diff --git a/.github/workflows/build-and-push.yml b/.github/workflows/build-and-push.yml
index 547bdb81..9798e874 100644
--- a/.github/workflows/build-and-push.yml
+++ b/.github/workflows/build-and-push.yml
@@ -73,13 +73,13 @@ jobs:
           !startsWith(github.ref, 'refs/heads/feature/') &&
           !contains(github.ref, '.dev') &&
           !contains(github.ref, 'rc')
-        uses: docker/login-action@v3.2.0
+        uses: docker/login-action@v3.3.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       - name: Build and push
         id: docker_build
-        uses: docker/build-push-action@v5.4.0
+        uses: docker/build-push-action@v6.5.0
         with:
           push: |
             ${{ github.actor != 'dependabot[bot]' &&
diff --git a/docs/requirements.txt b/docs/requirements.txt
index 39ebd2ed..e3096b2f 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -5,6 +5,7 @@ sphinx-copybutton
 sphinx-autobuild
 sphinxext-opengraph
 numpy>=1.22.2 # not directly required, pinned by Snyk to avoid a vulnerability
-tornado>=6.3.3 # not directly required, pinned by Snyk to avoid a vulnerability
+tornado>=6.4.1 # not directly required, pinned by Snyk to avoid a vulnerability
 pillow>=10.3.0 # not directly required, pinned by Snyk to avoid a vulnerability
 fonttools>=4.43.0 # not directly required, pinned by Snyk to avoid a vulnerability
+zipp>=3.19.1 # not directly required, pinned by Snyk to avoid a vulnerability