diff --git a/.github/workflows/_.images.build.yaml b/.github/workflows/_.images.build.yaml
index d150cc70a..1825007a6 100644
--- a/.github/workflows/_.images.build.yaml
+++ b/.github/workflows/_.images.build.yaml
@@ -173,7 +173,7 @@ jobs:
       - name: Rename OCI image artifact before upload
         if: ${{ inputs.dry-run }}
         run: mv ${{ needs.metadata.outputs.image-slug }}.tar oci.${{ needs.metadata.outputs.image-slug }}-${{ matrix.platform.arch }}-${{ matrix.platform.os }}.tar
-      - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         if: ${{ inputs.dry-run }}
         with:
           name: oci.${{ needs.metadata.outputs.image-slug }}-${{ matrix.platform.arch }}-${{ matrix.platform.os }}.tar
diff --git a/.github/workflows/_.images.supply-chain.for-artifacts.yaml b/.github/workflows/_.images.supply-chain.for-artifacts.yaml
index 306d66494..38dad4074 100644
--- a/.github/workflows/_.images.supply-chain.for-artifacts.yaml
+++ b/.github/workflows/_.images.supply-chain.for-artifacts.yaml
@@ -39,7 +39,7 @@ jobs:
           format: cyclonedx
           output: sbom.cyclonedx.json
 
-      - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: sbom-cyclonedx.${{ inputs.name }}.json
           path: sbom.cyclonedx.json
@@ -70,7 +70,7 @@ jobs:
           input: trivy-${{ github.run_id }}
           format: cosign-vuln
           output: vulnerabilities.cosign-vuln.json
-      - uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
+      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: cosign-vuln.${{ inputs.name }}.json
           path: vulnerabilities.cosign-vuln.json