diff --git a/.github/actions/setup-java-env/action.yaml b/.github/actions/setup-java-env/action.yaml
index a92e8aa..13a530d 100644
--- a/.github/actions/setup-java-env/action.yaml
+++ b/.github/actions/setup-java-env/action.yaml
@@ -21,12 +21,12 @@ runs:
   using: "composite"
   steps:
     - name: "checkout"
-      uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" # v5.0.0
+      uses: "actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd" # v5.0.1
       with:
         fetch-depth: 0
         submodules: true
     - name: "jdk ${{ inputs.runtime_version }}"
-      uses: "actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165" # v5.0.0
+      uses: "actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e" # v5.1.0
       with:
         distribution: "temurin"
         java-version: "${{ inputs.runtime_version }}"
diff --git a/.github/workflows/shared-ci.yaml b/.github/workflows/shared-ci.yaml
index 69c818b..0c6e899 100644
--- a/.github/workflows/shared-ci.yaml
+++ b/.github/workflows/shared-ci.yaml
@@ -161,7 +161,7 @@ jobs:
           installation_retrieval_payload: "SpongePowered/APIJavadocs"
       - name: Publish Javadoc
         if: "${{ runner.os == 'Linux' && ((env.STATUS != 'release' && inputs.publish_snapshot_javadoc && github.event_name == 'push' && steps.setup.outputs.publishing_branch != '') || (env.STATUS == 'release' && inputs.publish_release_javadoc && github.event_name == 'release')) }}"
-        uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8 # v4.7.3
+        uses: JamesIves/github-pages-deploy-action@d92aa235d04922e8f08b40ce78cc5442fcfbfa2f # v4.8.0
         with:
           folder: build/publish-jd
           repository-name: SpongePowered/APIJavadocs
diff --git a/.github/workflows/shared-codeql-analysis.yaml b/.github/workflows/shared-codeql-analysis.yaml
index 0af307e..ebb568a 100644
--- a/.github/workflows/shared-codeql-analysis.yaml
+++ b/.github/workflows/shared-codeql-analysis.yaml
@@ -35,10 +35,10 @@ jobs:
         publishing_branch_regex: ${{ inputs.publishing_branch_regex }}
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4
+      uses: github/codeql-action/init@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4
       with:
         languages: java
     - name: Build with Gradle
       run: ./gradlew ${{ inputs.extra_gradle_params }} assemble
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4
+      uses: github/codeql-action/analyze@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4
diff --git a/.github/workflows/validate-renovate-config.yaml b/.github/workflows/validate-renovate-config.yaml
index a18c94c..215708b 100644
--- a/.github/workflows/validate-renovate-config.yaml
+++ b/.github/workflows/validate-renovate-config.yaml
@@ -14,7 +14,7 @@ jobs:
     if: "${{ github.event_name != 'pull_request' || github.repository != github.event.pull_request.head.repo.full_name }}"
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
     - uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1
       with:
         config_file_path: renovate-config.json