diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 236c191..b1e9e5f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -16,7 +16,7 @@ jobs:
       - test
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: release
         run: make -f .ci/Makefile release
         env:
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 18ef2e9..d6214d2 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     container: php:${{ matrix.php-image }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Append PATH
         run: echo "${GITHUB_WORKSPACE}" >> $GITHUB_PATH
       - name: Install composer
@@ -39,7 +39,7 @@ jobs:
           VERSION: ${{ matrix.php-image }}
         run: composer test
       - if: success() || failure()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: test-results-${{ matrix.php-image }}
           path: junit-*.xml
diff --git a/.github/workflows/update-specs.yml b/.github/workflows/update-specs.yml
index 14a64ae..fdddba5 100644
--- a/.github/workflows/update-specs.yml
+++ b/.github/workflows/update-specs.yml
@@ -17,7 +17,7 @@ jobs:
       contents: read
       packages: read
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
       - name: Get token
         id: get_token
@@ -31,7 +31,7 @@ jobs:
               "pull_requests": "write"
             }
 
-      - uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+      - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}