diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b8d5b9fe8..eef4c996b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -104,7 +104,7 @@ jobs:
   kics:
     runs-on: ubuntu-latest
     container:
-      image: checkmarx/kics:v1.7.8-debian@sha256:646c4e9439dd3c5f8a9081cdc11f003ad988e180f51c1e4280c6c9c164fb9423
+      image: checkmarx/kics:v1.7.9-debian@sha256:fe93d547d4fe1236b81128ef762ff36b0069b6033472df885f902cf0bf720f67
     steps:
       - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
       # ignore: "tags not used", "access analyzer not used", "shield advanced not used"
diff --git a/.github/workflows/pr-opened.yml b/.github/workflows/pr-opened.yml
index 658d32f5b..af3f75129 100644
--- a/.github/workflows/pr-opened.yml
+++ b/.github/workflows/pr-opened.yml
@@ -17,7 +17,7 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-      - uses: actions/github-script@6f00a0b667f9463337970371ccda9072ee86fb27 # ratchet:actions/github-script@v6
+      - uses: actions/github-script@1f16022c7518aad314c43abcd029895291be0f52 # ratchet:actions/github-script@v6
         with:
           # yamllint disable rule:line-length
           script: |
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b2212883b..480869d8c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -25,7 +25,7 @@ jobs:
           appInstallationValue: ${{ github.repository }}
       # bootstrap-sha and release-as needs to be removed after first release
       - name: Release
-        uses: google-github-actions/release-please-action@4c5670f886fe259db4d11222f7dff41c1382304d # ratchet:google-github-actions/release-please-action@v3
+        uses: google-github-actions/release-please-action@2921787898ea2925c9eec03a32aa7404a75399e5 # ratchet:google-github-actions/release-please-action@v3
         with:
           release-type: terraform-module
           token: ${{ steps.token.outputs.token }}
diff --git a/.github/workflows/slash_ops_commands.yml b/.github/workflows/slash_ops_commands.yml
index f06c69617..b59ce9876 100644
--- a/.github/workflows/slash_ops_commands.yml
+++ b/.github/workflows/slash_ops_commands.yml
@@ -21,7 +21,7 @@ jobs:
           maintainer=$(grep -oE "@[a-zA-Z0-9_-]+" CODEOWNERS | shuf -n 1)
           echo "maintainer=$maintainer" >> "$GITHUB_OUTPUT"
       - name: Create comment
-        uses: actions/github-script@6f00a0b667f9463337970371ccda9072ee86fb27 # ratchet:actions/github-script@v6
+        uses: actions/github-script@1f16022c7518aad314c43abcd029895291be0f52 # ratchet:actions/github-script@v6
         with:
           script: |
             // adds a comment to the PR (there is the issue API, which works work PRs too)
diff --git a/.github/workflows/slash_ops_comment_dispatch.yml b/.github/workflows/slash_ops_comment_dispatch.yml
index 35e868f2b..4e39776c3 100644
--- a/.github/workflows/slash_ops_comment_dispatch.yml
+++ b/.github/workflows/slash_ops_comment_dispatch.yml
@@ -18,7 +18,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Slash Command Dispatch
-        uses: peter-evans/slash-command-dispatch@60f9e79c7fd43378cf0653f00b0556663cc3044c # ratchet:peter-evans/slash-command-dispatch@v3
+        uses: peter-evans/slash-command-dispatch@c5d899d61979ab022c66e48443e5920dba8ee6c6 # ratchet:peter-evans/slash-command-dispatch@v3
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           issue-type: pull-request
diff --git a/modules/terminate-agent-hook/lambda/requirements.txt b/modules/terminate-agent-hook/lambda/requirements.txt
index d857737f0..fdfbbd362 100644
--- a/modules/terminate-agent-hook/lambda/requirements.txt
+++ b/modules/terminate-agent-hook/lambda/requirements.txt
@@ -1,2 +1,2 @@
-boto3 ==1.28.57
-botocore ==1.31.57
+boto3 ==1.28.60
+botocore ==1.31.60
diff --git a/test/go.mod b/test/go.mod
index 855113842..87ab21be7 100644
--- a/test/go.mod
+++ b/test/go.mod
@@ -3,7 +3,7 @@ module github.com/cattle-ops/terraform-aws-gitlab-runner/test
 go 1.21.1
 
 require (
-	github.com/gruntwork-io/terratest v0.44.0
+	github.com/gruntwork-io/terratest v0.45.0
 	github.com/joho/godotenv v1.5.1
 	github.com/stretchr/testify v1.8.4
 	github.com/xanzy/go-gitlab v0.92.3
diff --git a/test/go.sum b/test/go.sum
index 5c8c4e3b1..edbf48962 100644
--- a/test/go.sum
+++ b/test/go.sum
@@ -338,6 +338,8 @@ github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+
 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
 github.com/gruntwork-io/terratest v0.44.0 h1:3k7lglJFAtw77p2HnR5vaZBCBnlHmu3DuLjVyuCZXJ0=
 github.com/gruntwork-io/terratest v0.44.0/go.mod h1:EAEuzSjvxAzQoJCEQ06bJPTmdC9HikzgvhmxnAYuExM=
+github.com/gruntwork-io/terratest v0.45.0 h1:02VuyLRmqOO45TaTH4P4mc44S18er5Rn4CooTUY0uek=
+github.com/gruntwork-io/terratest v0.45.0/go.mod h1:4TWB5SYgATxJFfg+RNpE0gwiUWxtfMLGOXo5gwcGgMs=
 github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=