diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml
index a01c5fa..a397fb5 100644
--- a/.github/workflows/sast.yml
+++ b/.github/workflows/sast.yml
@@ -37,7 +37,7 @@ jobs:
                   name: "SARIF file"
                   path: "results.sarif"
                   retention-days: 5
-            - uses: "github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75"
+            - uses: "github/codeql-action/upload-sarif@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2"
               with:
                   sarif_file: "results.sarif"
 
@@ -75,7 +75,7 @@ jobs:
             - run: "snyk test --all-projects --detection-depth=1 --sarif-file-output=snyk.sarif"
               env:
                   SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-            - uses: "github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75"
+            - uses: "github/codeql-action/upload-sarif@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2"
               with:
                   sarif_file: "snyk.sarif"
 
@@ -89,7 +89,7 @@ jobs:
 
         steps:
             - uses: "actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11"
-            - uses: "github/codeql-action/init@407ffafae6a767df3e0230c3df91b6443ae8df75"
+            - uses: "github/codeql-action/init@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2"
               with:
                   languages: "typescript"
             - uses: "pnpm/action-setup@d882d12c64e032187b2edb46d3a0d003b7a43598"
@@ -100,4 +100,4 @@ jobs:
                   node-version-file: ".nvmrc"
                   cache: "pnpm"
             - run: "make install"
-            - uses: "github/codeql-action/analyze@407ffafae6a767df3e0230c3df91b6443ae8df75"
+            - uses: "github/codeql-action/analyze@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2"