diff --git a/.github/workflows/ci_static-analysis.yaml b/.github/workflows/ci_static-analysis.yaml
index b5f0a81fa..24cef2d1d 100644
--- a/.github/workflows/ci_static-analysis.yaml
+++ b/.github/workflows/ci_static-analysis.yaml
@@ -11,6 +11,6 @@ jobs:
   not-grep:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: not-grep
         uses: mattsb42-meta/not-grep@1.0.0
diff --git a/.github/workflows/dafny_version.yaml b/.github/workflows/dafny_version.yaml
index 4b5f2b2c5..1a04f1e65 100644
--- a/.github/workflows/dafny_version.yaml
+++ b/.github/workflows/dafny_version.yaml
@@ -16,7 +16,7 @@ jobs:
     outputs:
       version: ${{ steps.read_property.outputs.dafnyVersion }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Read version from Properties-file
         id: read_property
         uses: christian-draeger/read-properties@1.1.1
diff --git a/.github/workflows/duvet.yaml b/.github/workflows/duvet.yaml
index 50ed9a2bd..0b8b408f7 100644
--- a/.github/workflows/duvet.yaml
+++ b/.github/workflows/duvet.yaml
@@ -20,7 +20,7 @@ jobs:
       DOTNET_CLI_TELEMETRY_OPTOUT: 1
       DOTNET_NOLOGO: 1
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: true
 
@@ -39,7 +39,7 @@ jobs:
         run: |
           make duvet
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         if: always()
         with:
           name: specification_compliance_report
diff --git a/.github/workflows/library_dafny_verification.yml b/.github/workflows/library_dafny_verification.yml
index 7d2c09696..ca4faf8e2 100644
--- a/.github/workflows/library_dafny_verification.yml
+++ b/.github/workflows/library_dafny_verification.yml
@@ -31,7 +31,7 @@ jobs:
         run: |
           git config --global core.longpaths true
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       # The specification submodule is private so we don't have access, but we don't need
       # it to verify the Dafny code. Instead we manually pull the submodule we DO need.
       - run: git submodule update --init libraries
diff --git a/.github/workflows/library_format.yml b/.github/workflows/library_format.yml
index e3dc1f025..17a82003f 100644
--- a/.github/workflows/library_format.yml
+++ b/.github/workflows/library_format.yml
@@ -34,7 +34,7 @@ jobs:
         run: |
           git config --global core.longpaths true
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       # The specification submodule is private so we don't have access, but we don't need
       # it to verify the Dafny code. Instead we manually pull the submodule we DO need.
       - run: git submodule update --init libraries
@@ -68,7 +68,7 @@ jobs:
       - name: Support longpaths
         run: |
           git config --global core.longpaths true
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Check format of Java, yaml, and md
         shell: bash
         run: |
diff --git a/.github/workflows/library_java_tests.yml b/.github/workflows/library_java_tests.yml
index e322462c0..048228606 100644
--- a/.github/workflows/library_java_tests.yml
+++ b/.github/workflows/library_java_tests.yml
@@ -38,14 +38,14 @@ jobs:
           git config --global core.longpaths true
       # KMS and MPL tests need to use credentials which can call KMS
       - name: Configure AWS Credentials for Tests
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         if: matrix.library == 'ComAmazonawsKms' || matrix.library == 'ComAmazonawsDynamodb' || matrix.library == 'AwsCryptographicMaterialProviders' || matrix.library == 'TestVectorsAwsCryptographicMaterialProviders'
         with:
           aws-region: us-west-2
           role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-MPL-Dafny-Role-us-west-2
           role-session-name: JavaTests
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       # The specification submodule is private so we don't have access, but we don't need
       # it to verify the Dafny code. Instead we manually pull the submodule we DO need.
       - run: git submodule update --init libraries
@@ -81,19 +81,19 @@ jobs:
           java-version: 11
 
       - name: Clean for next Java
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v3
         with:
           arguments: clean
           build-root-directory: ./${{ matrix.library }}/runtimes/java
 
       - name: Compile Java 11
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v3
         with:
           arguments: build
           build-root-directory: ./${{ matrix.library }}/runtimes/java
 
       - name: Test Java 11
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v3
         with:
           arguments: runTests
           build-root-directory: ./${{ matrix.library }}/runtimes/java
@@ -105,19 +105,19 @@ jobs:
           java-version: 16
 
       - name: Clean for next Java
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v3
         with:
           arguments: clean
           build-root-directory: ./${{ matrix.library }}/runtimes/java
 
       - name: Compile Java 16
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v3
         with:
           arguments: build
           build-root-directory: ./${{ matrix.library }}/runtimes/java
 
       - name: Test Java 16
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v3
         with:
           arguments: runTests
           build-root-directory: ./${{ matrix.library }}/runtimes/java
@@ -129,19 +129,19 @@ jobs:
           java-version: 17
 
       - name: Clean for next Java
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v3
         with:
           arguments: clean
           build-root-directory: ./${{ matrix.library }}/runtimes/java
 
       - name: Compile Java 17
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v3
         with:
           arguments: build
           build-root-directory: ./${{ matrix.library }}/runtimes/java
 
       - name: Test Java 17
-        uses: gradle/gradle-build-action@v2
+        uses: gradle/gradle-build-action@v3
         with:
           arguments: runTests
           build-root-directory: ./${{ matrix.library }}/runtimes/java
diff --git a/.github/workflows/library_net_tests.yml b/.github/workflows/library_net_tests.yml
index d6caa76c6..56ff65f20 100644
--- a/.github/workflows/library_net_tests.yml
+++ b/.github/workflows/library_net_tests.yml
@@ -37,13 +37,13 @@ jobs:
           git config --global core.longpaths true
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v2
+        uses: aws-actions/configure-aws-credentials@v4
         with:
           aws-region: us-west-2
           role-to-assume: arn:aws:iam::370957321024:role/GitHub-CI-MPL-Dafny-Role-us-west-2
           role-session-name: NetTests
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       # The specification submodule is private so we don't have access, but we don't need
       # it to verify the Dafny code. Instead we manually pull the submodule we DO need.
       - run: git submodule update --init libraries