diff --git a/.github/workflows/codeql-codescan.yml b/.github/workflows/codeql-codescan.yml
index 6fa463001f..e018647d32 100644
--- a/.github/workflows/codeql-codescan.yml
+++ b/.github/workflows/codeql-codescan.yml
@@ -32,13 +32,13 @@ jobs:
          uses: actions/checkout@v4
 
        - name: Initialize CodeQL
-         uses: github/codeql-action/init@v2
+         uses: github/codeql-action/init@v3
          with:
           languages: ${{ matrix.language }}
           debug: true
 
        - name: Autobuild
-         uses: github/codeql-action/autobuild@v2
+         uses: github/codeql-action/autobuild@v3
 
        - name: Perform CodeQL Analysis
-         uses: github/codeql-action/analyze@v2
+         uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/issue.yml b/.github/workflows/issue.yml
index 420d50adbe..05c703117e 100644
--- a/.github/workflows/issue.yml
+++ b/.github/workflows/issue.yml
@@ -26,7 +26,7 @@ jobs:
       - uses: Renato66/auto-label@v3
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: actions/github-script@v6
+      - uses: actions/github-script@v7
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
diff --git a/.github/workflows/pull-request-target.yml b/.github/workflows/pull-request-target.yml
index 2560a0dac9..591e410d44 100644
--- a/.github/workflows/pull-request-target.yml
+++ b/.github/workflows/pull-request-target.yml
@@ -19,9 +19,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Add the PR Review Policy
-        uses: thollander/actions-comment-pull-request@v2
+        uses: thollander/actions-comment-pull-request@v3
         with:
-          comment_tag: pr_review_policy
+          comment-tag: pr_review_policy
           message: |
             ## Our Pull Request Approval Process
 
diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml
index 7eb62357c1..8836d93c89 100644
--- a/.github/workflows/pull-request.yml
+++ b/.github/workflows/pull-request.yml
@@ -42,7 +42,7 @@ jobs:
 
       - name: Get changed TypeScript files
         id: changed-files
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@v45
       - name: Check formatting
         if: steps.changed-files.outputs.only_changed != 'true'
         run: npm run format:check
@@ -58,7 +58,7 @@ jobs:
       - name: Check for linting errors in modified files
         if: steps.changed-files.outputs.only_changed != 'true'
         env:
-          CHANGED_FILES: ${{ steps.changed_files.outputs.all_changed_files }}
+          CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
         run: npx eslint ${CHANGED_FILES} && python .github/workflows/eslint_disable_check.py
 
       - name: Check for TSDoc comments
@@ -92,9 +92,10 @@ jobs:
 
       - name: Get Changed Unauthorized files
         id: changed-unauth-files
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@v45
         with:
           files: |
+            .env*
             .github/**
             env.example
             .node-version
@@ -123,6 +124,12 @@ jobs:
             ISSUE_GUIDELINES.md
             PR_GUIDELINES.md
             README.md
+            *.pem
+            *.key
+            *.cert
+            *.password
+            *.secret
+            *.credentials
 
       - name: List all changed unauthorized files
         if: steps.changed-unauth-files.outputs.any_changed == 'true' || steps.changed-unauth-files.outputs.any_deleted == 'true'
@@ -144,7 +151,7 @@ jobs:
 
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@v45
 
       - name: Echo number of changed files
         env:
@@ -197,7 +204,7 @@ jobs:
 
       - name: Get changed TypeScript files
         id: changed-files
-        uses: tj-actions/changed-files@v40
+        uses: tj-actions/changed-files@v45
 
       - name: Run tests
         if: steps.changed-files.outputs.only_changed != 'true'
@@ -205,7 +212,7 @@ jobs:
 
       - name: TypeScript compilation for changed files
         run: |
-          for file in ${{ steps.changed-files.outputs.all_files }}; do
+          for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
             if [[ "$file" == *.ts || "$file" == *.tsx ]]; then
               npx tsc --noEmit "$file"
             fi
@@ -220,7 +227,7 @@ jobs:
           name: '${{env.CODECOV_UNIQUE_NAME}}'
 
       - name: Test acceptable level of code coverage
-        uses: VeryGoodOpenSource/very_good_coverage@v2
+        uses: VeryGoodOpenSource/very_good_coverage@v3
         with:
           path: './coverage/lcov.info'
           min_coverage: 95.0
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index 950d063fac..e45a73527b 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -53,7 +53,7 @@ jobs:
         run: npm install
       - run: npm run test -- --watchAll=false --coverage
       - name: Present and upload coverage to Codecov as ${{env.CODECOV_UNIQUE_NAME}}
-        uses: codecov/codecov-action@v4
+        uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
           verbose: true
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index 24667f8e06..3430d52ec8 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/stale@v8
+    - uses: actions/stale@v9
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: 'This issue did not get any activity in the past 10 days and will be closed in 180 days if no update occurs. Please check if the develop branch has fixed it and report again or close the issue.'
@@ -40,4 +40,4 @@ jobs:
         exempt-all-milestones: true
         exempt-pr-labels: 'wip'
         exempt-issue-labels: 'wip'
-        operations-per-run: 30
+        operations-per-run: 50