diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 5a6bff3f..0ebd2776 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -19,7 +19,7 @@ jobs:
       labels: ubuntu-latest-16-cores
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Setup Go
         uses: actions/setup-go@v6
         with:
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 51363daf..248593f4 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -38,16 +38,16 @@ jobs:
           - knative
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Setup Kubernetes
-        uses: helm/kind-action@v1.12.0
+        uses: helm/kind-action@v1.14.0
         if: matrix.provider != 'skipper'
         with:
           version: v0.23.0
           cluster_name: kind
           node_image: kindest/node:v1.30.0@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e
       - name: Setup Kubernetes for skipper
-        uses: helm/kind-action@v1.12.0
+        uses: helm/kind-action@v1.14.0
         if: matrix.provider == 'skipper'
         with:
           version: v0.23.0
diff --git a/.github/workflows/helm.yaml b/.github/workflows/helm.yaml
index 51488381..fbe4d302 100644
--- a/.github/workflows/helm.yaml
+++ b/.github/workflows/helm.yaml
@@ -12,7 +12,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Publish Helm charts
         uses: stefanprodan/helm-gh-pages@v1.7.0
         with:
diff --git a/.github/workflows/push-ld.yml b/.github/workflows/push-ld.yml
index 387a41a5..89ad7814 100644
--- a/.github/workflows/push-ld.yml
+++ b/.github/workflows/push-ld.yml
@@ -16,8 +16,8 @@ jobs:
       id-token: write
       packages: write
     steps:
-      - uses: actions/checkout@v5
-      - uses: sigstore/cosign-installer@v3.10.0
+      - uses: actions/checkout@v6
+      - uses: sigstore/cosign-installer@v4.0.0
       - name: Prepare
         id: prep
         run: |
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e0b51e75..e63190d3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -27,13 +27,13 @@ jobs:
       id-token: write # needed for keyless signing
       packages: write # needed for ghcr access
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Setup Go
         uses: actions/setup-go@v6
         with:
           go-version: 1.25.x
       - uses: fluxcd/flux2/action@main
-      - uses: sigstore/cosign-installer@v3.10.0
+      - uses: sigstore/cosign-installer@v4.0.0
       - name: Prepare
         id: prep
         run: |
@@ -121,7 +121,7 @@ jobs:
       - uses: anchore/sbom-action/download-syft@v0
       - name: Create release and SBOM
         id: run-goreleaser
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@v7
         if: startsWith(github.ref, 'refs/tags/v')
         with:
           version: latest
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index f3b5eb6a..9ff49205 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -17,7 +17,7 @@ jobs:
     permissions:
       security-events: write
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Run FOSSA scan and upload build data
         uses: fossa-contrib/fossa-action@v3
         with:
@@ -30,7 +30,7 @@ jobs:
       security-events: write
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
       - name: Setup Go
         uses: actions/setup-go@v6
         with: