diff --git a/.github/workflows/linux.yml b/.github/workflows/linux.yml
index cf5a94135..36c467b6d 100644
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@@ -125,7 +125,7 @@ jobs:
           export _JAVA_OPTIONS="-Xmx4G"
           ./gradlew --parallel :ca-certificates:check --stacktrace
 
-      - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+      - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         if: always() # always run even if the previous step fails
         with:
           name: test-results-ca-certificates
@@ -166,7 +166,7 @@ jobs:
           mkdir ${{ matrix.product.version }}
           mv $( echo "${{ matrix.image_type }}" | tr [:upper:] [:lower:] ) ${{ matrix.product.version }}
 
-      - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+      - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         if: always() # always run even if the previous step fails
         with:
           name: test-results-${{ matrix.product.name }}-${{ matrix.product.version }}-${{ matrix.distro }}-${{ matrix.image_type }}
@@ -187,7 +187,7 @@ jobs:
         with:
           name: test-results-*
 
-      - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+      - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: test-results
           path: '**/build/test-results/**/TEST-*.xml'
diff --git a/.github/workflows/pkgbuild.yml b/.github/workflows/pkgbuild.yml
index ab1444d16..cb13cd545 100644
--- a/.github/workflows/pkgbuild.yml
+++ b/.github/workflows/pkgbuild.yml
@@ -58,7 +58,7 @@ jobs:
         export WORKSPACE=$PWD
         bash pkgbuild/create-installer-mac.sh
 
-    - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+    - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
       with:
         name: macos-${{ env.MAJOR_VERSION }}-${{ matrix.architecture }}
         path: workspace/target/*.pkg
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index b28c7b0a2..3da9711a9 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -58,7 +58,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: SARIF file
           path: results.sarif
@@ -66,6 +66,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
+        uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/wix.yml b/.github/workflows/wix.yml
index 28c0a49b7..931c708c3 100644
--- a/.github/workflows/wix.yml
+++ b/.github/workflows/wix.yml
@@ -105,7 +105,7 @@ jobs:
           JVM: ${{ matrix.JVM }}
         shell: cmd
 
-      - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
+      - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
         with:
           name: windows-${{ env.PRODUCT_MAJOR_VERSION }}-${{ matrix.arch }}
           path: wix/ReleaseDir/*.msi