diff --git a/.github/workflows/detect_version_bump.yml b/.github/workflows/detect_version_bump.yml
index 17b42c7..a35e02c 100644
--- a/.github/workflows/detect_version_bump.yml
+++ b/.github/workflows/detect_version_bump.yml
@@ -28,7 +28,7 @@ jobs:
           echo "::set-output name=result::$IS_PRERELEASE"
       - name: Create Release
         # use hash for security since this has access to the access token
-        uses: ncipollo/release-action@4c75f0f2e4ae5f3c807cf0904605408e319dcaac # v1.8.6
+        uses: ncipollo/release-action@a2e71bdd4e7dab70ca26a852f29600c98b33153e # v1.12.0
         with:
           token: ${{ secrets.ACCESS_TOKEN }}
           tag: v${{ steps.get-new-version.outputs.version }}
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 593f356..a9cd998 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -7,6 +7,6 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - name: 🧼 lint renovate config # Validates changes to renovate.json config file
-        uses: suzuki-shunsuke/github-action-renovate-config-validator@v0.1.2
+        uses: suzuki-shunsuke/github-action-renovate-config-validator@v0.1.3
         with:
           config_file_path: 'renovate.json'
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 424d5cd..c969406 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -131,7 +131,7 @@ jobs:
           if: ${{ always() }}
 
         - name: Publish coverage results to Codecov
-          uses: codecov/codecov-action@v3.1.1
+          uses: codecov/codecov-action@v3.1.4
           with:
             file: coverage-${{ matrix.python-version }}.xml
             fail_ci_if_error: true
diff --git a/.github/workflows/python-publish.yml b/.github/workflows/python-publish.yml
index 756b805..1a4ce62 100644
--- a/.github/workflows/python-publish.yml
+++ b/.github/workflows/python-publish.yml
@@ -46,6 +46,6 @@ jobs:
         # v1.4.2 release. Using full SHA for security
         # https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
       - name: Publish distribution 📦 to PyPI
-        uses: pypa/gh-action-pypi-publish@37f50c210e3d2f9450da2cd423303d6a14a6e29f
+        uses: pypa/gh-action-pypi-publish@f5622bde02b04381239da3573277701ceca8f6a0
         with:
           password: ${{ secrets.PYPI_API_TOKEN }}