diff --git a/.github/workflows/playwright.yml b/.github/workflows/playwright.yml
index 6d8d1a10..1500c41b 100644
--- a/.github/workflows/playwright.yml
+++ b/.github/workflows/playwright.yml
@@ -303,7 +303,7 @@ jobs:
       - name: Upload Playwright report
         if: always() && steps.check-artifact.outputs.artifact_exists == 'true'
         # actions/upload-artifact v4.4.3
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
+        uses: actions/upload-artifact@47309c993abb98030a35d55ef7ff34b7fa1074b5
         with:
           name: ${{ steps.pr-info.outputs.is_push == 'true' && format('playwright-report-{0}', steps.sanitize.outputs.branch) || format('playwright-report-pr-{0}', steps.pr-info.outputs.pr_number) }}
           path: playwright-report/
diff --git a/.github/workflows/security-pr.yml b/.github/workflows/security-pr.yml
index 97b8a75f..23d770a9 100644
--- a/.github/workflows/security-pr.yml
+++ b/.github/workflows/security-pr.yml
@@ -251,7 +251,7 @@ jobs:
       - name: Upload scan artifacts
         if: always() && steps.check-artifact.outputs.artifact_exists == 'true'
         # actions/upload-artifact v4.4.3
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
+        uses: actions/upload-artifact@47309c993abb98030a35d55ef7ff34b7fa1074b5
         with:
           name: ${{ steps.pr-info.outputs.is_push == 'true' && format('security-scan-{0}', github.event.workflow_run.head_branch) || format('security-scan-pr-{0}', steps.pr-info.outputs.pr_number) }}
           path: |
diff --git a/.github/workflows/supply-chain-pr.yml b/.github/workflows/supply-chain-pr.yml
index be3e7a1f..3a041ee2 100644
--- a/.github/workflows/supply-chain-pr.yml
+++ b/.github/workflows/supply-chain-pr.yml
@@ -305,7 +305,7 @@ jobs:
       - name: Upload supply chain artifacts
         if: steps.check-artifact.outputs.artifact_found == 'true'
         # actions/upload-artifact v4.6.0
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
+        uses: actions/upload-artifact@47309c993abb98030a35d55ef7ff34b7fa1074b5
         with:
           name: ${{ steps.pr-number.outputs.is_push == 'true' && format('supply-chain-{0}', steps.sanitize.outputs.branch) || format('supply-chain-pr-{0}', steps.pr-number.outputs.pr_number) }}
           path: |