diff --git a/.github/workflows/reusable-codeql-analysis.yml b/.github/workflows/reusable-codeql-analysis.yml
index 1174ebd224..3ac2b85da4 100644
--- a/.github/workflows/reusable-codeql-analysis.yml
+++ b/.github/workflows/reusable-codeql-analysis.yml
@@ -14,9 +14,9 @@ jobs:
         with:
           node-version: lts/*
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3
+        uses: github/codeql-action/init@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3
         with:
           config-file: ./.github/codeql/codeql-config.yml
           languages: javascript
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@29d86d22a34ea372b1bbf3b2dced2e25ca6b3384 # v3
+        uses: github/codeql-action/analyze@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3
diff --git a/packages/apollo-federation-subgraph-compatibility/Dockerfile b/packages/apollo-federation-subgraph-compatibility/Dockerfile
index 3b9cc0d846..8888e689f8 100644
--- a/packages/apollo-federation-subgraph-compatibility/Dockerfile
+++ b/packages/apollo-federation-subgraph-compatibility/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:lts@sha256:1ae9ba874435551280e95c8a8e74adf8a48d72b564bf9dfe4718231f2144c88f
+FROM node:lts@sha256:d3c8ababe9566f9f3495d0d365a5c4b393f607924647dd52e75bf4f8a54effd3
 
 WORKDIR /app