diff --git a/template/.github/workflows/build.yml b/template/.github/workflows/build.yml
index 2897906..a68f69e 100644
--- a/template/.github/workflows/build.yml
+++ b/template/.github/workflows/build.yml
@@ -25,7 +25,7 @@ jobs:
       - name: Check package
         run: pixi run -e build check-wheel
       - name: Upload package
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: artifact
           path: dist/*
@@ -39,7 +39,7 @@ jobs:
       id-token: write
     environment: pypi
     steps:
-      - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0
+      - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0
         with:
           name: artifact
           path: dist
diff --git a/template/.github/workflows/scorecard.yml.jinja b/template/.github/workflows/scorecard.yml.jinja
index f3dd947..d4f25ae 100644
--- a/template/.github/workflows/scorecard.yml.jinja
+++ b/template/.github/workflows/scorecard.yml.jinja
@@ -68,7 +68,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: SARIF file
           path: results.sarif