diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index cdc0543d19..80073e53fb 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,8 +6,13 @@ updates:
     schedule:
       interval: weekly
     ignore:
-      # Jetty 9.x needed for JDK8 compatibility; it still receives security updates
+      # Jetty 9.x needed for JDK8 compatibility; it still receives security updates. Only used in tests.
       - dependency-name: "org.eclipse.jetty:jetty-server"
         update-types: ["version-update:semver-major"]
       - dependency-name: "org.eclipse.jetty:jetty-servlet"
         update-types: ["version-update:semver-major"]
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index abb783a3e0..0737dae6e1 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,8 +1,6 @@
 name: Build
 on:
   push:
-    branches:
-      - master
   pull_request:
 
 jobs:
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 16a5e9a1d6..24b5e98dac 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -2,11 +2,7 @@ name: CodeQL
 
 on:
   push:
-    branches:
-      - master
   pull_request:
-  schedule:
-    - cron: '0 5 * * 3'
 
 jobs:
   codeql:
@@ -22,11 +18,11 @@ jobs:
           distribution: 'temurin'
           cache: 'maven'
       - name: CodeQL Initialization
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: java
           queries: +security-and-quality
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
       - name: CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3