diff --git a/.github/workflows/aio-preview-build.yml b/.github/workflows/aio-preview-build.yml
index 0e41090d17d..f31eb3d000d 100644
--- a/.github/workflows/aio-preview-build.yml
+++ b/.github/workflows/aio-preview-build.yml
@@ -22,7 +22,7 @@ jobs:
       (github.event.action == 'labeled' && github.event.label.name == 'aio: preview') ||
       (github.event.action == 'synchronize' && contains(github.event.pull_request.labels.*.name, 'aio: preview'))
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3.2.0
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - uses: ./.github/actions/yarn-install
 
       - uses: angular/dev-infra/github-actions/setup-bazel-remote-exec@96fdaaa056f1cfa7ffbc4c69b7e9007279f76c94
diff --git a/.github/workflows/assistant-to-the-branch-manager.yml b/.github/workflows/assistant-to-the-branch-manager.yml
index 2d323811050..58210238388 100644
--- a/.github/workflows/assistant-to-the-branch-manager.yml
+++ b/.github/workflows/assistant-to-the-branch-manager.yml
@@ -13,7 +13,7 @@ jobs:
   assistant_to_the_branch_manager:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3.2.0
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
         with:
           persist-credentials: false
       - uses: angular/dev-infra/github-actions/branch-manager@96fdaaa056f1cfa7ffbc4c69b7e9007279f76c94
diff --git a/.github/workflows/dev-infra.yml b/.github/workflows/dev-infra.yml
index 7674606968e..2ade97d0687 100644
--- a/.github/workflows/dev-infra.yml
+++ b/.github/workflows/dev-infra.yml
@@ -12,14 +12,14 @@ jobs:
   labels:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3.2.0
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - uses: angular/dev-infra/github-actions/commit-message-based-labels@96fdaaa056f1cfa7ffbc4c69b7e9007279f76c94
         with:
           angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }}
   post_approval_changes:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3.2.0
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - uses: angular/dev-infra/github-actions/post-approval-changes@96fdaaa056f1cfa7ffbc4c69b7e9007279f76c94
         with:
           angular-robot-key: ${{ secrets.ANGULAR_ROBOT_PRIVATE_KEY }}
diff --git a/.github/workflows/google-internal-tests.yml b/.github/workflows/google-internal-tests.yml
index 554f3c21377..44127f8a474 100644
--- a/.github/workflows/google-internal-tests.yml
+++ b/.github/workflows/google-internal-tests.yml
@@ -12,7 +12,7 @@ jobs:
   trigger:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3.2.0
+      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
       - uses: angular/dev-infra/github-actions/google-internal-tests@96fdaaa056f1cfa7ffbc4c69b7e9007279f76c94
         with:
           run-tests-guide-url: http://go/angular/g3sync
diff --git a/.github/workflows/update-cli-help.yml b/.github/workflows/update-cli-help.yml
index df0f95b35e8..aeffa51244d 100644
--- a/.github/workflows/update-cli-help.yml
+++ b/.github/workflows/update-cli-help.yml
@@ -19,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
         with:
           # Setting `persist-credentials: false` prevents the github-action account from being the
           # account that is attempted to be used for authentication, instead the remote is set to
diff --git a/.github/workflows/update-events.yml b/.github/workflows/update-events.yml
index efef6772a6f..ae934b7c0a9 100644
--- a/.github/workflows/update-events.yml
+++ b/.github/workflows/update-events.yml
@@ -24,7 +24,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b # tag=v3.2.0
+        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
         with:
           # Setting `persist-credentials: false` prevents the github-action account from being the
           # account that is attempted to be used for authentication, instead the remote is set to
diff --git a/WORKSPACE b/WORKSPACE
index fc775d9d8e9..916250ea0c1 100644
--- a/WORKSPACE
+++ b/WORKSPACE
@@ -52,9 +52,9 @@ http_archive(
 # Fetch Aspect lib for utilities like write_source_files
 http_archive(
     name = "aspect_bazel_lib",
-    sha256 = "a7bfc7aed7b86a4caaba382116e0214ebbaa623f393a9e716d87a3e1bab29d78",
-    strip_prefix = "bazel-lib-1.19.0",
-    url = "https://github.com/aspect-build/bazel-lib/archive/refs/tags/v1.19.0.tar.gz",
+    sha256 = "4b2e774387bae6242879820086b7b738d49bf3d0659522ea5d9363be01a27582",
+    strip_prefix = "bazel-lib-1.23.2",
+    url = "https://github.com/aspect-build/bazel-lib/archive/refs/tags/v1.23.2.tar.gz",
 )
 
 # Setup the Node.js toolchain.
diff --git a/aio/package.json b/aio/package.json
index 550f0f7614b..2509fcb5de6 100644
--- a/aio/package.json
+++ b/aio/package.json
@@ -146,7 +146,7 @@
     "lunr": "^2.3.9",
     "npm-run-all": "^4.1.5",
     "protractor": "~7.0.0",
-    "puppeteer-core": "19.5.0",
+    "puppeteer-core": "19.5.2",
     "rehype-slug": "^4.0.1",
     "remark": "^12.0.0",
     "remark-html": "^13.0.0",
diff --git a/aio/yarn.lock b/aio/yarn.lock
index ab60f7c134b..49162416cf3 100644
--- a/aio/yarn.lock
+++ b/aio/yarn.lock
@@ -11446,10 +11446,10 @@ pupa@^2.0.1, pupa@^2.1.1:
   dependencies:
     escape-goat "^2.0.0"
 
