diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index 53faf9959..14142516f 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -48,14 +48,14 @@ jobs:
         output-sarif: true
         sanitizer: ${{ matrix.sanitizer }}
     - name: Upload Crash
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
       if: failure() && steps.build.outcome == 'success'
       with:
         name: ${{ matrix.sanitizer }}-artifacts
         path: ./out/artifacts   
     - name: Upload Sarif
       if: always() && steps.build.outcome == 'success'
-      uses: github/codeql-action/upload-sarif@v3.30.5
+      uses: github/codeql-action/upload-sarif@v4.31.2
       with:
         # Path to SARIF file relative to the root of the repository
         sarif_file: cifuzz-sarif/results.sarif
diff --git a/.github/workflows/icu4c.yml b/.github/workflows/icu4c.yml
index 34250d323..cddc02748 100644
--- a/.github/workflows/icu4c.yml
+++ b/.github/workflows/icu4c.yml
@@ -493,7 +493,7 @@ jobs:
         ls -l .
         echo "newZipName=$newZipName" | Out-File -FilePath $env:GITHUB_ENV -Append
     - name: Upload artifact
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
       with:
         name: icu4c.${{ matrix.win_ver }}.run_#${{ github.run_number }}
         path: icu4c/source/dist/${{ env.newZipName }}.zip
@@ -952,7 +952,7 @@ jobs:
           cd icu4c/source/icuexportdata
           zip -r ../../../icu4x-exportdata_${{ inputs.gitReleaseFilename }}.zip .
       - name: Publish Artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: icuexportdata_output
           path: icu4x-exportdata_*.zip
diff --git a/.github/workflows/icu_merge_ci.yml b/.github/workflows/icu_merge_ci.yml
index 45844b103..e9961f18a 100644
--- a/.github/workflows/icu_merge_ci.yml
+++ b/.github/workflows/icu_merge_ci.yml
@@ -101,7 +101,7 @@ jobs:
           cd lib;
           cp -Ps ../tools/ctestfw/libicutest* .
       - name: Upload ICU libraries
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: icu-perf-libs
           path: icu4c/source/lib
@@ -136,7 +136,7 @@ jobs:
       - name: Create directory for lib files
         run: mkdir icu4c/source/perflib
       - name: Get ICU libs
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           name: icu-perf-libs
           path: icu4c/source/lib
@@ -210,7 +210,7 @@ jobs:
       - name: Create directory for lib files
         run: mkdir icu4c/source/perflib
       - name: Get ICU libs
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           name: icu-perf-libs
           path: icu4c/source/lib
@@ -275,7 +275,7 @@ jobs:
       - name: Create directory for lib files
         run: mkdir icu4c/source/perflib
       - name: Get ICU libs
-        uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0
+        uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
         with:
           name: icu-perf-libs
           path: icu4c/source/lib
diff --git a/.github/workflows/release-icu4c-fedora.yml b/.github/workflows/release-icu4c-fedora.yml
index 7cdc06a60..98f87b932 100644
--- a/.github/workflows/release-icu4c-fedora.yml
+++ b/.github/workflows/release-icu4c-fedora.yml
@@ -70,7 +70,7 @@ jobs:
         popd
 
     - name: Upload build results
-      uses: actions/upload-artifact@v4.3.6
+      uses: actions/upload-artifact@v5
       with:
         name: icu4c-fedora-binaries
         path: ${{ env.RELEASE_FOLDER }}
diff --git a/.github/workflows/release-icu4c-ubuntu.yml b/.github/workflows/release-icu4c-ubuntu.yml
index 65ba460a1..705bc28fb 100644
--- a/.github/workflows/release-icu4c-ubuntu.yml
+++ b/.github/workflows/release-icu4c-ubuntu.yml
@@ -66,7 +66,7 @@ jobs:
         mv icu4c/source/dist/icu4c-*-src.* ${RELEASE_FOLDER}
 
     - name: Upload build results
-      uses: actions/upload-artifact@v4.3.6
+      uses: actions/upload-artifact@v5
       with:
         name: icu4c-ubuntu-binaries
         path: ${{ env.RELEASE_FOLDER }}
diff --git a/.github/workflows/release-icu4j-maven.yml b/.github/workflows/release-icu4j-maven.yml
index e0f28cf03..c61d4ebb8 100644
--- a/.github/workflows/release-icu4j-maven.yml
+++ b/.github/workflows/release-icu4j-maven.yml
@@ -116,7 +116,7 @@ jobs:
         popd # out of icu4j
 
     - name: Upload build results
-      uses: actions/upload-artifact@v4.3.6
+      uses: actions/upload-artifact@v5
       with:
         name: icu4j-binaries
         path: ${{ env.RELEASE_FOLDER }}
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index c927efe65..c2243ae5f 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -51,7 +51,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: SARIF file
           path: results.sarif
@@ -59,6 +59,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@80cb6b56b93de3e779c7d476d9100d06fb87c877 # v2.25.15
+        uses: github/codeql-action/upload-sarif@9bd86385763ccc9345d5b7648ea1b54401b24819 # v2.25.15
         with:
           sarif_file: results.sarif