diff --git a/.github/actions/setup-python-poetry/action.yml b/.github/actions/setup-python-poetry/action.yml
index 9ec2cb9831a..ff291b18a3a 100644
--- a/.github/actions/setup-python-poetry/action.yml
+++ b/.github/actions/setup-python-poetry/action.yml
@@ -41,7 +41,7 @@ runs:
         echo "${APPDATA}\.poetry\bin" >> "$GITHUB_PATH"
 
     - name: Install python
-      uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f  # pin v5.1.1
+      uses: actions/setup-python@29a37be0a3d3e8bf5bc1eb19cd0502922f5b312a  # pin v5.2.0
       id: setup-python
       with:
         python-version-file: ${{ inputs.project-path }}/pyproject.toml
diff --git a/.github/workflows/ci-rust.yml b/.github/workflows/ci-rust.yml
index 1581f93ded9..52a4a2c68df 100644
--- a/.github/workflows/ci-rust.yml
+++ b/.github/workflows/ci-rust.yml
@@ -102,7 +102,7 @@ jobs:
         timeout-minutes: 5
 
       # Install cargo nextest command
-      - uses: taiki-e/install-action@f2b65a3e67b2ba5ed3b4a631b5e460896e975708 # pin v2.42.37
+      - uses: taiki-e/install-action@da8fe73ed87107a1cae164305a928b7c8fcff4bc # pin v2.43.1
         with:
           tool: nextest@0.9.54, wasm-pack@0.12.1, cargo-deny@0.15.0
 
@@ -262,7 +262,7 @@ jobs:
         timeout-minutes: 5
 
       # Install cargo nextest command
-      - uses: taiki-e/install-action@f2b65a3e67b2ba5ed3b4a631b5e460896e975708 # pin v2.42.37
+      - uses: taiki-e/install-action@da8fe73ed87107a1cae164305a928b7c8fcff4bc # pin v2.43.1
         with:
           tool: nextest@0.9.54
 
diff --git a/.github/workflows/ci-web.yml b/.github/workflows/ci-web.yml
index eed4ea451eb..3b95102bc65 100644
--- a/.github/workflows/ci-web.yml
+++ b/.github/workflows/ci-web.yml
@@ -123,7 +123,7 @@ jobs:
         timeout-minutes: 5
 
       # Install wasm-pack command
-      - uses: taiki-e/install-action@f2b65a3e67b2ba5ed3b4a631b5e460896e975708 # pin v2.42.37
+      - uses: taiki-e/install-action@da8fe73ed87107a1cae164305a928b7c8fcff4bc # pin v2.43.1
         with:
           tool: wasm-pack@${{ env.wasm-pack-version }}
 
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8cc98197cd2..fa62d6360e8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -140,7 +140,7 @@ jobs:
               - newsfragments/**
 
       - name: Install python
-        uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3  # pin v5.2.0
+        uses: actions/setup-python@29a37be0a3d3e8bf5bc1eb19cd0502922f5b312a  # pin v5.2.0
         id: setup-python
         with:
           python-version: 3.12
@@ -179,7 +179,7 @@ jobs:
           diff --unified .pre-commit-config.yaml $TEMP_FILE || true
           echo "path=$TEMP_FILE" >> $GITHUB_OUTPUT
 
-      - uses: taiki-e/install-action@f2b65a3e67b2ba5ed3b4a631b5e460896e975708 # pin v2.42.37
+      - uses: taiki-e/install-action@da8fe73ed87107a1cae164305a928b7c8fcff4bc # pin v2.43.1
         with:
           tool: taplo-cli@0.9.3
 
diff --git a/.github/workflows/package-client.yml b/.github/workflows/package-client.yml
index cf82e6d98f7..550304e72e4 100644
--- a/.github/workflows/package-client.yml
+++ b/.github/workflows/package-client.yml
@@ -94,7 +94,7 @@ jobs:
         working-directory: client
 
       # Install syft
-      - uses: taiki-e/install-action@f2b65a3e67b2ba5ed3b4a631b5e460896e975708 # pin v2.42.37
+      - uses: taiki-e/install-action@da8fe73ed87107a1cae164305a928b7c8fcff4bc # pin v2.43.1
         with:
           tool: syft@0.84.0, wasm-pack@${{ env.wasm-pack-version }}
 
@@ -195,7 +195,7 @@ jobs:
           mv -v parsec_*_*.snap Parsec_${{ steps.version.outputs.full }}_linux_$ARCH.snap
 
       # Install syft
-      - uses: taiki-e/install-action@f2b65a3e67b2ba5ed3b4a631b5e460896e975708 # pin v2.42.37
+      - uses: taiki-e/install-action@da8fe73ed87107a1cae164305a928b7c8fcff4bc # pin v2.43.1
         with:
           tool: syft@0.84.0
 
@@ -350,7 +350,7 @@ jobs:
         timeout-minutes: 1
 
       # Install syft
-      - uses: taiki-e/install-action@f2b65a3e67b2ba5ed3b4a631b5e460896e975708 # pin v2.42.37
+      - uses: taiki-e/install-action@da8fe73ed87107a1cae164305a928b7c8fcff4bc # pin v2.43.1
         with:
           tool: syft@0.84.0
 
diff --git a/.github/workflows/package-server.yml b/.github/workflows/package-server.yml
index 7efaf2edd5d..a4441d39491 100644
--- a/.github/workflows/package-server.yml
+++ b/.github/workflows/package-server.yml
@@ -136,7 +136,7 @@ jobs:
         run: python server/packaging/wheel/wheel_it.py ./server --output dist --skip-wheel
 
       # Install syft
-      - uses: taiki-e/install-action@f2b65a3e67b2ba5ed3b4a631b5e460896e975708 # pin v2.42.37
+      - uses: taiki-e/install-action@da8fe73ed87107a1cae164305a928b7c8fcff4bc # pin v2.43.1
         with:
           tool: syft@0.84.0
 
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 816f47955c4..7e84fbb1997 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -137,7 +137,7 @@ jobs:
 
       - name: Publish wheel on PyPI
         if: steps.version.outputs.local == ''
-        uses: pypa/gh-action-pypi-publish@8a08d616893759ef8e1aa1f2785787c0b97e20d6 # pin v1.10.0
+        uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # pin v1.10.1
         with:
           user: __token__
           password: ${{ secrets.PYPI_CREDENTIALS }}