diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a7faca45fe..90c1d7babe 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,7 +28,7 @@ jobs:
           echo "hashes=$(sha256sum kokkos-kernels-${{ github.ref_name }}.zip kokkos-kernels-${{ github.ref_name }}.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT"
 
       - name: Upload source code (zip)
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: kokkos-kernels-${{ github.ref_name }}.zip
           path: kokkos-kernels-${{ github.ref_name }}.zip
@@ -36,7 +36,7 @@ jobs:
           retention-days: 5
 
       - name: Upload source code (tar.gz)
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: kokkos-kernels-${{ github.ref_name }}.tar.gz
           path: kokkos-kernels-${{ github.ref_name }}.tar.gz
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 888a59151a..95de3a5ad7 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -65,7 +65,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: SARIF file
           path: results.sarif