diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 624dcc9..4bb537a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -50,7 +50,7 @@ jobs:
 
       - name: Publish binary wheel and source tarball on PyPI
         if: github.repository == 'theupdateframework/tuf-on-ci'
-        uses: pypa/gh-action-pypi-publish@f7600683efdcb7656dec5b29656edb7bc586e597 # v1.10.3
+        uses: pypa/gh-action-pypi-publish@fb13cb306901256ace3dab689990e13a5550ffaa # v1.11.0
 
   release-gh:
     name: Release
diff --git a/actions/online-sign/action.yml b/actions/online-sign/action.yml
index 4670277..efc2e14 100644
--- a/actions/online-sign/action.yml
+++ b/actions/online-sign/action.yml
@@ -44,7 +44,7 @@ runs:
 
     - name: Authenticate to Google Cloud
       if: inputs.gcp_workload_identity_provider != ''
-      uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
+      uses: google-github-actions/auth@6fc4af4b145ae7821d527454aa9bd537d1f2dc5f # v2.1.7
       with:
         token_format: access_token
         workload_identity_provider: ${{ inputs.gcp_workload_identity_provider }}