diff --git a/.github/workflows/release-packaging.yaml b/.github/workflows/release-packaging.yaml
index 1ad067d..bbf5462 100644
--- a/.github/workflows/release-packaging.yaml
+++ b/.github/workflows/release-packaging.yaml
@@ -75,7 +75,7 @@ jobs:
             rsign sign -W -s signing.key -x ${{ env.PROJECT_NAME_UNDERSCORE }}_${{ env.PROJECT_TARGET }}.tzst.sig ${{ env.PROJECT_NAME_UNDERSCORE }}_${{ env.PROJECT_TARGET }}.tzst
 
       - name: Upload Artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v6
         id: artifact-upload-step
         with:
           name: ${{ env.PROJECT_NAME_UNDERSCORE }}
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
index d98f645..fa2c6fc 100644
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -72,7 +72,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: SARIF file
           path: results.sarif