diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0913182d14..d7aefdca8d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -17,16 +17,16 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: false
       - name: Setup node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
-          node-version: 20
+          node-version: 24
       - run: npm ci
       - run: npm run build-prod
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v6
         with:
           path: out/index.html
           retention-days: 1
@@ -36,13 +36,13 @@ jobs:
     timeout-minutes: 30
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           submodules: false
       - name: Setup node
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v5
         with:
-          node-version: 20
+          node-version: 24
       - run: npm ci
       - run: npm run test:coverage
 
@@ -51,10 +51,10 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v5
         with:
-          node-version: "20"
+          node-version: "24"
           cache: "npm"
       - run: npm ci
       - run: npx eslint --format gha
@@ -64,10 +64,10 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+      - uses: actions/setup-node@v5
         with:
-          node-version: "20"
+          node-version: "24"
           cache: "npm"
       - run: npm ci
       - run: npx prettier --check .
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index dd0ea91bef..16fe9f3d9a 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -54,7 +54,7 @@ jobs:
       DOMAIN: ${{ inputs.target_domain || 'openfront.dev' }}
       SUBDOMAIN: ${{ github.event_name == 'push' && github.ref_name || inputs.target_subdomain || 'main' }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: 📝 Update job summary
         env:
           FQDN: ${{ env.SUBDOMAIN && format('{0}.{1}', env.SUBDOMAIN, env.DOMAIN) || env.DOMAIN || 'openfront.dev' }}
@@ -65,7 +65,7 @@ jobs:
 
           Deploying from $GITHUB_REF to $FQDN
           EOF
-      - uses: actions/create-github-app-token@v2
+      - uses: actions/create-github-app-token@v3
         id: generate-token
         if: ${{ github.repository == 'openfrontio/OpenFrontIO' }}
         with:
@@ -79,14 +79,34 @@ jobs:
           echo "GH_TOKEN=$GH_TOKEN" >> $GITHUB_ENV
           gh api octocat
       - name: 📝 Create deployment
-        uses: chrnorm/deployment-action@v2
+        if: ${{ github.repository == 'openfrontio/OpenFrontIO' && steps.generate-token.outputs.token != '' }}
+        uses: actions/github-script@v8
         id: deployment
+        env:
+          ENVIRONMENT: ${{ inputs.target_domain == 'openfront.io' && 'prod' || 'staging' }}
+          FQDN: ${{ env.FQDN }}
         with:
-          token: ${{ steps.generate-token.outputs.token }}
-          environment-url: https://${{ env.FQDN }}
-          environment: ${{ inputs.target_domain == 'openfront.io' && 'prod' || 'staging' }}
+          github-token: ${{ steps.generate-token.outputs.token }}
+          script: |
+            const response = await github.rest.repos.createDeployment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              ref: process.env.GITHUB_SHA,
+              environment: process.env.ENVIRONMENT,
+              description: 'Deployment to ' + process.env.FQDN,
+              auto_merge: false,
+              required_contexts: [],
+              transient_environment: process.env.ENVIRONMENT === 'staging' && context.ref !== 'refs/heads/main',
+              production_environment: process.env.ENVIRONMENT === 'prod'
+            });
+            const deployment = response.data;
+            if (!deployment || !deployment.id) {
+              core.setFailed('Failed to create deployment');
+              return;
+            }
+            core.setOutput('deployment_id', deployment.id);
       - name: 🔗 Log in to GHCR
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ vars.GHCR_USERNAME }}
@@ -143,14 +163,23 @@ jobs:
           done
           echo "Deployment started in ${SECONDS} seconds" >> $GITHUB_STEP_SUMMARY
           echo "::endgroup::"
-      - name: ✅ Update deployment status
-        if: success()
-        uses: chrnorm/deployment-status@v2
+      - name: 🔄 Update deployment status
+        if: ${{ always() && github.repository == 'openfrontio/OpenFrontIO' && steps.generate-token.outputs.token != '' && steps.deployment.outcome == 'success' && steps.deployment.outputs.deployment_id != '' }}
+        uses: actions/github-script@v8
+        env:
+          FQDN: ${{ env.FQDN }}
+          DEPLOYMENT_ID: ${{ steps.deployment.outputs.deployment_id }}
+          STATUS: ${{ job.status }}
         with:
-          token: ${{ steps.generate-token.outputs.token }}
-          environment-url: https://${{ env.FQDN }}
-          state: success
-          deployment-id: ${{ steps.deployment.outputs.deployment_id }}
+          github-token: ${{ steps.generate-token.outputs.token }}
+          script: |
+            await github.rest.repos.createDeploymentStatus({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              deployment_id: process.env.DEPLOYMENT_ID,
+              state: process.env.STATUS === 'success' ? 'success' : 'failure',
+              environment_url: 'https://' + process.env.FQDN
+            });
       - name: ✅ Update job summary
         if: success()
         run: |
@@ -159,14 +188,6 @@ jobs:
 
