diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml
index 1ea6937..5e925ea 100644
--- a/.github/workflows/zizmor.yaml
+++ b/.github/workflows/zizmor.yaml
@@ -22,7 +22,7 @@ jobs:
           persist-credentials: false
 
       - name: Install the latest version of uv
-        uses: astral-sh/setup-uv@bd01e18f51369d5a26f1651c3cb451d3417e3bba # v6
+        uses: astral-sh/setup-uv@7edac99f961f18b581bbd960d59d049f04c0002f # v6
 
       - name: Run zizmor 🌈
         run: uvx zizmor --format sarif . > results.sarif
@@ -30,7 +30,7 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@39edc492dbe16b1465b0cafca41432d857bdb31a # v3
+        uses: github/codeql-action/upload-sarif@d6bbdef45e766d081b84a2def353b0055f728d3e # v3
         with:
           sarif_file: results.sarif
           category: zizmor
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index ac6d642..2279d89 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1.17@sha256:38387523653efa0039f8e1c89bb74a30504e76ee9f565e25c9a09841f9427b05
-FROM pscale.dev/wolfi-prod/git:2.50.0
+FROM pscale.dev/wolfi-prod/git:2.50.1
 
 COPY ghcommit /ghcommit
 
diff --git a/go.mod b/go.mod
index 5c86625..b400e32 100644
--- a/go.mod
+++ b/go.mod
@@ -2,7 +2,7 @@ module github.com/planetscale/ghcommit
 
 go 1.23.0
 
-toolchain go1.24.4
+toolchain go1.24.5
 
 require (
 	github.com/jessevdk/go-flags v1.6.1