diff --git a/.github/workflows/CodeQL-Analysis.yml b/.github/workflows/CodeQL-Analysis.yml
index d29851f1..625c80bf 100644
--- a/.github/workflows/CodeQL-Analysis.yml
+++ b/.github/workflows/CodeQL-Analysis.yml
@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@93cb6efe18208431cddfb8368fd83d5badbf9bfd # v5.0.1
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4
+        uses: github/codeql-action/init@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
         with:
           languages: swift
           queries: security-and-quality
@@ -33,6 +33,6 @@ jobs:
         run: swift build
         
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4
+        uses: github/codeql-action/analyze@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
         with:
           category: "/language:swift"
diff --git a/.github/workflows/Create-Release-PR.yml b/.github/workflows/Create-Release-PR.yml
index d7290880..d595b0af 100644
--- a/.github/workflows/Create-Release-PR.yml
+++ b/.github/workflows/Create-Release-PR.yml
@@ -33,7 +33,7 @@ jobs:
         private-key: ${{ secrets.OTELBOT_PRIVATE_KEY }}
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+      uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
       with:
         # not using secrets.GITHUB_TOKEN since pull requests from that token do not run workflows
         token: ${{ steps.otelbot-token.outputs.token }}
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index 3fe3d721..4a2ba610 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -42,6 +42,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4.31.4
+        uses: github/codeql-action/upload-sarif@fdbfb4d2750291e159f0156def62b853c2798ca2 # v4.31.5
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/update-core-dependencies.yml b/.github/workflows/update-core-dependencies.yml
index 5c736327..9c881fb9 100644
--- a/.github/workflows/update-core-dependencies.yml
+++ b/.github/workflows/update-core-dependencies.yml
@@ -53,7 +53,7 @@ jobs:
 
       - name: Create Pull Request
         if: steps.changes.outputs.has_changes == 'true' && github.event.inputs.create_pr == 'true'
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
         with:
           # not using secrets.GITHUB_TOKEN since pull requests from that token do not run workflows
           token: ${{ steps.otelbot-token.outputs.token }}
diff --git a/Package.swift b/Package.swift
index 4f1923fb..882ef084 100644
--- a/Package.swift
+++ b/Package.swift
@@ -30,7 +30,7 @@ let package = Package(
   ],
   dependencies: [
     .package(url: "https://github.com/open-telemetry/opentelemetry-swift-core.git", from: "2.2.0"),
-    .package(url: "https://github.com/apple/swift-nio.git", from: "2.90.0"),
+    .package(url: "https://github.com/apple/swift-nio.git", from: "2.90.1"),
     .package(url: "https://github.com/grpc/grpc-swift.git", exact: "1.27.0"),
     .package(url: "https://github.com/apple/swift-protobuf.git", from: "1.33.3"),
     .package(url: "https://github.com/apple/swift-log.git", from: "1.6.4"),