diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index 54d91d15e69..92831609230 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -55,7 +55,7 @@ jobs:
         path: ./out/artifacts   
     - name: Upload Sarif
       if: always() && steps.build.outcome == 'success'
-      uses: github/codeql-action/upload-sarif@v3.28.9
+      uses: github/codeql-action/upload-sarif@v3.28.10
       with:
         # Path to SARIF file relative to the root of the repository
         sarif_file: cifuzz-sarif/results.sarif
diff --git a/.github/workflows/icu4c.yml b/.github/workflows/icu4c.yml
index 062aabb7f41..7b187491fae 100644
--- a/.github/workflows/icu4c.yml
+++ b/.github/workflows/icu4c.yml
@@ -740,7 +740,7 @@ jobs:
     runs-on: ubuntu-22.04  # Updated in BRS
     steps:
     - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-    - uses: bazel-contrib/setup-bazel@0.13.0
+    - uses: bazel-contrib/setup-bazel@0.14.0
     - name: Get CI Linux runner VM version
       id: linux-version
       run: |
diff --git a/.github/workflows/icu_merge_ci.yml b/.github/workflows/icu_merge_ci.yml
index feb36be4fc8..aa0c9cf70ee 100644
--- a/.github/workflows/icu_merge_ci.yml
+++ b/.github/workflows/icu_merge_ci.yml
@@ -144,7 +144,7 @@ jobs:
       - name: Create directory for lib files
         run: mkdir icu4c/source/perflib
       - name: Get ICU libs
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
         with:
           name: icu-perf-libs
           path: icu4c/source/lib
@@ -218,7 +218,7 @@ jobs:
       - name: Create directory for lib files
         run: mkdir icu4c/source/perflib
       - name: Get ICU libs
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
         with:
           name: icu-perf-libs
           path: icu4c/source/lib
@@ -283,7 +283,7 @@ jobs:
       - name: Create directory for lib files
         run: mkdir icu4c/source/perflib
       - name: Get ICU libs
-        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9
         with:
           name: icu-perf-libs
           path: icu4c/source/lib
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 77d5c562da8..8c4d7d71590 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -34,7 +34,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif
@@ -59,6 +59,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@3d3d628990a5f99229dd9fa1821cc5a4f31b613b # v2.25.15
+        uses: github/codeql-action/upload-sarif@83923549f688e42b34d0b90ee94725f7c30532fc # v2.25.15
         with:
           sarif_file: results.sarif