.5.26
     permissions:
       contents: read
       id-token: write
@@ -27,7 +27,7 @@ jobs:
       github-token: ${{ secrets.GITHUB_TOKEN }}
 
   lint:
-    uses: chgl/.github/.github/workflows/standard-lint.yaml@5dfb5c7298139d15108d4a481dc127a591b8e5b6 # v1.5.20
+    uses: chgl/.github/.github/workflows/standard-lint.yaml@8b0989a6a805c8db022d8bbb3bfeef57c2f17720 # v1.5.26
     permissions:
       contents: read
       pull-requests: write
@@ -49,10 +49,10 @@ jobs:
       contents: read
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
 
       - name: Download image
-        uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
         if: ${{ github.event_name == 'pull_request' }}
         with:
           name: ${{ needs.build.outputs.image-slug }}
@@ -76,7 +76,7 @@ jobs:
           dotnet test src/FhirServerExporter.Tests.E2E/
 
   release:
-    uses: chgl/.github/.github/workflows/standard-release.yaml@5dfb5c7298139d15108d4a481dc127a591b8e5b6 # v1.5.20
+    uses: chgl/.github/.github/workflows/standard-release.yaml@8b0989a6a805c8db022d8bbb3bfeef57c2f17720 # v1.5.26
     needs:
       - build
       - test
diff --git a/.github/workflows/daily-trivy-scan.yaml b/.github/workflows/daily-trivy-scan.yaml
index 456c1c1..76c8e33 100644
--- a/.github/workflows/daily-trivy-scan.yaml
+++ b/.github/workflows/daily-trivy-scan.yaml
@@ -22,7 +22,7 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
+        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
         if: always()
         with:
           sarif_file: "trivy-results.sarif"
diff --git a/.github/workflows/scorecards.yaml b/.github/workflows/scorecards.yaml
index a184d9a..e71139e 100644
--- a/.github/workflows/scorecards.yaml
+++ b/.github/workflows/scorecards.yaml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
         with:
           persist-credentials: false
 
@@ -59,7 +59,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
           path: results.sarif
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
+        uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
         with:
           sarif_file: results.sarif