diff --git a/.circleci/config.yml b/.circleci/config.yml
index f1ec7a6e5abe..3392feaae900 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -4,7 +4,7 @@ orbs:
   browser-tools: circleci/browser-tools@1.4.8
   codecov: codecov/codecov@4.2.0
   macos: circleci/macos@2.5.2
-  node: circleci/node@6.1.0
+  node: circleci/node@6.3.0
 
 push_and_pr_builds: &push_and_pr_builds
   filters:
@@ -65,7 +65,7 @@ executors:
     resource_class: xlarge
   jdk-docker-2xlarge:
     docker:
-      - image: cimg/openjdk:21.0.2-node
+      - image: cimg/openjdk:21.0.4-node
     resource_class: 2xlarge
   macos-medium:
     macos:
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index c3d58376efe0..09160f77f7d0 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -38,12 +38,12 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
+        uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
         with:
           config-file: ./.github/codeql/config.yml
           languages: ${{ matrix.language }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
+        uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
         with:
           category: '/language:${{matrix.language}}'
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 2ee7174d0e7c..81784684028b 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -64,7 +64,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: 'Upload artifact'
-        uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: SARIF file
           path: results.sarif
@@ -72,6 +72,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
+        uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13
         with:
           sarif_file: results.sarif
diff --git a/third_party/amp-toolbox-cache-url/package.json b/third_party/amp-toolbox-cache-url/package.json
index 3c75c21bff1f..a0bc280b3184 100644
--- a/third_party/amp-toolbox-cache-url/package.json
+++ b/third_party/amp-toolbox-cache-url/package.json
@@ -35,7 +35,7 @@
     "@ampproject/rollup-plugin-closure-compiler": "0.27.0",
     "eslint": "9.12.0",
     "eslint-config-google": "0.14.0",
-    "jasmine": "5.3.1",
+    "jasmine": "5.4.0",
     "karma": "6.4.4",
     "karma-chrome-launcher": "3.2.0",
     "karma-jasmine": "5.1.0",