diff --git a/.github/workflows/code.yml b/.github/workflows/code.yml
index 86edd2889..ea7c564bc 100644
--- a/.github/workflows/code.yml
+++ b/.github/workflows/code.yml
@@ -70,7 +70,7 @@ jobs:
         run: pytest
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
         with:
           name: ${{ matrix.python }}/${{ matrix.os }}
           files: cov.xml
@@ -189,7 +189,7 @@ jobs:
       - name: Github Release
         # We pin to the SHA, not the tag, for security reasons.
         # https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
+        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v0.1.15
         with:
           prerelease: ${{ contains(github.ref_name, 'a') || contains(github.ref_name, 'b') || contains(github.ref_name, 'rc') }}
           files: |
diff --git a/pyproject.toml b/pyproject.toml
index 0d2f3d04d..8943b625c 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -21,8 +21,8 @@ dependencies = [
     "requests",
     "opencv-python",
     "pydantic",
-    "dls-dodal @ git+https://github.com/DiamondLightSource/dodal.git@e19bf47849433ae0efa575bd06410e05ee064f8b",
-    "fastapi[all]<0.99",
+    "dls-dodal @ git+https://github.com/DiamondLightSource/dodal.git",
+    "fastapi[all]",
     "blueapi @ git+https://github.com/DiamondLightSource/blueapi.git@main",
 ]
 dynamic = ["version"]