diff --git a/.github/workflows/CI.yaml b/.github/workflows/CI.yaml
index 82b7beb..6ac6c06 100644
--- a/.github/workflows/CI.yaml
+++ b/.github/workflows/CI.yaml
@@ -28,7 +28,7 @@ jobs:
     steps:
       # Checkout repository (fetch full history + tags for Git-tagging tests)
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0         # required so HEAD~1..HEAD and tag lookups work
           fetch-tags: true       # required so `git tag --points-at HEAD` can see tags
@@ -83,7 +83,7 @@ jobs:
       # Upload the Pester XML only if it exists to avoid artifact warnings.
       - name: Upload Pester results (XML)
         if: ${{ always() && hashFiles('out/testResults.xml') != '' }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: TestResults-${{ runner.os }}
           path: out/testResults.xml
@@ -91,7 +91,7 @@ jobs:
       # Upload the full Pester console log (always useful for debugging)
       - name: Upload Pester console log
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: TestConsole-${{ runner.os }}
           path: out/pester-console.txt
@@ -133,7 +133,7 @@ jobs:
     steps:
       # Checkout repository (fetch full history + tags; required for tag-aware tests and packaging)
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
           fetch-tags: true
@@ -186,14 +186,14 @@ jobs:
       # Upload artifacts for the publish job as well (conditional XML upload)
       - name: Upload Pester results (XML)
         if: ${{ always() && hashFiles('out/testResults.xml') != '' }}
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: TestResults-publish
           path: out/testResults.xml
 
       - name: Upload Pester console log
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: TestConsole-publish
           path: out/pester-console.txt
diff --git a/.github/workflows/devskim.yml b/.github/workflows/devskim.yml
index 577c2b6..fd9e42a 100644
--- a/.github/workflows/devskim.yml
+++ b/.github/workflows/devskim.yml
@@ -24,12 +24,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Run DevSkim scanner
         uses: microsoft/DevSkim-Action@v1
 
       - name: Upload DevSkim scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: devskim-results.sarif
diff --git a/.github/workflows/powershell.yml b/.github/workflows/powershell.yml
index 242ff9b..2a46180 100644
--- a/.github/workflows/powershell.yml
+++ b/.github/workflows/powershell.yml
@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
 
       - name: Run PSScriptAnalyzer
         uses: microsoft/psscriptanalyzer-action@v1.1
@@ -40,6 +40,6 @@ jobs:
           output: results.sarif
 
       - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: results.sarif