diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 686618f27a26..8df6896c09b6 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -38,12 +38,12 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+        uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
         with:
           config-file: ./.github/codeql/config.yml
           languages: ${{ matrix.language }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+        uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
         with:
           category: '/language:${{matrix.language}}'
diff --git a/.github/workflows/cross-platform-builds.yml b/.github/workflows/cross-platform-builds.yml
index 77dbf68020ef..91e110c85fb3 100644
--- a/.github/workflows/cross-platform-builds.yml
+++ b/.github/workflows/cross-platform-builds.yml
@@ -26,7 +26,7 @@ jobs:
       - name: Checkout Repo
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set Up Node
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
         with:
           node-version: lts/*
       - name: Install Dependencies
diff --git a/.github/workflows/cut-nightly.yml b/.github/workflows/cut-nightly.yml
index 6da4f6679ba5..b7ea278c1d8f 100644
--- a/.github/workflows/cut-nightly.yml
+++ b/.github/workflows/cut-nightly.yml
@@ -30,7 +30,7 @@ jobs:
           fetch-depth: 100
 
       - name: Set Up Node
-        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
         with:
           node-version: lts/*
 
diff --git a/.github/workflows/release-tagger.yml b/.github/workflows/release-tagger.yml
index 8e39148c9f7f..4e7a87ebe819 100644
--- a/.github/workflows/release-tagger.yml
+++ b/.github/workflows/release-tagger.yml
@@ -30,7 +30,7 @@ jobs:
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
-      - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
         with:
           node-version: lts/*
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 194e98da1029..d1dc30cfc7fc 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -72,6 +72,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+        uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/status-page.yml b/.github/workflows/status-page.yml
index aaabbc51811a..c6ab193ed32d 100644
--- a/.github/workflows/status-page.yml
+++ b/.github/workflows/status-page.yml
@@ -18,7 +18,7 @@ jobs:
         with:
           egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
 
-      - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+      - uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
         with:
           node-version: lts/*
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
diff --git a/extensions/amp-access/0.1/iframe-api/package.json b/extensions/amp-access/0.1/iframe-api/package.json
index 83fdbad50d2b..6cf26d64dd54 100644
--- a/extensions/amp-access/0.1/iframe-api/package.json
+++ b/extensions/amp-access/0.1/iframe-api/package.json
@@ -16,7 +16,7 @@
   "devDependencies": {
     "babel-plugin-external-helpers": "6.22.0",
     "babel-preset-env": "1.7.0",
-    "rollup": "4.21.3",
+    "rollup": "4.22.4",
     "@rollup/plugin-babel": "6.0.4",
     "rollup-plugin-cleanup": "3.2.1"
   }
diff --git a/third_party/amp-toolbox-cache-url/package.json b/third_party/amp-toolbox-cache-url/package.json
index 19d2f9eeee1e..bab16d4442ed 100644
--- a/third_party/amp-toolbox-cache-url/package.json
+++ b/third_party/amp-toolbox-cache-url/package.json
@@ -33,20 +33,20 @@
   },
   "devDependencies": {
     "@ampproject/rollup-plugin-closure-compiler": "0.27.0",
-    "eslint": "9.10.0",
+    "eslint": "9.11.0",
     "eslint-config-google": "0.14.0",
     "jasmine": "5.3.0",
     "karma": "6.4.4",
     "karma-chrome-launcher": "3.2.0",
     "karma-jasmine": "5.1.0",
     "npm-run-all2": "6.2.3",
-    "rollup": "4.21.3",
+    "rollup": "4.22.4",
     "rollup-plugin-commonjs": "10.1.0",
     "rollup-plugin-filesize": "10.0.0",
     "rollup-plugin-ignore": "1.0.10",
     "rollup-plugin-json": "4.0.0",
     "rollup-plugin-node-builtins": "2.1.2",
-    "@rollup/plugin-node-resolve": "15.2.3",
+    "@rollup/plugin-node-resolve": "15.2.4",
     "rollup-plugin-serve": "3.0.0",
     "semver": "7.6.3"
   }