diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index ef76405..6e81e55 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -142,7 +142,7 @@ jobs:
           min-versions-to-keep: 10
 
       - name: Create GitHub Release
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@v3
         with:
           tag_name: v${{ steps.version.outputs.version }}
           name: v${{ steps.version.outputs.version }}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index dea012a..6c78d5b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -48,7 +48,7 @@ jobs:
         run: docker build -t docker-deploy-starter:test .
 
       - name: Scan image for vulnerabilities
-        uses: aquasecurity/trivy-action@0.35.0
+        uses: aquasecurity/trivy-action@v0.36.0
         with:
           image-ref: docker-deploy-starter:test
           exit-code: '1'
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index a58f4e2..2d60f98 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -19,10 +19,10 @@ jobs:
       - uses: actions/checkout@v6
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
diff --git a/.github/workflows/maintenance.yml b/.github/workflows/maintenance.yml
index a5c8a3f..5ac3dc9 100644
--- a/.github/workflows/maintenance.yml
+++ b/.github/workflows/maintenance.yml
@@ -18,7 +18,7 @@ jobs:
     if: failure()
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v9
         with:
           script: |
             const existing = await github.rest.issues.listForRepo({
@@ -54,7 +54,7 @@ jobs:
     if: success()
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v9
         with:
           script: |
             // Close any open maintenance issues — the most recent CI run
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index f9c1e8c..ac84b77 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -13,7 +13,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9
+      - uses: actions/stale@v10
         with:
           days-before-stale: 30
           days-before-close: 7