diff --git a/.github/workflows/container-build.yml b/.github/workflows/container-build.yml
index 02d2cb3..aaf20fa 100644
--- a/.github/workflows/container-build.yml
+++ b/.github/workflows/container-build.yml
@@ -25,14 +25,14 @@ jobs:
       changed: ${{ steps.changed_images.outputs.changed }}
 
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
         with:
           submodules: "recursive"
 
       - name: Get Changed Files
         id: changed_files
         # pinning out of paranoia, this is the modern-node fork of jitterbit/get-changed-files
-        uses: masesgroup/retrieve-changed-files@491e80760c0e28d36ca6240a27b1ccb8e1402c13 # v3.0.0
+        uses: masesgroup/retrieve-changed-files@45a8b3b496d2d6037cbd553e8a3450989b9384a2 # v4.0.0
 
       - name: Find image directories
         id: images
@@ -89,7 +89,7 @@ jobs:
         arch: ["aarch64", "amd64"]
 
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
       - name: Skip the build on the platform if `.skip-${{ matrix.arch }}` exists in ${{ matrix.image }}
         id: skip_check
         run: |
@@ -97,17 +97,17 @@ jobs:
             echo DO_NOT_BUILD=true >> "$GITHUB_OUTPUT"
           fi
       # - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
-      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+      - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
         if: steps.skip_check.outputs.DO_NOT_BUILD != 'true'
       - name: Log in to the Github Container registry
         if: steps.skip_check.outputs.DO_NOT_BUILD != 'true'
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
+      - uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
         if: steps.skip_check.outputs.DO_NOT_BUILD != 'true'
         id: meta
         with:
@@ -123,7 +123,7 @@ jobs:
       - name: Build and push by digest
         if: steps.skip_check.outputs.DO_NOT_BUILD != 'true'
         id: build
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
+        uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
         with:
           context: ./${{ matrix.image }}
           platforms: linux/${{ matrix.arch }}
@@ -178,14 +178,14 @@ jobs:
           mkdir -p /tmp/digests-${{ matrix.image }}
           find /tmp/digests-download -type f -name "*" -not -path "*/\.*" -exec cp {} /tmp/digests-${{ matrix.image }}/ \;
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
+        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@318604b99e75e41977312d83839a89be02ca4893 # v5.9.0
+        uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0
         with:
           images: ghcr.io/offbyone/${{ matrix.image }}
       - name: Log in to the Github Container registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}