diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 41365ecf34eb3..476f8bad9180a 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -136,7 +136,7 @@ jobs:
 
       # Check for any typos
       - name: Check for typos
-        uses: crate-ci/typos@v1.16.22
+        uses: crate-ci/typos@v1.16.23
         with:
           config: .github/workflows/typos.toml
 
diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml
index b265504c0c73f..a4d7322e8a7e9 100644
--- a/.github/workflows/dogfood.yaml
+++ b/.github/workflows/dogfood.yaml
@@ -38,7 +38,7 @@ jobs:
           echo "tag=${tag}" >> $GITHUB_OUTPUT
 
       - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v6
+        uses: DeterminateSystems/nix-installer-action@v7
 
       - name: Run the Magic Nix Cache
         uses: DeterminateSystems/magic-nix-cache-action@v2
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index 55cbe3979b809..5f495961bb63a 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -122,7 +122,7 @@ jobs:
           image_name: ${{ steps.build.outputs.image }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@f78e9ecf42a1271402d4f484518b9313235990e1
+        uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0
         with:
           image-ref: ${{ steps.build.outputs.image }}
           format: sarif
diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
index 2a3544eb5627e..0b3e3272b52c2 100644
--- a/.github/workflows/stale.yaml
+++ b/.github/workflows/stale.yaml
@@ -31,7 +31,7 @@ jobs:
           # Start with the oldest issues, always.
           ascending: true
       - name: "Close old issues labeled likely-no"
-        uses: actions/github-script@v5
+        uses: actions/github-script@v6
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |