diff --git a/.gitea/workflows/artifacthub-metadata.yaml b/.gitea/workflows/artifacthub-metadata.yaml
index 745a562..562e8b4 100644
--- a/.gitea/workflows/artifacthub-metadata.yaml
+++ b/.gitea/workflows/artifacthub-metadata.yaml
@@ -11,12 +11,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v6.0.2
-    - uses: docker/login-action@v4.0.0
+    - uses: docker/login-action@v4.1.0
       with:
         registry: ${{ github.server_url }}
         username: ${{ github.repository_owner }}
         password: ${{ secrets.GIT_CRYPTIC_SYSTEMS_PACKAGE_REGISTRY_TOKEN }}
-    - uses: docker/login-action@v4.0.0
+    - uses: docker/login-action@v4.1.0
       with:
         username: ${{ secrets.DOCKER_IO_USERNAME }}
         password: ${{ secrets.DOCKER_IO_PASSWORD }}
diff --git a/.gitea/workflows/golang-linters.yaml b/.gitea/workflows/golang-linters.yaml
index b225c54..8e8e41c 100644
--- a/.gitea/workflows/golang-linters.yaml
+++ b/.gitea/workflows/golang-linters.yaml
@@ -21,7 +21,7 @@ jobs:
         os: [ ubuntu-latest-amd64, ubuntu-latest-arm64 ]
     steps:
     - uses: actions/checkout@v6.0.2
-    - uses: actions/setup-go@v6.3.0
+    - uses: actions/setup-go@v6.4.0
       with:
         go-version: ${{ matrix.go }}
     - uses: golangci/golangci-lint-action@v9.2.0
diff --git a/.gitea/workflows/golang-tests.yaml b/.gitea/workflows/golang-tests.yaml
index 880d084..29f6ee2 100644
--- a/.gitea/workflows/golang-tests.yaml
+++ b/.gitea/workflows/golang-tests.yaml
@@ -34,7 +34,7 @@ jobs:
         os: [ ubuntu-latest-amd64, ubuntu-latest-arm64 ]
     steps:
     - uses: actions/checkout@v6.0.2
-    - uses: actions/setup-go@v6.3.0
+    - uses: actions/setup-go@v6.4.0
       with:
         go-version: ${{ matrix.go }}
     - env:
diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml
index 0369c6d..06eb3c6 100644
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@@ -19,7 +19,7 @@ jobs:
       run: apt-get update && apt-get install --yes curl
     - name: Install syft
       env:
-        SYFT_VERSION: "1.42.2" # renovate: datasource=github-releases depName=anchore/syft
+        SYFT_VERSION: "1.42.4" # renovate: datasource=github-releases depName=anchore/syft
       run: |
         OS="$(uname | tr '[:upper:]' '[:lower:]')"
         ARCH="$(dpkg --print-architecture)"
@@ -31,15 +31,15 @@ jobs:
             "https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_${OS}_${ARCH}.deb"
         dpkg -i syft_${SYFT_VERSION}_${OS}_${ARCH}.deb
         rm syft_${SYFT_VERSION}_${OS}_${ARCH}.deb
-    - uses: sigstore/cosign-installer@v4.1.0
+    - uses: sigstore/cosign-installer@v4.1.1
       with:
         cosign-release: "v2.6.2" # renovate: datasource=github-tags depName=sigstore/cosign
     - uses: docker/setup-qemu-action@v4.0.0
     - uses: docker/setup-buildx-action@v4.0.0
-    - uses: actions/setup-go@v6.3.0
+    - uses: actions/setup-go@v6.4.0
       with:
         go-version: stable
-    - uses: docker/login-action@v4.0.0
+    - uses: docker/login-action@v4.1.0
       with:
         registry: git.cryptic.systems
         username: ${{ github.repository_owner }}
@@ -52,7 +52,7 @@ jobs:
         GOPROXY: ${{ vars.GOPROXY }}
       uses: goreleaser/goreleaser-action@v7.0.0
       with:
-        version: v2.14.3 # renovate: datasource=github-releases depName=goreleaser/goreleaser
+        version: v2.15.2 # renovate: datasource=github-releases depName=goreleaser/goreleaser
         args: release --clean
 
   sync-to-hub-docker-io: