diff --git a/.github/workflows/default_linter_callable.yml b/.github/workflows/default_linter_callable.yml
index 91f5afe..a788ea6 100644
--- a/.github/workflows/default_linter_callable.yml
+++ b/.github/workflows/default_linter_callable.yml
@@ -56,7 +56,7 @@ jobs:
     if: needs.find-changes.outputs.json == 'true'
     needs: find-changes
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: Run JSON Lint
         run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/json-lint/master/pipeline.sh)
@@ -67,7 +67,7 @@ jobs:
     if: needs.find-changes.outputs.markdown == 'true'
     needs: find-changes
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: Validate Markdown file
         run: |
@@ -80,7 +80,7 @@ jobs:
     if: needs.find-changes.outputs.renovate-config == 'true'
     needs: find-changes
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - uses: suzuki-shunsuke/github-action-renovate-config-validator@b54483862375f51910a60c4f498e927d4f3df466 # v1.0.1
 
@@ -88,7 +88,7 @@ jobs:
     name: Check shell scripts
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: ShellCheck
         uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
@@ -99,10 +99,10 @@ jobs:
     needs: find-changes
     if: needs.find-changes.outputs.workflow == 'true'
     container:
-      image: rhysd/actionlint:1.6.27@sha256:d84eca815fc24f72546ec1f2f416d9500ad3349ce7db098cf7a52256f5fd4384
+      image: rhysd/actionlint:1.7.0@sha256:5acca218639222e4afbc82fc6e9ef56cbe646ade3b07f3f5ec364b638258a244
       options: --cpus 1 --user root
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: Validate Github workflows
         run: |
@@ -115,7 +115,7 @@ jobs:
     needs: find-changes
     if: needs.find-changes.outputs.yaml == 'true'
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: yaml-lint
         uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1
@@ -132,7 +132,7 @@ jobs:
       matrix:
         file: ${{ fromJson(needs.find-changes.outputs.dockerfile_files) }}
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Lint Dockerfile
         uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
         with:
diff --git a/.github/workflows/default_pull_request_callable.yml b/.github/workflows/default_pull_request_callable.yml
index 7c6dcbb..ddb48a7 100644
--- a/.github/workflows/default_pull_request_callable.yml
+++ b/.github/workflows/default_pull_request_callable.yml
@@ -21,12 +21,12 @@ jobs:
     name: Validate PR title
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@7bfa3a4717ef143a604ee0a99d859b8886a96d00 # v1.9.3
+      - uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0
         id: app-token
         with:
           app-id: ${{ vars.GET_TOKEN_APP_ID }}
           private-key: ${{ secrets.GET_TOKEN_APP_PRIVATE_KEY }}
-      - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0
+      - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2
         env:
           GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
         with:
diff --git a/.github/workflows/default_release_callable.yml b/.github/workflows/default_release_callable.yml
index 9997a20..ea70a15 100644
--- a/.github/workflows/default_release_callable.yml
+++ b/.github/workflows/default_release_callable.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/default_release_dry_run_callable.yml b/.github/workflows/default_release_dry_run_callable.yml
index a8d2b61..80d4899 100644
--- a/.github/workflows/default_release_dry_run_callable.yml
+++ b/.github/workflows/default_release_dry_run_callable.yml
@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout dry branch
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           ref: release-dry-run
 
diff --git a/.github/workflows/default_slash_ops_command_help_callable.yml b/.github/workflows/default_slash_ops_command_help_callable.yml
index 78e532d..9dac483 100644
--- a/.github/workflows/default_slash_ops_command_help_callable.yml
+++ b/.github/workflows/default_slash_ops_command_help_callable.yml
@@ -17,7 +17,7 @@ jobs:
     name: "ChatOps: /help"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: Choose maintainer
         id: vars
diff --git a/.github/workflows/default_spelling_callable.yml b/.github/workflows/default_spelling_callable.yml
index 17512f6..a0917f3 100644
--- a/.github/workflows/default_spelling_callable.yml
+++ b/.github/workflows/default_spelling_callable.yml
@@ -14,8 +14,8 @@ jobs:
   cspell:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
-      - uses: streetsidesoftware/cspell-action@ca4bb065dd09aca9c90c935f7dc9bb625985226c # v6.1.0
+      - uses: streetsidesoftware/cspell-action@807d7d92b7057593a2de102168506f298405339d # v6.2.0
         with:
           config: .config/cspell.json
diff --git a/.github/workflows/docker_dockerhub_release_callable.yml b/.github/workflows/docker_dockerhub_release_callable.yml
index 338f5e3..20b7d11 100644
--- a/.github/workflows/docker_dockerhub_release_callable.yml
+++ b/.github/workflows/docker_dockerhub_release_callable.yml
@@ -37,7 +37,7 @@ jobs:
       IMAGE_NAME: hlag/${{ inputs.image-name }}
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Configure Tags
         uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
         id: meta
@@ -68,13 +68,13 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+        uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0
         with:
           image-ref: ${{ env.IMAGE_NAME }}:trivy-scan
           format: "sarif"
           output: "trivy-results.sarif"
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.25.3
+        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
         if: ${{ inputs.upload-security-scan-results }}
         with:
           sarif_file: "trivy-results.sarif"
diff --git a/.github/workflows/maven_java_callable.yml b/.github/workflows/maven_java_callable.yml
index e413904..401346f 100644
--- a/.github/workflows/maven_java_callable.yml
+++ b/.github/workflows/maven_java_callable.yml
@@ -14,7 +14,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.4
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Set up JDK 21
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
         with:
diff --git a/.github/workflows/maven_release_callable.yml b/.github/workflows/maven_release_callable.yml
index de61a64..4ee78cc 100644
--- a/.github/workflows/maven_release_callable.yml
+++ b/.github/workflows/maven_release_callable.yml
@@ -29,7 +29,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/maven_release_dry_run_callable.yml b/.github/workflows/maven_release_dry_run_callable.yml
index 63e68c2..daa9760 100644
--- a/.github/workflows/maven_release_dry_run_callable.yml
+++ b/.github/workflows/maven_release_dry_run_callable.yml
@@ -29,7 +29,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout dry branch
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           ref: release-dry-run
 
diff --git a/.github/workflows/terraform_module_terraform_callable.yml b/.github/workflows/terraform_module_terraform_callable.yml
index 37f7961..98e95f6 100644
--- a/.github/workflows/terraform_module_terraform_callable.yml
+++ b/.github/workflows/terraform_module_terraform_callable.yml
@@ -31,9 +31,9 @@ jobs:
       run:
         working-directory: ${{ matrix.directories }}
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
-      - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
+      - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1
         with:
           terraform_version: ${{ matrix.terraform }}
 
@@ -46,7 +46,7 @@ jobs:
   tflint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         name: Cache plugin dir
diff --git a/.github/workflows/terraform_module_terraform_tfsec_callable.yml b/.github/workflows/terraform_module_terraform_tfsec_callable.yml
index 7db54da..eccea33 100644
--- a/.github/workflows/terraform_module_terraform_tfsec_callable.yml
+++ b/.github/workflows/terraform_module_terraform_tfsec_callable.yml
@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Clone repo
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: Run tfsec
         uses: tfsec/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608 # v0.1.4
@@ -31,7 +31,7 @@ jobs:
           sarif_file: tfsec.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
+        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: tfsec.sarif