-puppeteer-core@19.5.0:
-  version "19.5.0"
-  resolved "https://registry.yarnpkg.com/puppeteer-core/-/puppeteer-core-19.5.0.tgz#2a1236764ad6f5e42d27c03907506727a90a3037"
-  integrity sha512-s2EE2x/7UfvR4AP+6OokY7yEmIboZoQFc2InuWUu5grWG7uka3W2Nch6+R4ERQepH4NO8kkkEBzNO4PqtwU4lQ==
+puppeteer-core@19.5.2:
+  version "19.5.2"
+  resolved "https://registry.yarnpkg.com/puppeteer-core/-/puppeteer-core-19.5.2.tgz#9b454b0ef89d3f07e20158dd4ced6ebd85d4dadb"
+  integrity sha512-Rqk+3kqM+Z2deooTYqcYt8lRtGffJdifWa9td9nbJSjhANWsFouk8kLBNUKycewCCFHM8TZUKS0x28OllavW2A==
   dependencies:
     cross-fetch "3.1.5"
     debug "4.3.4"
diff --git a/package.json b/package.json
index 78da3f50a92..66dd6445147 100644
--- a/package.json
+++ b/package.json
@@ -88,7 +88,7 @@
     "@types/babel__traverse": "7.18.3",
     "@types/base64-js": "1.3.0",
     "@types/bluebird": "^3.5.27",
-    "@types/chrome": "^0.0.206",
+    "@types/chrome": "^0.0.208",
     "@types/convert-source-map": "^1.5.1",
     "@types/diff": "^5.0.0",
     "@types/events": "3.0.0",
@@ -191,7 +191,7 @@
     "conventional-changelog": "^3.1.24",
     "cross-env": "^7.0.3",
     "firebase-tools": "^11.0.0",
-    "glob": "8.0.3",
+    "glob": "8.1.0",
     "gulp": "^4.0.2",
     "gulp-conventional-changelog": "^2.0.35",
     "husky": "8.0.3",
diff --git a/packages/localize/package.json b/packages/localize/package.json
index a3f4bf68d81..5b297a6cfdc 100644
--- a/packages/localize/package.json
+++ b/packages/localize/package.json
@@ -36,7 +36,7 @@
   ],
   "dependencies": {
     "@babel/core": "7.19.3",
-    "glob": "8.0.3",
+    "glob": "8.1.0",
     "yargs": "^17.2.1"
   },
   "peerDependencies": {
diff --git a/yarn.lock b/yarn.lock
index 1964717fcae..6bb40d88748 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3988,10 +3988,10 @@
     "@types/node" "*"
     "@types/responselike" "*"
 
-"@types/chrome@^0.0.206":
-  version "0.0.206"
-  resolved "https://registry.yarnpkg.com/@types/chrome/-/chrome-0.0.206.tgz#ad1fd9799f368b5993d7c240492d4adaf5efbd8c"
-  integrity sha512-fQnTFjghPB9S4UzbfublUB6KmsBkvvJeGXGaaoD5Qu+ZxrDUfgJnKN5egLSzDcGAH5YxQubDgbCdNwwUGewQHg==
+"@types/chrome@^0.0.208":
+  version "0.0.208"
+  resolved "https://registry.yarnpkg.com/@types/chrome/-/chrome-0.0.208.tgz#c52992e46723c783d3fd84a8b90dd8b3e87af67f"
+  integrity sha512-VDU/JnXkF5qaI7WBz14Azpa2VseZTgML0ia/g/B1sr9OfdOnHiH/zZ7P7qCDqxSlkqJh76/bPc8jLFcx8rHJmw==
   dependencies:
     "@types/filesystem" "*"
     "@types/har-format" "*"
@@ -9402,6 +9402,17 @@ glob@8.0.3, glob@^8.0.1, glob@^8.0.3:
     minimatch "^5.0.1"
     once "^1.3.0"
 
+glob@8.1.0:
+  version "8.1.0"
+  resolved "https://registry.yarnpkg.com/glob/-/glob-8.1.0.tgz#d388f656593ef708ee3e34640fdfb99a9fd1c33e"
+  integrity sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ==
+  dependencies:
+    fs.realpath "^1.0.0"
+    inflight "^1.0.4"
+    inherits "2"
+    minimatch "^5.0.1"
+    once "^1.3.0"
+
 glob@^7.0.0, glob@^7.0.3, glob@^7.0.6, glob@^7.1.1, glob@^7.1.2, glob@^7.1.3, glob@^7.1.4, glob@^7.1.6, glob@^7.1.7, glob@^7.2.0:
   version "7.2.3"
   resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.3.tgz#b8df0fb802bbfa8e89bd1d938b4e16578ed44f2b"