diff --git a/.github/actions/dispatch-and-download/action.yml b/.github/actions/dispatch-and-download/action.yml
index 5f3a7a41e..9838e114c 100644
--- a/.github/actions/dispatch-and-download/action.yml
+++ b/.github/actions/dispatch-and-download/action.yml
@@ -37,7 +37,7 @@ runs:
         echo "</details>" >> $GITHUB_STEP_SUMMARY
 
     - name: Dispatch an action and get the run ID and URL
-      uses: codex-/return-dispatch@2410062d00e50fbdc50dd9065a4e5f673e2455d3 # v2.0.3
+      uses: codex-/return-dispatch@df6e17379382ea99310623bc5ed1a7dddd6c878f # v2.0.4
       id: return_dispatch
       with:
         token: ${{ inputs.token }}
diff --git a/.github/workflows/CI-main.yml b/.github/workflows/CI-main.yml
index d0ea1de72..fa33ab74b 100644
--- a/.github/workflows/CI-main.yml
+++ b/.github/workflows/CI-main.yml
@@ -81,7 +81,7 @@ jobs:
           echo "version_number=$(echo $content | jq -r .version_number)" >> $GITHUB_OUTPUT
 
       - name: Upload version info artifact
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: version-info
           path: version-info/version_info.json
diff --git a/.github/workflows/_version.yml b/.github/workflows/_version.yml
index c0bf4ea21..69865041a 100644
--- a/.github/workflows/_version.yml
+++ b/.github/workflows/_version.yml
@@ -118,7 +118,7 @@ jobs:
           echo '```' >> $GITHUB_STEP_SUMMARY
 
       - name: Upload version info artifact
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: version-info
           path: version_info.json
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 128f9c0e3..c4e9308e1 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -141,7 +141,7 @@ jobs:
 
       - name: Upload version info artifact
         if: ${{ inputs.upload_version_info }}
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: version-info
           path: version-info/version_info.json
@@ -327,7 +327,7 @@ jobs:
 
       - name: Configure Ruby
         if: env._BUILD_MODE == 'Device'
-        uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0
+        uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1.207.0
         with:
           bundler-cache: true
 
@@ -385,7 +385,7 @@ jobs:
           esac
 
       - name: Upload artifacts to GitHub
-        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: Bitwarden iOS ${{ steps.version_info.outputs.version_name }} (${{ steps.version_info.outputs.version_number }}) ${{ env._BUILD_VARIANT }} ${{ env._XCODE_VERSION || env.DEFAULT_XCODE_VERSION }} ${{ env._BUILD_MODE }} ${{ env._COMPILER_FLAGS }}
           path: export
diff --git a/.github/workflows/crowdin-pull.yml b/.github/workflows/crowdin-pull.yml
index 951c9c1cc..203d2125b 100644
--- a/.github/workflows/crowdin-pull.yml
+++ b/.github/workflows/crowdin-pull.yml
@@ -29,7 +29,7 @@ jobs:
           secrets: "crowdin-api-token, github-gpg-private-key, github-gpg-private-key-passphrase"
 
       - name: Generate GH App token
-        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
         id: app-token
         with:
           app-id: ${{ secrets.BW_GHAPP_ID }}
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index ff94d07db..8662a7f52 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -31,7 +31,7 @@ jobs:
           ref: ${{  github.event.pull_request.head.sha }}
 
       - name: Scan with Checkmarx
-        uses: checkmarx/ast-github-action@629a9fac14369bf2898d583b22bf8c40a5caf8e9 # 2.0.40
+        uses: checkmarx/ast-github-action@184bf2f64f55d1c93fd6636d539edf274703e434 # 2.0.41
         env:
           INCREMENTAL: "${{ contains(github.event_name, 'pull_request') && '--sast-incremental' || '' }}"
         with:
@@ -46,7 +46,7 @@ jobs:
             --output-path . ${{ env.INCREMENTAL }}
 
       - name: Upload Checkmarx results to GitHub
-        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           sarif_file: cx_result.sarif
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b3494fa86..335b24815 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -81,7 +81,7 @@ jobs:
           xcode-version: ${{ env.XCODE_VERSION || env.DEFAULT_XCODE_VERSION }}
 
       - name: Configure Ruby
-        uses: ruby/setup-ruby@401c19e14f474b54450cd3905bb8b86e2c8509cf # v1.204.0
+        uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1.207.0
         with:
           bundler-cache: true