diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml
index 9321ab1f..f71306b7 100644
--- a/.github/workflows/devskim.yml
+++ b/.github/workflows/devskim.yml
@@ -29,6 +29,6 @@ jobs:
         uses: microsoft/DevSkim-Action@v1
         
       - name: Upload DevSkim scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: devskim-results.sarif
diff --git a/.github/workflows/njsscan.yml b/.github/workflows/njsscan.yml
index 62fcc440..17f562c0 100644
--- a/.github/workflows/njsscan.yml
+++ b/.github/workflows/njsscan.yml
@@ -36,6 +36,6 @@ jobs:
       with:
         args: '. --sarif --output results.sarif || true'
     - name: Upload njsscan report
-      uses: github/codeql-action/upload-sarif@v3
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: results.sarif
diff --git a/.github/workflows/node.js.yml b/.github/workflows/node.js.yml
index 36d9ab71..6548d307 100644
--- a/.github/workflows/node.js.yml
+++ b/.github/workflows/node.js.yml
@@ -18,7 +18,7 @@ jobs:
     steps:
     - uses: actions/checkout@v5
     - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v5
+      uses: actions/setup-node@v6
       with:
         node-version: ${{ matrix.node-version }}
         cache: 'yarn'
diff --git a/.github/workflows/test-deploy.yml b/.github/workflows/test-deploy.yml
index e7fef069..6c9841c7 100644
--- a/.github/workflows/test-deploy.yml
+++ b/.github/workflows/test-deploy.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
-      - uses: actions/setup-node@v5
+      - uses: actions/setup-node@v6
         with:
           node-version: 22.19.0
           cache: yarn