           Deployed from $GITHUB_REF to $FQDN
           EOF
-      - name: ❌ Update deployment status
-        if: failure()
-        uses: chrnorm/deployment-status@v2
-        with:
-          token: ${{ steps.generate-token.outputs.token }}
-          environment-url: https://${{ env.FQDN }}
-          state: failure
-          deployment-id: ${{ steps.deployment.outputs.deployment_id }}
       - name: ❌ Update job summary
         if: failure()
         run: |
diff --git a/.github/workflows/pr-author.yml b/.github/workflows/pr-author.yml
index 3302f5c68e..3c1f622aae 100644
--- a/.github/workflows/pr-author.yml
+++ b/.github/workflows/pr-author.yml
@@ -13,4 +13,4 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
-      - uses: toshimaru/auto-author-assign@7e15cd70c245ad136377c3fab3479815df10d844
+      - uses: toshimaru/auto-author-assign@4d585cc37690897bd9015942ed6e766aa7cdb97f
diff --git a/.github/workflows/pr-description.yml b/.github/workflows/pr-description.yml
index 1c36a4a918..bf5429bf9d 100644
--- a/.github/workflows/pr-description.yml
+++ b/.github/workflows/pr-description.yml
@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
         with:
           script: |
             if (context.eventName === 'merge_group') {
@@ -64,7 +64,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
-      - uses: actions/github-script@v7
+      - uses: actions/github-script@v8
         with:
           script: |
             if (context.eventName === 'merge_group') {
diff --git a/.github/workflows/pr-stale.yml b/.github/workflows/pr-stale.yml
index 27b35f9e92..e56f5214f8 100644
--- a/.github/workflows/pr-stale.yml
+++ b/.github/workflows/pr-stale.yml
@@ -10,7 +10,7 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-      - uses: actions/stale@8f717f0dfca33b78d3c933452e42558e4456c8e7
+      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f
         with:
           days-before-pr-close: 14
           days-before-pr-stale: 14
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index be979218cd..a5026e5023 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,9 +15,9 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: 🔗 Log in to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ vars.GHCR_USERNAME }}
@@ -51,7 +51,7 @@ jobs:
     timeout-minutes: 30
     needs: [build]
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: 🔑 Create SSH private key
         env:
           SERVER_HOST_STAGING: ${{ secrets.SERVER_HOST_STAGING }}
@@ -102,7 +102,7 @@ jobs:
     timeout-minutes: 30
     environment: prod-beta
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: 🔑 Create SSH private key
         env:
           SERVER_HOST_FALK2: ${{ secrets.SERVER_HOST_FALK2 }}
@@ -153,7 +153,7 @@ jobs:
     timeout-minutes: 30
     environment: prod-blue
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: 🔑 Create SSH private key
         env:
           SERVER_HOST_FALK2: ${{ secrets.SERVER_HOST_FALK2 }}
@@ -204,7 +204,7 @@ jobs:
     timeout-minutes: 30
     environment: prod-green
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: 🔑 Create SSH private key
         env:
           SERVER_HOST_FALK2: ${{ secrets.SERVER_HOST_FALK2 }}