diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index 062272b7..187cd0e2 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -28,10 +28,10 @@ jobs:
         uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
 
       - name: Install the syft command
-        uses: kubewarden/github-actions/syft-installer@3e17a2e8d40e664e9456a8d3f9d74e68caef071c # v3.1.11
+        uses: kubewarden/github-actions/syft-installer@d2860f29cebe0ee6650a18eaafb92fdddbd4d0b3 # v3.1.12
 
       - name: Install the crane command
-        uses: kubewarden/github-actions/crane-installer@3e17a2e8d40e664e9456a8d3f9d74e68caef071c # v3.1.11
+        uses: kubewarden/github-actions/crane-installer@d2860f29cebe0ee6650a18eaafb92fdddbd4d0b3 # v3.1.12
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
diff --git a/Cargo.lock b/Cargo.lock
index 141baa04..b7df48bb 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -4266,9 +4266,9 @@ dependencies = [
 
 [[package]]
 name = "serde_yaml"
-version = "0.9.27"
+version = "0.9.29"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3cc7a1570e38322cfe4154732e5110f887ea57e22b76f4bfd32b5bdd3368666c"
+checksum = "a15e0ef66bf939a7c890a0bf6d5a733c70202225f9888a89ed5c62298b019129"
 dependencies = [
  "indexmap 2.1.0",
  "itoa",
@@ -4681,9 +4681,9 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 
 [[package]]
 name = "tokio"
-version = "1.35.0"
+version = "1.35.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "841d45b238a16291a4e1584e61820b8ae57d696cc5015c459c229ccc6990cc1c"
+checksum = "c89b4efa943be685f629b149f53829423f8f5531ea21249408e8e2f8671ec104"
 dependencies = [
  "backtrace",
  "bytes",
diff --git a/Cargo.toml b/Cargo.toml
index f63ccf96..d99a873b 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -32,10 +32,10 @@ policy-evaluator = { git = "https://github.com/kubewarden/policy-evaluator", tag
 rayon = "1.8"
 serde_json = "1.0"
 serde = { version = "1.0", features = ["derive"] }
-serde_yaml = "0.9.27"
+serde_yaml = "0.9.29"
 sha2 = "0.10"
 thiserror = "1.0"
-tokio = { version = "^1.35.0", features = ["full"] }
+tokio = { version = "^1.35.1", features = ["full"] }
 tracing = "0.1"
 tracing-futures = "0.2"
 tracing-opentelemetry = "0.22.0"