diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index bcf8ac9..f9efab6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -8,23 +8,24 @@ on:
 permissions:
   contents: read
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+
 jobs:
   test:
     name: Unit, Integration, and Coverage
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
 
       - name: Setup Bun
-        uses: oven-sh/setup-bun@v2
-        with:
-          bun-version-file: .bun-version
+        run: bash ./scripts/setup-bun.sh
 
       - name: Install dependencies
         run: bun install --frozen-lockfile
@@ -39,7 +40,7 @@ jobs:
         run: bun run test:coverage
 
       - name: Upload coverage artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: coverage
           path: coverage/
@@ -49,28 +50,40 @@ jobs:
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
         if: ${{ env.CODECOV_TOKEN != '' }}
-        uses: codecov/codecov-action@v4
-        with:
-          token: ${{ env.CODECOV_TOKEN }}
-          files: coverage/lcov.info
-          fail_ci_if_error: false
+        run: |
+          python3 -m pip install --user codecov-cli
+          export PATH="$HOME/.local/bin:$PATH"
+
+          args=(
+            do-upload
+            --git-service github
+            --token "$CODECOV_TOKEN"
+            --slug "$GITHUB_REPOSITORY"
+            --commit-sha "$GITHUB_SHA"
+            --file coverage/lcov.info
+            --disable-search
+          )
+
+          if [ "${{ github.event_name }}" = "pull_request" ]; then
+            args+=( --pull-request-number "${{ github.event.pull_request.number }}" )
+          fi
+
+          codecovcli "${args[@]}" || echo "Codecov upload failed; continuing because fail_ci_if_error is disabled."
 
   security-audit:
     name: Dependency Security Audit
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
 
       - name: Setup Bun
-        uses: oven-sh/setup-bun@v2
-        with:
-          bun-version-file: .bun-version
+        run: bash ./scripts/setup-bun.sh
 
       - name: Install dependencies
         run: bun install --frozen-lockfile
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 2a5aaff..f16d6d6 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -16,6 +16,9 @@ permissions:
   contents: read
   security-events: write
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+
 jobs:
   analyze:
     name: Analyze (JavaScript/TypeScript)
@@ -28,22 +31,20 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: ${{ matrix.language }}
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
 
       - name: Setup Bun
-        uses: oven-sh/setup-bun@v2
-        with:
-          bun-version-file: .bun-version
+        run: bash ./scripts/setup-bun.sh
 
       - name: Install dependencies
         run: bun install --frozen-lockfile
@@ -52,6 +53,6 @@ jobs:
         run: bun run build
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
         with:
           category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 00273cf..b0eb50f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,24 +11,25 @@ permissions:
   artifact-metadata: write
   packages: write
 
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: "true"
+
 jobs:
   npm-publish:
     name: Publish npm Package
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Setup Node.js
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version-file: .node-version
           registry-url: https://registry.npmjs.org
 
       - name: Setup Bun
-        uses: oven-sh/setup-bun@v2
-        with:
-          bun-version-file: .bun-version
+        run: bash ./scripts/setup-bun.sh
 
       - name: Install dependencies
         run: bun install --frozen-lockfile
diff --git a/scripts/setup-bun.sh b/scripts/setup-bun.sh
new file mode 100644
index 0000000..9b513e9
--- /dev/null
+++ b/scripts/setup-bun.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+BUN_VERSION="$(tr -d '\n' < .bun-version)"
+BUN_VERSION="${BUN_VERSION#bun-v}"
+BUN_VERSION="${BUN_VERSION#v}"
+
+if ! command -v unzip >/dev/null; then
+  sudo apt-get update
+  sudo apt-get install -y unzip
+fi
+
+curl -fsSL https://bun.sh/install | bash -s "bun-v${BUN_VERSION}"
+echo "$HOME/.bun/bin" >> "$GITHUB_PATH"