diff --git a/.github/workflows/clang-static-analyzer.yml b/.github/workflows/clang-static-analyzer.yml
index ae1778c1..f0d6acd3 100644
--- a/.github/workflows/clang-static-analyzer.yml
+++ b/.github/workflows/clang-static-analyzer.yml
@@ -83,7 +83,7 @@ jobs:
 
     - name: Store scan-build report
       if: always()
-      uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1  # v4.6.1
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
       with:
         name: expat_scan_build_report_${{ github.sha }}
         path: html/
diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 63e281b7..01e94c9b 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -84,7 +84,7 @@ jobs:
         exec ./.ci.sh
 
     - name: Store coverage .info and HTML report
-      uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1  # v4.6.1
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
       with:
         name: coverage
         path: expat/coverage__*/
diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml
index c7a37c9e..14f39c66 100644
--- a/.github/workflows/coverity-scan.yml
+++ b/.github/workflows/coverity-scan.yml
@@ -118,7 +118,7 @@ jobs:
         description: "coverity-scan-action libexpat/libexpat / ${{ steps.determine_version.outputs.git_commit }}"
 
     - name: Offer analysis tarball for inspection
-      uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1  # v4.6.1
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
       with:
         name: expat_coverity_scan_upload_${{ github.sha }}
         path: expat/cov-int.tgz
diff --git a/.github/workflows/fuzzing.yml b/.github/workflows/fuzzing.yml
index 8c7cef52..6e14fffa 100644
--- a/.github/workflows/fuzzing.yml
+++ b/.github/workflows/fuzzing.yml
@@ -146,7 +146,7 @@ jobs:
         find corpus/ -type f | sort | xargs "fuzz/${fuzzer}" "${fuzz_args[@]}"
 
     - name: Store fuzzing logs of last batch
-      uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1  # v4.6.1
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
       with:
         name: ${{ matrix.fuzzer }}_${{ github.sha }}_logs_last
         path: expat/build/fuzz-*.log
@@ -166,7 +166,7 @@ jobs:
         llvm-cov report fuzz/${fuzzer} -instr-profile=coverage/expat.profdata                 -sources ../lib/ | tee coverage/report_files.txt
 
     - name: Store coverage report
-      uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1  # v4.6.1
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
       with:
         name: ${{ matrix.fuzzer }}_${{ github.sha }}_coverage
         path: expat/build/coverage/
diff --git a/.github/workflows/windows-binaries.yml b/.github/workflows/windows-binaries.yml
index dc4ddf9e..f314564e 100644
--- a/.github/workflows/windows-binaries.yml
+++ b/.github/workflows/windows-binaries.yml
@@ -151,7 +151,7 @@ jobs:
         ( cd app && zip -9 -r ../"${zip_name}" . )
 
     - name: Offer binaries for download
-      uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1  # v4.6.1
+      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
       with:
         name: expat_${{ matrix.expat_platform }}_${{ github.sha }}
         path: expat/${{ matrix.expat_platform }}/expat-win*bin-*.*.*.*